The Department for Business, Energy & Industrial Strategy (BEIS) published its consultation on these proposals in March 2021, setting out a broad programme of reform for auditors, companies, directors, audit committees, investors, other stakeholders and the regulator to improve corporate transparency.
The Government’s recent announcement to bring forward a Draft Audit Reform Bill indicates that it is unlikely to propose legislation for a strengthened internal controls regime over financial reporting (ICFR). It is possible this could be adopted through regulation, for example by amendment to the UK Corporate Governance Code and/or introduction of a new minimum standard for audit committees. There are a number of other measures proposed in the reforms that further emphasise the need for and the importance of strong internal controls.
Strengthening internal controls has significant benefits for organisations, helping to combat fraud and enhance the quality of corporate reporting and governance. And beyond compliance it creates a controls-focused culture with broader insight and operational benefits that improve investor confidence, support better decision making and protect shareholder value.
The importance of strong internal controls, particularly over financial reporting, was highlighted by Sir Donald Brydon and Sir John Kingman in their government-commissioned reviews and many companies have already begun a major controls transformation programme, irrespective of any legislative requirement.
Based on our own experience of successful control transformation programmes and also publicly available evidence of improvements experienced in the US after the introduction of Sarbanes Oxley (SOX) in the early 2000s, we believe that the strengthening of internal controls, in particular around financial reporting, has significant benefits for an organisation on many levels such as:
Improve credibility of financial reporting
The process of strengthening internal controls leads management to better understand financial reporting risks, put in place appropriate controls to mitigate these risks and address internal control deficiencies in a more timely fashion. This in turn has a positive impact on the quality and reliability of the information produced, increasing shareholder and investor confidence in the companies’ financial reports.
Provide greater safeguarding of shareholder value
A robust internal control framework with clearly assigned and embedded ownership within the front line of the business is a powerful method to reinforce high quality standards through better governance and accountability.
Enhance fraud prevention and detection
One of the most tangible benefits is in helping organisations to prevent and detect material fraud. While we can’t attribute this only to the implementation of an enhanced control framework, we believe it plays a key role by providing the awareness of where an organisation's key fraud risks are and whether mitigating controls are in place to address those risks.
Drive operational improvements and rationalisation
Organisations with the right-sized controls for their current structure and future plans can build greater resilience, gain broader insight and have more confidence in the decisions they make. Processes and controls are simplified, standardised and digitised and duplicate and redundant controls are identified and removed, while ongoing monitoring of the operation of controls leads to continuous real time improvement.
Improve management information to support better decision making
Technology advances plus a risk-based, top-down approach and focus on entity level controls helps drive a proportionate and cost-effective response to a strengthened internal control regime. And by using automation and advanced analytics, organisations will benefit from having more real time management information and insight.
Build a better culture
A controls-focused culture led from the top, promotes behaviours and activities across the wider organisation that play an important role in safeguarding the business and shareholder value. Employees who understand their responsibilities and are accountable will be able to design and operate effective controls and identify deficiencies early. This leads to improvements in the behaviours and attitudes specifically related to risk and controls. It also promotes a controls mindset over increasingly important disclosures outside of financial information, such as ESG and climate change, helping organisations to build or rebuild trust.
There are wide-ranging benefits of strengthened internal controls, beyond just meeting a regulatory compliance requirement and there are some ‘no regrets’ activities you should start now to drive improvements to your business in any event, alongside preparing for a strengthened internal controls regime.
The Government’s proposed reforms to audit and corporate governance include measures that emphasise the need for and importance of better internal controls. These include:
Beyond the proposed audit and governance reforms, this is an opportunity for organisations to rethink control more broadly - through Enterprise Control. What we mean by this is an optimised, right-sized control environment that is focused on key risks and strategic objectives beyond internal control over financial reporting.
Enterprise Control provides panoramic insight, underpinned by trusted data sources and enabled by technology. It allows organisations to balance the need for transformation and creating new opportunities for growth with building resilience and creating trust and confidence among stakeholders, investors and customers.
A successful control implementation programme requires significant effort, resource and planning from a broad range of stakeholders across an organisation. In our experience, and learnings from US SOX and other similar regimes, there are a number of critical success factors.
Understanding what the change means for your business and taking a pragmatic approach will enable you to enhance and optimise your control environment.
Now is the time to step back and take a panoramic view of the whole system of governance and control to ensure that the target operating model, frameworks, processes and controls are defined, proportionate and able to stand up to much greater scrutiny.
Speak to us now to find out what these proposed reforms mean for your organisation and how we can help you strengthen your internal controls regime.
Partner, National Leader Governance, Risk and Compliance, PwC United Kingdom
Tel: +44 (0)7715 034917
Partner - Business Risks and Controls - FS, PwC United Kingdom
Partner, Financial Services, PwC United Kingdom
Tel: +44 (0)7876 207850