Simon Cleveland, Partner at Deloitte chaired this session. We heard from Mala Shah-Coulon, Partner at EY, Carolyn Clarke, Founding Partner at Brave Within LLP and Andy Kemp, Chair of the Audit Committee Chairs’ Independent Forum (ACCIF).
The panel explored whether recent regulatory and legislative developments have put us in a better position on external audit and corporate governance than we were Pre-Carillion ie, will we be better able to prevent sudden disorderly corporate collapses?
Effective corporate governance is at the forefront of economic growth and directors and the audit committee have a key role to play
The 2024 edition of the Corporate Governance Code and Economic Crime and Corporate Transparency Act 2023 are examples of regulatory developments that have implications for audit committees.
People have talked about an expectation gap around how directors and external auditors work together for decades; this is not a new development. However, this conversation has been amplified by the sharp rise in unexpected collapses in recent years, including Carillion and Patisserie Valerie. However, the corporate governance system in the UK remains one of the best in the world and is far from broken. It is important not to hold up outlier failures as the norm.
External audit quality has improved over the years even if there is still some work to be done. A failed external audit has never been the actual reason that a company has collapsed, which is why the focus on external auditors when failures happen is often disproportionate. At the same time, the failure to recognise the role of the internal Three Lines feels unsatisfactory and lacking awareness of where accountability really lies.
Public expectations on what an external audit delivers have started to change. The regulatory scrutiny over external audit firms both at an individual engagement level and a firmwide level has also intensified. Consequently, a lot has had to be done by both audit committees and external audit firms to satisfy the FRC in areas such as risk management, ethics, independence, resolution and recovery, talent etc. External auditors have a pronounced public interest role too arising from the revised Audit Firm Governance Code.
How external audits are done has changed since the collapse of Carillion in 2018. This is partly as a result of updates to auditing standards for example, related to fraud, going concern and risk assessment. External audit firms have therefore had to make substantial investments in training, quality control and technology.
The role of directors: fulfilling their duties under the Companies Act 2006
Whilst accountability sits firmly with company directors and first-line leaders, strong, supported and properly funded second and third line functions are needed to give directors the insights they need to make good decisions.
The Companies Act 2006 s172 requires directors to go beyond considering only shareholder needs to take into account broader interests of a wider group of stakeholders, including employees, customers, suppliers and the environment when setting business strategy and determining the appropriate governance frameworks.
Social media has accelerated communication and created additional reputational risks. Boards need to be consciously planning to address risks rapidly as they emerge. Contingency planning and scenario analysis is essential.
Options available to directors to improve accountability and responsible governance
Withdrawing legislation to require an audit and assurance policy (AAP) was a missed opportunity but, in reality, a significant number of companies are taking the initiative in developing assurance mapping which is positive to see. Companies subject to the Corporate Governance Code are encouraged to start doing this as it will help with meeting your obligations under new Provision 29 of the Corporate Governance Code coming into force on 1 January 2026. Provision 29 will require directors to include a statement of effectiveness of material controls in their annual reports. This will require all directors to have a good understanding of principal risks, and risk appetite to execute this duty properly, so mapping out how risks are being managed and mitigated is simply good practice.
A good understanding of reverse stress is also useful for preventing unexpected shocks and the manifestation of risks beyond appetite. This essentially means working out what scenarios and circumstances would make a company fail or its business plan totally unviable, rather than successive downward adjustment of trading assumptions such as revenues, cash etc.
There was recognition by the panel that we should not underestimate how often culture and behaviours are the cause of a disorderly corporate collapse, as opposed to a clear legal issue such as bribery or fraud.
Looking to the future
The internal audit profession has long held standards and professional frameworks for providing the assurance over non-financial process, systems and risks. Audit committees should be looking at where internal assurance comes from and only then consider where additional external assurance may be useful and for whom.
Historically, the role of the external audit profession has been backwards facing. We all need to be more forward-looking.
Many are calling for the definition of a PIE to be reviewed. For example, at present Tesco is deemed a PIE but Asda is not; this distinction appears arbitrary. Thought needs to be given to what it means for an organisation to be termed a PIE today – is it a simple question of calculating how many people ‘care’ about a particular company?
We see recurrent cycles in government of wanting more regulation followed by a swing back to wanting to reduce red tape. As today’s issues continue to evolve this trend will continue and companies must remain agile.
