In July 2023, we hosted a webinar with David Styles, Director of Corporate Governance & Stewardship at the Financial Reporting Council. During the webinar, Suzi Beese, Head of the Board Intelligence Director Community, asked 8 questions to get to the heart of what’s being proposed and what this means for directors. You can watch the 30-minute recording here and find below a written summary of David and Suzi’s Q&A.
Key learnings
- This is not a wide-ranging review of the Code; the main changes are to Section 4 which deals with the role of the Audit Committee, namely internal controls, audit, and risk.
- The chair, supported by the company secretary, remains responsible for the effectiveness of the information they receive and ensuring it’s accurate, timely, and clear.
- There is a greater focus on reporting on governance activities and outcomes, to move away from a generalised set of boilerplate statements to whether targets are being hit (or not) and what this means for the organisation.
- All significant director appointments should be listed in the annual report with a description of how each director has sufficient time to undertake their role effectively, in light of other commitments.
1. Why are you making the change now?
We’re pleased with the way the Code is currently working, but the changes we’re proposing are largely brought about through our transition into the Audit, Reporting, and Governance Authority (ARGA). The Government is bringing in regulations around resilience, audit, and assurance, which inevitably impacts the Code; it also gives us the opportunity to reflect on how it’s working, but we’re only making changes where we need to.
The main changes are in Section 4 which deals with the role of the Audit Committee — namely internal controls, audit, and risk. These are core parts of governance which often don’t get enough attention.
2. Will the changes to internal controls reflect US SOX?
Emphatically not! The Government decided not to regulate on internal controls, but to ask us to look at improving the internal controls regime using the Code. The changes we’ve proposed are:
- Asking the board to make a declaration on internal controls.
- Making clear that we are referring to reporting, operational, and compliance controls.
3. Is the code now “comply or else” rather than “comply or explain”?
Many companies use “comply or explain” to say what they’ve not complied with, explain why, and set out what they’ve done instead. So “comply or explain” is very much alive and in the past couple of years we’ve seen a decline in ‘strict’ compliance with the Code, i.e. ticking off all the provisions. You might think that’s a bad thing, but it’s the reverse.
Every year we produce a report on the quality of governance, and every year we see improvements. There’s more thought going into what’s right for each organisation — even across the FTSE 100 there’s a wide range of sectors at different stages of development. It’s better governance, but it also allows for more flexibility which is key for the attractiveness of UK plc.
4. Why is the FRC setting out an expectation that companies should focus on activities and outcomes to demonstrate the impact of governance practices?
This is how we can encourage better quality explanations when it comes to the Code. If you depart from a provision of the Code or if you interpreted a Principle in the Code in a particular way, then what activity took place as a result? And if you're looking for a good governance outcome by departing from the Code, then what was the outcome? If we can think about outcomes as a result of activities, it helps us achieve “comply or explain” rather than “comply or else”.
5. How do the revisions to the Code support the transition to a sustainable economy?
We make it clear in the consultation that we don’t want to duplicate or overlap other sustainability reporting requirements. What we're really interested in is how the board considers these things – what’s the governance of it and what decisions they make, particularly when it comes to company culture and strategy. If you get those linked together effectively, then clearly you're going to have better company performance.
6. How will the Code help companies to embed it?
Some companies find culture difficult, but managing your culture goes hand-in-hand with strategy. These are things the board have to think about and we’ll be producing guidance on several aspects of the Code to expand on this.
7. What changes have been made to place diversity and inclusion at the centre of the succession planning and appointment processes?
When we talk about quality, diversity, and inclusion, companies should be thinking about this in the round and not “tick-boxing diversity characteristics”. The range of skills and experience that you need on a board is getting wider and deeper to reflect all the issues that companies must deal with. That means thinking about all the qualities, skills, and experience that create a board that has constructive challenge and can “deliver the goods”.
What we’ve proposed in the Code is references to protected and non-protected characteristics so that we can capture aspects of diversity such as cognitive or socio-economic diversity, beyond those protected ones set out in government legislation.
We’d also like to see better reporting on companies’ own internal targets, or where they’re following voluntary external targets such as those set by the Parker Review on ethnic diversity. If you set targets, did you meet them? If yes, what will you do next? If not, will you do something differently or will you change the targets? It’s about getting away from a set of generic boilerplate statements to the specifics of reporting.
8. What’s been the reaction from stakeholders so far?
The reaction has been positive, particularly around the proposals around Section 4 (Audit, Risk, and Internal Control). Where there have been questions, they have been around the level of detail in the accompanying guidance. The challenge is always to balance the need for flexibility and rigour of reporting, while taking into account what’s material for your company.
The FRC’s consultation is open until 13th September 2023 and you can submit responses by emailing codereview@frc.org.uk.
If you’d like to understand more about how Board Intelligence is helping clients to ensure their board has the information it needs, particularly around internal controls and risk, please get in touch.
