Corporate governance rules face shake-up

The world of corporate governance looks very different after this week’s Turnbull committee report on internal control. Never before have corporate leaders had to review annually the requirement for an internal audit function along with its remit, authority, scope and the resources available to it.

Headed by Rank Group finance director Nigel Turnbull, the committee designed its report not to be a prescriptive ‘tick boxes’ exercise. ‘We believe that if you want to expand internal audit beyond financial controls, then it will mean different things to different businesses and we wanted to make it a robust process,’ says Turnbull.

Instead, the report sets out what companies should consider on an ongoing basis to determine the effectiveness of internal control and how they should review internal audit functions annually.

The guidance will become part of the combined code on corporate governance, issued by the Stock Exchange last year as part of its listing rules. With the Cadbury and Hampel reports, it is the third leg of the corporate governance stool.

For companies, the guidance should present no major headaches. Sarah Blackburn, head of group operational audit at vehicle leasing company Lex Service, says: ‘I welcome this wholeheartedly and I do not think that any modern internal audit function will have problems.’

But both the committee and Auditing Practices Board acknowledge the requirements could challenge external auditors and standard-setters alike.

‘This does not lend itself easily to auditing standards and will require more judgement, but I believe it is the right call on the profession.

It has gone too far down a compliance route,’ says PricewaterhouseCoopers head of professional affairs and committee member Roger Davis.

The report says disclosures should state that the board is responsible for internal control and for reviewing its effectiveness. But APB technical director Jon Grant says this could present a problem.

‘While external auditors can provide some assurance as to process description, we are worried that such assessment could be misinterpreted as saying these processes are effective,’ he says. ‘This could be contentious in a fraud case where directors and external auditors have different views of what is “reasonable assurance”.’

If Turnbull’s recommendations are adopted, companies will have until the first accounting period ending on or after 23 December 1999 to comply.

It’s a tall order for companies whose internal controls leave something to be desired, but then that is the point.

Related reading