In May 2022, the UK government published its feedback statement to set out the measures it intends to take forward in response to its 2021 consultation on Restoring trust in audit and corporate governance. Initial reaction was mixed, with many frustrated by what they saw as watered-downed proposals.

Despite this, the profession is working hard to highlight the positives within the proposals and to ensure momentum is maintained. Although much relies on legislation being introduced, work is underway to prepare for change. In July 2022, the Financial Reporting Council (FRC) published its Position Paper setting out how it is supporting the proposed reform package ahead of its transition to the Audit, Reporting and Governance Authority (ARGA).

The government’s feedback statement confirmed plans to introduce several new corporate reporting requirements, which aim to improve transparency and focus directors’ minds on their responsibilities. Achieving meaningful disclosure while not overburdening entities is, of course, never easy. This article looks at what to expect and the challenges that remain.

Public interest entities (PIEs) will be required to produce an annual Resilience Statement on matters that the directors consider to be a material challenge to resilience over the short and medium term, together with an explanation of how they have arrived at this judgement.

In preparing this statement – which will subsume the existing going concern and viability statements – the directors must consider a list of common risks, including threats to business continuity, supply chain resilience and cyber security. The likelihood of any combination of these risks occurring must be summarised alongside any mitigating action the entity plans to put in place. The results of at least one reverse stress test must also be included.

In response to feedback, the government will not stipulate a minimum assessment period as originally intended. Instead, an entity will need to determine an appropriate assessment period based on its strategy and business investment cycle.

It is hoped that the new Resilience Statement will provide better visibility of the risks faced by entities, rather than repeat the boilerplate disclosures often seen today. Increased detail, both qualitative and quantitative, will be hugely valuable to help investors understand how directors intend to navigate uncertainty and maintain their solvency and liquidity.

Encouraging boards to provide more detail on long-term plans may prove to be a challenge. Many directors are fearful of being held to account when things do not pan out as expected. Boards will need to engage with the aims of the Resilience Statement for there to be real change.

The government and regulator will also need to consider how narrative reporting requirements can be presented in an integrated and holistic manner. Companies will have the flexibility to report principal risks and uncertainties within the short- or medium-term sections of the Resilience Statement, but the question of how best to link to wider climate and sustainability reporting remains.

PIEs will also be required to publish a triennial Audit and Assurance Policy (AAP) that explains how they assure the quality of information reported to shareholders beyond that contained in the financial statements.

The AAP must describe the entity’s internal auditing and assurance process and state whether external assurance is sought over information in the annual report, including any part of the Resilience Statement and the entity’s internal control framework. The AAP must also:

• state whether any independent assurance provided will be limited or reasonable assurance;
• describe the entity’s policy in regard to the tendering of external audit services; and
• state how directors have taken account of shareholder and employee views in its development.

The AAP offers a key opportunity for  boards to provide a more holistic view of risk and assurance activities. ICAEW believes the benefits to be significant – helping directors improve internal decision-making while enabling investors to better assess the significance and credibility of reported information, including environmental, social and governance data.

To be successful, the AAP must not simply be seen as a disclosure requirement, but as a means by which trust can be improved in the corporate reporting system. Entities will need to ensure their policies link meaningfully to risk and resilience. Consistent and clear language will also be crucial to ensure assurance terms are understood. ICAEW encourages entities to consider these challenges now and embrace the value that the AAP can offer, rather than wait for this requirement to become mandatory.

The government intends to require directors to report on the steps they have taken to prevent and detect material fraud. There is little detail in the feedback statement on what exactly this would look like. The impact assessment, published alongside the 2021 consultation, suggests that disclosure may include the results of a formal fraud risk assessment as well as actions taken to promote appropriate corporate values.

With fraud on the rise, the government is still looking at other ways in which fraud detection and reporting can be improved. It recognises that this is a complex issue and that a multi-pronged approach, including ongoing education, is needed.

Attempts to strengthen companies’ internal control frameworks will largely be implemented through revisions to the UK Corporate Governance Code (the Code). We can expect a revised Code to include a provision requiring an explicit statement from the board on its view of the effectiveness of the internal control systems and the basis for that assessment. The exact requirements are not yet known, but the FRC has confirmed that guidance will be issued to support the revised Code.

Assurance over the directors’ statement on internal controls is not being mandated, but the introduction of the requirement for companies to publish their AAP should ensure that this is at least considered by the directors.

To provide investors with a greater sense of a company’s dividend capacity and approach to capital maintenance, the government plans to introduce several new reporting requirements.

Under the proposals, a parent company will have to disclose its distributable reserves or a ‘not less than’ figure if determining an exact amount is not feasible. While an estimate of the group’s dividend-paying capacity will not be required, it will be encouraged.

Directors will be required to explain the board’s long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and state how this policy has been applied in the reporting year.

Explicit statements confirming the legality of proposed dividends and any dividends paid in the year will also be required, although the proposed two-year solvency statements in regard to dividend policy have been abandoned in response to feedback.

ARGA will be given formal responsibility for issuing authoritative guidance on distributable profits. ICAEW has long produced guidance on this area and supports this being taken on by the regulator.

ICAEW will continue to raise awareness about the significance of the changes proposed and will work to support and promote the objectives of these reforms.

You can find out more about the key issues and keep up with developments at icaew.com/auditandcorpgovreform