Section 3 of the White Paper promotes the introduction of a new and expanded regime for corporate reporting by public interest entities (“PIEs”). The Government has accepted the proposals in the Brydon Review for the introduction of a new Resilience Statement and an Audit and Assurance Policy (“AAP”). Together, these related proposals are intended to enhance the information available to users of corporate reports and to the public generally, and also to develop the framework for an appropriate level of assurance in relation to such information.
This section of the White Paper also agrees with the Brydon Review that there is a need for improved reporting on supplier payment policies and performance, and invites views on this. However, it also indicates that the Government is not currently minded to introduce a Public Interest Statement, although it notes that the FRC is consulting generally about this as a possible future development.
Readers will also be aware that the White Paper separately (in section 2) addresses the introduction of new reporting obligations in relation to internal controls. We will be addressing this in a separate bulletin.
The proposals for a Resilience Statement are, for current PIEs, very much an evolution of existing requirements, albeit with some notable changes, as we will discuss. The introduction of the Resilience Statement will involve a potentially more significant change for entities that will fall within any expanded definition of PIEs for the first time. The Government therefore proposes to introduce the Resilience Statement requirement for premium-listed companies initially, and then extend it to other PIEs after an interval of two years.
The White Paper contains proposals to extend the definition of a PIE to include large private companies and invites views as to whether large “third sector” entities (such as charities or housing associations) might also be included within the definition. The extension of the definition of a PIE to large private companies follows widespread recognition in recent years that such companies constitute a very important component of the UK economy and that this should entail concomitant reporting requirements (see, for example, the introduction in 2018 of the Wates Principles of Corporate Governance). However, it may be overly burdensome for the new requirements to be imposed on third sector entities such as charities that do not currently have experience of detailed going concern or viability reporting. The White Paper itself (paragraph 1.3.19) recognises that, while such entities have a public benefit purpose and it might for that reason be desirable in principle to extend the PIE reporting requirements to them, any such extension should be limited to large entities above a certain threshold (such as incoming resources exceeding £100m).
In addition, the White Paper proposes that recently listed companies should receive temporary exemptions for a number of years, during which they could comply voluntarily in order to build investor confidence in their reporting of future prospects. One can see as a matter of policy why reducing the cost and administrative burden of preparing and making Resilience Statements may be desirable. However, it is less clear that the cost savings that might be achieved by newly listed companies taking advantage of the proposed temporary exemption would outweigh the potential benefits of preparing Resilience Statements in terms of market perception and developing expertise in resilience reporting ahead of mandatory implementation.
The White Paper proposes that the following key elements form part of the new Resilience Statement:
The White Paper invites views on how flexible, as opposed to prescriptive, the content should be, in terms of which risks should be addressed in the short- and medium-term sections of the Resilience Statement. It appears to be accepted that the content of the long-term section would not be prescribed. There is also a question about how reporting in respect of climate change risks might interact with the proposed Resilience Statement, a topic to which we return specifically below.
It seems to us that some degree of prescription for the content of the short- and medium-term sections of the Resilience Statement is likely to be appropriate, in order to improve and extend the information provided to shareholders, enable benchmarking, and to provide a clearer and more certain foundation for measuring directors’ and auditors’ compliance with their respective obligations. It also seems to us that prescription might usefully be accompanied by some form of standardisation of metrics to be used by directors in discharging their reporting obligations, in order to achieve these goals.
The Government’s proposals (described at section 5 of the White Paper) to give ARGA additional investigation and enforcement powers to hold company directors of PIEs to account will surely impact upon decisions by companies in relation to the approach to, and content of, the component parts of the Resilience Statement. It is important that the risks for directors arising from these new powers do not operate as a deterrent against more extensive reporting of potential long-term issues. It is here where the greatest uncertainties arise and where there is therefore more scope for divergence between forecasting and how actual experience will unfold. It seems to us that there is a case for proposals that recognise the greater difficulties of forecasting that far into the future, and to ensure that directors (and the accountants reviewing these longer-term forecasts) are not judged against an unrealistic standard or subjected to the risk of enforcement action where they have acted reasonably in connection with the preparation or review of long-term forecasts.
Alongside this at section 3.2 of the White Paper, the Government introduces an important parallel proposal, namely the introduction of an “Audit and Assurance Policy” (“AAP”) to be published by PIEs. The AAP is said to provide a proportionate and flexible means for PIEs to explain whether, and if so how, they are obtaining independent assurance on any public reporting beyond that which is required by the existing statutory audit.
The Government considers that the AAP should, at a minimum, identify the level of independent assurance the company plans to obtain in relation to the Resilience Statement, either in whole or part, and other disclosures related to the various risks addressed in that statement (paragraph 3.2.9). The diagram from the Brydon Review reproduced at paragraph 6.2.2 of the White Paper illustrates the types of information on which it is considered that companies might optionally obtain assurance under an AAP, alongside the mandatory statutory audit, with the examples given including mineral reserves and cyber issues.
The parallel proposals of the Resilience Statement and the AAP raise a number of considerations for the future role of statutory audit.
The White Paper acknowledges that the statutory auditor’s consideration of information in the annual report other than the financial statements and aspects of the directors’ remuneration report (referred to as “other information”) is much more limited as compared with the audit of the financial statements (paragraph 3.2.3). It also says that this may not be well understood by shareholders (paragraph 3.2.6). In this respect, the introduction of an AAP might be useful in managing expectations of the statutory audit of “other information”, provided that there is a clear dividing line between statutory audit and the other areas of assurance addressed in the company’s AAP.
The Government does not envisage changing the nature and extent of the statutory auditor’s role in respect of other information. The AAP proposal involves grafting on additional areas of assurance. The dividing line and interaction between statutory audit and non-statutory assurance under the AAP requires detailed consideration, but the Government’s proposals do not attempt to grapple with that issue.
The statutory auditor’s current role in relation to “other information” involves a general responsibility under section 496 of the Companies Act 2006 to consider and assess the information included in the directors’ report and the strategic report; and to state in the audit report whether in their opinion that information is consistent with the financial statements and has been prepared in accordance with relevant law, and to indicate the nature of any misstatements identified as a result. This is supplemented by other specific responsibilities of the same or similar kind in relation to other types of information within the annual report. In addition, ISA 720, which deals with “other information” included in the annual report, requires statutory auditors to perform whatever procedures are necessary to consider whether there are inconsistencies between that non-financial information and the financial statements and the knowledge obtained by the auditors during the course of their work. These responsibilities to which statutory auditors are subject are described only in general terms, and are liable to give rise to different views as to the extent of work required in order to enable a conclusion to be formed.
Indeed, the FRC has itself made observations to this effect. For example, in its December 2018 Audit Quality Thematic Review, entitled “Other Information in the Annual Report”, one of the FRC’s key messages was that (see section 1.2):
“The nature, extent and quality of the work performed by audit teams on the Other Information vary considerably both between and within audit firms. This variation can be linked to the absence of prescriptive requirements in Auditing Standards, which in turn have been replicated, our work would suggest, by a lack of prescription in firms’ procedures.”
The variation in audit approach currently resulting from the latitude perceived to exist in the relevant auditing standards relating to “other information” presents a risk of exposure to enforcement action and civil claims for audits in which the procedures performed are more limited relative to other audits. It seems to us that the potential dangers involved in the divergence of approach to work by statutory auditors on “other information” will be heightened under the Government proposals. Not only do the proposals increase the extent, range and importance of the other information included in the Annual Report, but they will also result in additional types of underlying data and other assurance reports becoming available to which the statutory auditor might potentially have regard.
Therefore, it seems to us that the introduction of the Resilience Statement (which extends existing other information reporting requirements) and the AAP calls out for an enhanced audit standard or other guidance that more usefully delimits and explains the extent of the work required of the statutory auditor in respect of other information.
The White Paper states that the short-term section of the Resilience Statement will incorporate the existing going concern statement. However, although the White Paper refers to the short-term section as relating to a “one or two” year period (paragraph 3.1.5), it does not clarify whether the “one or two” years refers to a discretion that is to be afforded to companies (as seems likely), rather than being a range within which the Government intends to specify some universal standard fixed period. Further, the White Paper does not make clear whether the period covered by the short-term section must be co-terminous with the period selected by management for the going concern assessment period. If the two periods were not co-terminous, there would seem to be considerable potential for confusion as to the considerations that apply to different parts of the short-term section.
The White Paper states that the short-term section should additionally include disclosure of any “material uncertainties” (which might have been better described in the White Paper as “potential material uncertainties”) that were considered by management during their going concern assessment, but which were subsequently determined not to be material after the use of significant judgement and/or the introduction of mitigating actions (paragraph 3.1.10). The White Paper argues that such disclosures are currently required under international accounting standards in relation to disclosures of significant management judgement, but notes that such disclosures are often not included and proposes this reform in order to drive better compliance and more informative reporting.
This proposal raises several issues. Firstly, it is important that any new requirement does not result in annual reports that create confusion as to whether there is a material uncertainty (as defined by international accounting and auditing standards). Secondly, by serving the interests of transparency, enhanced reporting of this kind will provide regulators and claimants with an increased opportunity for challenging the judgements reached on material uncertainty by management, the statutory auditors and those providing independent assurance over the Resilience Statement. Thirdly, and in consequence, the proposal might cause some management to be more hesitant to identify matters that may cast significant doubt on the entity’s ability to continue as a going concern which they judge not to involve material uncertainty. Finally, insofar as such disclosures under current international reporting standards in respect of management judgements are no more common outside the UK, the Government proposals will make PIEs subject to a more rigorous reporting requirement in the UK than overseas competitors; it is unclear whether improved transparency in this regard will assist or damage their ability to attract inwards investment.
It is proposed that the medium-term section of the Resilience Statement covers a mandatory assessment period of 5 years. This is considerably longer than the three-year period currently chosen by most companies including Viability Statements in their annual reports. The requirement for a Viability Statement is confined at present to premium-listed companies and arises under the Corporate Governance Code.
The White Paper also envisages that Resilience Statements should evidence more scenario planning. The Government intends to require companies to include at least two reverse stress-testing scenarios in their Resilience Statement.
As matters stand, there is a lack of clarity in existing financial reporting and auditing standards and guidance over how uncertainties identified in a viability period interact with the going concern assessment, which is required to take account of future events and circumstances arising after the end of the going concern assessment period that may impact on going concern. An extended viability forecast will more likely encompass events such as expiring financial facilities, but will involve more inevitable uncertainty attaching to events occurring more distantly into the future. The current state of available guidance on this issue is connected with the fact that the requirement introduced in 2014 for a Viability Statement was a UK initiative and did not exist under international standards. Extending the viability period to 5 years will only exacerbate the difficulties created by this lack of clarity, and it therefore seems that there is a powerful case for fresh guidance being produced to enable the issues to be addressed coherently.
If the statutory auditor is aware that the company is procuring expert opinions and specific assurance reports on certain of the risks addressed in the Resilience Statement (even if not central to the financial statements themselves), the statutory auditor will need to consider whether to obtain those opinions and reports in order to discharge the duties owed in respect of the audit of “other information” in relation to the Resilience Statement (see above).
If it is likely in practice that the statutory auditor will need to consider the other assurance reports, then it would seem to follow that those reports will need to be timed to be available for consideration prior to the signing of the audit report.
Conceivably, there may be differences of view between a statutory auditor and the other assurer. This will result in additional challenges and risks for both in attempting to address those differences (insofar as it is appropriate or necessary to do so).
Whatever the extent of guidance that emerges from these proposals about the other information work required of the statutory auditor, there may be efficiency reasons for the statutory auditor to provide elements of the other assurance work under the AAP where that is within the skills and expertise of the same firm. However, this would extend the frame of knowledge on which the statutory auditor would be drawing in considering aspects of other information in the annual report, and so may impose a higher burden on discharging duties as statutory auditor (which would be subject to enforcement under the AEP). There may also be a limit on the ability to combine these roles, given the operation of the cap on fees earned by statutory auditors from non-audit services provided to the same client; the White Paper does not contain any proposal that assurance work would not count towards this cap.
For other assurers providing services under the AAP, there is also the question about what their own liability regime will look like. These services will not be subject to the Companies Act 2006 provisions relating to limiting liability, but equally these services would not receive the protection of the finding in Caparo that statutory auditors owe no duty for their audit report to parties other than the shareholders as a body.
In our First Bulletin, we commented upon risks for the statutory auditor arising from certain of the reform proposals that in our view would merit legislative protection for the Caparo principle. It seems to us that there are equally very significant risks for assurers that their assurance reports might be embedded in the annual report or that elements of their opinions might implicitly be communicated to users of the annual report through the manner in which reference is made to the fact of their involvement. Assurers will therefore be keen to make careful use of appropriate disclaimers, although there might nevertheless be a risk that a disclaimer could be overridden where the assurer is aware that its opinion is in fact being communicated to users of the annual report.
One of the attractions for the Government of a new profession of corporate auditing, and a common set of “Principles”, is for a consistent framework to apply across the new profession. The White Paper explains that the Government proposes to give ARGA some functions extending to setting and enforcing standards that would apply to corporate auditing as a whole, and which would therefore apply to assurers. There is little detail provided about how this would look in practice, and views are sought about how ARGA’s role in relation to assurers might work. It is contemplated that some form of equivalent AQR inspection regime could be introduced, albeit at the discretion of ARGA. The White Paper makes clear that ARGA would operate an enforcement regime against assurers, which ARGA might be minded to model on the AEP. It is unclear whether it is envisaged that any such regime would be separate from the new enforcement regime for accountants, which will itself be separate from the AEP, that is envisaged by the White Paper.
The White Paper has invited consultation specifically on whether the long-term section of the Resilience Statement should address the impact of climate change on the company’s business model and financial planning. In particular it seeks views on whether the Resilience Statement should incorporate disclosures consistent with the recommendations of the Taskforce on Climate-related Financial Disclosures (“TCFD”), or whether TCFD and climate risk reporting should be a free-standing but related element of resilience reporting.
Disclosures consistent with TCFD are not currently mandatory; however, a recently introduced FCA Listing Rule requires premium listed companies to set out whether they have made disclosures in line with TCFD and if not why not. As mentioned in the White Paper, the government has announced plans to introduce mandatory climate-related financial reporting in line with TCFD for all companies above a certain size threshold by 2025 and will be consulting separately on those plans. It will be interesting to see what emerges from that separate consultation and how it may feed into development of proposals from the White Paper on audit reform.
Risks relating to climate change and their impact need to be analysed over a very long time-frame which may fall beyond time periods that companies choose for the long-term sections of their Resilience Statement. There is an argument that whilst TCFD and climate risk reporting should be an adjunct to resilience reporting, they require free-standing treatment, which may enable more focus on the sources of risk, and the nature and scale of potential impacts and allow for the incorporation of commentary upon other relevant aspects, for instance climate change-related supply-chain threats.