Restoring Trust in audit and corporate governance: proposed Audit and Assurance Policy and an increased role for audit committees

The latest in our series of briefings examining the UK Government White Paper on financial reporting reform - Restoring trust in audit and corporate governance examines the proposals for companies in scope to publish an Audit and Assurance Policy (AAP). We also examine the proposed increased role for Audit Committees and the ways that the Government intends to encourage shareholder engagement with audit.

Companies in scope

The proposed changes outlined below would apply to public interest entities (PIEs). Currently, the definition of a PIE broadly captures companies with shares admitted to trading on a regulated market (such as the main market of London Stock Exchange), credit institutions and insurance undertakings. The Government proposes to extend the UK definition of PIE to include some of the largest private companies and has identified two alternative approaches that are subject to consultation:

Option 1 – (1) all companies with either more than 2,000 employees or (2) a turnover of more than £200 million and a balance sheet of more than £2 billion; or

Option 2 – a narrower set of companies with over 500 employees and a turnover of more than £500 million.

In addition, the Government proposes that companies on AIM with a market capitalisation above 200 million Euros should also be included in the new definition of a PIE. Not all companies within the broader definition will be caught by the proposed changes outlined below from the outset as the Government is proposing a phased implementation.

Audit and Assurance Policy

As described in our earlier briefing, the Brydon Independent Review of the Quality and Effectiveness of Audit recommended that public interest entities be required to publish an annual AAP. The purpose of the AAP would be to set out the company’s approach to seeking assurance of its reported information over the next three year period.

At present, whilst auditors are required to consider the annual report in its entirety, scrutiny of the information other than the accounts is limited and not always fully understood by users. The Government sees the Audit and Assurance Policy as providing a means by which companies can explain whether, and if so how, they are obtaining assurance on any company reporting beyond that required by the annual audit. This may encompass elements of company reporting such as carbon emissions disclosures, requiring specialist knowledge and skills which financial auditors may not be able to provide.

The Government proposes that the Audit and Assurance Policy should include as a minimum the following disclosures:

• An explanation of what independent assurance, if any, the company intends to obtain in the next three years in relation to the annual report and other company disclosures beyond that required by statutory audit. This includes in relation to the Resilience Statement that also forms part of the Government’s proposals, and other disclosures relating to risk and the effectiveness of the company’s internal controls framework which the Government proposes directors should have to attest to in the annual report.
• A description of the company’s internal auditing and assurance processes. This might include how management conclusions and judgements in the annual report and accounts can be challenged and verified internally, and whether, and if so how, the company is proposing to strengthen its internal audit and assurance capabilities over the next three years.
• A description of what policies the company may have in relation to the tendering of external audit services (for example, whether the company is prepared to allow the external company auditor to provide permitted non-audit services).
• An explanation of whether, and if so how, shareholder and employee views have been taken into account in the formulation of the Audit and Assurance Policy.

The Government intends that the Policy should cover a three year period. In terms of frequency, the Government is consulting on whether the Policy should be published annually, or whether it should be published at least once in every three years. In either case, the Policy would be subject to an advisory shareholder vote (although this would not apply to unlisted PIEs in scope, who would also be exempted from explaining how shareholder views had been taken into account).

The Government envisages that the Audit and Assurance Policy would be required of premium listed companies initially, and extend to other PIEs two years later.

Audit Committees

• Role and oversight of audit committees

The Statutory Audit Services Market Study carried out by the Competition and Markets Authority (CMA) recommended that audit committees should come under greater scrutiny by ARGA. The CMA study highlighted concerns that audit committees were not always prioritising scepticism and challenge when tendering for audits and that it was hard for audit committees to directly observe the quality of audit work undertaken.

The Government proposes to give the Audit, Reporting and Governance Authority (ARGA) (being the new regulator that will replace the Financial Reporting Council) powers to impose additional requirements on audit committees in relation to the appointment and oversight of auditors. This is intended to help ensure the audit committee acts effectively as an independent body, responsible for safeguarding the interests of shareholders and other users of accounts.

The requirements will cover the need for audit committees to continuously monitor audit quality, and consistently demand challenge and scepticism from auditors. The regulator will consider how these requirements sit alongside the existing requirements for audit committees (for example, for listed companies, under DTR 7.1 of the Financial Conduct Authority’s (FCA) Disclosure Guidance and Transparency Rules and the UK Corporate Governance Code). The additional requirements would apply initially to the audit committees of FTSE 350 companies, and may be extended to other companies within the expanded definition of PIEs in due course.

The Government also proposes:

• To impose a duty on ARGA to monitor compliance with the new audit committee requirements, including through a power to require information and/or reports from audit committees, and a power to place an observer on audit committees if necessary.
• To give ARGA appropriate powers to take action in relation to breaches of the new audit committee requirements.

• Shareholder engagement with audit

The Government proposes to establish a formal mechanism to enable audit committees to gather views of shareholders on the audit plan. Shareholder views will be advisory only, as the auditor will retain autonomy for the way the audit is conducted. Exactly what this enhanced shareholder engagement will entail in practice is not clear from the consultation document, as the detail will be developed by ARGA, liaising with audit committees, auditors and shareholder bodies. These proposals would initially only apply to the audit committees of premium listed companies, and would be addressed through changes to the UK Corporate Governance Code (and/or associated guidance on audit committees) rather than directly though regulation.

Other proposals in the White Paper in this area include inviting the regulator to revise its guidance to audit committees to encourage questions from shareholders about the company audit at the AGM. However, the Government does not believe that a standing AGM agenda item is necessary or sufficient. Nor does the Government propose to require senior auditor attendance at the AGM to answer shareholder questions (as suggested by the Brydon Review). Instead, better attendance from the committee chair and senior auditor should be encouraged.

Separately, the Government will consider whether further powers are needed to assess and promote compliance with the UK Stewardship Code. This could also include considering the case to amend Department of Work and Pensions legislation or FCA and Local Government Association rules to introduce stronger requirements for reporting on the Code or to alter the balance between a rules and voluntary Code-based approach if the desired outcomes have not been achieved.

Comment

The Government’s proposals for an Audit and Assurance Policy will go some way to address the increased interest from investors and other users of accounts in the non-financial information in the annual report. This comes at a time when we are seeing an increased emphasis on climate-related and sustainability disclosures (such as reporting against the recommendations of the task force on climate-related disclosures), with environmental, social and governance issues very much in the spotlight. These, of course, have the potential to impact the financial statements as well.

In practice, the extent to which companies require assurance beyond the current requirements for statutory audits may, in part, depend on the concerns of directors in relation to personal liability such as that attaching in respect of any attestation by them in respect of internal controls.

The proposals in relation to audit committees are intended to address concerns on the quality of audit committee scrutiny highlighted by the CMA in their market study. Although the detail of what this will involve will be worked out by the new regulator in due course, this will be a fundamental change for companies. The effect may be felt most by larger private companies and those on AIM who do not currently follow the UK Corporate Governance Code, but they will not be caught by the changes initially.

Useful Links

Restoring trust in audit and corporate governance

Eversheds Sutherland Briefing: Restoring trust or undermining business confidence? Reform of financial reporting