ICAEW.com works better with JavaScript enabled.

Strong support for an audit and assurance policy to energise shareholders

27 January 2021: In an upcoming report, ICAEW will repeat its call for audit and assurance activities to be driven by the needs of users and call for shareholders and investors to be able to influence the audit and assurance provision where they perceive value.

Drawing on Sir Donald Brydon’s proposal for companies to publish a three-year rolling audit and assurance policy, and for this policy to be put to an annual advisory vote by shareholders, ICAEW’s report considers how to achieve the ‘tailored, cost-effective and proportionate framework to generate meaningful dialogue’, as Brydon intended.

In drafting the report, ICAEW conducted extensive engagement with stakeholders, including a questionnaire, interviews and roundtables with participants covering audit committee chairs, CFOs, heads of internal audit, external audit and other third-party assurance providers, regulators and broader commentators.

Through this engagement, ICAEW has found widespread support for a published policy across all participant groups, with encouragement for companies and organisations to embrace the opportunity to create clear and transparent communications that align internal processes, as well as inform external stakeholders. 

While the primary users remain the shareholders, the information should be valuable to wider interest groups aligned with the intentions of s172 of the Companies Act. 

The results of the questionnaire indicated that around three-quarters of respondents believe the information will assist regulators, and around half believe it to be valuable to customers, suppliers, employees and lenders. 

Seizing the moment

ICAEW encourages UK plc to seize the moment and create a policy that builds on existing activities, rather than wait for it to become mandatory. In developing the policy, companies should focus on delivering integrated and enhanced information on the comfort directors receive over risks, culture and behaviours, disclosed financial and non-financial information (including Environmental, Social and Governance measures) and regulatory requirements. 

The policy should be proportionate to the nature and scale of the organisation and should focus both on material matters identified in audit and assurance activity, and on providing a forward-focus incorporating emerging risks. 

While certain information is already available within annual reports, and ICAEW encourages a summary policy be added to this, lengthening reports should be avoided through effective signposting and joining up existing disclosures. Beyond this, companies should consider presenting a policy in an engaging and interactive way, taking the opportunity to abandon the focus on two-dimensional reporting using web-based reports capable of interrogation by users to obtain information of relevance to them. Technology and data-driven analytics will be invaluable in bringing to life a multi-faceted picture.

Improving trust

It is critical that the policy is clearly written and owned by the audit committee on behalf of the wider board. The policy underpins the company’s licence to operate: 76% of questionnaire respondents felt it could increase trust in management and their actions. To achieve this the policy must state clearly what audit and assurance activities cover, who is providing them and what quality standards providers are held to. 

Given the many available definitions of audit and assurance, companies will need to describe how they interpret and implement these activities. In doing so they can contribute to reducing the perceived “expectation gap” over the role of the external statutory audit and what it covers.

Those consulted were clear that the requirements for policies must be underpinned by principles to avoid a boiler-plate approach that encourages box-ticking. Certain minimum disclosures will be necessary to enable comparability and to ensure that the policy meets the expectations of fair, balanced and understandable reporting. However, directors should focus on providing a cohesive and complete narrative that covers all sources of audit and assurance to indicate where and how they get their comfort. 

Sir Donald Brydon believes that “the greatest challenge is inertia. For most shareholders, most of the time, audit and assurance is not an issue. But investors have a duty to respond. This policy creates a mechanism that enables appropriate engagement.” ICAEW believe there are broader opportunities also. The policy should:

- Engage a broad range of stakeholders in issues of relevance to them

- Clarify how risk management and internal control systems function cohesively

- Create a single combined lens on risk, disclosures and assurance

- Embed improved accountability and responsibility for risk and control

- Broaden the range of assurance providers and specialists

- Improve the quality of audit and assurance provision

- Upskill and educate all parties.

Start of a journey

For many companies and organisations, a journey will be required to gather the relevant information and make sense of the existing picture. In the last few years, there have been discussions about combined or integrated assurance mapping, but many companies have found it difficult to make progress. While this may create the lever for change, it will often be necessary to focus first on ensuring the right information is accessible internally and then move to full external reporting.

The outreach ICAEW has performed clearly indicates the value in the proposal for an audit and assurance policy to all parties, internal as well as external stakeholders. We encourage UK plc to seize the moment and to create their own models for reporting as soon as is practical.

ICAEW’s full report will be published in March and available here.

On 14 April, the Audit and Assurance Faculty will host a webinar providing an overview of the ICAEW report and its recommendations. The webinar will also offer practical hints and tips for organisations looking to implement an audit and assurance policy for the first time. To book your place, visit our events page.