The Financial Reporting Council’s (FRC) Corporate Governance code will aim to improve the way organisations think about, manage and report on their principal risks and culture, with a view to making them more resilient and adaptable to change.
But are you letting this revised code just happen to you, or are you embracing it and exploiting the opportunities it can bring? If you see it as a benefit not a burden, and if you get on the front foot with your regulatory response, it can bring significant opportunities.
Any organisation lacking the ability to protect itself or adapt to change is only likely to survive as a result of luck. If you get your response to the updated Code right, it can help your organisation to manage internal control and become more resilient, instead of blindly focusing on cutting costs and aggressively streamlining operations.
Hello. I’m Simon Perry and I lead PwC’s Enterprise Resilience practice.
Today I am going to talk about the proposed new Corporate Governance Code, and why I think it could be a positive step towards helping you become a more resilient, and therefore a more successful organisation.
While we don’t know for sure what the final version of the Code will say, we do know that it will aim to raise the bar on the way organisations think about, manage and report on their principal risks and culture.
I spend a lot of my time working with companies to make them as resilient as possible, so the issues that will be addressed by this new code are very close to my heart.
The revised code will apply to accounting periods beginning on or after 1 October 2014, but the underlying motivation behind it simply promotes good business practice, so I would encourage companies to start thinking about how they respond now.
So what do the current draft proposals say? Well, there’s six key points that are worth focusing on.
- Firstly, directors will need to confirm that a robust system of risk management has been developed and is integrated with business strategy and planning.
- Secondly, they will need to confirm that they have defined and articulated their appetite for risk in key areas. This is something that we have seen many companies struggle to do in a meaningful and pragmatic way.
- Next, companies need to be able to confirm that they have identified their principal risks, including using techniques such as stress and reverse stress testing.
- Companies will also have to review and confirm the effectiveness of key operational, financial and compliance controls.
- The new proposals also talk about the importance of organisational culture, and companies are expected to have defined and embedded an appropriate culture as well as to be able to measure it.
- Your organisation’s culture is defined by the sum of your people’s behaviours and these behaviours can and should be monitored, measured and built into your KPIs. This can help you understand, for example, if that seemingly one-off issue is not a deeper, systemic cultural problem.
- And finally, companies will be expected to make better disclosures that describe their risk management systems and culture as well as the particular risks they face and how they are being addressed.
Taken together, that’s quite a challenge! But not an insurmountable one.
Thank you for listening, I hope that’s given you some helpful pointers for when you’re considering how to respond.
Look out for more from me when the code is released.