The Financial Reporting Council (FRC), the UK corporate governance, audit and reporting authority, has published a consultation on changes to the UK Corporate Governance Code (Code). The consultation includes aspects of the Code that the government invited the FRC to strengthen in its proposals for far-reaching reforms to the UK’s audit and corporate governance regimes, announced in 2022. These aspects focus on a company’s risk management and internal control framework, the proposed new Audit and Assurance Policy and malus/clawback arrangements, together with associated reporting obligations. The consultation also proposes consequential changes to the Code as a result of the FRC’s new Minimum Standard for Audit Committees and the External Audit. Additionally, the FRC intends to make revisions reflecting board and audit committee responsibilities for sustainability and ESG reporting, to improve the functioning of the ‘comply or explain’ regime and to make a number of other changes to the detail of the Code where the FRC’s research indicates reporting is weaker. The consultation follows on from the FRC’s 2022 position paper in which it set out how it would support the government’s reforms as it transitions into the UK’s new Audit, Reporting and Governance Authority (ARGA).
The key changes the FRC proposes include:
- Risk management and internal controls. The FRC intends to make a number of significant changes in this area of the Code. In particular, as requested by the government, these are designed to strengthen board accountability for the effectiveness of a company’s risk and internal controls framework by confirming the board has put in place and maintains effective systems that deliver the company’s expected outcomes. The FRC proposes that a company’s board should make an annual declaration of whether it can reasonably conclude that the company's risk management and internal control systems have been effective throughout the reporting period and up to the date of the annual report. The board should also explain and provide disclosures on the basis for this declaration, and any material weaknesses or failures identified. As envisaged by the government’s revised proposals, the Code will not require companies to obtain external assurance on this statement. Instead, this will be a matter for companies to determine when drawing up their new triennial Audit and Assurance Policy (AAP). However, the FRC intends to publish a revised version of its Guidance on Risk Management, Internal Control and Related Financial and Business Reporting, which is expected to set out the circumstances when external assurance of internal control statements would be appropriate.