In the UK’s quest to ‘restore trust in audit and corporate governance’, the role of the audit committee has received too little attention. That is changing.
The UK government’s proposals for reform include giving the new regulator – the Audit, Reporting and Governance Authority (Arga) – the power to oversee audit committees and set minimum standards.
In the decade leading up to Arga replacing the Financial Reporting Council (probably 2024–25), the regulator will have gone from not even having contact details for all audit committee chairs, to direct supervision with powers to investigate and sanction.
Stakeholders will extend the pressure for independent assurance to environmental and social
In response to the increasing scrutiny, audit committee chairs set up an independent forum in 2016. The Audit Committee Chairs’ Independent Forum (ACCIF) now has around 200 members, including about 40% of FTSE 100 companies. One of its suggestions for making audit committee work more transparent is to set out a framework for assessing the effectiveness of internal controls with the option of commissioning external assurance.
A key government proposal, emanating from the Brydon review, is that large companies (public interest entities) should publish an audit and assurance policy. This will include decisions on commissioning external assurance – on resilience statements, for instance – and on whether assurance is ‘limited’ or ‘reasonable’. I am most bothered about financial controls, but other stakeholders will extend the pressure for independent assurance to environmental and social fields.
The minimum standards for audit committees that Arga will set are likely to include a requirement to gather the views of shareholders. This throws down a challenge to shareholders to invest time and effort in communicating their concerns.
How will the intention to sanction directors for breaches of statutory duties be implemented?
Questions remain
Many details have yet to be worked out. For instance, if the commissioning of external audit of internal controls is voluntary, then it will count as a non-audit service for the purpose of the 70% cap on fees for non-audit work, compared with the bill for audit. Yet if statements on resilience and fraud are made part of the legally required strategic report, they could form part of the auditor’s non-capped work.
How will the powers to investigate and sanction audit committees work? As a risk-based regulator, Arga is likely to look for red flags such as auditor resignation or restatement of accounts to trigger investigations.
Enforcement is trickier. The reforms extend to directors’ accountability, but in the absence of a regulated profession similar to that for accountants, how will the intention to sanction directors for breaches of statutory duties be implemented? Existing duties in the Companies Act and listing and transparency rules are barely enforced by the Financial Conduct Authority or the Insolvency Service.
The Financial Reporting Council has been busy since the publication of the Kingman report in December 2018 implementing as many reforms as it can without any changes in its statutory powers. It will gain some important new powers when it becomes Arga. The devil will lie in the legislative detail, and in the will and capacity of all the relevant regulators to tackle failings in the way companies are run and audited.
For audit committees, and independent directors more generally, growing external pressure from the regulator and shareholders should strengthen their resolve to challenge executives and better equip them to do so.