The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:
- No human verification has been conducted of the converted content.
- While we strive for accuracy errors or omissions may exist.
- This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
- For the official and verified version of the publication, refer to the original PDF document.
If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].
Risk Management and Internal Control
1 Strategic Report
RISK MANAGEMENT AND INTERNAL CONTROL
Our risk management framework is designed to identify strategic and operational risks; to set our risk tolerance; and to ensure that risks are effectively managed and monitored.
In response to the 2015/16 Board effectiveness review findings and to ensure that the FRC is kept up to date with best practice risk management, we have moved towards a more holistic approach to managing our risk. One of our priorities has been to continue to develop our risk aware culture, we are updating our risk architecture to continue to support better strategic and tactical decisions, adding value to the FRC.
Supported by the Audit Committee, the Board has overall responsibility for managing risk. Risks are identified and reviewed by the Board with advice from the FRC's executive, its Committees and the Advisory Councils. The Board focuses on risks to the public interest in high standards of corporate governance and reporting in the UK, and to the FRC's ability effectively to discharge its responsibilities.
The Board agrees its tolerance for risk and monitors the actions in place to reduce the likelihood and impact of principal risks. In considering risk, the Board assesses the impact of events that could threaten the long term viability of the FRC and its ability to serve the public interest. The Viability Statement is on page 24.
The FRC's principal risks are set out at Table 1 (pages 22 to 24). There are two significant changes in our assessment since the Risk Statement we published in our Annual Report 2015/16. First, we have identified as a principal risk the uncertainty over the outcome of the negotiations for the UK's exit from the EU. Second, we have identified risks around the credibility of the UK Corporate Governance Code as a separate risk, when it was previously subsumed within a more general risk relating to confidence in the UK governance and reporting model.
Table 1 – Principal risks
Key to movement indicators: N New Risk, Worsening, Improving, Static.
| FRC principal risks | Mitigation and movement in the year |
|---|---|
| Credibility of the UK Corporate Governance regime, including the 'comply or explain' approach, is compromised by poor or ineffective governance or reporting thereon by Directors and insufficient engagement and stewardship by investors. | We review and update the UK Corporate Governance Code to reflect experience of its effectiveness and emerging governance concerns. We publish the UK Stewardship Code, to which many investors are signatories. Our assessment, and tiering, of the quality of reporting against the Stewardship Code is intended to invigorate investors engagement with companies. During 2017/18 the FRC will undertake a comprehensive review of the UK Corporate Governance Code and its associated guidance to take account of the growing demands of the corporate governance framework, including the needs of wider stakeholders. We are engaging with the Government on its priorities in this area and have made recommendations for improvements. |
| The quality of audit work by major audit firms falls below the high standards expected because of a failure to comply with auditing standards, shortcomings in firms' governance or organisational culture, or a failure to invest in their audit function. | We have a wide range of powers as Competent Authority (see our roles and responsibilities on pages 10 to 11) and promote not just compliance, but continuous improvement in standards of auditing though our role in overseeing the audit professional bodies. We report publicly each year on our findings from our review of audits, individually in respect of the more significant audit firms and in aggregate. We take disciplinary action against individuals and firms where it is believed that audit work may have fallen below relevant requirements, imposing sanctions and fines. We hold regular meetings with the management of the major firms and their independent non-executives to ensure that they address any concerns over audit quality, independence and governance. We work with auditors, audit Committees and investors to monitor risks and issues as well as to highlight good practice and advocate continuous improvement in the effectiveness and quality of audit. |
| The audit market is severely disrupted by the failure of a major audit firm or withdrawal from the market, with adverse impact on audit quality from capacity constraints and reduced competition. | Our audit oversight regime is designed to promote high quality audit work, strong ethical standards and effective risk management, and to require action by firms to address any shortcomings. We require each of the major audit firms to have contingency plans in place that would minimise the impact on the quality of audit in the event of a failure, and we work with firms and other regulators on scenario testing. |
| FRC fails sufficiently to deter untrustworthy behaviour and inadequate diligence by Directors and professionals, leading to a loss of public confidence in the regulatory regime. | We operate enforcement procedures that enable us to investigate and take disciplinary action against audit firms and members of the accountancy and actuarial professions when it is believed that their work may have fallen below the relevant auditing or professional standards, imposing sanctions and fines. We have commissioned an independent review of the sanctions imposed under our enforcement procedures. We have made recommendations to the Government that our investigatory and enforcement powers be extended to all Directors of companies and not just, as now, to members of the accountancy professions. |
| FRC regulation, including that designed to replace current EU regulation, is misguided or ineffective, adding to costs without sufficient benefit to public confidence and the fostering of investment. | Through our Board, Committees and Advisory Councils we bring wide experience to our deliberations and proposals. Each year we review the evolving context of our mission and update our priorities for the year within our overall strategy; and undertake a public consultation on our strategy and annual plan. We publish detailed reports on our progress against our priorities and on the findings and conclusions of our regulatory activities. We engage extensively in outreach with stakeholders to inform our work, including through our Advisory Councils, our Stakeholder Panel and surveys of stakeholder attitudes to our mission and effectiveness. We base our overall regulatory approach on the principles of good regulation - including rigorous impact assessment. We consult widely and publicly on our proposals and publish feedback indicating how this has been taken into account in our decision making. This will include consultation on what should replace current EU regulation and activities in areas for which we are responsible. We will liaise closely with Government departments and other regulators to ensure that the decisions required regarding replacing current EU legislation are clear and can be made on a timely basis. |
| Investment and other decisions based on the work of actuaries are ill-founded due to a failure of such work to meet the professional standards expected. | Together with the IFOA, PRA, FCA and tPR we are members of the Joint Forum on Actuarial Regulation, which considers the risks to the public interest related to actuarial work. We issue technical actuarial standards which the IFoA requires its members to follow in carrying out their actuarial work for the UK. We oversee the IFoA's ethical standards and its regulation of its members; and we provide input and advice as it develops its quality monitoring programme. We have advised Government of gaps in the current framework for actuarial regulation in particular the lack of a robust quality review regime. |
| Brexit-related impacts and uncertainties affecting companies are insufficiently addressed through corporate governance and during audit. | We have written to companies and audit firms asking them to pay particular attention to potential risks arising from Brexit and to ensure that their financial statements and risk management and viability reporting properly reflect any significant impacts and uncertainties. N |
| FRC fails to maintain data privacy and to prevent unauthorised access to confidential information, including through cyber-attack. | We have clear policies and procedures for data privacy and data security. We ensure that all our staff are trained in these. We continue to invest in systems infrastructure and data security and regularly test the effectiveness of our network security and data handling. |
| FRC fails to secure the necessary resources to pursue its mission and deliver its regulatory responsibilities. | We consult each year on our Plan & Budget, which explains the basis on which we set out our funding requirement for that year. We fund our activities as Competent Authority on the basis of the statutory requirements imposed on the audit professional bodies. We have the agreement of Government to require stakeholders to fund our other activities should the current arrangements prove inadequate. We maintain general reserves to help address unforeseen expenditure and are aiming to build them to equal six months core operating costs. |
Viability statement
This Statement covers the period to March 2020. For the reasons stated below, the Directors have a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due over this period.
We consider that the three year period to March 2020, which extends beyond our current 2016/19 strategy, is the appropriate period to take into account in making this Statement. It looks one year beyond our strategy. We keep the period considered under review annually and take into account factors such as the impact of the UK's exit from the EU and the Parliamentary cycle in setting the period, as well as our own three-year strategy. There have been a number of developments since the Viability Statement in the 2015/16 Annual Report. These include the process set in hand for the UK to exit from the EU and the Government consultation on corporate governance which may result in changes to the FRC's remit. We have, as far as possible, taken these developments into account in setting the period for this Statement and assessing our viability over that period.
In testing our viability, we have made three core assumptions. The first is that we will retain the powers and authority we derive from Government and Parliament (our 'licence to operate'). The FRC's status as a public body has been confirmed and our role and responsibilities are set out on pages 10 to 11, including setting the UK Corporate Governance Code, our role as Competent Authority and monitoring the quality of corporate reporting.
The second assumption is that, while we are making this Statement on the basis of our current funding arrangements, the Government would take action to support the FRC if these arrangements fail to provide the necessary resources for us to carry our regulatory functions – either by taking steps to put a statutory levy in place, or by providing us with short-term assistance.
The FRC currently raises most of its income from the audit and actuarial professional bodies and levies on accounts preparers (including companies listed on the London Stock Exchange), insurers and pension schemes. The contributions from the RSBs to fund the work of the FRC as Competent Authority, including enforcement costs, are a condition of their recognition for the purposes of audit regulation. The other levies are collected annually on a voluntary basis following public consultation: this enhances our accountability but is inherently uncertain.
The third assumption is that in assessing our financial resilience we should first of all have regard to the adequacy of our reserves. Our general reserves are currently equivalent to the cost of operating for four months. Case costs in relation to the disciplinary schemes are funded by the RSBs.
Given those assumptions, we have tested the FRC's financial viability against four severe but plausible events.
- If a tribunal considered that no reasonable person would have pursued a particular enforcement case the enforcement procedures would enable a tribunal to make a costs order against the FRC. We have checks in place to ensure that complaints are pursued appropriately, but in the event that the tribunal made such an order, the FRC would not be able to recover the relevant costs directly from the professional bodies. We would have to meet them from other sources or from reserves.
- We find ourselves faced with significant unfunded costs because we have to undertake additional work. This might happen because an RSB is unable to carry out delegated activities, or because we have to take action in response to a gap in the regulatory framework that we cannot reasonably fund on the basis of existing arrangements.
- We find ourselves subject to damages as a result of unauthorised disclosure of confidential information.
- A significant proportion of one of our funding groups declines to pay the voluntary levy, resulting in a serious shortfall in our annual revenue and hence a significant call on our reserves.
On the basis of the assumptions we have made about their possible impact, if we faced more than one such adverse event in any one year our reserves (at their current level) might be seriously reduced or exhausted. We will keep the actual and target level of reserves under review to reflect our judgement on the risks of adverse events, and to take account of any changes to our expenditure and funding arrangements. Our status as a public body and the increase we made to our reserves last year are both positive developments in relation to long-term financial viability.