Risk & Economy » Audit » FRC updates on the reporting of risk

The Financial Reporting Council (FRC), the UK’s corporate governance regulator, has published guidance on the latest challenges being faced by audit committees in the wake of public sector cuts and a still-flagging world economy.

The latest Update for Audit Committees focuses on risk identification and reporting. It encourages committees to challenge management estimates, assumptions and models more robustly in order to ensure that risks have been properly prioritised, identified and mitigated, as well as to ensure that external auditors are carrying out their work with an appropriate degree of professional scepticism to provide adequate assurance.

The regulator is concerned that companies are still pursuing a so-called “tickbox” approach to risk. Recent studies by the FRC have identified room for improvement in the relevance and focus of corporate disclosures about key risks and uncertainties – some companies will present a list of all possible risks, rather than a list of those that might be regarded as “principal risks”.

Some of the questions the FRC wants audit committees to consider are about potential future risks to the company, such as the impact of reduced government spending on their organisations, industry sectors and customers, and what effect reduced credit limits might have on their suppliers.

“It is not always clear from the risks and uncertainties reported whether they have been fully evaluated and taken into account in preparing budgets and forecasts,” the regulator says. It also encourages committees to question whether their organisation’s scenario and contingency planning measures are as robust as they should be.

Experts welcome the FRC’s guidance, but say that it has not recommended anything that companies should not already be doing. Richard Wilson, an audit partner at Ernst & Young, says that the FRC’s update “is a sensible approach and a useful ‘aide-memoire’ to remind audit committee members what they should be considering, and what they need assurance on”.

However, he adds that “there is a danger that in some companies this guidance will become a box-ticking exercise, with audit committee members simply making sure that they cover the issues to comply with the regulator than making sure that they ask the right questions to ensure good corporate governance.”

Tim Copnell, associate partner and head of accountant KPMG’s audit committee institute, says that the general concept of giving briefings to audit committee members to remind them of the kinds of questions they should be raising regarding financial reporting should be welcomed.

Copnell adds that “the questions do not ask anything more of audit committee members than what is already considered best practice” and he also warns that audit committees need to be aware there are issues other than just financial reporting that they need to cover and question.

“Understandably, the FRC’s focus is on the quality of a company’s financial reporting, and so the questions it has listed are focused on that. But audit committees need to look more widely and consider other issues, such as legal risks and tax regulations, and so should not think that this list is fully comprehensive,” he says.

Key questions

Below are some of the key questions the FRC encourages audit committees to ask:
1 Has full consideration been given to how the business may have been changed to address the effects of the recession and the reduction in government expenditure?
2 Has the board monitored the effects of the continued volatility in the financial markets and reduced supply of credit, including its exposure to liquidity risk and customer and supplier default risk?
3 Has the board considered making changes in the approach to valuations and key assumptions underlying forecasts? Have last year’s key forecasts and valuations been compared to actual outcomes, and have any lessons been fed into the current year process?
4 Do models and key assumptions adequately address low probability but high impact events? Has management considered which combination of scenarios could conspire to be most challenging for the company?