One of the most important areas covered by the BEIS consultation is reporting on corporate resilience. In his report Sir Donald Brydon noted that:
“Arguably, the information shareholders want most is reassurance about the resilience of a company”
In response, the government is proposing that directors will be required to explain, in the annual report, how they are assessing the company’s prospects and addressing challenges to the business model over the short, medium, and long term.
This is a substantial expansion of existing responsibilities relating to risk disclosures, going concern and, for public interest entities(PIEs) applying the UK corporate governance code, viability reporting.
What's the current thinking on corporate resilience?
While no final decisions have yet been taken, the government has outlined its initial thoughts on what it would like to see. The core proposal is a new ‘resilience statement’ to be included in the report.
This will have three sections with different time horizons:
1 A short-term section broadly aligned with today’s going concern statement.
2 A medium-term section with a specified five-year outlook period. This must include at least two reverse stress testing scenarios.
3 A long-term section to explain the directors’ assessment of the major long-term challenges faced by the company and its business model, and how these are being addressed.
The outlook period is not defined, so the directors will have some discretion here. But it will need to be substantially longer than the five-year, medium-term period.
The government proposes that the risks addressed will mostly be determined by the directors, but some common resilience issues may be prescribed. The prescribed issues may include:
- cyber security
- climate risk
- supply chain resilience
- future investment needs
- the sustainability of dividend polices
- major disruptive events.
An effective resilience statement should also be coherent with, and linked to, other relevant parts of the annual report, such as the business model and strategy reporting.
The government is also inviting views on:
1Whether the resilience statement should include reporting in accordance with the Taskforce on Climate-Related Financial Disclosures framework (TCFD).
2 Phased introduction, starting with premium-listed companies with other PIEs to follow two years later.
What does this mean for audit and assurance?
Broadly speaking, today’s statutory audit encompasses going concern disclosures, but not risk and viability reporting. These are subject only to limited review for material inconsistencies.
The government wishes to encourage additional assurance on resilience reporting, but doesn't propose to mandate it. Directors will, therefore, need to decide whether to obtain additional external assurance. They will also need to explain their decision in the company’s audit and assurance policy - another new reporting requirement.
We also anticipate a critical role for the company’s internal audit function in challenging the contents of, and inputs to, the resilience statement. Effective scrutiny and challenge will be essential in helping directors get comfortable with content of the statement
Investor and other stakeholder expectations will undoubtedly play a part in shaping market practice.
All directors of PIEs fall under the scope of the new definition.
