The government published its response to its March 2021 White paper, ‘Restoring trust in audit and corporate governance’ at the end of May. Much has been said about which proposals will, and won’t, be taken forward, but less about what this means for sustainability reporting and disclosure, and for the governance environment more broadly .
The main reform will see the creation of the Audit, Reporting and Governance Authority (ARGA), the replacement regulator to the FRC. ARGA will have the power to oversee corporate reporting and audit and to sanction directors for breaches of their corporate duties. New corporate reporting requirements are being introduced alongside measures to reform the audit market.
We look here at aspects of the proposals which should lead to an overall improvement in company governance processes, which in turn will affect (and, in some cases, strengthen) sustainability reporting.
The government’s proposal to require an auditor’s opinion on the effectiveness of a company’s internal controls system, similar to the US’s Sarbanes Oxley Act requirement, is not being taken forward. Instead, strengthened internal controls will be introduced through the UK Corporate Governance Code (the Code), which applies to premium listed companies. The FRC will consult on providing for an explicit statement by the board about their view of the effectiveness of the internal control systems (financial, operational and compliance systems) and the basis for that assessment. This will be underpinned by guidance clarifying when external assurance might be considered. A consultation on the changes to the Code is expected next spring.
The definition of a Public Interest Entity will be widened to cover private companies, AIM companies and LLPs with 750 or more employees (globally) and an annual turnover of over £750m (750:750 PIEs). This will bring an additional 600 companies into scope. 750:750 PIEs will be required to produce a Resilience Statement as part of the Strategic Report. This will replace the going concern statement and the viability statement. It will report on matters considered a material challenge to resilience over the short and medium term, with an explanation of how the company arrived at its judgement of materiality.
The proposal to mandate a common set of risks to be addressed in every statement has been dropped. The legislation will instead include factors to which companies will be required to “have regard” when making the statement. One of which will be “the impact on the company’s business model of climate change”, if not already addressed by other statutory reporting. Guidance will follow on how the potential materiality of these matters should be considered.
The government published its roadmap for the new Sustainability Disclosures Requirement (SDR) regime after the White Paper came out. The SDR regime will require disclosures against International Sustainability Standards and disclosures on a company’s impact on the environment using the UK’s Green Taxonomy. The government will consider how the Resilience Statement can provide a coherent reporting framework with wider sustainability disclosures, including under the SDR regime, when the legislation is drafted.
750:750 PIEs will also be required to publish an Audit and assurance policy (AAP) every three years setting out the company’s approach to assuring the quality of the information it reports to shareholders beyond that in the financial statements, adopting a similar structure to that used in the area of remuneration. Originally it was proposed that this report be put to an advisory shareholder vote but that has been dropped. It will, instead, be mandatory for companies to state how they have taken shareholder and employee views into account in its development. An annual implementation report will also be required.
The AAP will set out whether, and if yes, how a company intends to seek independent (external) assurance over any part of the Resilience Statement or over reporting on its internal control framework. Companies will need to explain how they ensure the integrity of their internal assurance process and consider whether improvements are necessary. This includes how management conclusions are challenged and verified internally. Directors will not be required to seek assurance over reporting on the internal control framework, but in having to consider the point, and prepare a policy and an implementation report, directors will be forced to consider this possibility. Shareholders will also have an opportunity to raise concerns and press for more assurance.
ARGA will have the power to review the entire contents of the annual report and accounts, rather than just the directors’ report, the strategic report and the financial accounts. This includes the corporate governance statements, directors’ remuneration and audit committee reports as well as voluntary elements such as the CEO's and chair’s reports and, in all likelihood, sustainability reports. ARGA will also be able to direct changes to company reports and accounts without obtaining a court order and be able to investigate and sanction breaches of corporate reporting and audit-related responsibilities by PIE directors. Currently the FRC can only take action against qualified accountants.
While the proposals don’t introduce an express assurance obligation, the introduction of the Resilience Statement and the AAP, as well as the proposed changes to the Code, will require companies and their directors to focus more precisely on whether, and how, they obtain appropriate assurance comfort (whether internal or external), to support their public disclosures. These are significant new requirements which should lead to a strengthening of internal governance processes and an improvement in the quality of reporting (including sustainability reporting).
This aligns with the direction of travel in sustainability reporting more broadly: both the International Sustainability Standards Board and European Financial Advisory Group standards focus on the importance of sustainability-related information being verifiable, and the Corporate Sustainability Reporting Directive and US Securities and Exchange Commission proposals both introduce assurance requirements. Requiring companies to comment on assurance in respect of, for example, the Resilience Statement, can be seen as another part of this gradual shift towards more exacting assurance processes.
ARGA’s new powers to review the whole annual report and accounts, and the power to sanction directors for failure of their corporate reporting and audit responsibilities, will also focus minds on the verifiability of non-financial disclosures and on the quality of the internal controls and assurance processes that support them.