UK Audit Reform: Businesses urged to stay focused on governance, risk and compliance despite disruption to reforms
The King’s speech at the state opening of parliament confirmed what was suspected: the legislation needed to implement the proposed audit reforms will not be brought before this parliament. With a general election likely in the first half of 2024, the corporate regulatory landscape has fallen victim to the vagaries of politics, leaving UK companies facing the possibility that their preparatory work may have been in vain. Where does this leave businesses aiming to achieve good corporate governance in the UK?
The morning before King Charles made his maiden parliamentary speech as King, Diligent convened a panel of governance and controls experts to discuss the way forward. Board Agenda’s Editor Gavin Hinks, was joined by internationally renowned GRC pundit Michael Rasmussen, risk controls and compliance expect Carolyn Clarke of Brave Consultancy, and Andy Kemp, chair of the Audit Committee Chairs Independent Forum (ACCIF).
In brief summary, the omission of primary legislation from the King’s speech has arrested the main external audit reforms that would have created the proposed Audit, Reporting and Governance Authority and introduced the statutory definition of new public interest entities. Earlier in the month, the government also halted the progress of secondary legislation that would have introduced the audit and assurance policy, resilience statement, fraud risk disclosure, and capital distribution disclosure.
The third element in the mix is the FRC’s planned reforms to the UK Corporate Governance Code, which reflected many aspects of the reform legislation and introduced a stronger requirement for declarations relating to internal controls. Shortly after the King’s speech, the FRC published a policy statement confirming that it was scrapping over half of the original proposals, “including those relating to the role of audit committees on environmental and social governance and modifications to existing code provisions around diversity, overboarding, and Committee Chairs engaging with stakeholders.”
Crucially, the FRC revealed that it does plan to continue work on proposals on internal controls, but with revisions resulting from its consultation with stakeholders.
Initial reactions to reform disarray
The panel agreed that the disruption to the reform programme was a shock and questioned the government’s messaging. “It was a shock to see those things go,” said Andy Kemp, “because there had been a level of support for the audit and assurance policy and resilience reporting. I was very surprised when the government said there had been pressure from the market, because that pressure was not obvious until the government mentioned it.”
Michael Rasmussen feels that scrapping the resilience statement will be a loss to British companies, saying, “Organisations want to be resilient,” noting that he is working with a firm that is rebranding its audit department as the ‘audit and resilience’ department because, “departments are scared of risk, they pass that round like hot potatoes, but ‘resilient’ … everyone wants to be that.”
This discussion took place prior to the FRC publishing its plan to continue focus on internal controls, but Carolyn Clarke’s view was prescient: “I am pro internal controls but not in their current form. We do have to be confident that if we are making commitments and disclosures in the annual report or elsewhere, they are accurate and grounded in the right processes, but we have got in a pickle with these proposals and the US [SOX] way of thinking has created some of that confusion.” She went on to describe a principles-based approach where controls are in place for the specific commitments that are made.
Andy Kemp noted that ACCIF members had raised major concerns about the scale and scope of the proposed internal controls changes, with the response to the consultation making it clear that compliance would involve significant effort to get to a level where the board is comfortable with external reporting requirements.
Where next for UK corporate governance and audit?
Companies that have devoted considerable time and resources to preparing for the reforms are understandably feeling disappointed and disillusioned. These are organisations that were ready to embrace reforms and build robust systems and processes. Carolyn Clarke noted: “Companies that genuinely want to be doing the right thing will continue with elements of this. We have a population of people for whom this is really distressing, who have been recruited on the basis that these requirements are coming and are now not sure about what their jobs mean and whether they still have one. There are real people at the heart of this.”
Looking forward, the panel sought to find silver linings and a road ahead. Carolyn raised the point that calling the proposals “audit reforms” has created too narrow an interpretation of a range of measures that are much more wide-ranging than that. “We have quite a confused and complicated range of measure and we don’t understand how they fit together.” There is a sense that businesses could take this opportunity to take stock and think more cogently about how to do business better.
The panel had several pieces of advice for companies wondering what to do next:
- Look at the overall trajectory of governance, urged Michael Rasmussen. The reforms may have been shelved but their core principles remain sound. There is a growing focus on transparency, resilience, and greater individual accountability and companies should prepare their systems and culture.
- Keep the parts that made sense, said Andy Kemp. If an audit and assurance policy adds value to your business, keep it. If you already have a controls structure planned, roll it out. Think about the parts that were going to benefit your business and preserve, nurture and promulgate those.
- Focus on developing a confident controls culture across the business. The right controls are good for business and the culture around them is critical. This must start at the top with boards adopting a pro-control attitude and displaying behaviours that drive adoption throughout the business.
- Think resilience. Reshape risk management around resilience to create a more positive and proactive conversation around risk. Understand that discussing risk and related controls can be subjective and sometimes adversarial. Seek to create a safe space for meaningfully discussing risk and controls that is not as intense as the “nuclear option” of whistleblowing.
Michael Rasmussen quoted the legendary Ted Lasso saying: “Doing the right thing is never the wrong thing”, and went on to add that, “80% of compliance is a natural by-product of running a good business.” Carolyn added that, “the expectation is there that we should have well-run businesses and have the right culture that faces directly into the obligations that we have to do the right thing.”
Good business is not about being told what to do andcomplying with it. It is about doing it as part of your business operations. Companies now have a bit of breathing space without compliance deadlines hanging over their heads, but continuing to work towards effective controls, rigorous reporting, and good corporate governance will always be worthwhile, whatever shape reforms ultimately take.
Learn more about the technology that can help you implement an effective governance, risk and compliance programme throughout your business.
