A key dimension of the reform package is the wider impact it will have on boards and company directors.
BEIS see corporate governance as a balanced system where directors, audit committees and auditors all play an important part alongside the regulator. But it is this wider impact that has attracted most attention in the press and where debate is likely to be strongest. The key question is whether the proposals will achieve what government wants from reform, and if not, what would be better?
BEIS will establish new responsibilities in UK company law and enforcement powers for the UK regulator, but this has international implications too. The proposals include a potential requirement for directors to attest to the effectiveness of internal control, based closely on the US Sarbanes-Oxley Act (SOX), introduced in 2002 following the Enron failure. Many elements of SOX have already been influential internationally, but it is a significant move for the UK to be considering adopting this central element of the SOX package.
BEIS proposes three options to achieve stronger company internal control:
- Option 1: Directors’ statement on the effectiveness of internal control/risk management;
- Option 2: Auditors say more about control effectiveness in existing reports; or
- Option 3: Option 1 with the addition of auditor attestation.
Audit & Assurance Faculty thought leadership Internal Controls Reporting sketched out the options and was shared with BEIS during the writing of the White Paper. We said the focus of any regime should be on company reporting, not reporting by auditors, and that many companies, particularly smaller companies, will need help from their auditors. The key question to be determined in deciding between the options is how far they will induce actions in those companies where weaknesses exist in internal control.
In our report we also suggested that to be achievable, the statement should be focused on internal controls over financial reporting (ICFR). The boundaries of ICFR need to be addressed through guidance and are just one example of the many areas of detail which need to be addressed before any regime is implemented.
This is essential if we are to learn from the US experience in which implementation at pace, before proper guidance for directors was developed, led to excessive and wasted resource. Nevertheless, US evidence suggests that despite significant problems in the early years, Section 404 of the Sarbanes-Oxley Act had resulted in long-overdue maintenance of internal controls by companies and an overall strengthening of internal control.
Yet while internal controls legislation, over 20 years, has been a success in the USA and may make a real difference in the UK, three key issues in particular need further attention:
1. the export of the SOX regime to other jurisdictions appears to have had mixed results, with poor outcomes in Germany and Japan, for example.
2. SOX in the USA involves many exemptions for many emerging growth companies. It was never designed for companies of a scale outside the FTSE 100, still less AIM or PIE large private companies.
3. the reporting framework could make or break this regime. Further discussion is needed to conclude whether a framework based on SOX, with its underpinning by the COSO framework, or something developed to suit the UK environment would be more suitable.
There is also the question of whether independent external assurance is necessary for the regime to be effective, and to have credibility.
Enforcement against company directors
The new Audit Reporting and Governance Authority (ARGA) envisaged by the White Paper will have the power to apply sanctions to PIE directors that breach their statutory duties for corporate reporting and audit. That includes the duty to keep accounting records, to approve accounts only if they give a true and fair view and to provide information to auditors. ARGA will have powers to give greater definition to how these duties will be interpreted in practice. BEIS asks whether directors should also meet ‘behavioural standards’, for example, acting with honesty and integrity. ARGA will be able to investigate and gather evidence (5.1). ‘Malus and clawback’ arrangements in the Corporate Governance Code will be strengthened to extend circumstances where remuneration can be clawed back and these powers might be added to listing rules in future (5.2). ARGA will also have a range of powers in relation to Audit Committees.
Incremental powers for ARGA are intended to supplement directors’ accountabilities and responsibilities under the Companies Act. The Companies Act has developed through successive scandals and sets clear expectations for directors for accounting and audit. However, enforcement through the criminal law has been notoriously difficult and there have long been calls for better sanctions.
Nevertheless, it can be questioned whether equipping ARGA with the full extent of powers envisaged puts it in the best position to successfully deliver what’s desired, and what the wider implications of such an empowered regulator would be. How it would exercise the incremental authority it would have over company directors is a question that many will be interested in. The White Paper provides little indication as to how ARGA will exercise its powers.
Another key question is who will be subject to the new regime. Both enforcement and internal control measures apply to Public Interest Entity directors. But the concept of the Public Interest Entity is also under consultation and might be widened considerably, bringing many more directors within scope of the new regime.
The consultation closes on 8 July. ICAEW is keen to hear your views as it prepares its response.
Below are other events you may be interested in: