Audit and corporate governance shake-up: changes finally announced

Overview

On 31 May 2022, the Government published its Response to the March 2021 consultation on Restoring trust in audit and corporate governance.

The Government continues to believe that regulatory changes are required and, in delivering these changes, it seeks to: (i) ensure that the UK remains a competitive and attractive economy; (ii) protect the public from the effects of fraud and malpractice; and (iii) improve prospects for long-term growth across the UK. The Response has been viewed by some commentators as a "diluted" version of the proposed reforms and many of the measures will take a significant period of time to fully implement. That said, the Response includes some material changes, including more onerous reporting requirements and additional directors' duties. The proposals under the Response include:

  • the creation of a more effective and better-constituted regulator to replace the Financial Reporting Council ("FRC"): the Audit Reporting and Governance Authority ("ARGA");

  • the expansion of the definition of "Public Interest Entity" ("PIE") to include large unlisted companies;

  • new reporting obligations and increased accountability of PIE directors, to be enforced by ARGA; and

  • action to improve competition and choice in the audits of the largest publicly traded companies.

There is no precise timetable for the implementation of these proposals and it is expected to stretch over several years in the case of certain measures. The intention though is to create ARGA and equip it with the necessary powers at the earliest possible juncture, although this will depend on the availability of Parliamentary time and Parliament's agreement to the Government's proposals.

Now Reading

Key changes at a glance

Broadening the definition of PIE

PIEs currently include listed (not AIM) companies, credit institutions and insurance undertakings, and are subject to enhanced corporate governance, reporting and audit requirements.

Under the proposals, the definition of PIE will be expanded to include companies with 750 employees or more (globally, not only within the UK) and an annual turnover of at least £750 million (the "750:750 test").

The Government sets out a number of inclusions and exclusions to the new PIE definition:

Included within the new size-based PIE definition:

  • Companies quoted on Multilateral Trading Facilities such as AIM

  • Third sector entities, e.g., charities

  • Limited liability partnerships

  • UK-incorporated parent companies that prepare consolidated accounts for a group where the group meets the size threshold*

  • UK-incorporated parent companies with a subsidiary that becomes a 750:750 PIE *

* It is intended to put in place a mechanism to reduce or remove the risk of duplication of reporting within group structures.

Not included within the new size-based PIE definition:

  • Lloyd's syndicates

  • Local authorities that would only become PIEs by virtue of the size threshold (i.e., the current definition of PIE will continue to apply)

  • Other public sector bodies (as appropriate depending on level of existing audit and transparency requirements)

Application of the new requirements

PIEs that are PIEs only by virtue of the 750:750 test will not be required to meet all the same requirements as PIEs that are already characterised as such under the current definition.

A tiered approach will be taken to ensure requirements are proportionately applied. The table below sets out a summary of how the requirements covered in the Response are envisaged to apply to the various categories of entity.

The Response also notes that requirements for new PIEs will be phased, with at least a full annual reporting period between an entity exceeding the new 750:750 threshold and being subject to the new requirements. There will also be a smoothing mechanism so that entities must continue meeting requirements for a set period after they quality, even if they drop below the 750:750 threshold.

The PDF below contains a summary table, which sets out the applicability of the key requirements that are covered in the Response to different types of entity.

Read the PDF of this publication below. Alternatively you can download to print, to save for later or for a different experience.

Download PDF
New requirements in more detail

1. Directors' accountability

Strengthening boardroom focus on internal control matters

The Government had originally proposed to introduce a requirement for a directors' statement on the effectiveness of internal controls and had sought views in its consultation on the level of external assurance that should be required. Following opposition to US-style mandatory external assurance, the Government will ask the Financial Reporting Council ("FRC") to consult on requiring directors to provide a statement setting out their view of the effectiveness of the company's internal control systems (financial, operational and compliance) and the basis for that assessment.

Although the Corporate Governance Code ("Code") currently only applies to premium listed companies, the Response notes the Code's wider influence on other codes and best practice principles (such as the QCA's Corporate Governance Code, which is followed by many AIM companies and the Wates Principles, aimed at large private companies).

The Government also proposes to:

  • require companies that are already PIEs under the current definition and are over the 750:750 threshold to state in the new Audit and Assurance Policy whether or not they plan to seek external assurance of the company's reporting on internal controls (see further section 3 below);

  • require the directors of PIEs over the 750:750 threshold to report on the steps they are taking to prevent and detect fraud, which will provide an opportunity for them to comment on the effectiveness of the wider internal control system (noting however that commenting on the internal control system will not be a specific requirement of the fraud statement);

  • strengthen the regulator's corporate reporting review powers to monitor the entire annual report; and

  • ask the FRC to explore with investors and other stakeholders whether and how the content of the auditors' report could be improved to provide more information about the work auditors have undertaken on the internal controls over financial reporting.

Reporting on dividends and capital maintenance

The Government is proceeding with a number of proposals for strengthening the law on dividends and capital maintenance, the majority of which will only be applicable to PIEs that are above the 750:750 threshold. It decided not to proceed with the proposal for directors' assurance that a dividend would not be expected to jeopardise the future solvency of the company over a period of two years.

Measures that will be generally applicable to all companies:

  • ARGA will be responsible for issuing guidance on what should be treated as "realised" profits and losses for the purposes of section 853 of the Companies Act 2006.

  • Companies will be encouraged to disclose an estimate of the dividend-paying capacity of the group as a whole (but this will not be required).

Measures that will only be applicable to PIEs that are over the 750:750 threshold:

  • Qualifying companies or, in the case of a UK group, the parent company only, will have to disclose their distributable reserves, or a "not less than" figure if determining an exact figure would be impracticable or involve disproportionate effort.

  • The distributable reserves figure at the balance sheet date will be subject to audit.

  • Companies will be required to provide narrative explaining the board's long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and how this distribution policy has been applied in the reporting year.

  • Directors will be required to make statements confirming the legality of proposed dividends and any dividends paid in year.


2. New corporate reporting

Resilience Statement

PIEs that are over the 750:750 threshold will be required to produce a new Resilience Statement: a report on matters that they consider a material challenge to resilience over the short- and medium-term, together with an explanation of how they have arrived at this judgement of materiality.

Contents of the Resilience Statement

The Response sets out a number of areas that companies will need to consider when preparing their Resilience Statements, including:

  • the company's preparedness for business disruption;

  • its ability to manage digital security risks; and

  • the sustainability of the company's dividend policy.

In-scope entities will have to:

  • perform at least one reverse stress test each year, which will involve: (i) identifying a combination of adverse circumstances that would cause a company's business plan to become unviable; (ii) assessing the likelihood of that combination of circumstances occurring; and (iii) summarising in the Resilience Statement the results of this assessment and any mitigating action put in place by management as a result; and

  • identify any material uncertainties to going concern that existing prior to the taking of mitigating action or the use of significant judgement, which the directors consider are necessary for shareholder and other users of the statement to understand the current position and prospects of the business.

Interaction with existing requirements

It is intended that companies will be given the flexibility to incorporate within the Resilience Statement the existing Strategic Report requirement to describe the principal risks and uncertainties facing them by including this through their assessment of risk and resilience issues over the short- to medium-term.

The Government and the FRC are to consult on removing the viability statement and going concern provisions in the Code, on the basis that the relevant objectives will be met by the Resilience Statement. The Government is also to consider how the Resilience Statement would will fit with the proposed new Sustainability Disclosure Requirement regime.

Directors' liability

Information provided by directors in the Resilience Statement will be covered by the existing 'safe harbour' provision in the Companies Act 2006, meaning that directors would be liable to the company for untrue or misleading information in the Resilience Statement only if they:

  • knew the information was untrue or misleading (or were reckless as to whether it was so); or

  • dishonestly concealed a material fact.

Audit and Assurance Policy (AAP)

PIEs that are over the 750:750 threshold will be required to publish an AAP every three years, which will be complemented by an annual implementation report, in which the directors (typically through the audit committee) provide a summary update of how the assurance activity outlined in the AAP is working in practice.

Contents of the AAP

The AAP will need to:

  • state how a company has taken account of shareholder views, and also whether, and if so, how, they have taken account of employee views;

  • state whether, and if so, how, a company intends to seek independent (external) assurance over any part of the Resilience Statement or over reporting on its internal control framework;

  • describe the company's internal auditing and assurance process, including how management conclusions and judgements are challenged and verified internally;

  • describe the company's policy in relation to the tendering of external audit services (the FRC will be consulted regarding how this new reporting requirement can work alongside existing and forthcoming requirements in the Code); and

  • state the level and standard to which any independent assurance is being undertaken.

Reporting on payment practices

The Government intends to consult on the existing Reporting on Payment Practices and Performance Regulations 2017 before taking forward any proposals for PIEs to provide a summary of their payment practice policies and performance within their annual reports.

Public interest statement

The Government has confirmed that it will not legislate at this time to create a new public interest statement reporting requirement.


3. Supervision of corporate reporting 

ARGA will have enhanced corporate reporting review powers, including to:

  • direct changes to company reports and accounts (rather than having to seek a court order);

  • publish summary findings following a review;

  • publish the information necessary for it to be an effective regulator (which could allow for the publication of correspondence in exceptional circumstances); and

  • require or commission an expert review to support its corporate reporting review work.

These powers will extend to the entire contents of the annual report and accounts, so will cover areas not currently within scope, such as corporate governance statements and directors' remuneration and audit committee reports as well as voluntary elements such as the CEO's and chair's reports.

It is not intended to give ARGA new powers to offer a pre-clearance service.

4. Company directors

Enforcement against directors

The Government intends to give ARGA the necessary powers to investigate and sanction breaches of corporate reporting and audit-related responsibilities by directors of PIEs, including those under the new 750:750 definition.

This regime will not replace existing arrangements, for example, in respect of offences under the Companies Act 2006 or breaches of the FCA Listing Rules, FCA Transparency Rules or Market Abuse Regulation. Care will also be taken to avoid overlap or duplication between the role of ARGA and the existing scope of powers of the FCA and other regulators where possible.

Clawback and malus provisions in directors' remuneration arrangements

Following the consultation, the Government has accepted that the proposed conditions in the White Paper relating to clawback and malus provisions could benefit from increased clarity and that a more nuanced approach may need to be taken to cater for different companies' circumstances. Therefore, the FRC will be invited to consult on how the existing malus and clawback provisions in the Code can be developed to deliver greater transparency and to encourage consideration and adoption of a broader range of conditions in which executive remuneration could be withheld or recovered.


5. Audit purpose and scope

ARGA will be responsible for driving improvements in audit as an integral part of its core objectives, rather than the Government advancing new legislation in this area. The Government will also seek improvements from existing professional bodies to auditor qualifications, skills and training. Following consultation feedback, the Government is not intending any legislative changes regarding the assurance of Alternative Performance Measures or Key Performance Indicators and intends to retain the current 'true and fair' standard and current audit liability framework.


6. Audit committee oversight and engagement with shareholders

The Government intends to proceed with giving ARGA the power to set minimum requirements on audit committees in relation to the appointment and oversight of auditors, which will include provisions around mechanisms for shareholder engagement on the audit plan. ARGA will be asked to ensure that the new requirements do not conflict with existing requirements, e.g., those set out under the Code. These requirements will initially apply only to FTSE 350 companies, although the Government has noted that it will monitor the situation after the initial implementation and consider whether the requirements should be extended to a wider community of PIEs.

The Government has determined that ARGA will not be given the power to place an independent observer on the audit committee, nor to appoint the auditor in any circumstances.


7. Competition, choice and resilience in the audit market

There are a number of proposals being taken forward with respect to competition, choice and resilience in the audit market. Notably, UK-incorporated FTSE 350 companies will be required to appoint a challenger as sole group auditor, or, alternatively, appoint a challenger firm to conduct a meaningful proportion of its subsidiary audits within a shared audit.


8. Supervision of audit quality

The Government intends to make ARGA (rather than the professional bodies to whom this task is currently delegated by the FCA) responsible for approving the statutory auditors of PIEs. It is also asking the FRC to look at non-legislative ways of improving the regulator's Audit Quality Review process.


9. A strengthened regulator

As noted above, ARGA will replace the FRC and will be given new enforcement powers. Its objectives will be to promote high quality audit, corporate reporting, corporate governance, accounting and actuarial work and to promote effective competition in the market for statutory audit work.

There will also be changes to the regulator's responsibilities, including the strengthening of existing voluntary arrangements for the oversight of professional accountancy bodies and giving ARGA statutory powers to oversee and regulate the actuarial profession.

Key contacts

Read Aisling Arthur Profile
Aisling Arthur
Read Jane Bondoux Profile
Jane Bondoux
Read Beliz McKenzie Profile
Beliz  McKenzie
Read Neal Watson Profile
Neal  Watson
Read Klementyna Zastawniak Profile
Klementyna Zastawniak
Back To Top