April Governance Roundup
Risk and controls | Getting ready for 2026 | Financial subsidiaries and parents
When we work with boards, we often hear NEDs expressing concern that they don’t spend enough time on strategy. We very rarely hear anyone saying the same about risk and control. (Although we do occasionally come across a board who prove to be inadequately addressing this critical aspect of their responsibility.)
More often than not, Audit (and Risk) Committees struggle to resist the tendency to become excessively entangled in minutiae. It’s quite a challenge to dredge through detailed reporting against the internal control and risk management framework, reviewing pages of risks and controls identified as part of a bottom-up exercise, and still report to the Board in a way that’s sufficiently engaging to stimulate meaningful conversations.
While the Board needs to be fully familiar with the intricacies of risk and control reporting, it also needs to step back and ask some of the bigger questions about how the risk and control framework helps or hinders the business. Thanks to busy board agendas, these discussions can easily become a cursory acknowledgement of a report from the Audit Committee when it comes to confirming the risk appetite or agreeing on principal risks for the annual report.
This is a missed opportunity and can have significant repercussions, which is why annual board planning must deliberately allocate time and space for these fundamentally important discussions. The Board needs to bring risk and control together with the strategy and the business model, clarifying the connection with the organisational culture. The recently published FRC Corporate Governance Code Guidance provides useful question sets for all boards to consider as they approach risk and internal control oversight.
We’ve done a lot of work this quarter on risk oversight. From the checklist and 2-minute videos on strengthening risk oversight to the tips on how to stand back and create space to consider the bigger picture, I hope you’ll find something to help your Board develop its thinking.
At the time of writing we have just hosted our webinar with the FRC on how boards and their committees can prepare for the Code changes on assessing the effectiveness of internal controls. If you were unable to register, watch out for the recording which will follow shortly.
See below for the full list of guidance and events:
The Effective Board: Standing back!
Richard Sheath ponders the value of taking a pause in meetings to step back and consider the bigger things. Read more
Checklist: strengthening risk oversight
Practical steps for boards that help improve risk reporting and the quality of risk discussion. Download checklist
Video series for FS Boards: 6 ways to avoid upsetting your regulator
A series of short conversations about the tension FS Boards face between addressing business needs and satisfying regulator demands. Download videos
Technology and AI: key questions for boards
A summary based on the discussion with governance and technology expert Martyn Chapman at our recent roundtable event for Irish CoSecs. Read more
Video series: Supporting risk oversight and reporting
Richard Sheath provides six key insights for effective risk oversight, in under two minutes each. Download videos
Webinar: The challenges for FS subsidiary boards
Two experienced Chairs share their insights with ex-regulator Lisa Scott and IAL partner Jonathan Hayward. Download recording
Key questions for FS Boards: Can you avoid an S.166?
A summary of the main points arising from our webinar for subsidiary boards. Download summary
What next? New Code provisions on risk management and internal control
Richard Sheath's article considers what changes to the FRC's Corporate Governance Code will require from boards. Read more
If you'd like to discuss any aspect of board performance, or explore ways to support your Board's ongoing development in 2024, don't hesitate to get in touch. We're always happy to help.
Warm Regards,
The Independent Audit Team