Skip to main content

Newsflash – Government response: Restoring Trust in Audit and Corporate Governance

1 June 2022

Today the Department of Business, Energy & Industrial Strategy (BEIS) has issued the Government’s response to last year’s White Paper ‘Restoring trust in audit and corporate governance’. This summarises the feedback that BEIS received from stakeholders on the White Paper and sets out the measures it intends to progress with.

The response is long (almost 200 pages) and covers proposals which impact a number of different market participants most notably, company directors, auditors and professional bodies. It does not set out a precise timetable, but rather outlines the actions to be taken, including what the Government intends to ask of the regulator and other stakeholders. The reforms will be delivered by a variety of mechanisms over a period of several years with a focus on targeted and proportional benefits, noting that the overall cost of implementation has been reduced from the previous White Paper. The Government has also signalled its intention to explore potential deregulatory measures. The mechanisms to be used include:

  • Market developments, for example in the demand for assurance services beyond audit, from PIEs and other significant companies;
  • Work by professional bodies, for example to enhance members’ training and development;
  • Changes by the regulator: to the UK Corporate Governance Code that currently applies to premium listed companies, and ongoing improvements to audit standards;
  • A Ministerial Direction that lays the foundation for the introduction of PIE auditor registration by the Financial Reporting Council (FRC) in the near future;
  • Secondary legislation (statutory instruments), which could be used to establish new reporting requirements for PIEs (for example, a Resilience Statement and reporting on distributable profits); and
  • Primary legislation (a Bill in Parliament), which the Government is preparing initially to publish in draft, for subsequent introduction when Parliamentary time allows, to establish a new regulator and set its powers, objectives and duties.

Below we have provided a high-level summary of the main policy areas indicating through which mechanism they will be taken forward. Later we set out more detail for each proposal. We do not provide a Deloitte view in this document.


Summary

Consultation on broadening PIE definition

Primary legislation

New regulatory regime for directors

Powers to ARGA & Changes to the Code

Attestation on internal controls

Changes to the Code

Publication of principal risks & audit plan for engagement with shareholders

Powers to ARGA

The Resilience Statement

Secondary legislation

“Front Half” assurance

To be led by market developments

Board statement on the legality of dividends

Primary legislation

Increased directors’ obligations in relation to fraud

Secondary legislation

Payment practices

To be considered separately

Supervision of corporate reporting

Powers to ARGA

Minimum standards and regulatory oversight of audit committees

Powers to ARGA

The Audit & Assurance Policy

Secondary legislation

A new professional body for corporate auditors

Work by professional bodies

Principles of Corporate Auditing

Changes by the regulator

Enhanced auditor reporting

Changes by the regulator

Publication of Audit Quality Review (AQR) reports

Changes by the regulator

Managed shared audits for the FTSE 350

Powers to ARGA

Operational separation of audit practices

Powers to ARGA

Establishment of Audit, Reporting and Governance Authority (ARGA)

Primary legislation

 

One key element of the reform package is the proposed extension of the definition of the Public Interest Entity. This proposal will be taken forward through primary legislation but the scope of the definition has been amended from the White Paper proposals so that companies with 750 or more employees and at least £750m annual turnover will be classified PIEs. The Government has decided to implement a tiered approach for the proposals as follows:

All PIEs

  • Within scope of Corporate Reporting Review and Directors enforcement regime

Tiered Requirements

PIEs due to new size based criteria (>750 employees and >£750m turnover)

  • Not required to have an Audit Committee, retender audit every 10 years or rotate auditor every 20 years
  • Subject to new corporate reporting requirements (Resilience Statement, Audit and Assurance Policy – including disclosure of planned internal control assurance, Fraud Statements, Dividends and Distributable Reserve disclosures)

Small PIEs (<750 employees and <£750m turnover)

  • Not subject to new corporate reporting requirements (relating to: Resilience Statement, Audit and Assurance Policy, Fraud statements; Dividends and disclosure of distributable reserves)

Premium Listed Companies (those reporting under UK Corporate Governance Code)

  • Explicit directors statement on effectiveness of internal controls and basis for assessment

The Government has also announced today that it will review wider reporting burdens on large and small businesses including those from retained EU law. Areas such as the definition of micro-enterprises and the reporting requirements on smaller public interest entities will be reviewed.

Further information

The full paper is available to download here

The White Paper and supporting documents are available from this address.

Our library of governance publications is available to help you at www.deloitte.co.uk/governancelibrary.

The Deloitte Academy

The Deloitte Academy provides support and guidance to boards, committees and individual directors, principally of the FTSE 350, through briefings on relevant board topics. The Deloitte Academy is available to board directors of listed companies.

Members receive copies of our regular publications on Corporate Governance and a newsletter. A dedicated members’ website www.deloitteacademy.co.uk is made available so members can register for briefings and access additional relevant resources.

For further details about the Deloitte Academy, including referring colleagues for membership, please email enquiries@deloitteacademy.co.uk.

The response makes clear that the timescale for implementation of some measures is expected to stretch over several years, noting that the granting of powers to ARGA will require primary legislation, and that changes to secondary legislation or the Code will necessitate further consultation. The detail will depend not only on Parliament but also on Ministers’ assessment of the economic circumstances at the time. The Government has committed to give careful consideration to the appropriate minimum lead times to apply, so that market participants can be assured that the pace of change will be measured and manageable.

As a key plank of these reforms, the Government’s intention is to create ARGA and equip it with its powers at the earliest possible juncture, since many of these factors represent work that ARGA will need to do. The timescale for this and other legislative measures will depend on the availability of Parliamentary time and on Parliament’s agreement to the Government’s proposals.

The FRC has indicated that, ahead of Government legislation, it will shortly be outlining an extensive work plan to advance reforms which can be developed through existing powers or on a voluntary basis.

Quote from Rt Hon Kwasi Kwarteng MP, Secretary of State for Business, Energy & Industrial Strategy

“Good guidance and support from an improvement-minded regulator will play a vital role in helping companies achieve and demonstrate high standards. Alongside this, we will ensure that all of the main parties who play a role in financial reporting can be, and are, held to account if they fail to fulfil their responsibilities.”

Quote from Sir Jon Thompson, CEO Financial Reporting Council

“It was pleasing to see during the consultation process overwhelming stakeholder support for the creation of ARGA with strengthened powers to ensure investors, employees, pensioners and suppliers are better protected against the consequences of corporate failure.

The Government’s decision not to pursue the introduction of a version of the Sarbanes-Oxley reporting regime is, the FRC believes, a missed opportunity to improve internal controls in a proportionate, UK-specific manner. We know that well-run companies contribute to a stronger, healthier economy overall.”

"While we await the final piece of the legislative jigsaw, the FRC will continue to do all in our power to ensure that audit and corporate reporting standards remain high to ensure better outcomes for stakeholders"

 

Quote from Stephen Griggs, UK Managing Partner, Deloitte

“This marks a key step forward in the audit and corporate governance debate. While we await more details on the measures and clarity around timings, it is an opportunity to further strengthen the UK’s corporate reporting system and drive trust in business – which must push ahead at pace.”

It is a long document and this summary reflects that. We have organised this briefing into sections and have summarised the most significant proposals:

  • Proposals in relation to the responsibilities of, and reporting by directors
  • Proposals impacting the work of audit committees
  • Proposals on the future of audit
  • Proposals for the future of the FRC

1. Definition of public interest entity

 

Companies with 750 or more employees and at least £750m annual turnover will become PIEs. This will mean that the new regulator will be able to scrutinise their reporting and audit and companies within scope will need to meet new transparency requirements.

Companies traded on AIM or other multilateral trading facilities, Limited Liability Partnerships and third sector entities will also be PIEs if they meet this 750:750 test. The Government also commits to allowing an adequate period between an entity exceeding the new 750:750 threshold and being subject to any new requirements.

Further the Government plans to implement a tiered approach which will mean that entities which are PIEs because the new size-based threshold will not be required to have an audit committee, to retender the audit every 10 years and to rotate auditor every 20 years to entities that are PIEs because of the new size-based threshold.


2. New regulatory regime for directors

The Government will give the new regulator, ARGA, powers to enforce all PIE directors’ statutory duties relating to corporate reporting (front half and financial statements) and audit. The new civil enforcement regime will be targeted, proportionate and transparent, and directors will only be accountable for what could reasonably be expected of a person in their position.

The Government wishes to avoid overlap or duplication of enforcement, so ARGA will work closely with other regulators to manage this. The Government will also work with the FRC to consider the best way to hold directors of PIEs to account if their conduct falls short of certain behavioural expectations, such as engaging in dishonest conduct, where this relates to their duties around corporate reporting and audit. ARGA will set out what it reasonably expects of PIE directors by way of compliance with their legal duties.

The Government will also invite the regulator to consult on changing the UK Corporate Governance Code to provide greater transparency about the malus and clawback arrangements that companies have in place so remuneration can be withheld or recovered from directors for misconduct, misstatements, and other serious failings.


3. Attestation on internal controls

The Government will invite the regulator to strengthen the UK Corporate Governance Code for premium listed companies to provide for an explicit directors’ statement about the effectiveness of the company’s internal controls and the basis for that assessment, and to work with companies, investors and auditors to develop appropriate guidance. The Government agrees that directors should be more open and accountable for operating an effective internal control system, not only for financial reporting but also for wider operational and compliance risks.

The Government expects that this would be underpinned with guidance on how boards should approach the preparation of the statement, which would be developed following a review of the FRC’s existing Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. This guidance would be intended to cover the identification of acceptable standards, benchmarks or principles and address definitional issues and the circumstances in which external assurance might be considered appropriate.

The intention is that the new Audit and Assurance Policy (discussed below) will require companies to state whether or not they plan to seek external assurance of the company’s reporting on internal controls. The FRC will be asked to explore with investors and other stakeholders whether and how the content of the auditors’ report could be improved to provide more information about the work auditors have undertaken on the internal controls over financial reporting.


4. Publication of principal risks & audit plan for engagement with shareholders

The Government believes that the most appropriate way to encourage shareholder engagement with audits is to include appropriate provisions in the audit committee requirements that ARGA will have the power to put in place. Those powers will need to be somewhat wider than those proposed in the White Paper to allow the new audit committee requirements to cover the ability for shareholders to consider and respond on the audit plan and to consider the risk report. The changes would also enable greater engagement with the auditor at the AGM of the company.


5. The Resilience Statement

The Government confirms companies which are Public Interest Entities with 750 employees or more and an annual turnover of at least £750m will be required to provide a Resilience Statement

Identification of material resilience matters

Recognising that mandating a common set of risks to be addressed in every statement would cut across the directors’ responsibility to identify, manage and report on those risk and resilience issues that are most material to their business, the Government intends to legislate for companies to report on matters that they consider a material challenge to resilience over the short and medium term, together with an explanation of how they have arrived at this judgement of materiality. In doing so, companies will be required to have regard to the following:

  • any materially significant financial liabilities or expected refinancing needs occurring during the assessment period of the short and medium term sections of the Resilience Statement;
  • the company’s operational and financial preparedness for a significant and prolonged disruption to its normal business trading;
  • significant accounting judgements or estimates contained in the company’s latest financial statements that are material to the future solvency of the company;
  • the company’s ability to manage digital security risks, including cyber security threats and the risk of significant breaches of its data protection obligations;
  • the sustainability of the company’s dividend policy;
  • any significant areas of business dependency with regard to the company’s suppliers, customers, products, contracts, services or markets which may constitute a material risk; and
  • the impact on the company’s business model of climate change, to the extent that this is not already addressed by the company in other statutory reporting.

Length of the assessment period

Following the consultation, the Government intends to replace the proposed five-year mandatory assessment period for the combined short- and medium-term sections of the Resilience Statement with an obligation on companies to choose and explain the length of the assessment period for the medium-term section.

Principal risks and uncertainties

In the interest of integrated and holistic reporting on risk and resilience, the Government intends that companies within scope be given the flexibility to report their principal risks and uncertainties within the short- and/or medium-term sections of the Resilience Statement, noting that different kinds of risk or uncertainty may crystallise or resolve over different time periods.

Reverse stress testing

The Government intends to continue with its proposal that companies within scope of the Resilience Statement should perform reverse stress testing. However, in light of the consultation feedback, companies will be required to perform at least one reverse stress test rather than a minimum of two. This means that the Resilience Statement will require a company to:

  • identify annually a combination of adverse circumstances which would cause its business plan to become unviable;
  • assess the likelihood of such a combination of circumstances occurring; and
  • summarise within the Resilience Statement the results of this assessment and any mitigating action put in place by management as a result.

Guidance

Supporting guidance by the regulator will set out more detail of how the potential materiality of these matters should be considered as well as on the Resilience Statement as a whole.

Existing viability statement requirements under the Code

The intention is that the existing viability statement provision in the Code (Provision 31) will no longer apply after the Resilience Statement enters into force.


6. Front half assurance

The Government will leave the market – companies, directors, investors – to shape the development of an enhanced wider assurance services market in the coming years, stimulated by the requirement to publish an Audit and Assurance Policy (see below).


7. Capital maintenance

The Government intends to require qualifying companies or, in the case of a UK group, the parent company only, to disclose their distributable reserves, or a “not less than” figure if determining an exact figure would be impracticable or involve disproportionate effort. Those in scope will be PIEs with 750 or more employees and an annual turnover of at least £750m. Companies will be asked to provide a narrative explaining the board’s long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and how this distribution policy has been applied in the reporting year. The Government also intends to require directors of such companies to make an explicit statement confirming the legality of proposed dividends and any dividends paid in-year.

Disclosing an estimate of the dividend-paying capacity of the group as a whole will be encouraged rather than a required element of reporting. The Government will task ARGA with issuing guidance on what should be treated as “realised” profits and losses for the purposes of determining distributable reserves.

The Government has decided not to proceed with the proposal for a directors’ assurance that a dividend would not be expected to jeopardise the future solvency of the company over a period of two years.


8. Directors’ obligations in relation to fraud

The Government intends to legislate to require directors of PIEs with more than 750 employees and an annual turnover of at least £750m to report on actions they have taken to prevent and detect fraud; auditor responsibilities will be unchanged whilst the regulator assesses recent changes made to relevant auditing standards.


9. Payment practices

The Government has recently completed a statutory post-implementation review of the existing Reporting on Payment Practices and Performance Regulations 2017. As confirmed in that review, the Government now intends to consult on whether these regulations should be amended to further enhance transparency and accountability in supplier payment reporting.


10. Supervision of corporate reporting

The Government intends to ensure that ARGA can direct changes to company reports and accounts, rather than having to seek a court order, along with powers to publish summary findings following a review. In addition, the Government will extend the regulator’s powers to cover the entire contents of the annual report and accounts so that it can review areas that are not currently within scope, such as corporate governance statements and directors’ remuneration and audit committee reports as well as voluntary elements such as the CEO's and chairman’s reports.

1. Regulatory framework for audit committees

The Government intends to proceed with giving ARGA the power to set minimum requirements on audit committees in relation to the appointment and oversight of auditors. The scope of these requirements will be set out in legislation and the Government intends that they should apply initially to FTSE 350 companies. Once the requirements have been implemented, ARGA will monitor their impact.

The Government has concluded that it is not appropriate or necessary to provide a power for ARGA to place an independent observer on the audit committee and also that it will not legislate to give powers to ARGA to appoint an independent auditor in certain circumstances.


2. The Audit & Assurance Policy

The Government confirms that the Audit and Assurance Policy (AAP) will apply to companies which are Public Interest Entities with 750 employees or more and an annual turnover of at least £750m.

Period covered by the AAP

The intention is that the AAP should be published every three years, to give companies sufficient time to review their existing assurance arrangements and gather shareholder and other views before bringing forward a new AAP. This triennial publication will, however, be complemented by an annual implementation report, in which the directors (typically through the audit committee) provide a summary update of how the assurance activity outlined in the AAP is working in practice.

Advisory shareholder vote will not be required

The Government is not proceeding with the proposal that the AAP should be subject to an advisory shareholder vote. However, in the absence of a vote, the Government will make it mandatory that companies state within the AAP how they have taken account of shareholder views in its development. Employee views will also be required to be taken into account.

Mandatory minimum content

The AAP will be required to set out whether, and if so how, a company intends to seek independent (external) assurance over any part of the Resilience Statement or over reporting on its internal control framework. It will also the require companies to describe their internal auditing and assurance process and their policy in relation to the tendering of external audit services.

Understanding the nature of assurance

In order to facilitate a clear understanding of how any independent (external) assurance commissioned by a company beyond the statutory audit meets commonly recognised assurance standards or models, the AAP will be required to state whether any independent assurance proposed within it will be ‘limited’ or ‘reasonable’ assurance, as defined in the FRC’s Glossary of Terms, or whether an alternative form of engagement or review, as agreed between the company and the external provider, will be undertaken. The AAP will also be required to state whether any independent assurance beyond the statutory audit will be carried out according to a recognised professional standard, such as the International Standard on Assurance Engagements (ISAE) (UK) 3000 (covering assurance other than audits of historical financial information).

Audit committee reporting

The Government confirms that, for PIEs that are required to produce an audit committee report, the triennial AAP and the annual implementation report on the AAP should be published within the same section of the annual report as the audit committee report.

1. A new professional body for corporate auditors

Rather than trying to create a new professional body for auditors that is independent of the existing accountancy professional bodies, the Government will ask professional bodies to improve auditor qualifications, skills, and training in order to help create a more effective and distinctive audit profession.

2. Principles of Corporate Auditing

The regulator is asked to seek to raise standards of auditor behaviour using its existing powers, for example by incorporating aspects of the principles proposed in the Brydon Review that are not already covered in existing standards, in order to improve audit quality.

3. Enhanced reporting by auditors

The regulator is asked to seek to deliver change in this area through ongoing improvements to auditing standards and guidance, to help ensure auditors are fully and consistently considering wider information in reaching their audit judgements. This includes the regulator effectively enforcing UK standards whilst also influencing the development of international standards in this regard.

4. Publication of AQR reports

The Government is asking the FRC to look at non-legislative ways of improving the AQR process and continuing to seek consent from audit firms and audited entities where possible before publication. In addition, the Government is asking the regulator to engage with investors and other users to improve the usefulness of the information published in an AQR report.

5. Managed shared audits

The Government will legislate to require UK-incorporated FTSE 350 companies to appoint a challenger as sole group auditor or, alternatively, appoint a challenger firm to conduct a meaningful proportion of its subsidiary audits within a shared audit. This ‘managed shared audit’ requirement will be introduced on a phased basis. In recognition of the scale and complexity of certain audits, the requirement will be subject to an exemption's regime that ARGA will operate.

In addition, the Government will make powers available for ARGA to operate a ‘market share cap’, either in the event of a significant firm collapse or in the event that further intervention is required once managed shared audit has had an opportunity to take effect. The Government and the regulator will continue to work together to identify further non-legislative opportunities to increase choice in the audit market and to stimulate a pipeline of potential market entrants.

6. Operational separation

The Government will legislate to give ARGA powers to require an ‘operational separation’ of the largest firms: this proposal will require enhanced governance of the audit practice with a view to promoting greater professional scepticism within multi-disciplinary firms.

1. Establishment of the Audit, Reporting & Governance Authority (ARGA)

The Government’s package of reforms will give ARGA a range of statutory responsibilities and powers that the FRC does not have. These include formalised responsibility for overseeing the accounting and actuarial professions, a stronger role in auditor registration, and new powers to tackle breaches of company directors’ duties relating to corporate reporting and audit. Ministers will have flexibility as to when specific powers and reforms come into force, and will ensure that ARGA has the time and resources to establish the necessary capability.

The regulator will have statutory powers to oversee the professional bodies’ regulation of the accountancy profession and to investigate and sanction accountants in public interest cases relating to corporate reporting.

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey