The Financial Reporting Council (FRC) today published an updated version of ‘Internal Control: Guidance for Directors on the Combined Code’, also known as the Turnbull guidance. The new guidance will take effect for financial years beginning on or after 1 January 2006.

Publication of the updated guidance follows two consultation exercises, during the course of which the principles-based approach of the existing guidance was strongly endorsed by listed companies, the investment community and the accountancy profession.

As a result, only limited changes have been made to the guidance itself, while a new preface has been added to emphasise the need for companies to keep their application of the guidance under review and to provide shareholders with meaningful information in their annual report.

Announcing the publication Douglas Flint, Group Finance Director of HSBC Holdings plc and chairman of the FRC working group that reviewed the guidance, said: “Companies should not interpret our decision to make only limited changes to the Turnbull Guidance as a signal that there is nothing for boards to do. The risks that companies face change constantly. I hope that boards will look critically at how they review their internal control systems, and consider whether they can make more of the communication opportunity afforded by the internal control statement in their annual reports”.

Sir Bryan Nicholson GBE, Chairman of the FRC, said: “We have been told by investors that the internal control statements in annual reports can often be uninformative. Taken together with the OFR, the internal control statement provides boards with the opportunity to help their shareholders understand the main risks faced by the company and how they are being managed. I hope they will do so, and that their shareholders will provide them with feedback on whether they find the statements helpful. The FRC will continue to monitor what use companies and investors are making of the internal control statement”.

ANNEX A

SUMMARY OF THE MAIN CHANGES TO THE TURNBULL GUIDANCE

1. A new preface has been added to encourage boards to review on a continuing basis their application of the guidance and look on the internal control statement as an opportunity to communicate to their shareholders how they manage risk and internal control.
2. The introduction has been re-ordered to reinforce the message that the guidance is intended to reflect sound business practice as well as help companies comply with the internal control requirements of the Combined Code.
3. References to the Combined Code and Listing Rules have been updated to reflect changes since 1999.
4. The revised guidance clarifies that directors will be expected to apply the same standard of care when reviewing the effectiveness of internal control as when exercising their general duties.
5. The section of the guidance relating to the Code provision on internal audit has been removed and incorporated into the Smith guidance on audit committees.
6. Boards are now required to confirm in the annual report that necessary action has been or is being taken to remedy any significant failings or weaknesses identified from their review of the effectiveness of the internal control system, and to include in the annual report such information as considered necessary to assist shareholders’ understanding of the main features of the company’s risk management processes and system of internal control.

ANNEX B

SUMMARY OF THE MAIN COMMENTS RECEIVED ON THE DRAFT REVISED TURNBULL GUIDANCE

1. A public consultation on draft revised guidance was held between 16th June and 16th September 2005.
2. 54 responses were received, including from companies representing over 31% of the total market capitalisation of UK companies listed on the London Stock Exchange’s Main Market, institutional investors and investor representative bodies that are between them responsible for funds under management in excess of £3,100 billion, as well as many accountancy firms and other representative bodies. A full list of respondents can be found at: http://www.frc.org.uk/corporate/internalcontrol.cfm.
3. All respondents endorsed the Review Group’s conclusions that the guidance should remain high-level and principles-based, that boards should not be required to make a statement in the annual report and accounts on the effectiveness of the company’s internal control system, and that there should be no expansion of the external auditors’ responsibilities in relation to the company’s internal control statement. Nearly three-quarters of respondents agreed in full with, or had no comments on, the proposed revisions to the guidance and the majority of the rest commented only on points of detail.
   
   Maintaining and reviewing the internal control system
   
4. All respondents supported the Review Group’s proposal to add a preface to the updated guidance to encourage boards to review on a continuing basis their application of the guidance, although some commented on the wording in the preface. The Review Group has made some revisions to the preface to reflect these comments.
5. The Review Group’s proposed changes to the introduction and those sections of the guidance that deal with maintaining and reviewing the internal control system were supported by all respondents, while all but one supported the recommendation that the guidance concerning the need for an internal audit function should be incorporated into the Smith guidance to audit committees.
6. In relation to the standard of care to be exercised by the board (dealt with in paragraph 24 of the updated guidance), the Review Group had proposed that the guidance should adopt the wording used in the draft Company Law Reform Bill in setting out the general standard of care to be exercised by directors. While all respondents agreed that the standard of care should be the same, some pointed out that the wording in the Bill might change during the course of its passage through Parliament. The Review Group has therefore amended paragraph 24 of the guidance to avoid the risk of the standard of care to be exercised when reviewing the effectiveness of the internal control system inadvertently differing from the general standard of care.
7. A number of respondents suggested additional amendments to the guidance to address in more detail issues such as sources of assurance and evidence, ethics and strategic risk. In considering these suggestions the Review Group applied the same four tests as it had applied when considering suggestions made during the initial consultation exercise:
   • Does the proposed change address an issue that is not already substantially covered by the existing guidance?
   • Is a change to the guidance the most appropriate way to address the issue concerned?
   • Would any proposed change materially improve internal control and risk management at a reasonable cost?
   • Would any proposed change restrict a company’s ability to apply the guidance in a manner suitable to its own particular circumstances?
     
8. The Review Group considered that further changes to the guidance were not justified on these grounds. For example, in the case of comments that the guidance should say more about the sources of internal assurance available to the board, the Review Group considered that the revised guidance already contained sufficient references, and noted that the work of internal audit was further amplified in the updated Smith guidance to audit committees.
   
   The internal control statement
9. The proposal that boards should confirm in the annual report that necessary action had been or was being taken to remedy any significant failings or weaknesses identified from their review of the effectiveness of the internal control system was supported by all but one respondent.
10. During the initial evidence gathering phase, investors commented that in their view there was considerable scope for internal control statements to be more informative. All respondents to the consultation on the draft revised guidance supported the Review Group’s recommendation that companies should include in the annual report such meaningful, high-level information as the board considers necessary to assist shareholders’ understanding of the main features of the company’s internal control system. There was also support for the proposal to use the new preface to encourage companies to provide investors with more meaningful and company-specific information, although some respondents considered that the wording of the preface could be strengthened.
11. Some respondents also commented on the potential overlap between the internal control statement and the requirement on companies to comment on the principal risks facing the company in the OFR. While some respondents felt that the relationship between the two disclosures should be more clearly defined, the majority agreed with the Review Group’s view that it was not appropriate at this time to prescribe how any overlap should be managed.
    
    
    

1. The Financial Reporting Council (FRC) is the UK’s independent regulator for corporate reporting and governance. Its aim is to promote confidence in corporate reporting and governance.
2. Published in 1999, the Turnbull guidance sets out best practice on internal control for UK listed companies, and is used to demonstrate compliance with the internal control requirements of the Combined Code on Corporate Governance. The Code states that boards should maintain a sound system of internal control, conduct a review of the effectiveness of that system at least annually, and report to shareholders that they have done so.
3. In July 2004 the FRC set up a group led by Douglas Flint to review the guidance in the light of experience of implementation and developments in the UK and internationally since 1999, and to update it where necessary. The group included representatives from business, the investment community and the accountancy profession.
4. Between December 2004 and March 2005 the Review Group gathered views and evidence on the impact of the guidance and whether any changes were needed through a public consultation exercise and surveys of company directors and investors. This was followed by a public consultation on draft revised guidance between June and September 2005. Over 50 responses were received to that consultation, including from companies representing over 30% of the total market capitalisation of UK companies listed on the London Stock Exchange’s Main Market and from institutional investors and investor representative bodies that are between them responsible for funds under management in excess of £3,100 billion.
5. The main changes to the guidance are summarized in Annex A. The main points made in response to the consultation on the draft guidance are summarized in Annex B. Only one further change has been made to the guidance as a result of comments received. The review group had recommended that the board’s standard of care in relation to internal control be expressed in the same terms as applied to the directors’ general standard of care in the draft Company Law Reform Bill. Some respondents pointed out that the wording of the Bill may change during its passage through Parliament, which could inadvertently result in a different standard being applied. The guidance has been amended to make it clear that this should not be the case.
6. Copies of the updated guidance can be downloaded from the FRC website (http://www.frc.org.uk/corporate/internalcontrol.cfm). Printed copies can be obtained free of charge from CCH Information (tel: 0870 777 2906 or online at www.cch.co.uk).
7. All press enquiries should be directed to Chris Hodge on Tel: 020 7492 2381 or e-mail: c.hodge@frc.org.uk