Keith Fenner

Senior Vice President & General Manager, EMEA

Navigating UK Governance Reform’s internal controls mandate: What boards need to know

Among the changes to the UK Corporate Governance Code announced by the Financial Reporting Council (FRC) this month, some of the most consequential hinge on internal controls and boards’ ability to make a comprehensive declaration of their effectiveness. Although the FRC dropped its earlier proposals related to the audit committee’s oversight of ESG and diversity initiatives, the new changes highlight the importance of controls over all material risks — not merely over financial reporting.

To comply, boards will need to have better visibility into what’s happening at every layer of their organizations.

Understanding the changes

The revised UK Corporate Governance Code now mandates that boards include a declaration in their annual reports and accounts (ARA) regarding the effectiveness of all material controls, including financial, operational, reporting and compliance controls. This declaration encompasses three key elements:

1. Monitoring and review: Boards must describe how they have monitored and reviewed the effectiveness of their control framework.
2. Declaration of effectiveness: Boards must make a declaration of effectiveness of the company’s material controls as of the balance sheet date.
3. Addressing ineffectiveness: Boards must disclose any material controls that have not operated effectively, along with the actions taken or proposed to improve them, and any measures taken to address previously reported issues.

The Chartered Institute of Internal Auditors was swift to welcome the changes. Anne Kiem OBE, Chief Executive of the IIA, told Accountancy Today: “It is good to see the increased focus in the revised Code on the need for companies to have a robust risk management and internal control framework. The introduction of the internal controls’ declaration should lead to better corporate governance and internal audit functions can play a key role in providing the board with independent assurance that the material controls have operated effectively.”

Boards’ need for full visibility across GRC

With the revised Code, boards are now directly responsible for providing a comprehensive declaration on control effectiveness.

To comply, boards must be able to monitor and report on external controls over all material risks, beyond traditional financial reporting controls. Consequently, boards need full visibility across all aspects of their organisation's governance, risk and compliance (GRC) operations.

This visibility ensures that potential risks are identified, assessed and mitigated effectively — safeguarding the company's reputation and financial stability, and providing the good governance stakeholders overwhelmingly support.

4 steps to prepare for the new focus on internal controls

To be ready for the heightened focus on internal controls, boards and organisations can take several proactive steps:

1. Assess current controls: Conduct a thorough assessment of existing controls to identify any gaps or weaknesses. This evaluation will help boards understand where improvements are needed to meet the new requirements.
2. Establish rigorous monitoring mechanisms: Implement robust monitoring mechanisms to ensure ongoing effectiveness of controls. Regular reviews and assessments will help identify any control deficiencies promptly.
3. Enhance reporting processes: Strengthen reporting processes to provide directors with accurate and timely information on the effectiveness of controls.
4. Implement a comprehensive GRC platform: Centralise, streamline and automate GRC processes on a purpose-built platform designed to surface audit-ready information to the board. Empower the board to proactively ask the right questions and make more informed decisions about risk management, compliance monitoring and reporting.

How purpose-built GRC technology can help

Boards and executives don’t have to address the FRC’s new demands alone. Purpose-built technology like the Diligent One Platform is the board’s partner in all aspects of regulatory compliance and governance best practices. The Diligent One Platform provides:

1. A comprehensive, holistic view of an organisation's GRC framework, enabling boards to monitor and report on all material controls effectively.
2. Streamlined processes that reduce manual effort, enhance efficiency and ensures consistency in control monitoring and reporting — without increasing headcount.
3. Real-time reporting that enables the board to access accurate and up-to-date information on control effectiveness.

The recent changes to the UK Corporate Governance Code emphasise the importance of internal controls and require boards to provide a comprehensive declaration on their effectiveness. Boards must adapt to these changes by enhancing their understanding of internal controls, monitoring mechanisms, and reporting processes. Implementing technology such as the Diligent One Platform can greatly help directors meet these new requirements, ensure compliance and effectively manage risk. By embracing these changes and leveraging technology, boards can strengthen their governance practices and safeguard their companies' long-term success.

More clarity. More confidence. See the Diligent One Platform in action today.