Audit & Corporate Governance reforms – Latest update

In May 2022, the Government published its response to the consultation on ‘Audit and Corporate Governance’ reforms which were set out to build trust and credibility in UK audit, corporate reporting and corporate governance system.

The reforms introduce five new reporting requirements which are aimed to improve the transparency, reliability and usefulness of information for stakeholders.

In May 2023, the Financial Reporting Council (FRC) published the proposed changes to the UK Corporate Governance Code which included one of the new reporting requirements, the ‘internal control statement’.

Yesterday, the draft changes proposed to the Companies Act 2006 to incorporate the other four reporting requirements were published and laid in Parliament. The parliamentary approval process is expected to take place in autumn. If approved, these reporting requirements will be effective and apply to some UK companies from 1 January 2025.

The changes being proposed to the Companies Act are largely in line with the proposals set out in the UK Government’s response in May 2022. The changes clarify the companies in scope of the new reporting requirements, potential effective dates and the specific reporting requirements.

The reporting requirements will apply to UK companies with 750 employees or more and an annual turnover of £750 million or more.

For UK companies with equity listing on UK regulated markets meeting the above size thresholds, the reporting requirements will be applicable for accounting period beginning on or after 1 January 2025.

For all other UK companies meeting the size thresholds, the requirements will be applicable for accounting period beginning on or after 1 January 2026.

Reporting exemptions will be available for UK subsidiaries that are consolidated by a UK parent when the parent provides these disclosures for the group which include the UK subsidiaries, subject to some conditions.

Resilience Statement: Companies will need to set out how they are managing their principal risks and building or maintaining resilience over the short, medium and longer term.
The Resilience statement, which will form part of the Strategic report, will require companies to:

• disclose the chosen period for the short term and medium term analysis.  The long-term period will not need to be disclosed
• set out the principal risks that threaten the business in the short and medium term, along with information on risk likelihood, impact, mitigating action, amongst others. In assessing principal risks, companies will need to consider several specified matters including areas of dependency, digital security risks, cyber security and the impact of climate-related and sustainability-related risks
• confirm that at least one reverse stress test has been carried out and disclose a summary of the reverse stress test and mitigating actions unless this information will be seriously prejudicial to the company’s interests
• summarise the long-term trends or factors which could significantly threaten the company’s business beyond medium term, along with estimated timings and discussions of how these will be managed

Distributable reserves and distribution policy: 

Companies will need to disclose, in the notes to the accounts:  

• the amounts of distributable reserves, or a minimum figure, at the beginning and the end of the reporting period
• a summary of changes during the reporting period and
• for public companies, the effect of the net asset restriction. 

The distribution policy, which will be part of the Directors’ report, will explain the plan for dividends and share repurchases over the short and medium term as defined in the Resilience statement, including the factors and risks relevant to implementing and sustaining the policy.

The draft changes to the Companies Act do not require explicit statements by directors confirming the legality of proposed dividends and any dividends paid in year as was initially set out in the proposed reforms. Instead, the directors will need to explain how they have considered the level of distributable profits when recommending a dividend.

Material Fraud statement: The Directors will be required to include a material fraud statement in the Directors’ report setting out:

• their assessment of the risk of material fraud to the company’s business operations including how the company’s susceptibility to material fraud was assessed and the types of material fraud that were considered
• the main measures in place or any future measures that will be set up to prevent and detect the occurrence of material fraud 

Both fraud and ‘material’ are defined. Fraud is considered material when its nature or magnitude could be expected to influence the decisions which a reasonable shareholder would take in connection with its shareholding in the company.

Audit and Assurance policy: This policy, which will be part of the Directors’ report, will set out how the company is currently obtaining assurance and how it plans to obtain assurance over its annual reports and accounts, including voluntary disclosures, over the next three years.

More specifically, the policy will  explain the following in relation to the annual report and accounts:

•  the internal audit and assurance capabilities and the three-year plan for strengthening these capabilities
• what external assurance, if any, the company intends to seek in the next three years beyond the statutory audit
• whether, and if so how, the company intends to seek external assurance over some or all of the company’s Resilience statement, and the effectiveness of the company’s internal controls over financial reporting

Companies will also need to provide an annual update on how the audit and assurance policy has been implemented and any updates made during the reporting period.

The new reporting requirements should not be viewed as a compliance exercise.

It is an opportunity for large UK public and private companies to take stock of the strategy, business model, risks, governance and reporting.

It will require companies to re-evaluate the strength of their control environments and approach to the level of assurance the business and stakeholders need.

High quality and transparent reporting will require integrating these new statements alongside the existing non-financial reporting and forthcoming ESG disclosures.

This holistic approach to implementing the reforms will help companies rebuild trust in what is being reported and help stakeholders understand the purpose and value of the business. 

The FRC is expected to consult on and publish guidance that will support the implementation of these new requirements.

In the interim:

• Ensure that the Board, Audit Committee and Executives are aware of the draft legislation and the implications for both the business and their roles.
• Ensure that there is clarity on your current status and how you will coordinate the implementation.
• Consider interactions with all existing projects e.g. risk management and internal control programmes and ESG reporting implementation.  
• Use all existing guidance to improve existing reporting. Having a robust, connected, and complete starting point will help you to effectively meet the objectives of these new requirements.

Stay tuned for more updates on the changes and its impact on corporate reporting.