Green shoots in early reporting of risk under the 2014 Code
January 26, 2016
There’s no doubt risk reporting has come a long way over the last few years, but as PwC’s Global CEO Survey (launched last week) found, over 50% of CEOs still feel they should be doing more to measure and communicate key risks.
Indeed, in our survey of FTSE 350 reporting practices released late last year, we found that almost every company now clearly sets out their principal risks and mitigating activities. Furthermore, over 40% of organisations provided some indication of how their risks had changed during the year – something encouraged by the FRC’s recent Guidance on risk management and internal control, but unheard of a few years ago. Yet we still see too many risk disclosures that are generic, static and detached from discussions elsewhere concerning market developments or strategic priorities.
Will the 2014 Code be a catalyst for change?
The 2014 UK Corporate Governance Code has undoubtedly raised the bar and placed risk firmly on boards’ radars. If our discussions with organisations are anything to go by, it has led many to look again at their risk management, internal control and business planning.
But what impact will this renewed focus have on what organisations say about risk in this current reporting season? Below I’ve listed what we’ll be looking out for overall (along with whether they're happening with any frequency):
- More insight into organisations’ overall risk profile/appetite to support the assessment of prospects underlying the viability statement.
- Greater clarity on how risks have changed during the year (and might change going forward) and how mitigating activities are evolving in response.
- More discussion linking the risks to how they are monitored and governed, such as key risk indicators.
We strongly believe with all the hard work being done behind the scenes there’s an opportunity for organisations to differentiate themselves and develop statements and disclosures that are tailored to their own circumstances. This will make them an integral part of telling the overall strategic story.
Any January joy?
The early indications are encouraging and continuing to improve as we see more reports. We’ve performed an initial review of the September year-ends in the FTSE 350 and first impressions are that the majority of the companies have made some changes to their risk reporting – whether in presentation or content. These changes may have as much to do with the continuing evolution in risk reporting as with the new Code, but that doesn’t matter.
On average, companies are definitely providing more insight into the nature of their principal risks. However, we’re seeing relatively little improvement in disclosure around risk appetite or how the principal risks relate to other areas of the report like strategy and business model. As we might expect, there’s also little evidence of companies making wholesale changes to which principal risks they have identified, the new ‘robust assessment’ of principal risks statement notwithstanding.
We’ll continue to monitor developments and keep you informed. In the meantime we strongly urge companies to take this opportunity to review the current risk disclosures and consider whether they’re a fair reflection of all the hard work that’s been done and of the level of confidence that the board has in the company’s prospects.
