The audit profession has avoided obligations to undertake US-style
assessments of risk management for its UK-only clients.
Following a review of the Turnbull guidance on internal controls, the
Financial Reporting Council has concluded that the current system is working
It has argued that there is no need to introduce rules, such as those in
section 404 of the US Sarbanes-Oxley Act, which would require directors to make
statements on the effectiveness of internal controls and for auditors to attest
to such a statement.
Instead, just minor alterations to the guidance have been recommended.
‘The overwhelming view was that the Turnbull guidance continues to provide an
appropriate framework for risk management and internal control,’ said Douglas
Flint, HSBC finance director and chairman of the Turnbull review working group.
‘Its relative lack of prescription is considered to have been a major factor
contributing to the successful way it has been implemented, and we have
therefore decided against recommending substantial changes.’
Instead of a statement on internal control effectiveness, companies will only
be obliged to confirm that action has been or is being taken to address any
weaknesses identified in its effectiveness assessment.
Michael Hughes, chairman of audit at KPMG, who also sat on the review group,
said: ‘Any extension of this would have significantly increased compliance cost
out of proportion to benefits to shareholders.’
Glyn Barker, head of assurance at PricewaterhouseCoopers, said that the
decision made by the review group was ‘understandable’.
He added: ‘Sarbanes-Oxley was seen as necessary to bring about some “deferred
maintenance” of internal controls in an environment where many boards previously
had no explicit responsibility for control. The UK is not starting from that
Ernst & Young partner and Audit Quality Forum chairman Gerald Russell
said the review group’s decision was to be ‘immensely welcomed’.
The revised guidance, which is out for consultation for the next three
months, also says that companies should review their application of the guidance
on a continual basis.
Two new audit partners have been appointed at the firm BDO in its audit practice following continued growth and investment
Investment in people, tech and businesses impacts on EY's profit per partner figure
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
Dr Richard Willis provides a several thousand-year history lesson of the profession, from origin to modern-day