Jim Oulton and Tim Shepherd are partners in the litigation and dispute resolution department of Mayer Brown International where they specialize in professional liability and professional regulatory disputes
The government’s plan to overhaul corporate governance and audit in the UK has its roots in corporate collapses including Carillion, Thomas Cook and BHS, and much-publicised criticism of the effectiveness of the audit process in preventing fraud and corporate collapse.
A key objective is to restore public trust and confidence in corporate governance and audit. The government emphasizes a desire to improve the quality of corporate governance and reduce the risks and impacts of sudden and unavoidable corporate failures.
The proposals for achieving this include replacing the Financial Reporting Council with a new regulator, the Audit, Reporting and Governance Authority (ARGA), which will have greater enforcement powers and be funded by a levy. The plans would see the regulator hold those who play a role in financial reporting to account if they fail to fulfill their responsibilities.
However, ARGA will not be up and running any time soon, given that the planned audit and corporate reforms were left out of the government’s program for the coming year.
The focus of the proposals is on the systemically most important companies and organizations in the UK — Public Interest Entities (PIEs). PIEs will be required to provide more information to investors and the public about fraud prevention measures and risks, and what metrics have been independently checked. Directors of PIEs will fall within the jurisdiction of ARGA, which will be empowered to penalise those directors who act in breach of their legal duties.
There are mixed reviews and concerns about these announced reforms. In particular, the thresholds for entities to be deemed PIEs have been raised, such that only those entities with more than 750 employees and an annual turnover of £750m will be subject to more onerous regulation. This represents a shift from the original proposals, and significantly fewer companies, particularly private companies, will now fall within the scope of tighter regulation than was previously proposed. This has been welcomed by some, who wish to minimise regulatory burdens in a challenging economic environment. Others see this as a watering down of the regulatory regime which had been anticipated.
Proposals to increase directors’ responsibilities in relation to internal controls, and to hold directors personally liable for the same — in a manner similar to the US Sarbanes-Oxley Act — have been dropped. Instead, a provision will be added to the corporate governance code which applies only to the largest companies, subject to an opt out. Many see this as a missed opportunity since a requirement for directors to sign off on internal controls is considered the very thing most likely to reduce the risk of undetected fraud and sudden, avoidable corporate failure. Many column inches have been devoted to the government’s perceived failure to take proper steps to hold directors accountable for breaches of their obligations. While directors of the largest private companies will eventually fall within the jurisdiction of ARGA, some question if this goes far enough.
The reforms were introduced alongside various statements of intent. The FRC is to be empowered to ban failing auditors from reviewing the accounts of large companies. There is also a desire to see shared audits evolve, with firms sitting alongside the Big Four. Quite how or when these provisions might work in practice, however, remains to be seen. The risks that an audit firm will face in the shared audit environment in the event of corporate failure, or where there is an issue in relation to the audit, are also yet to become clear.
The reforms also come coupled with a statement of intent that ARGA will have the power to enforce a cap on audit firms’ market share, if the state of the market does not improve.
As to the rationale behind the proposals, there are some visible pointers, such as references in the Business Secretary’s briefing to taking benefits from Brexit, and the pointing of fingers at those responsible for failures in the past, and not adding to the burdens on small business.
Fundamentally, however, it seems that many commentators highlight concerns as to whether the proposed reforms will, in fact, be effective promoting sound financial management and control systems which would bolster public trust and confidence in corporate governance.
There has undoubtedly been proper criticism of some audits which have preceded corporate failure. It is, however, very important to bear in mind that any particular audit is significantly focused on what has already happened. A sound audit might identify issues with corporate governance, inadequate controls or fraud, but it cannot go back in time and prevent such things from happening to begin with.
So, whilst what clients can properly expect of their auditors can impact on behaviours, it is important to bear in mind the temporal limitations on what an auditor is retained to do. The promotion of strong corporate governance needs to take into account much more than what may be identified during an audit – it needs a focus on the manner in which things are done in the first place.