If you want to gauge a society on some index of “trust” and “cooperation” do not go any further and look at the success of its listed companies. This is the model – that in principle – is reflective of an appropriate balance of entrepreneurship and due care.
The UK Code of Corporate Governance published on January 22,2024 https://media.frc.org.uk/documents/UK_Corporate_Governance_Code_2024_FF6VFzi.pdf
is a brilliant step in the pursuit of achieving the above-mentioned balance.
Let us see the 3 key themes introduced through this code.
1. Beyond Formalities: Assessing the Essence of Board Governance Through Decision Quality
We all know that the Board is there for appropriate oversight and decision-making – fair enough but what about the quality of such decisions? This is what that has been addressed by the current UK Code through its Principle 9
“Governance reporting should focus on board decisions and their outcomes in the context of the company’s strategy and objectives. “
All other requirements relating to the composition of the Board, number of meetings, requirements related to voting, Board minutes etc. are means to an end and not and end. We have been focusing too much on the means lately, whereas the focus should have been on how good or not so good the decisions of the governing body have been.
2. Role of Board Oversight in Embedding Organizational Culture
As per Provision 2 of the UK Code of Corporate Governance, boards should not only assess and monitor culture, but also how the desired culture has been embedded.
When companies break free from the copy-paste routine for implementing this rule, it is not just paperwork at stake – it is the core of how things work. All the internal controls, risk management practices, policies, and procedures etc. can fall on any given day if the right culture is not embedded within the organization.
With the Board now taking a closer look at how the right culture is woven into the company, there is a chance we will start seeing things get better over time.
3. Internal Control & Risk Management – Board’s Enhanced scope compared to rest of the world.
Analyzing the changes in the context of raising the bar in comparison to the rest of the world, the UK Code of Corporate Governance has gone a step or two further in the Internal Control domain but has not fully seized the opportunity.
Let us first see what is written in the Code.
The board should monitor the company’s risk management and internal control framework and, at least annually, carry out a review of its effectiveness. The monitoring and review should cover all material controls, including financial, operational, reporting and compliance controls.
The board should provide in the annual report:
- A description of how the board has monitored and reviewed the effectiveness of the framework.
- A declaration of effectiveness of the material controls as at the balance sheet date; and
- A description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues.
On the positives it has gone beyond the Controls over Financial Reporting and covered operation, compliance, and financial controls as well. Secondly, it not only asks the Board to certify that adequate controls were present also expects a statement as to how the effectiveness of the framework was ensured together with a description of actions taken to improvise the effectiveness of material controls.
Now, what could have been done more, in our humble opinion?
On the same subject, a year ago we published a brief document with the intention of making the global Internal Control regime more effective. Full details can be found here https://www.linkedin.com/posts/faheempiracha_icfr-regulatory-landscape-activity-6995624791047053312-3sAN?utm_source=share&utm_medium=member_desktop
We highlighted the two problems below with the current certification regime.
- It asks the Board to certify that adequate internal controls are present. How adequate is anybody’s guess.
- Further, for how long they will remain at such an adequate level – that may currently be at bare minimum -, no one knows.
The above problem when results in misreporting or fraud, the only excuse we have then is that controls never give 100% assurance.
The need then is to take the stakeholders along the Internal Control Maturity journey. This can be brought about when the BOD talks about at least the three topics mentioned below.
|Our proposed areas to report on for bringing in Internal Control Maturity
|How are these addressed in current UK Code
|Culture Companies need to establish the key factors considered most relevant to gauge the culture they envision to see and then report on the effectiveness of the same.
|Introduction of the requirement in the UK Code that boards should not only assess and monitor culture, but also how the desired culture has been embedded is a welcome step.
|Compensation This is a tricky one, but many accounting frauds, be it overstatement of revenue or deferring accruals or provisions, happen because compensation is linked with the financial results of the company. Compensation of the CFO, CEO, and the ones responsible for accounting/reporting should be detached from the financial results of the company.Entities need to disclose their policy in this regard.
|The Board in the UK would be required to report on the effectiveness of material controls. Though it is not explicit with respect to automated controls in an overall control mix, but if Board discharge this responsibility with due care, it must ask how the material controls if in large number can be considered effective
|Compensation This is a tricky one, but many accounting frauds, be it overstatement of revenue or deferring accruals or provisions, happen because compensation is linked with the financial results of the company. Compensation of the CFO, CEO, and the ones responsible for accounting/reporting should be detached from the financial results of the company. Entities need to disclose their policy in this regard.
|No mention in the current code.
We consider the UK Code of Corporate Governance to be great guidance not only for companies in the UK but across the globe. The most stringent requirements brought in are regarding Internal Control and Risk Management on which we continue to help companies raise the bar.