The BEIS report on “restoring trust in audit and corporate governance” published in May 2022 has been a hot topic for discussion amongst businesses and the audit community alike.
The report provides an outline of where the government and the regulator expects to see organisations invest their time and effort. Organisations are required to significantly increase their accountability for internal controls, dividends and capital maintenance whilst also taking steps to formally report on their resilience, fraud detection and prevention, and audit and assurance policies.
Staying ahead of the curve
Organisations that want to stay ahead of the curve need a reliable way of evidencing their accountability. Many organisations have already been preparing for what was to come and for those that have not yet formed a plan for what to do, the report provides some indication of what shape their response should take. Businesses will not take the key pillars of the code lightly and will want to take “no regrets” action now to make improvements in their approach. This will result in an overall enhancement in the way they evidence their strong internal control and resilience to regulators, shareholders, customers and partners.
How Controls Assurance can help
Whether or not your organisation falls under the new definition for PIEs, demonstrating the strength of internal controls, including those of key outsourcing partners, is expected to become the norm. Assurance reporting via independent auditors provides a reliable and recognised mechanism to achieve this, as well as supporting other requirements, such as resilience reporting and fraud detection and prevention.
Stakeholders will begin to demand an independent view of internal controls, corporate governance related reporting as well as the organisation’s ability to cope with market risks and risks arising from the supply chain. Assurance reporting helps organisations to have a repeatable and efficient tool to meet this increased demand; a tool that adds value to all stakeholders and improves their regulatory compliance. Those that are prepared will be able to stay ahead of the curve as the legislation is strengthened.
Practical next steps
Start with a simple readiness assessment to validate your internal controls and document your controls register in preparation for independent assurance. You can engage with a reputable assurance auditor to obtain a readiness assessment report and formal assurance opinion if this is in line with your appetite.
How KPMG can help
Using our established methodology, we have been providing reasonable assurance reports to businesses and their stakeholders for a number of years. These System and Organisation controls (SOC) reports cover an organisation’s internal controls which can cover a near endless range of topics, including business operations and IT, Cyber Security, supply chain or other specific subject matter that the organisation may want to report on. These are issued under internationally accepted frameworks and standards such as the ISAE (UK) 3000 or ISAE 3402.
Get in touch if you have any questions, we’d love to talk to you.