• Search in Protiviti.com

2024 UK Corporate Governance Code Issued Following Consultation Period

2024 UK Corporate Governance Code Issued Following Consultation Period

Download

The Financial Reporting Council (FRC) has issued the final updates to the 2024 UK Corporate Governance Code following a 12-week consultation period. The initiative is part of the 'Restoring Trust in Audit and Corporate Governance' reform package and is the first major update to the Code since 2018.

As reported in November 2023’s FRC Policy Update, after receiving feedback, much of the existing Code remains the same. This includes the principle of the Board’s ability to “comply or explain” and applies to premium listed companies (PLCs), whether incorporated in the UK or elsewhere.

Most of the updates will take effect from 1 January 2025. Only Provision 29 of Section 4, which pertains to the enhanced responsibility of boards in overseeing risk management and internal controls, will become applicable from 1 January 2026.

The FRC has posted updated guidance to the Code on 29 January 2024, not as part of the Code but context and application for organisations to leverage when implementing programmes.

Download

Summary of Key Changes from the 2018 Code:

Section 1: Board Leadership and Company Purpose

  • A newly introduced Principle underscores the importance for companies to disclose both 'activities and outcomes', alongside the establishment of governance policies and practices. This means that reporting should illustrate the tangible changes brought about by effective governance.
  • There is a heightened emphasis on the integration of company culture.

Section 2: Composition, Succession and Evaluation

  • It's essential to broaden the scope of diversity within the board and senior leadership, looking beyond gender and ethnicity to promote greater inclusion and equality within the company.
  • There should be an enhancement in the disclosure of diversity policies, objectives, and strategies, particularly when detailing board nomination procedures and the evaluation of the board's performance.

Section 3: Audit, Risk and Internal Controls

  • Boards are expected to ‘establish and maintain’ effective risk management and internal controls vs. ‘establish.’
  • There has been a simplification of detailed requirements with additional guidance referred to the FRCs Audit Committee Minimum Standard, which provides specific guidance for audit committees and their annual reporting.

Provision 29 – Applies 1 January 2026

The board’s responsibility extends to continual oversight of the company’s risk management and internal controls, with reviews now expected to encompass material reporting. This includes financial, operational, reporting and compliance controls.

  • New stipulations for the Annual Report require the board to:
  • Outline their approach to monitoring and reviewing the effectiveness of the risk management and internal control framework.
  • Include a Declaration of Effectiveness of internal controls as of the balance sheet date.

Describe any material controls which have not operated as at the balance sheet date with actions taken or proposed.

Section 4: Remuneration

  • Improved transparency regarding directors' malus and clawback provisions in their contracts, including the specific conditions under which these measures can and have been enacted.

Prepare Now for the Upcoming Changes: 8 Ways to Enhance your Corporate Governance and Internal Controls Framework

  • Implement a strong leadership framework for the programme with defined ownership, roles and responsibility
  • Ensure executive sponsorship is clearly defined.
  • Foster active engagement with all pivotal stakeholders including the Board, Executive Committee, Technology divisions, Business Units, Risk & Compliance, and Internal Audit
  • Ensure all are aligned with the programme's objectives.
     
  • Establish a thorough change management strategy by appointing dedicated change champions in each critical business sector to secure endorsement
  • Strategise for effective training and communication.
  • Have a 'No regrets' stance that transcends the routine compliance tick-box exercise
  • Promote a culture where control measures are embraced as a strategic advantage to enhance performance.
     
  • Implement of a comprehensive, company-wide Enterprise Risk Management (ERM) framework that synchronised across all lines of defence
  • Maintain a clear delineation and assessment of material / principal risks, both financial and non-financial.
  • Enhance risk parameters by concentrating on material aspects.
  • Initiate an enterprise-wide risk assessment to determine material financial, operational, reporting and compliance risks.
  • Prioritise the most critical areas first.
  • Progress through a tiered approach, starting with financial risks and gradually encompassing non-financial risks.
  • Understand and consider key IT systems that support critical business and reporting, and related controls.
  • Evaluate controls addressing key pervasive IT risks (e.g. Cyber and Resilience).
  • Aim for optimal control automation. Exploit data and technology to embed control and related assurance improvements, including automated testing and reporting.
  • Approach control measures proactively, not as a secondary consideration.
  • Target long-term cost savings and heightened efficiency by establishing a fundamental suite of controls to mitigate significant business risks.
  • Optimise results from the outset with a streamlined and intelligent control framework that prioritises standardisation, optimisation, and the reduction of redundancies.

Leadership

Mark Peters
Mark Peters
Mark is Managing Director in the London office in the UK. Mark leads the Internal Audit & Financial Advisory Practice in the UK. He has over 25 years of business, technology and operational risk consulting experience gained from serving a variety of companies ...
Learn more
Surya Mantha
Surya Mantha
Surya is a Director in Protiviti’s Internal Audit and Financial Advisory (IAFA) practice for 10 years and leads client work in the areas of internal controls and internal audit. Prior to joining Protiviti, Surya has worked for 10 years at Ernst & Young (Delhi, Dubai ...
Learn more
Andrew Wieser
Andrew Wieser
Andrew has been a part of Protiviti’s Internal Audit & Financial Advisory practice since 2014 and transferred to the UK office in 2016. He is a member of Protiviti’s Global SOX champions network, UK co-lead of the Controls Advisory offering, and a member of the ...
Learn more
Martin Douglas
Martin Douglas
Martin is a Director with Protiviti and is an IT Auditor with over 25 years IT Audit and IT Consulting experience gained across various industry sectors. Prior to joining Protiviti, Martin was a Principal Advisor at KPMG, London, where he worked with a number of high ...
Learn more
Loading...