The agency model is underpinned by the integrity of financial statements and narrative reports
The agency model is underpinned by the integrity of financial statements and narrative reports
Various unexpected and catastrophic corporate failures have revealed, on subsequent inspection and with the benefit of hindsight, that their audited financial statements and other narrative reports were less than transparent and accurate about the true state of the relevant businesses’ affairs, position and prospects. As a result, there have been three notable reviews - the Kingman Review which looked at the role, effectiveness and powers of the Financial Reporting Council (FRC), the Competition and Market Authority’s study of the audit market and the Brydon Review of the quality and effectiveness of audit. The recommendations from those reviews are now brought together in a consultation on a set of wide-ranging proposals, covering the roles and responsibilities of directors, auditors, shareholders and regulators. The key points for governance professionals are provided below in a whistle-stop tour of the full 232 page document.
The consultation starts by posing the fundamental question as to which organisations should be subject to the enhanced audit, reporting and governance measures proposed within the remainder of the document. Currently enhanced requirements are applicable in the UK to companies listed on the London Stock Exchange main market as well as various forms of financial and insurance institutions which are deemed to be Public Interest Entities (PIEs). The consultation seeks views on whether large private companies (size to be measured by number of employees, turnover and balance sheet) and those listed on the AIM market should also be classified as PIEs, possibly with a temporary post-IPO exemption period before the requirements would apply to newly listed entities, together with third sector entities meeting certain thresholds.
Of particular interest to boards, the next section of the consultation considers the extent to which companies’ systems of internal controls should be strengthened, as well as the regime by which directors are held accountable for the effectiveness of those controls. The current UK framework comprises a patchwork of mandatory requirements and best practice recommendations drawn from company law and governance codes which are then tested through audits carried out in accordance with applicable standards. As referenced above, recent corporate failures have highlighted gaps (and therefore risks) in the current arrangements. In response to this, the consultation suggests the answer may lie in the introduction of Sarbanes-Oxley style regulations. These require boards to formally assess and report on the internal controls and financial reporting procedures employed within the business and for the auditor to attest to the board’s assessment of these matters. Whilst measures to strengthen controls and reporting are welcome, there are concerns that Sarbanes-Oxley encourages a tick-box, rather than a thoughtful approach and the associated increases in costs also need to be considered.
A Specific Statement One option mooted in the proposals is for a specific statement to be made in the annual report about the effectiveness of internal control and risk management systems. The statement could, it is suggested, either be given by the CEO and CFO or by the board collectively. Secondly, it is suggested that the auditors could be required to publicly report, as they currently do privately to the audit committees of listed companies, on the work they have done to understand the system of internal controls, perhaps supplemented with the auditor’s attestation as to the effectiveness of those controls.In response to instances when dividends have been paid where, in reality, those funds were needed to support the organisation’s continued solvency, reforms are also proposed in relation to the payment of dividends and capital maintenance.
In future, directors could be required to disclose the known distributable reserves available across the group and also to confirm that the payment of any proposed dividend is not likely to pose a risk to the continued solvency of the business over the next two years. The definitions of the realised profits and losses on which calculations of distributable reserves are based are also proposed to be tightened.
Reflecting the background to this consultation – namely the perception that reporting needs to more accurately reflect the current position, prospects and risks for the business – new reporting requirements are explored in the form of an annual resilience statement and audit and assurance policy. The resilience statement would, based on a minimum fiveyear forward view, address short, medium and long term challenges to the business model as well as the specific risks associated with climate change. The report on audit and assurance policy would look ahead to the approach planned by the company over the next three years for obtaining assurance on the information reported to shareholders, whether through the statutory audit alone or encompassing other additional elements. For example, the audit and assurance policy could set out matters beyond the statutory audit, such as alternative performance measures and key performance indicators, on which external audit assurance will be sought.
The company’s prospects are, of course, not only of interest to shareholders but to others such as suppliers who can find themselves short-changed in the event of a customer’s insolvency. Particularly for small businesses, late payment can be a significant issue and, notwithstanding transparency and stakeholder interest initiatives introduced in recent years, it remains a problem. Late payments can obviously also indicate cash flow problems and, to that extent, disclosure within the report and accounts could offer an indication of the health of the company’s finances. For this reason, additional reporting on payment practices is put forward within the consultation for feedback.
Notwithstanding that audit failings have undoubtedly contributed to some of the high-profile company collapses we have witnessed in recent years, such failings do not absolve the directors of those companies of their responsibility to produce and present accounts which present a true and fair view of the financial position of their company. Although the responsibility of directors in this regard is clear, enforcement and sanctions against directors in such circumstances is a relative rarity. Accordingly, the consultation raises the possibility of supplementing the existing regime with new regulatory powers to pursue directors who are believed to have breached their responsibilities via criminal and disqualification proceedings.
The new enforcement regime would apply to directors of PIEs. It appears that previous recommendations that only the CEO, CFO, chair and audit committee chair should be in scope are unlikely to be accepted. For executive directors, the consultation proposes that the threats of malus (withholding of future payments) and clawback (recovery of previously paid amounts) which already frequently apply in circumstances where there has been serious financial misstatement or performance target miscalculation, should now routinely be extended to apply also to cases of reputational damage, risk management shortcomings, misconduct and failure to protect other stakeholder interests.
The consultation is somewhat dismissive of the risk that good candidates for board positions, particularly those whose background is non-financial, will be deterred from seeking directorships. But inevitably, the harsher sanctions proposed will create concern amongst prospective board members as well as likely to increase the cost of D&O insurance policies which are already suffering from hikes in premiums.
Whilst it is undoubtedly the directors’ responsibility to produce complete and accurate financial statements which provide a true picture of their company’s position and prospects, the role which effective auditing needs to play in providing independent assurance on the integrity of accounts is of critical importance. The Brydon Review made a number of recommendations to strengthen the audit profession and to add to the responsibilities of auditors. Whilst the detail of many of these ideas will be of greater interest to auditors than to corporate governance professionals, the proposals to impose a duty on auditors to take account of a wider range of information in arriving at their audit judgements will have implications for company audits in practice. Accordingly, this will impact the company secretary’s year-end audit input. Similarly, the new emphasis on the need for auditors to detect and prevent material fraud, together with the proposal that directors of PIEs should in future report on the steps they have taken to prevent and detect fraud, will likely increase the scope of audit work and have a knock-on effect for those from the internal team who are involved in year-end reporting processes.
The scope of audits is therefore set to increase but, in addition, the consultation puts forward ideas for shareholders to have the opportunity to influence risk and audit planning via a new formal mechanism by which audit committees will share details of the proposed audit plan as well as any material changes to the principal risks faced by the business. Whilst feedback would only be advisory, the acceptance or rejection of shareholder suggestions would then need to be addressed in the audit committee’s annual report.
The remit and independence of the audit committee, in ensuring the integrity of the financial statements and associated narrative reports, are key principles at the heart of existing processes. In particular, the committee leads auditor selection and terms of engagement, audit planning and the review of audit effectiveness. The committee is seen as a bastion of independence, safeguarding the interests of shareholders and others against any bias or inaccuracy of reporting that might creep in from management. To ensure this central role is carried out effectively, it is now proposed that the new Audit, Reporting and Governance Authority (ARGA) should be able to impose new requirements on FTSE350 audit committees and assume a new duty to monitor audit committees and their compliance with those requirements. ARGA would be given new powers to enable them to carry out this monitoring, including the right to require information and/or place an observer in meetings.
The concentration of audit contracts, in particular in relation to FTSE350 companies, has been a concern for some time as potentially detrimental to audit quality. Whilst stopping short of introducing mandatory joint audits, the proposals do include audit sharing, whereby a meaningful proportion of FTSE350 subsidiary audits would need to be awarded to a ‘challenger’ audit firm.
Responses to consultation are required to be submitted by 8 July 2021.