Internal controls are fundamental for high-quality and reliable corporate reporting

Deloitte believes that high-quality and reliable corporate reporting, including future sustainability information, is of paramount importance for both capital markets and society in Europe. It helps protect stakeholders against unexpected corporate failures, channels finance to strong, sustainable businesses, and encourages cross-border investments. Internal controls that are effectively designed, operated, and maintained, with appropriate oversight, are fundamental to high-quality corporate reporting.

To this end, we welcome the EC’s holistic approach, which aims to address possible shortcomings in the corporate reporting ecosystem. We support evidence-backed and proportionate changes to EU legislation in the three pillars (corporate governance, statutory audit, and supervision both of auditors and companies), to help safeguard the long-term sustainability of enterprises and improve the reliability of corporate reporting.

Management’s role is key to designing, implementing, and maintaining effective internal controls

The primary responsibility for the quality and integrity of corporate reporting rests with the company’s management and board. Consequently, management should design, implement, and maintain effective internal controls over corporate reporting, as well as assess their effectiveness, under an established, reliable, and well-understood internal control framework aligned to the key risks in the entity’s business model, including a focus on the risk of fraud and going concern. In this context, enhanced requirements for management to publicly assess the proper design and the operating effectiveness of the company´s relevant internal procedures and controls are key to greater reliability of financial reporting.

Deloitte supports EU legislative proposals that further contribute to audit quality and the value that an audit provides

External auditors are responsible for delivering audit services with quality and integrity, in accordance with appropriate standards. Later in this article we refer to research that shows:

• The external auditor’s ability to conduct a high-quality financial audit would benefit from an increase in the quality of the internal control environment of the audited company and the effectiveness of the company’s corporate governance

• High quality external audits of the system of internal controls pertaining to financial reporting benefit the quality of the overall information in financial statements and increases the entity’s focus on their control system.

Therefore, we support EU legislative proposals that: i. require the auditor to audit the design, implementation, and operating effectiveness of relevant internal controls, and; ii. set standards to issue an associated assurance report.

In addition, we believe that any future developments that will further contribute to audit quality and the value that an audit provides, will also increase the attractiveness and credibility of the audit profession, which in turn will help it provide enduring support to capital markets.

Changes to the EU’s legislative framework should be scalable and proportionate. We recognize that designing and maintaining effective internal controls can be more challenging for smaller companies, so the legislation could exclude smaller issuers in the initial phase, with the option to change the threshold at a later stage. Smaller listed companies could, of course, elect to report on the effectiveness of internal controls and obtain an auditor’s assurance too, on a voluntary basis.

Components of an optimal EU legislative and regulatory framework to evaluate and report on internal controls systems

Download the full article for an overview of the current EU legislative and regulatory landscape.

Get in touch

• Pablo Zalba, Managing Director Deloitte EU Policy Centre

• Jens Loeffler, Deloitte EU Audit Policy Leader

• Alessandro De Luca, Public Policy Leader Deloitte Italy