Risk management is becoming an increasingly important part of an accountant’s role. However, there is no official best practice for accountants or any other stakeholder who must make risk-based decisions. Accountancy Age spoke to Bryan Foss, a key figure in the ‘Risk Coalition’, an organisation looking to establish an industry-consensus on what is considered good practice when it comes to risk management.
Much of the blame following high-profile corporate collapses and scandals has, rightly or wrongly, fallen on accountancy firms following their failure to spot shortcomings, fraud and corruption while undertaking audits.
While they argue it is not their job to uncover bad practice, the Big Four and other mid-tier firms such as Grant Thornton have been involved in a variety of headline-making audit scandals such as the collapse of Carillion, Patisserie Valeria and BHS, with other on-going investigations also threatening to mar the firms’ images.
They have come under intense scrutiny, with some calling for the break of the Big Four, who themselves making public efforts to improve the quality of the audits they undertake.
But others within the failing companies are undoubtedly also to blame. Questions have been raised about who is accountable within the likes of Carillion and Patisserie Valerie, who was responsible for risk guidance at these and the financial service organisations, and what is the best practice going forward to avoid such situations again.
Last year, the FRC published its latest version of the UK Corporate Governance Code, but only made a small reference to board risk committees. Financial service companies are required to have a board risk committee, but there is currently very little guidance that outlines best practice.
A number of professional bodies including the Chartered IIA, and regulatory bodies such as the PRA, FCA and FRC, play some role in assisting organisations to manage risk, but are limited in scope. Individuals on risk and audit committees as well as senior executives and non-executive board members are also responsible for elements of risk management and assessment, but they too lack clear guidance.
A group calling themselves the Risk Coalition are looking to change that. The group of organisations and professional bodies have banded together to form the coalition and are aiming to gain industry-consensus on what is considered good practice when it comes to risk management through a consultation process.
Bryan Foss is a leading voice in the Risk Coalition, an independent non-executive director and visiting professor at Bristol Business School, and has written on the subject and spoken to Accountancy Age. In a blog post about the risk coalition on the CIIA website, he wrote: “I see this as a wonderful opportunity to create a clear code with input from all the various stakeholders in this field.
“I am a non-executive director on a number of boards including experience of a bank, listed firms, start-ups and the public sector, and I have also worked closely with regulators and am an adviser to the FRC, so I have seen the urgent need for this across a wide range of boards and organisations.”
A concern is that with the scandals that have hit large businesses and financial services, financial regulators will impose new rules and regulations if a consensus cannot voluntarily be agreed by organisations.
As Foss writes: “This is rarely a good outcome, since most organisations will benefit more from principles-based guidance and help to develop aspirational best practices than they will from legal rules that often constrain accountability and may have many unintended consequences over time.”
The Chartered IIA got involved in the coalition early on in the consultation process, with the hope that more guidance around risk management will be able to help accountants.
“The new guidance should also help them to do their jobs because it will emphasise areas such as the importance of the risk officers’ independence and reporting lines, why internal audit should be involved in discussions about the most important risk issues in the business and how these need to work across so much of the governance structure,” wrote Foss.
The Risk Coalition believe that by ensuring there is a code of practice for risk managers to consult, they will be better informed to make decisions while also being held to account if things go wrong.
Speaking on the issue of the failing businesses, Foss told Accountacy Age: “The ‘expectation gap’ between Audit and Assurance is perhaps most visible when unexpected business failure happens within a very short time from a major audit. An audit has a tight legal definition yet the assurance needs of stakeholders are wider.
“Where a board and its committee are concerned for the quality of the assurances provided to them, including whether there is unidentified fraud from poor audit challenge, good risk management practices can ensure that enough attention is applied, and even speak up and whistleblowing is properly encouraged.”
The role of risk guidance is becoming an increasingly important Risk guidance is becoming an increasingly important part of an accountant’s role, and Foss thinks proper guidance will be of great help. “Accountants have a increased responsibility to assess and approve future spend, within the firms risk appetite.
“Risk Guidance can help accountants to pull together all the necessary resources to achieve this without seen to be stood alone as the ‘bad guy’ and conscience, or simply as an after-the-event bean counter.”
The consultation process began in June, and will close on the 20th of September. But what is the ideal outcome of the process? Foss has big ambitions and hopes whatever is agreed through the consultation is adopted by organisations of all shapes and sizes, while continually improved upon over time.
“An ideal outcome following this consultation would be to have it validated and improved through use in organisations of all types and sizes. We plan to publish examples and case studies that show how firms succeed or struggle with challenges such as professional independence, or the regulatory ‘fire hose’!”
To read more about the Risk Coalition and the consultation, visit riskcoalition.org.uk, where you can download the consultation document and questions.