AuditBoard Live Webinar banner advert Diligent One Platform World tour ad April 2024 TeamMate ESG advertising banner 2023

News round-up: November 2022 A&R magazine Nov Dec 22

Payment tops responses to ransomware attacks

Nearly half (44 per cent) of UK organisations that suffer a ransomware attack pay the ransom, according to tech firm Databarracks’ 2022 Data Health Check report, even though there are no guarantees that data will be returned or that there will not be further attacks.

After an attack, 34 per cent recover using backups, while 22 per cent use ransomware decryption tools.

The survey also showed that over two-thirds (68 per cent) of organisations surveyed had a policy on whether they should pay a ransom, a rise from 54 per cent last year.


Companies House to become AML regulator

The UK government is to give Companies House more powers and resources to help combat money laundering.

The Economic Crime and Corporate Transparency Bill will give the organisation, which provides a public register of businesses, their accounts and their directors, new powers to “check, challenge and decline” false information when new companies are set up.

Companies House will also gain enhanced investigation and enforcement powers, enabling it to cross-check data with other organisations and report suspicious activity to security agencies and law enforcement bodies.

The new measures build on the previous Economic Crime (Transparency and Enforcement) Act, which was introduced after Russia’s invasion of Ukraine to make it easier to impose sanctions on, and freeze the UK assets of, Russians with links to the Russian government, and the Register of Overseas Entities, which enables more checks on UK property ownership. 


Leaders lack trust in risk management processes

Most business leaders say they face increasing risks in terms of volume and complexity, but do not believe their risk management processes are mature or robust, according to the 2022 Global State of Enterprise Risk Oversight report by accountancy bodies AICPA and CIMA.

They found that most organisations struggle to integrate their risk management and strategic decision-making activities, which creates a perception that risk management does not provide competitive advantage. They added that organisational culture can limit progress towards more value-added risk management.

The researchers found that fewer than a third of organisations provide formal training and guidance on risk management, while fewer than half have regular and robust reporting of top risks to the board.

Other concerns included fears that risk management practices are failing to keep pace with emerging risks. Just over a third of organisations in Europe and the UK said they had appointed a senior executive to lead the risk management process. 


Report highlights cloud security risks

Four out of five organisations surveyed have experienced a cloud-related security incident in the past 12 months, and 45 per cent have suffered at least four incidents, according to a report by cyber security firm Venafi. It found that 51 per cent of security decision-makers believe security risks are higher in the cloud than on premises. 


FRC guidance on ESG data

The Financial Reporting Council (FRC) has released guidance on how companies can collect and use environmental, social and governance (ESG) data to inform better decision-making.

The corporate governance regulator believes the methods companies use to produce, distribute and use ESG data are “significantly less mature” than those used for financial information, with too many inadequate, meaningless “boilerplate” disclosures.

The FRC Lab’s Improving ESG Data Production report offers boards tips for collecting and analysing key data. It lists actions companies can take to improve ESG data collection, including understanding which ESG topics and data are relevant, identifying who is involved in (and responsible for) gathering this data, checking data sources and quality, and identifying training and education for the board and staff on the need for ESG data and how it can be used for strategic decision-making.

Governance undermined by low commitment to whistleblowing and compliance

Only two in five firms believe whistleblowing, reporting and retaliation is “essential” to their compliance programme according to the 2022 Definitive Risk and Compliance Benchmark Report by risk software provider NAVEX.

Over half of respondents (56 per cent) said they were planning to introduce whistleblower training in the next two to three years. Just over a quarter of respondents (26 per cent) said their organisation’s risk assessment is either not current or not subject to periodic review, while 47 per cent said their assessments are informed by continuous access to operational data across the organisation.

Just 48 per cent indicated that senior leadership and mid-level managers remained committed to compliance if this competed with other interests or business objectives. While 56 per cent of respondents said their organisation’s environmental, social and governance (ESG) programme is supported by the CEO, 48 per cent said their organisation does not yet use any frameworks or standards to measure ESG activities or performance. 


Report exposes lagging boardroom diversity gaps

Boardroom diversity in terms of race, ethnicity, age and LGBTQ+ representation lags significantly behind boardroom gender diversity globally, according to new research by governance consultancy Diligent.

The percentage of S&P 500 directors from underrepresented racial/ethnic groups is just 22 per cent, and this figure has not increased since 2021, said the researchers behind Board Diversity Gaps: The Global Modern Leadership Report. The percentages for Fortune 100 and 500 boards are even lower, at 17.5 per cent and 20.6 per cent respectively, as of 2020.  

The report also found that women directors in Europe tend to be younger than their male counterparts and to spend less time in these roles (typically 4.7 years compared with 7.6 years).

Many private companies continue to have no women at board level. In a review of 228 private growth-stage companies, 58 per cent had all-male boards, compared with only six per cent of publicly traded companies. Women held approximately 11 per cent of board seats in the private companies reviewed. They held 27 per cent of board seats in public companies. The researchers noted that the UK is the only European country to require listed companies to include at least one director from an underrepresented ethnic or racial group. 


NAO issues guide on corporate finance

The National Audit Office (NAO), the UK’s government spending watchdog, has issued guidance to help leaders in central government departments manage the risks and benefits to taxpayers when using corporate finance techniques.

The interactive guide contains insights from 139 NAO reports and sets out key questions for senior decision-makers overseeing corporate finance activities, including commercial investments, loans and guarantees. 


This article was published in November 2022.