AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News round-up: January/February 2022

Call for better Covid and climate risk disclosures

Companies are struggling to provide stakeholders with enough detail about how the disruption caused by Covid-19 may have impacted their business, according to the UK’s corporate governance regulator. In its annual review of corporate governance, the Financial Reporting Council (FRC) found it was not always clear whether companies’ judgments and estimates factored in any future uncertainty about how assets and liabilities could be affected by ongoing issues such as the pandemic and Brexit.

It cited revenue recognition and cash flow statements as particular areas of concern.

The FRC said climate-related risk disclosures would be at the heart of its monitoring this year as premium-listed companies whose accounting periods began on, or after, 1 January 2021 will have to report against the Task Force on Climate-related Financial Disclosures’ (TCFD) recommendations on a “comply or explain” basis.

The FRC also said it expected material climate change policies, risks and uncertainties to be included in narrative reporting and “appropriately considered and reflected” in companies’ financial statements. 

 

Trust is key element in “great resignation” risk

More than half (54 per cent) of employees are considering leaving their job in the next 18 months, while 59 per cent say they will start looking for a new job if they do not feel that their employer is acting to accommodate their “work values”, according to research by employee benefits company MetLife.

A quarter of the employees surveyed said they believed that their employer’s response to Covid-19 has either “somewhat” or “significantly” weakened the trust between employers and employees. Almost three-quarters (71 per cent) of workers said that they think their employers have a social responsibility to them. 

Covid exposes risk management weaknesses

Risk management practices are too often failing to keep pace with risk realities and to reflect today’s global environment, according to researchers at global accounting body AICPA-CIMA and North Carolina State University. Their report, The 2021 Global State of Enterprise Risk Oversight, warned that organisations should consider changing their risk management processes to improve their strategic decision-making.

The report found that Covid-19 dramatically interrupted strategic decisions, triggered significant operational surprises, and introduced new, potentially long-lasting risks for organisations across the world.

However, it also highlighted opportunities for most organisations to strengthen the way they integrate their risk insights into their strategic decision-making processes. 

Chinese and US risk leaders most confident on anti-bribery controls

Risk leaders in companies in China and the US are the most confident about their approaches to mitigating bribery and corruption risk, according to a new global benchmark report by consultancy Kroll.

The firm’s 2021 Global Fraud and Risk Report found that 93 per cent of respondents based in China believed that their organisation’s anti-bribery and anti-corruption (ABC) controls are effective, followed by 89 per cent of US respondents who believed the same. In terms of board-level support for ABC initiatives, China once again led the way with 94 per cent of respondents claiming that this support was sufficient. Singapore followed with 85 per cent saying this, while 84 per cent in the US, UK and Italy were equally confident.

At the other end of the spectrum, 54 per cent  of respondents in Colombia said they believed more boardroom attention was needed, followed by 45 per cent in the Middle East, 42 per cent in Australia, 40 per cent in Canada and 38 per cent in Russia.

Researchers found that 86 per cent of respondents across the world use data analytics to detect bribery and corruption risk proactively. This is particularly common in China, Singapore, Italy, India, the UK and the US.

However, they also found that few companies worldwide have updated their risk assessments to account for the changing post-Covid-19 landscape and warned that this could make many current risk assessments insufficient.

Furthermore, while, on average, 74 per cent of respondents believed their internal control frameworks are effective, the researchers warned that only 60 per cent of respondents in the banking sector believed this. 

Most large organisations are failing to defend against cyber attacks 

More than half of large companies are not effectively preventing cyber attacks, finding and fixing breaches quickly, or reducing the impact of breaches, according to research by consultancy firm Accenture.

Accenture’s State of Cybersecurity Resilience 2021 found that four out of five respondents believe that staying ahead of attackers is a constant battle and that the cost is unsustainable. This was an increase from 69 per cent in last year’s survey. It added that, while 82 per cent of survey respondents had increased their cyber security spending in the past year, the number of successful breaches (including unauthorised access to data, applications, services, networks or devices) had risen by 31 per cent since the previous year, to an average of 270 per company.

However, the research also identified a small group of companies that not only excel at cyber resilience, but also align this with their business strategy to achieve better business outcomes and return on their cyber security investments. 

Compared with other organisations, these “cyber champions” are far more likely to strike a balance between cyber security and business objectives, report on it to the CEO and board of directors and demonstrate a far closer relationship with the business and CFO. They consult more frequently with CEOs and CFOs when developing their organisation’s cyber security strategy, protect their organisation from loss of data, and measure the maturity of their cyber security programme at least annually. 

BSI identifies emerging supply risks

The latest annual Supply Chain Risk Insights Report by standards setter BSI identifies the trends that it believes are most likely to impact global supply chains over the coming year along with the associated risks.

The report highlights emerging threats including failure to verify suppliers before trusting them; the need to “green-proof” suppliers to ensure their activities do not harm the environment; and the danger of managing risks singly instead of considering how they might also impact other risks. 

Guide offers overview of risk appetite

A new guide to risk appetite published by risk and insurance body Airmic aims to provide a high-level overview of what risk appetite is, why it is important and how it can be used to support decision-making. 

The guide, entitled Risk appetite: the facts, the myths, and the links with culture, maturity and sustainability,  says that an organisation’s willingness to bear risk can be defined in two ways: its desire or aversion to pursue opportunities in an uncertain business environment; and how much volatility around an expected outcome is tolerable in terms of capacity, regulatory compliance, ethics, reputation and alternative costs for the business.

The approach described in the guide is intended to help organisations implement effectively a mechanism for understanding how much risk they should take in relation to strategic objective-setting, value creation and best-value delivery, business model changes and investment decisions. 

CEOs target net-zero, but lack climate risk warning systems

Business leaders are more actively assessing how climate risks impact their organisation’s immediate and long-term operations, even when they are not yet taking steps to mitigate these, according to the UN Global Compact-Accenture 2021 CEO Study.

The report found that around three-quarters of CEOs feel increasing pressure to accelerate their climate ambitions, while seven out of 10 say they are actively working to develop a net-zero emissions target for their company.

However, many fall behind when it comes to risk planning. Only a quarter of CEOs said that their organisation has intermediate to advanced early-warning systems to prepare for climate-risk events, while a similar number said they conduct intermediate to advanced scenario analyses to identify the physical and transition risks of climate change on their business and industry. 

FRC sets out expectations for audit firms

The UK’s Financial Reporting Council (FRC) has published a blueprint setting out how it wants audit firms to perform to ensure they deliver high-quality external audits. The 29-page step-by-step guide, called What Makes a Good Audit?, follows a finding that 29 per cent of audits reviewed by the FRC did not meet acceptable standards.

The regulator defines good quality audits as those that provide stakeholders with a high level of assurance that financial statements provide a true and fair view, while also complying with both the spirit and the letter of auditing regulations and standards.

The FRC adds that good external audits are driven by robust risk assessment and supported by rigorous due process. They avoid conflicts of interest, and exercise professional judgment and scepticism. They also challenge management and report “unambiguously” the auditor’s conclusion on the financial statements. 

This article was published in January 2022.