The FRC has issued the updated UK Corporate Governance Code (“the Code”) following a consultation last year as part of the ‘Restoring trust in audit and corporate governance’ reform package.
The Government had asked the FRC to use a Code-based approach to strengthen boardroom focus on internal control matters rather than introducing a legislative framework and, further to changes in Government policy around other aspects of the reform agenda, this represents the most significant change to the new Code although changes have been made to the proposal which was previously consulted on.
We set out below:
Final form of the declaration on the effectiveness of the risk management and internal control framework
With the ultimate aim of strengthening board accountability for the effectiveness of the risk and internal control framework, there has been a change to the relevant Code Principle: “The board should establish a framework of prudent and effective controls, which enable risk to be assessed and managed” is replaced by “The board should establish and maintain an effective risk management and internal control framework”.
This amended Principle is reinforced by an extension of the existing Code provision (Provision 29) in relation to the board’s responsibility to monitor the company’s risk management and internal control framework and, at least annually, carry out a review of its effectiveness. Building on this review and monitoring activity, it is proposed that the board provides the following disclosure in the annual report:
Importantly, we now know that this new declaration will cover, in line with the board’s review and monitoring responsibilities, “material controls” noting that this has been changed from “financial, operational and compliance” to “financial, operational, reporting and compliance”. So including a specific “reporting” control consideration intended to cover controls over both financial and non-financial reporting.
The FRC press notice states that it is for a board to determine what should comprise its material internal controls noting that the needs for each business may vary and that the level of maturity of non-financial controls for some businesses may not be, or need to be, as mature as for their financial controls. Further, the FRC states that it is for the board to determine what level of maturity is right for its business and their own levels of required assurance in relation to the effectiveness of these controls.
The final wording of the declaration also removes any suggestion of a need for “continuous monitoring” of internal controls which had concerned many respondents. The declaration of effectiveness will now be as at the balance sheet date. In addition, reference to identification of “material weaknesses” has been removed to provide further differentiation from language used in other jurisdictions.
The FRC believes that this new approach is a targeted, proportionate and balanced response to meeting enhanced investor and stakeholder expectations for better governance reporting around risk management and internal controls whilst minimising reporting burdens on businesses. Also that this approach, which is principles based and relies on boards making their own judgments on what is material, is better suited for the UK commercial and governance framework than more intrusive and prescriptive approaches required in other jurisdictions.
Other proposals being taken forward which boards should focus on
Proposals which have been dropped
Timeline for implementation of the updated Code
The updated Code will apply to accounting periods commencing on or after 1 January 2025 with the exception of Provision 29 – the declaration on the effectiveness of the risk management and internal control framework – which will apply to accounting years commencing on or after 1 January 2026 to allow sufficient time for implementation. Until then, existing Provision 29 of the 2018 UK Corporate Governance Code applies.
Expectations around the supporting guidance
The updated Code will be supported by updates to all supporting guidance: Guidance on Board Effectiveness, Guidance on Risk Management, Internal Control and Related Financial and Business Reporting and Guidance on Audit Committees. These pieces of guidance are currently three standalone documents but we understand that going forward they will be combined into a single interactive resource which is connected directly to the relevant sections of the Code.
The updated guidance will be issued on 29 January 2024. The FRC stresses that the guidance should not be viewed as part of the Code and should not be seen as a requirement of the FRC. It is aimed at contributing helpful context to a board’s consideration of how they might go about complying with the Code. The FRC explains that, in preparing the guidance, it has drawn on the expert advice of its Stakeholder Insight Group which represents a cross-section of those with a keen interest in the Code such as preparers and investors.
Further information
To access the updated Code click here.