Audit committees have evolved at a Darwinian pace. Eighty years ago, the US Securities and Exchange Commission encouraged companies to have audit committees (ACs) composed of independent directors. In the 1970s it brought in ‘required’ disclosures and, 20 years ago, the Sarbanes-Oxley Act banned national exchanges from admitting companies that did not comply with minimum AC requirements.
In the UK, the Cadbury Code (which had its 30th birthday in December) played catch-up via recommendations that have set the tone for ACs’ composition and their responsibilities for auditor appointments, and reviews of financial statements and internal controls. After many updates via the Corporate Governance Code and other guidance (see the earlier AB article), the Financial Reporting Council (FRC) has just published a Draft Minimum Standard for Audit Committees.
The proposed standard is more bothered about choice of potential auditors than audit quality
The fact that this is a standard demonstrates a rare intent for the UK to have requirements that are enforceable. In its final response to the ‘Restoring Trust in Audit and Corporate Governance’ consultation, the government said this was ‘preferable to the “comply or explain” approach’ of the code. Taken with the proposed power to sanction directors for breaches of corporate reporting and audit-related duties, it sets the scene for a more assertive Audit, Reporting and Governance Authority (from 2024).
Less about quality
But before governance and accounting vigilantes get too excited, it is important to recognise the limits of this five-page proposed standard. It focuses on tendering, which only happens every 10 years, and is more bothered about choice of potential auditors than audit quality. As it happens, the UK’s (understandable) keenness to ban audit firms from performing any other services for audit clients has narrowed the choice and made managing the run-up to the tender rather tricky.
In the brief ‘oversight’ section, the standard makes welcome references to encouraging the auditor to challenge management and to gaining feedback from ‘external sources including investors’. But elsewhere it talks of engagement with shareholders on audit scope ‘where appropriate’ – surely ‘best endeavours’ should be the minimum. It is true that investors need to pay more attention to audit, but this will need to be prompted by a more systematic approach.
Comply or explain will continue to rule the roost, which means the good comply – and the bad, not so much
Limited proposals
More frustrating is what is not there. This includes minimum content for the proposed audit and assurance policy (AAP), and requirements for directors’ statements on resilience and fraud prevention. ACs have a key role in all of this. The AAP creates the potential for assurance of climate-related disclosures, the latter two open the door to a UK version of Sarbanes-Oxley, with attestations to the effectiveness of internal controls.
So, we await the typical British approach to these important matters via a further revision to the Corporate Governance Code and a series of guidance notes from the FRC. Comply or explain will continue to rule the roost, which means the good comply….and the bad? Not so much. At least the AAP will give investors a hook on which to hang their preferences.
But with the UK authorities keener to compete for company listings than to copy US-style rigour – quality costs more – I’m not holding my breath.
More information
See the AB graphics outlining the different governance regimes across Europe