Seize the moment
We urge UK plc to seize the moment to create a Policy that builds on existing activities, rather than waiting for this to become mandatory. We emphasise the ongoing need for discussion that results in a consistent and inclusive language to articulate and describe audit and assurance. Improved definition will support the great value that this Policy has the potential to provide, improving internal decision making while providing insight to external users.
Deliver integrated and enhanced information
We encourage viewing the Policy as a mechanism to deliver integrated and enhanced information on the system of risk management and internal control and the audit and assurance obtained over risks, disclosed financial and non-financial information (including Environmental, Social and Governance (ESG) and culture), and regulatory requirements through effective signposting across all disclosures.
Encourage a broad range of companies and other organisations
We support introducing the Policy as a requirement for Public Interest Entities, but with encouragement for a broad range of companies and other organisations, recognising the potential value for all users and in particular in providing clarity for regulators across many sectors. We recognise that this recommendation may require further consideration following the expected re-definition of Public Interest Entities as part of the Department for Business, Energy and Industrial Strategy’s consultation on corporate governance and audit reform.
Audit committees should own the Policy
We encourage audit committees to own the Policy on behalf of the board, focusing on realising the full range of opportunities through clear, concise and comparable information; ensuring appropriate audit and assurance coverage of those matters of greatest concern to users; providing education to all parties; holding providers to the highest standards; and telling a story that drives value and builds trust.
Deliver clarity and transparency, avoiding boilerplate descriptions
We believe the Policy must deliver clarity and transparency, avoiding boilerplate descriptions, and evolve over time as improvements are embedded. Companies may initially need to prioritise aligning their understanding internally to learn, identify practical improvements, build capability, and evaluate gaps in their underlying audit and assurance provision.
Create a cohesive and complete narrative covering all sources of audit and assurance
We encourage a cohesive and complete narrative covering all sources of audit and assurance to indicate where and how directors get their comfort. Technology and data driven techniques should be considered as a fully integrated element of the solution, delivering improved insight across all risks. Culture and behaviours must also be addressed.
Adopt the proposals for a regularly updated Policy with a shareholder
We recommend adoption of the proposals for a regularly updated Policy with a shareholder vote. A comply or explain approach could be permitted to enable flexibility in the three-year plan if this timeframe is not appropriate to business circumstances. The advisory vote should drive proactive dialogue between shareholders and directors.
Focus on underpinning principles, creating flexibility through a proportionate and pragmatic response
We support guidance and regulation with a focus on underpinning principles, creating flexibility through a proportionate and pragmatic response, alongside a limited number of minimum mandatory elements for comparability. This approach should evolve, recognising that many organisations will not have the information available immediately, and allowing for transparency in discussing how they are progressing.
Aim for tailored, engaging and interactive reporting
We encourage tailored, engaging and interactive reporting that reflects the nature, scale and complexity of the company, with succinct summarised and integrated reports in the Annual Report. The full Policy should be accessible on the website, explaining the core principles in sufficient detail to enable users to evaluate the content and to engage in a meaningful discussion.