Newsflash - FRC Review of corporate governance reporting

The FRC has published its ‘Review of Corporate Governance Reporting’ which is based on a review of a sample of 100 companies drawn from the whole premium listed market. The comprehensive report presents the findings from the review and sets out the FRC’s expectations for the future application of the Code and reporting. The issue of this report is a positive example of the FRC’s positioning as an improvement regulator as it transitions to ARGA. It should be studied carefully by all those involved in the preparation of the annual report. In addition, reviewers, particularly members of the audit committee, should ensure that their companies are well prepared in advance of their year ends to address the recommendations and to consider matters for ongoing improvement.

The report highlights areas of high-quality reporting, but also draws attention to improvement needed in areas such as disclosures on board appointments, succession planning and diversity. The report also found that more focus on reporting the effectiveness of internal control and risk management systems would enhance the level of confidence in the company’s control framework.

In the foreword Sir Jon Thompson makes the following point:

“As the FRC transitions to ARGA we will continue to work with companies to deliver the highest standards of practice and reporting, going beyond declarations of intent or boilerplate comments but clearly demonstrating the impact of actions.”

In last year’s review of corporate governance reporting, the FRC expressed its disappointment in the way that companies had met the new 2018 Corporate Governance Code. This year they identify a general improvement in reporting. The review highlights the continuing need for high quality governance which is linked to effective decision-making by Boards and management and for greater clarity as to how a company is applying the Code’s principles and clearer explanations where there are departures from the Code provisions so that shareholders and stakeholders have greater confidence in the quality of governance.

The review starts by making clear that the FRC believes that good reporting is characterised by clear and consistent explanations, supported by real-life examples of application and cross-referencing between related initiatives and sections.

The report reiterates expectations set out in last year’s review and, where relevant, introduces new expectations to support the findings from this year’s assessments of governance reporting. There should be:

• Greater attention on the alignment between reported good governance and company practices and policies, strategy and business models.
• Increased focus on assessing and monitoring culture by using different methods and metrics and providing clear evidence of a feedback loop.
• Better reporting of succession planning, and how this links to assuring the make-up of the board and delivering diverse challenge.
• Improved reporting on outcomes and actions, rather than declarations or statements of intent without detail, e.g. reporting on the performance of particular decisions, which may come in the form of key metrics supported by narrative or case studies. Statements in relation to climate commitments are an example of where detail is required.
• Specific disclosure of the governance structure (who and what) and processes (how and when) in place to manage risk that clearly demonstrates the way that the company identifies, monitors and mitigates risks.
• Better explanation of how executive remuneration is aligned to a company’s purpose, values and strategy.

In addition, the FRC draws attention in particular to ensuring clarity in the disclosures of:

• departures from any Code provision and supporting explanation;
• engagement with shareholders and the workforce in relation to remuneration, and the impact on remuneration policy and outcomes;
• the impact of engagement with stakeholders, including shareholders, on decision-making, strategy and long-term success;
• where suppliers are identified as a key stakeholder group, the methods utilised for engagement with suppliers to reduce risks and ensure continuity of supply;
• how the board has assessed the level of climate-related risk and, as a result of that assessment, oversees climate-related risks, as well as other committees and initiatives involved in the decision-making process;
• diversity policies together with objectives and targets and demonstrating their connection to company strategy;
• the process for how the board has determined the company’s risk appetite and the risk appetite for each of the company’s principal risks; and
• the outcome of the review of the risk management and internal control systems.

Review of the risk management and internal control systems – enhancing the quality of reporting

The report makes clear that, following a review of the effectiveness of risk management and internal control systems (as required by Code Provision 29), the FRC expects that companies should comment on the outcome from the review.

“If they are satisfied that their systems are operating effectively, they should state this in the annual report. Similarly, any identified inefficiencies or weaknesses should be specified in the report, followed by an explanation of any remedial actions that have been or will be taken.”

As a reminder, Code Provision 29 states the following: “The board should monitor the company’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness and report on that review in the annual report. The monitoring and review should cover all material controls, including financial, operational and compliance controls.” This is supplemented by paragraph 58 in the existing Guidance which states that: “The board should summarise the process it has applied in reviewing the effectiveness of the system of risk management and internal control. The board should explain what actions have been or are being taken to remedy any significant failings or weaknesses.”

The positive statement about effectiveness suggested in this report represents a clear statement of intent from the FRC around direction of travel. The UK Corporate Governance Code and its underpinning guidance is already demanding of boards, but reporting in annual reports is not as comprehensive as the FRC would like. In recent speeches Sir Jon Thompson has indicated that the FRC could use the Code as a vehicle for raising the bar on internal controls if the government decides not to legislate. The FRC now expects companies to report on the outcome of their reviews, moving the bar up from current practice where most companies just describe that they have undertaken the annual review, without giving detail of the process followed and outcomes from the review.

However, moving toward providing a positive statement on whether risk management and internal control systems are operating effectively requires careful consideration by the board and audit committee, including assessment against a controls framework such as the one we shared in ‘Internal controls and the board: What is all the fuss about?’. The level of supporting evidence also needs to be carefully considered. It is also important to remember that Code Provision 29 covers all material controls, not just financial reporting controls.

Companies intending to make these effectiveness disclosures should reflect carefully on the framework and process to support any additional disclosure. They should hold discussions with their auditors – as there will be implications for auditors as auditing standard ISA 720 requires them to specifically conclude whether the section of the annual report that describes the review of effectiveness of risk management and internal control systems is materially consistent with the financial statements and the knowledge obtained during the audit. Auditors will need to consider the level of work required to reach a conclusion on a statement which provides a positive confirmation that systems are operating effectively.

To read the full FRC Review of corporate governance reporting click here.