Restoring trust in audit and corporate governance

Focus on listed and AIM companies

1) Headline view

Based on the proposals in the Government’s response to the consultation on its White Paper ‘Restoring trust in audit and corporate governance’ the degree of impact on listed and AIM companies would, as expected, be in ascending order :

• AIM companies not within PIE scope
• AIM companies within PIE scope
• Fully listed companies not premium listed
• Premium listed companies
• FTSE350 companies

The principal differences between the White Paper and the recently published consultation response include that far fewer AIM companies will now be PIEs; minor exemptions from audit tendering and rotation for AIM companies becoming PIEs; some relatively modest simplifications of the main additional reporting requirements and the changes to the proposals on internal controls which will now affect only premium listed companies. The proposals on Managed Shared Audit have been retained for FTSE350 companies.

Thresholds for PIES and related issues are discussed in the New PIE size thresholds and their implications.   

2) Far fewer AIM companies to be PIEs 

AIM companies will be PIEs if they have an annual turnover of more than £750m and more than 750 employees globally. This will significantly reduce the number of AIM companies l becoming PIEs compared to the original White Paper proposal which would have included those with a market capitalisation above 200m euros, the figure used for determining whether AIM companies’ audits are currently monitored by the regulator. In addition, a review will be undertaken to consider whether changes are needed in the review practices of the regulator for AIM companies who will not be PIEs in future. For AIM companies that do become PIEs due to meeting the size thresholds, they will not have to have an audit committee and will not have to tender their audit every 10 years or to rotate their auditors every 20 years as other PIEs do.

3) Additional reporting requirements for listed companies and AIM PIEs 

Listed companies and AIM companies meeting the size thresholds will be required to meet  additional reporting requirements related to:

• the Resilience Statement
• Audit and Assurance Policy
• Prevention and detection of fraud
• Dividends and capital maintenance.

All listed and AIM companies are subject to Corporate Reporting Review and the proposals indicate that the whole of their annual report will be subject to review by the regulator under wider corporate reporting powers, including voluntary elements, rather than just the financial statements as has been the case.

The above reporting issues are discussed in New reporting requirements for PIEs meeting the size thresholds and ARGA’s proposed regulatory powers.

The extent to which the above will require significant extra work will depend on the current reporting practices of individual listed and AIM companies. Premium listed companies are already called on to produce a viability statement under the UK Corporate Governance Code, the requirements of which will be strengthened and replaced by the Resilience Statement, and a number of larger listed companies have voluntarily designed an Audit and Assurance Policy and are making many of the dividend disclosures that will be required. By contrast some AIM companies are likely to have to make significant reporting adjustments.

4) Sanctions on board directors  

Directors of PIEs will be subject to investigation and sanctions by the regulator in relation to their responsibilities for corporate reporting and audit. Depending on how the new approach is implemented, this may lead to some current non-executive directors deciding they do not wish to continue in the role. Equally, some boards, again probably especially among smaller listed and AIM companies, will benefit from reviewing the composition of their boards to ensure they are ready for the higher levels of scrutiny.

The proposed new investigations and sanctions regime is set out in ARGA’s proposed regulatory powers and Sanctions against Directors.

5) A new approach on internal controls for premium listed companies 

One of the most commented-on differences between the White Paper and the proposals in the response to the consultation is the proposed changes in the new requirements on internal controls. It is now proposed that the UK Corporate Governance Code, applicable to premium listed companies, be strengthened to require specific confirmation by directors of whether controls have been effective. This will embrace financial, operational and compliance controls and not just those on financial reporting as originally set out in the White Paper. Guidance will also be issued on the work directors should do in order to be in a position to make their assessment. With the broad range of controls, the guidance in place and the proposed sanctions regime, many boards within the scope will need to place much more emphasis on controls in future. External assurance will not be mandatory but directors will be called on to state how they have dealt with assurance on internal controls in their Audit and Assurance Policy. Moreover, the changes may extend beyond premium listed companies, not only to others also applying the UK Corporate Governance Code but there may also be pressure to strengthen the QCA Corporate Governance Code, adopted by many smaller listed and AIM companies, to bring it in line with the amended UK Corporate Governance Code.

The proposals related to internal controls are set out in Internal controls for premium listed companies.

6) A possible move to a more a la carte approach to assurance

With the introduction of the new Audit and Assurance Policy, listed companies, and those at the upper end of the market, in particular, are likely to find at least some investors pushing for significant increases in assurance in areas such as ESG matters. In addition, listed companies and AIM PIEs will be required to state their approach to external assurance with regards to the Resilience Statement and internal controls. An increased spotlight is also likely to be shone on internal audit and its role in supporting the board and audit committee on assurance matters.

7) Managed shared audit approach in the FTSE350  

Under the proposals on managed shared audit FTSE350 companies will be required to have managed shared audit involving the Big 4 as group auditor and a challenger firm unless a challenger is appointed as sole auditor or exemption is agreed with the regulator. Companies will need to decide well ahead of their next audit tender once the new approach comes into force, following the necessary legislation being passed, which route they would aim to take and if they are to adopt managed shared audit how to divide the audit in a way that is practical and gives the challenger firm a ‘meaningful proportion; of the total audit.

The proposals on managed shared audit are set out in Managed shared audit in the FTSE350.