Risk Assurance and Audit Management

Written by Nina F Collins, June 2011.

 

Introduction 

Since the publication of the Risk Assurance and Audit Management learning text in June 2010  there has been a number of changes in corporate governance in the UK. I set out some of the key developments.

 

Topic 1 Corporate governance

Diversity in the boardroom - section 1.3.1 of the learning text

The 2007 to 2009 financial crisis raised concerns that the lack of diversity in the boardroom had contributed to the problem of ‘group think’ (see for example the House of Commons Treasury Committee report Women in the City). The UK government asked Lord Davies to review the current situation, identify the barriers preventing women reaching the boardroom and to make recommendations regarding what government and businesses could do to increase the proportion of women on corporate boards. In February 2011 Lord Davies published his report Women on Boards, which found that women were under-represented on boards, and concluded that there were clear business benefits for having greater gender diversity on boards. The report rejected the imposition of statutory quotas. Instead it recommended a comply or explain approach. The key recommendations included the following:

  • All chairmen of FTSE 350 companies should set out the percentage of women they aim to have on their boards in 2013 and 2015. FTSE 100 boards should aim for a minimum of 25% female representation by 2015. All chief executives to review the percentage of women they aim to have on their executive committees in 2013 and 2015.
  • Quoted companies should be required to disclose each year the proportion of women on the board, women in senior executive positions and female employees in the whole organisation.
  • The Financial Reporting Council should amend the UK Corporate Governance Code to require listed companies to establish a policy concerning boardroom diversity, including measurable objectives for implementing the policy, and disclose annually a summary of the policy and the progress made in achieving the objectives.
  • Companies should report on the matters above in their 2012 Corporate Governance Statement whether or not the underlying regulatory changes are in place. In addition, chairmen are encouraged to sign a charter supporting the recommendations.
  • In line with the UK Corporate Governance Code provision B2.4 chairmen should disclose information about the company’s appointment process and how it addresses diversity in the company’s annual report including a description of the search and nominations process.
  • As investors play a critical role in engaging with company boards, they are asked to pay close attention to recommendations above when considering company reporting and appointments to the board.
  • Companies are encouraged to periodically to advertise non-executive board positions to encourage greater diversity in applications.
  • Executive search firms should draw up a voluntary code of conduct addressing gender diversity and best practice which covers the relevant search criteria and processes relating to FTSE 350 board level appointments.

The Financial Reporting Council (FRC) has begun a consultation on whether the UK Corporate Governance Code, published in May 2010, should be revised to require listed companies to publish their policy on gender diversity in the boardroom and report against it annually. This consultation closes in July 2011.

 

Guidance on Audit Committees – section 1.4.1 of the learning text

Following the publication of the UK Corporate Governance, the Financial Reporting Council published a document entitled Guidance on Audit Committees, to assist boards making arrangements for their audit committees. Sections 4.10 to 4.16 address internal auditing. 

Other resources: FRC Guidance

 

Topic 2 Corporate governance frameworks

The UK Corporate Governance Code - section 2.5 of the learning text

As a result of the financial crisis that came to a head between 2008 and 2009, a number of reviews were undertaken in the UK, most notably Sir David Walker’s review of corporate governance arrangements of the banking and financial services sector. The results of Walker’s review were published in document entitled A review of corporate governance in UK banks and other financial industry entities. The document addresses the composition and functioning of the board, the role of institutional investors in governance, risk governance, and senior executive remuneration. Whilst Walker’s review focused on banking and financial institutions, many of his recommendations are aimed at firms more generally, and he saw the Combined Code on Corporate Governance as the appropriate place to embed his recommendation. As a result of Walker’s review, the Financial Reporting Council brought forward its review of the Combined Code. And following a consultation, the Code was updated and published in May 2010 under a new name, the UK Corporate Governance Code. The principles are clustered into five sections as set out in Table 1.

 
Table 1 Key sections and sub-sections in the UK Corporate Governance Code
Section A: Leadership Role of board
Division of responsibilities
The chairman
Non-executive directors
Section B: Effectiveness Composition of the board
Appointments to the board
Commitment
Development
Information and support
Evaluation
Re-election
Section C: Accountability Financial and business reporting
Risk management and internal control
Audit committees and auditors
Section D: Remuneration Levels and components
Procedure
Section E: Relations with stakeholders Dialogue with shareholders
Constructive use of the AGM

 

The key changes (apart from the name) are:

Strategic governance and board leadership:

  • The financial crisis raised concerns that directors prioritised short-term success at the expense of organisational sustainability and the long-term health of the organisation. Thus, the UK Corporate Governance Code emphasises the board’s responsibility for the ‘long-term success of the company’ (Principle A.1, emphasis added). Further, a new provision (C.1.2) within ‘Accountability’ requires directors to explain in the annual report the basis on which the company ‘generates or preserves value over the longer term (the business model) and the strategy for delivering the objectives of the company’.
  • Guidance relating to the chairman has been brought together under a new main principle stating the chairman's responsibility for leading the board (Principle A.3). This has been done to address concerns that the 2008 Combined Code did not adequately stress the important role of the chairman in leading the board and setting the appropriate ‘tone at the top’. This tone includes promoting ‘a culture of openness and debate’.
  • To emphasise the importance of independent scrutiny and challenge by non-executive directors, the Code has set out the role of non-executive directors under a new main principle stating their responsibility in providing ‘constructive challenge’ of executive management (Principle A.4).
  • The Code introduces a new main principle that all directors must be able to allocate sufficient time to perform their responsibilities effectively (B.3). This change is intended to address concerns that non-executive directors are not giving the requisite amount of time required to the job. However, the Code stops short of following Walker’s recommendation to provide indicative time commitments.

Performance management and evaluation:

  • A new provision (B.6.2) has been included stating that the evaluation of the board of FTSE 350 companies should be externally facilitated at least every three years.
  • Walker recommended that the chair of the board should be subject to annual re-election. However, this requirement has not been embedded in the UK Corporate Governance Code. Instead the Code recommends that all directors of FTSE 350 companies should be subject to annual election by shareholders, and that directors more widely should be subject to re-election at intervals of no more than three years (Provision B.7.1). The introduction of annual elections for FTSE 350 directors is aimed at increasing accountability and stakeholder engagement. However, it has been criticised in some quarters for encouraging short-termism (see, for example, S. Baker, 2010). In addition, there are concerns that there is a lack of firms to provide high quality board evaluation services.
  • The banking crisis of 2008 to 2009 raised concerns that performance-related payment models, which included annual bonuses for executives, encouraged high-risk strategies and short-termism that jeopardised the long-term health of organisations. The UK Corporate Governance Code has attempted to address these concerns by stipulating that remuneration packages should be designed to promote the long-term success of the company (Principle D.1). In addition, the Code includes reference to the need for a link between remuneration and the company's risk policies and systems (schedule A of the Code).

Effectiveness:

There were criticisms that the 2008 Combined Code had emphasised independence and objectivity but not the importance of relevant skills and experience. Further, one of the contributory factors of the credit crunch was cited as being the lack of appropriate knowledge of board members of the banking sector and its products. The new Code makes it clearer that the board and its committees should consist of directors with the appropriate balance of skills, experience, independence and knowledge of the organisation to enable them to discharge their duties and responsibilities effectively (Principle B.1). In addition, greater importance has been placed on the induction and training of directors (Principle B.4). As the supporting principle of section B.4 ‘Development’ notes, ‘the chairman should ensure that directors continually update their skills and knowledge and familiarity with the company required to fulfil their role on the board and on board committees’.

 

Risk management:

Walker recommended that major financial institutions have separate risk committees. While the new Code has placed greater emphasis on risk management, it has not embedded Walker’s recommendation regarding risk committees. Instead, the Code states that the board is responsible for defining the company's risk appetite and for maintaining a sound risk management system (Principle C.2).

 

Engagement and communication with stakeholders:
  • The new Code has extended the principle pertaining to ‘Dialogue with Shareholders’ to making the chairman responsible for ensuring that all directors are made aware of shareholders’ concerns (supporting principle to E.1).
  • The 2008 Combined Code included a principle relating to engagement with institutional shareholders. This was not  included in the UK Corporate Governance Code as such guidance was to be published in the UK Stewardship Code later in July 2010.

 

Financial Services Authority (FSA) to be abolished – section 2.8 of the learning text

The banking crisis has called into question the effectiveness of the tripartite system by which the UK financial sector is currently regulated. The FSA has been heavily criticised for failing to supervise banks effectively. In June 2010 the Chancellor of the Exchequer, George Osborne, proposed reforms to the regulatory framework that would mean the abolishment of the FSA, and the creation of three regulatory bodies, which as of May 2011 consist of:

  • Financial Policy Committee: responsible for macro-prudential regulation.
  • Prudential Regulation Authority (PRA): charged with regulating sectors such as deposit-taking high street banks, insurers and investment banks. The supervisory approach will be 'intensive and judgment-based' and will be more hands-on then the FSA, which was criticised for being too passive before the 2007 financial crisis.
  • Financial Conduct Authority (FCA): initially called the Consumer Protection and Markets Authority, the FCA will be responsible for protecting confidence in the UK financial systems. The authority is still expected to be a consumer champion, but with more emphasis on ensuring competition in the financial sector so that consumers get better choice (The Telegraph, 2011).

 

Topic 6 Risk management dimensions and risk types

Bribery Act comes into force in July 2011 – section 6.4.3 of the learning text

The Bribery Act (UK) comes into force in July 2011, thus organisations need to prepare for it. The Ministry of Justice has published guidance to help organisations do so, one of which sets out the six principles by which organisations should be guided when putting in procedures to prevent bribery. The six principles are: proportionate procedures, top-level commitment, risk assessment, due diligence, communication (and training), and monitoring and review.

Other resources: MoJ guidance | IIA guidance

 

Topic 10 Strategic internal audit management

The International Standards – section 10.1 of the learning text

In 2010 the International Standards were revised in 2010 and came into effect in January 2011. Three new standards were added, 15 changed and two deleted. In addition, some definitions in the glossary were changed (Baker 2010). The key changes are set out in Table 2, which has been taken from Baker, 2010.

Table 2 Summary of key changes to the International Standards

Attribute Standards  
1110 Organisational independence
 
 The Standards Board has established an interpretation to provide examples of how the board can apply functional reporting.
 
1312 External assessments The language within the interpretation has been simplified to explain the competency and experience required of external quality reviewers.
1321 Use of conforms with International Standards
 
 The Standards Board has provided additional guidance to explain conformance will be achieved by delivering the outcomes described within the Definition, Code of Ethics and International Standards. Achieving the outcomes will be recognised in the results of internal and external quality assessments.
 
Performance Standards  
2000 Managing the internal audit activity
 
 The definition of ‘value’ has been changed to recognise that value comes from the provision of assurance and the improving part of internal auditors’ work such as cost savings or improvements to operational effectiveness.
2010.A2 The Standards Board has set out the steps that internal auditors must take if they give an opinion. The first requirement is to discuss and determine expectations of senior managers and the board regarding opinions.
2070 External Service Provider and organisational responsibility for internal audit This is a new standard to clarify the extent to which an external service provider can be responsible for an organisation’s internal auditing. It is supported by a new definition of the chief audit executive (CAE) in the glossary, which focuses on the purpose of the role and the qualifications required to perform it.
2120 Risk management The Standards Board has created an addition to the interpretation, clarifying that the evaluation of the management of risk may include the results of many pieces of work, pulled together and providing a cumulative view.
2410.A1 A new interpretation explains that opinions at an engagement level may be ratings, conclusions or other descriptions of the results. When issued, an opinion or conclusion must take account of the expectations of senior management,the board and other stakeholders and must be supported by sufficient, reliable, relevant and useful information.
2450 Overall opinions This is a new standard with an interpretation. It requires that an overall opinion must meet stakeholder expectations, must cover an appropriate time period and must be supported by sufficient, reliable, relevant and useful information.

 

References
 
Baker, C. (2010), ‘Standard ingredients’, Internal Auditing, vol. 32, no. 11 (Dec/Jan), pp. 34 – 36. 
 
Baker, S. (2010), ‘FRC changes will promote short-termism’, Pension Age [online], 28 May. Available from
www.pensionsage.com (accessed 11 June 2010).
 
Davies, E.M. (2011), Women on boards. Available from www.bis.gov.uk (accessed 3 June 2011).
 
Financial Reporting Council (2008), The Combined Code on Corporate Governance, London, Financial Reporting Council.
 
Financial Reporting Council (2010), The UK Corporate Governance Code, London, Financial Reporting Council.
 
Financial Reporting Council (2010), The UK Stewardship Code, London, Financial Reporting Council.
 
Financial Reporting Council (2010), Guidance on Audit Committees, London, Financial Reporting Council.
 
Financial Reporting Council (2011), Guidance on Board Effectiveness, London, Financial Reporting Council.
 
House of Commons Treasury Committee (2010), Women in the City, Tenth Report of Session 2009 – 2010, London, The Stationery Office Limited.
 
Ministry of Justice (2011), The Bribery Act 2010 Guidance (section 9 of the Bribery Act 2010), London, Ministry of Justice.
 
The Telegraph (2011), ‘The Financial Conduct Authority: what it does and who is in charge’, The Telegraph [online], 19 May. Available from www.telegraph.co.uk (accessed 13 June).
 
UK Parliament Website (2010), ‘Report calls for more women in City to challenge group-think’, www.parliament.uk [online], 3 April. Available from news.parliament.uk (accessed 14 June 2011).  
 
Walker, D. (2009), A review of corporate governance in UK banks and other financial industry entities, London, The Walker Review Secretariat (HM Treasury).
 

 

SEARCH  
  1. Member login
  2. Contact us