UK Corporate Governance Code 2024 - Internal Controls Webinar

Published: 30 January 2024

3 minute read

On the 30 January 2024, the FRC hosted a webinar where Kate O'Neill, Director of Stakeholder Engagement and Corporate Affairs, Maureen Beresford, Head of Corporate Governance and Jessica Dahlstrom, Corporate Governance Senior Manager, dived into the Internal Controls section of the UK Corporate Governance Code 2024.

If you missed the webinar, you can watch the recording below.

Corporate Governance Code 2024 FAQs

What has changed since the version of the Code that was consulted on?

We have considered the full range of feedback received and have taken decisions based on this. In doing so, we have given thought to the different impacts which the proposals may have on the various parties who responded. The key changes are summarised in the feedback statement. As we explained during the consultation we wanted to hear as many views as possible on the proposals.

The FCA’s Listing Rules and the Companies Act already require in-scope companies to provide climate-related financial disclosures. In addition, HM Treasury has launched the Transition Plan Taskforce Disclosure Framework and work is ongoing to introduce UK Sustainability Disclosure Standards for companies on the sustainability-related risks and opportunities, based on the International Financial Reporting Standards S1 and S2.

The Code already asks companies to consider long-term sustainability, therefore proceeding with our original proposal risked duplication.

Are boards required to report on outcomes from all of their decisions?

The purpose of the outcomes-based reporting is to move away from boilerplate disclosures. We recognise that not all board decisions have an immediate or observable outcome, and that some outcomes may be commercially sensitive. Reporting should take account of this.

Why do the changes now focus on risk management and internal controls?

These changes have always been central to our proposals and align with the Government’s desire to strengthen reporting in this area. We have sought to implement the changes in a proportionate way.

What constitutes a ‘clear explanation’ for the purpose of complying with the new Principle C?

A meaningful explanation should set out the background, provide a clear rationale for the action the company is taking, describe any risks and mitigating actions to address them, and set out when the company intends to comply (timescales). Most importantly, it must be understandable and persuasive for those reading the annual report.

Will directors have to make a declaration over all internal controls?

No. Directors will not have to make a declaration over all internal controls, they will only have to make a declaration of effectiveness over those controls deemed to be material. What is a ‘material control’ is for each individual board to determine. ‘Material controls’ will be company-specific and therefore different for every company depending on their features and circumstances, including for example size, business model, strategy, operations, structure and complexity.

What should the board consider when making a declaration on the effectiveness of the material controls?

The board should make its own assessment as to the effectiveness of the material controls using evidence it has obtained through the monitoring and review of the risk and internal control framework. When making this declaration, the board may wish to specifically consider any failings, near misses or weaknesses of the material controls and whether these controls are effective at mitigating or managing the underlying risks.

Will boards have to seek assurance over controls?

Provision 29 of the Code requires that the board should monitor the company’s risk management and internal controls framework and carry out a review of its effectiveness, at least annually. An effective risk management and internal controls framework will include many components and it is possible for information collected internally to be relied upon for the purposes of reporting and making a declaration regarding the effectiveness of material controls. It is for individual boards to decide whether external assurance is required over material controls, and to what degree.

There is no change to the scope of work for the external auditors. The reporting on risk management and internal controls constitutes other information for the purposes of an audit and the auditor’s responsibilities for other information are set out in ISA (UK) 720 (Revised November 2019).

Why have the FRC not set out a framework?

The 2024 Code and accompanying guidance does not set out a template risk and internal controls framework. Risk and internal controls frameworks will be unique to each company, taking into account a range of factors including size, complexity and maturity. The board may wish to use an established standard or framework as part of designing and maintaining the effectiveness of the risk management and internal control framework. Many companies already use established frameworks (or bespoke frameworks) to report on their internal controls in other jurisdictions.

Why have you changed the wording in Provision 30 from ‘half yearly financial statements to interim financial statements?

This was purely an update of wording and the intention is that this would be half- yearly statements.

The new Provision 38 states that the annual report should include a description of provisions and circumstances for malus and clawback, which many companies include in their remuneration policy. Is this not at odds with the general move to remove duplication?

Currently companies are required to present a new/revised policy for shareholder approval at least every three years, under section 439A of the Companies Act. It may be omitted from the directors' remuneration report for a particular financial year in which the company does not intend to move a resolution to approve the directors' remuneration policy, provided certain information is included in the directors' remuneration report. We have introduced this provision to a consistent approach going forward and to provide greater transparency around these provisions.