Audit Committee Network Technical workshop

Transcription

1 Technical workshop

2 Accounting developments Iain Selfridge Slide 2

3 Agenda Year end reminders IFRS updates 1 2 Future changes to FRS 102 Other resources/ communications Slide 3

4 Year end reminders 1 4

5 Year end reminders New accounting standards Accounting policies Business combinations Cash flow statements Strategic report Alternative Performance Measures Judgements and estimates Pensions Slide 5

6 Impact of new standards: What does the standard (IAS 8) actually say? 30. When an entity has not applied a new IFRS that has been issued but is not yet effective, the entity shall disclose: a) this fact; and b) known or reasonably estimable information relevant to assessing the possible impact that application of the new IFRS will have on the entity's financial statements in the period of initial application. 31. In complying with paragraph 30, an entity considers disclosing: [ ] b) the nature of the impending change or changes in accounting policy; [ ] e) either: i. a discussion of the impact that initial application of the IFRS is expected to have on the entity's financial statements; or ii. if that impact is not known or reasonably estimable, a statement to that effect. Slide 6

7 What has the FRC said? Open letter to audit committee chairs and finance directors, 10 October 2017 [ ] Given their significance it is important for companies to disclose the likely impact of the new accounting standards on their financial statements as soon as they can be reliably measured. The FRC encourages companies to provide clear disclosures with reference to their existing accounting policies. In the last set of financial statements before the implementation date we expect to see detailed quantitative disclosure regarding the effects of the new standards. We expect companies to have made a step change in the quality of their disclosures this year, particularly in respect of IFRS 15 and IFRS 9. These quantitative disclosures should be accompanied by informative and sufficiently detailed explanations of the company s analysis. Disclosures should be tailored to the company s specific circumstances and transactions, and describe any key judgements that management will need to make in complying with the new standards. Slide 7

8 Thematic reviews Alternative Performance Measures Alternative Performance Measures FRC will continue to question companies where: Definitions and good explanations are not given of APMs used A reconciliation to amounts appearing in the financial statements is not disclosed APMs are displayed with greater prominence, or earlier in narrative, than IFRS measures A term such as non-recurring is used and that description does not appear to apply in the circumstances No explanation is given for changes made in the APMs used Slide 8

9 Thematic reviews Pensions Pensions FRC will continue to question companies where: Sufficient information has not been provided about risks, how future cash flows may be affected and valuation of unquoted plan assets Net pension asset is recognised, or there may be a future surplus, and there is no disclosure of judgements There is an asset-liability matching strategy without description Strategic report does not refer to pension scheme Plan assets of different nature/risk have been aggregated Slide 9

10 Thematic reviews Judgements & estimates Judgements and estimates FRC will continue to question companies when they do not see: Clear differentiation of estimates from judgements Detailed disclosures of the judgements that have the most significant impact Company-specific disclosures that pin-point areas of uncertainty not boilerplate Quantification of the specific amounts of estimates at risk of material adjustment within the next year and assumptions underlying estimates Sensitivity analysis or disclosure of the range of reasonably possible outcomes Slide 11

11 2018/19 Thematic reviews Corporate reporting Target: smaller listed and AIM quoted company The effect of new IFRSs on IFRS 15 and IFRS 9 on companies 2018 interim accounts Expected effect of IFRS 16 Effects of Brexit on companies disclosure of potential risks and uncertainties. Priority sectors Financial Services Oil and Gas General Retailers Business Support Services Slide 11

12 Dividends under the microscope 132 FTSE 350 companies enhanced disclosures Source: FRC Lab implementation study: Disclosure of dividends policy and practice (October 2017) Improved disclosure of policy application How has practice developed (2016/17)? 48% of FTSE 100 disclose distributable profits Improved risk and policy disclosures Only 30% of FTSE 250 now disclose distributable profits Slide 12

13 Dividends under the microscope How could disclosures be improved further? Identifying the explicit links between dividend, business model, principal risks and viability Enhancing disclosure on constraints Explaining more fully what policy means in practice Enhancing understanding of structure and process Source: FRC Lab implementation study: Disclosure of dividends policy and practice (October 2017) Slide 13

14 IFRS updates 2 14

15 What s new? 15

16 What s new: IFRS amendments effective this year Standard Amendments to IAS 12 Nature of amendment Income tax on recognition of DTA for unrealised losses Amendments to IAS 7 Statement of cash flows Annual improvements cycle Disclosure of interests in other entities Subject to EU endorsement Slide 16

17 Effective 1 January 2017 What s new: amendment to IAS 7 Might be different to current net debt reconciliation 20x1 Cash flows Non-cash changes 20x2 Acquisitions Foreign exchange Fair value changes Long-term borrowings 22,000 (1,000) 21,000 Short-term borrowings 10,000 (500) 200 9,700 Lease liabilities 4,000 (800) 300 3,500 Hedges of long-term borrowings (675) 150 (25) (550) Total liabilities from financing activities 35,325 (2,150) (25) 33,650 Slide 17

18 Effective 1 January 2017 What s new: amendment to IAS 7 But you could do this 20x1 Cash flows Non-cash changes 20x2 Acquisitions Foreign exchange Fair value changes Long-term borrowings 22,000 (1,000) 21,000 Short-term borrowings 10,000 (500) 200 9,700 Lease liabilities 4,000 (800) 300 3,500 Hedges of long-term borrowings Total liabilities from financing activities Cash and cash equivalents (675) 150 (25) (550) 35,325 (2,150) (25) 33,650 (1,250) (225) 75 (25) (1,425) Net debt 34,075 (2,375) (25) 32,225 Slide 18

19 What s in the pipeline? Standard IFRS 9 Financial instruments IFRS 15 Revenue from contracts with customers Effective Effective IFRS 16 Leases Effective IFRS 17 Insurance contracts EU endorsement Effective IFRIC 23 Uncertainty over income tax treatments EU endorsement Effective REMEMBER: Disclosure of new accounting standards (IAS 8)! Slide 19

20 3 Future changes to FRS

21 Future changes to FRS 102 Financial Institution definition FRED 68 Gift aid FRED 67 effective date 1 Jan 2019 with early adoption More basic FI Changes in FRS 102 Impact of new standards Investment property choices Fewer intangibles in a BC Simplifications on Director loans Slide 21

22 4 Other resources / communication 22

23 Other resources / communications see Live webcasts IFRS Talks In depth / In brief IFRS Manual of Accounting MoA Inform IFRS News Corporate Reporting Insights IFRS series on Inform Youtube channel Blog Corporate Reporting Blog Slide 23

24 Corporate Corporate Governance Reporting/Governance and Reporting update Arran Mark Jones O Sullivan/John Patterson Jones.arran@pwc.com December 2017 Slide 24

25 Agenda Principal and other developments Priorities for this year s reporting Slide 25

26 Principal and other developments 26

27 Navigating the stakeholder agenda Principal developments Key Final Still subject to consultation /or not yet issued Stakeholders and the impact of business on society Non-financial reporting regulations Government Green Paper on corporate governance reform and response FRC consultation on Guidance on the strategic report Law FRC Guidance FRC consultation on the UK Corporate Governance Code and Guidance on board effectiveness Secondary legislation s172 reporting requirement Investment Association/ ICSA Guidance on stakeholder engagement GC100 Guidance on section 172 Combination Law Guidance Guidance Slide 27

28 Navigating the stakeholder agenda Other developments and initiatives Stakeholders and the impact of business on society Task-force on Climate-related Financial Disclosure ( TCFD ) Board diversity Website disclosures based on social impact of companies Guidance Davies and Hampton- Alexander on gender diversity Parker on ethnic diversity Guidance DTR 7.2.8AR on disclosure of diversity policy for the main and executive boards Regulation Modern Slavery Act UK tax strategy Gender pay gap Prompt payment policy Law Law Law Law Slide 28

29 Corporate governance reform Directors duties debate What does it mean to promote the success of the company? A director must act in the way he considers, in good faith, would be most likely to promote the success of the company for the benefit of its members as a whole and in doing so have regard (amongst other matters) to: - the likely consequences of any decision in the long term - the interest of the company s employees - fostering business relationships with suppliers, customers and others - the impact of operations on the community and the environment - maintaining a reputation for high standards of business conduct - the need to act fairly as between members of the company [Companies Act s172] Slide 29

30 Corporate governance reform Principal developments outcome of Government Green Paper Stakeholder voice Reporting: secondary legislation to have all companies (>1,000 employees?) report on implementation of s172 Stakeholder engagement mechanisms - employees: UK Corporate Governance Code provision for premium listed companies to have one from: o Stakeholder panels o o Designated non-executive director Representative on board or board committee Guidance: from Investment Association/ICSA on engagement & GC100 on s172 Executive pay Public register of cases of significant dissent, maintained by Investment Association Disclosure of ratio of CEO pay to average UK employee Private company governance Code or Guidance for large private businesses Governance reporting for private companies (> 2,000 employees?) Code consultation November 2017 and effective for periods beginning January 2019 Secondary legislation laid by March 2018 and effective for periods beginning June 2018 onwards Slide 30

31 Navigating the stakeholder agenda Principal developments non-financial reporting regulations Scope EU Public Interest Entities with > 500 employees, with exemptions for certain subsidiaries Requirements Non-financial information statement within the strategic report covering ( to the extent necessary for an understanding of the company s development, performance and position, and the impact of its activity ): Environmental matters In relation to these areas: Employees Social matters Respect for human rights Anti-corruption and anti-bribery matters Italics = new requirement compared to strategic report regulations Policies, including due diligence on them and outcomes Principal risks, including likely adverse impacts of business relationships, products or services Now applicable for periods beginning on or after 1 January 2017 Slide 31

32 Navigating the stakeholder agenda Principal developments FRC consultation on Guidance on the strategic report Three main themes Section 172 Reflecting s172 debate, with new focus on: Value generation and preservation Long-term reporting Annual report content to be judged on materiality to shareholders New regulation Updating for the non-financial reporting regulations Other areas of focus ESMA Guidance on Alternative Performance Measures Consistency of commentary in the business review with the segmental analysis Consistency of KPIs with remuneration and how the business is run Discouragement of the use of the commercially sensitive exemption from disclosure Latest indications on timing middle of 2018; could see initial recommendations around nonfinancial reporting regulations first Slide 32

33 Priorities for this year s reporting 33

34 Navigating the stakeholder agenda Priorities for this year Section 172 and engagement ICSA/Investment Association guidance Areas to cover Who are the key stakeholders? How does the board hear from them? What were the outcomes of the engagement with stakeholders what impact did they have on the board s decisions? Related comments Company-specific, and may change over time reflect in reporting Outline process used to make decisions, based on impact and materiality Explain engagement processes concisely, for ongoing and ad hoc instances Consider disclosing outcome of any engagement effectiveness assessment Report a fair, balanced and understandable appraisal Aim for a mix of qualitative and quantitative information ICSA/IA The stakeholder voice in board decision making, pages Slide 34

35 Navigating the stakeholder agenda Priorities for this year Section 172 and engagement FRC encouraged content elements An entity could set out who it considers its major stakeholders to be, how an entity engages with those stakeholders and how the interests of major stakeholder groups and the matters set out in section 172 were taken into account when making significant strategic decisions in the period. An entity could describe how it develops and maintains its relationships with its key stakeholders. This could include the regular interactions it has with them, how it communicates with them and how regard is had to their interests in key decisions. For instance, there may be a nonexecutive director who has specific responsibility for considering the interests of employees and other stakeholders. FRC draft Guidance on the strategic report, paras 7.10 and 7.18 Slide 35

36 Navigating the stakeholder agenda Priorities for this year Section 172 and engagement Early examples Stakeholder engagement (Marks & Spencer annual report 2017) Slide 36

37 Navigating the stakeholder agenda Priorities for this year Section 172 and engagement Early examples - Board activity (SSE annual report 2017) Slide 37

38 Navigating the stakeholder agenda Priorities for this year non-financial reporting regulations Points of focus Areas to cover Structure of reporting Non-financial risks Revisit disclosures on all five areas of content, including the new one on anticorruption and anti-bribery matters Consider what due diligence on how policies are operating needs to be disclosed Related comments Fully integrated, as per the draft FRC Guidance on the strategic report? Relationship with other principal risks? Are all material matters disclosed, including material impacts of the business Due diligence on policies has been promoted from the FRC Guidance and generates debate as to how much is enough Slide 38

39 Navigating the stakeholder agenda Priorities for this year value generation and preservation Points of focus from draft FRC Guidance on the strategic report A critical part of understanding an entity s business model is understanding its sources of value, being [its] key resources and relationships In identifying [these it] should consider both its tangible and intangible assets and consider those resources and relationships that have not been reflected in the financial statements. An entity could describe how its allocation of resources will support the achievement of its strategy, generate and preserve value and will impact on its stakeholders where material to an understanding of the entity s future prospects. This could include a, quantitative and qualitative analysis of allocation decisions made (such as investments) and their impact during the year. (Encouraged content element) FRC draft Guidance on the strategic report, paras 7.17 and 7.21 Slide 39

40 Navigating the stakeholder agenda Priorities for this year value generation and preservation Investment Association Long-term Reporting Guidance on capital management strategy The objectives and investment priorities of the company s capital management strategy, including an explanation of the key criteria and underlying assumptions used to assess capital allocation opportunities The policies governing what the company regards as capital, including an explanation of the company s approach to distinguishing between maintenance capital, and capital that is used for growth The process by which capital allocation decisions are made by the company, how often policies regarding capital management are reviewed, and how performance of these decisions are assessed over the long term The role of the Board in setting the Capital Management Strategy, with discussion regarding its responsibility in providing oversight over final capital allocation decisions and reviewing past performance IA Guidance, para 23 Slide 40

41 Navigating the stakeholder agenda Priorities for this year long-term reporting Viability statements improvements have not been widely identified in the quality of companies viability statements, and investors are therefore getting limited value from this disclosure. Investors would welcome further explanation of the factors taken into account when making an assessment of viability including explaining why a company has selected its period of assessment and how this aligns to the business cycle, the potential exposure of different parts of the business to one or more risks materialising, and an explanation of the extent of resilience of the company as a result. FRC Annual Review of Corporate Reporting, page 29 Slide 41

42 Navigating the stakeholder agenda Priorities for this year long-term reporting Investment Association Guidance on viability statements 1 Consider time 2 Distinguish prospects 3 horizon beyond 3 (long term plan) from 5 years viability Explain period chosen through more than strategic (medium term) plan 4 5 Consider current state of affairs & assumptions in plan Be clear on impact on sustainability of dividend policy 6 Show relevance & priority of principal risks 7 Be clear on scenarios 8 Discuss specific 9 tested and outcomes mitigating or remedial actions Consider carrying out reverse stress testing Slide 42

43 Navigating the stakeholder agenda Priorities for this year long-term reporting FRC draft Guidance on the strategic report Three encouragements to provide a longer-term view on risks 1 Entities should communicate relevant information that enables shareholders to assess the factors that may have an impact on the long-term success of the business. This may involve looking beyond the strategic planning horizon of an entity. 2 Linkage example Principal risks may result in threats to solvency and liquidity. An entity should consider the period over which principal risks may crystallise and how these have been taken into account when, where relevant making the viability statement. Where a viability statement uses a timeframe shorter than that over which risks may crystallise, the entity should explain the potential impact of these long term risks on the entity s viability. 3 Where the entity is facing long-term systemic risks which may have a material effect on the entity s ability to generate and preserve value in the long term, for instance risks arising from climate change or risks arising from changing technology, the strategic report should explain how the directors expect the entity s strategy and business model to change in response to those risks. FRC draft Guidance on the strategic report, paras 6.14, 7.24 & 7.25 Slide 43

44 GDPR David Carney Slide 44

45 An overview of the GDPR why is it important? 1 Law that regulates the processing of personal data. Comes into effect in May 2018, but the legislative journey began in All sectors of the economy are regulated and all living individuals protected and empowered. Scope extended to Data Processors (service providers). 5 3 Global reach legislation is extraterritorial. Financial, regulatory, operational and reputational consequences for non-compliance. 6 A new Accountability Principle : The controller shall be responsible for, and be able to demonstrate compliance. Intention is to put people back in control of their data and to improve how personal data is handled and used. Slide 45

46 An overview of the GDPR what has changed? A new Transparency Framework Entities need to be much clearer about how they use personal data. Consent rules are toughened up, with new proof requirement. Individual rights are boosted. Mandatory breach disclosure, means entities must come clean after failure. Enhanced rights of regulatory inspections and audit. A new Compliance Journey Privacy by Design means entities have to get data handling right from the start. Privacy Impact Assessments will have to be carried out routinely. Accountability means compliance activities need to be undertaken and evidenced. Data Portability means that people will be able to take their data away with them. Right to be Forgotten means that people will have greater power to demand deletion. A new Punishment Regime Tougher enforcement powers for regulators. Financial penalties at 4% Annual Worldwide Turnover. Compensation rights for distress. Data Processors liable in their own right. Slide 46

47 An overview of the GDPR what has not changed? Principles - Personal data must be: (a) Processed fairly, lawfully and in transparent manner (b) Collected for specific and legitimate purposes, and used only for the purpose obtained (c) Adequate, relevant and not excessive (d) Kept accurate and up to date (e) Not kept longer than necessary (f) Kept secure Is your business compliant with existing regulation? If not, the step up is more onerous. Slide 47

48 The local regulatory environment Guernsey legislation The Data Protection (Bailiwick of Guernsey) Law, 2017 Jersey legislation Data Protection (Jersey) Law 2018 Data Protection Authority (Jersey) Law 2018 Both laws are intended to be equivalent to the GDPR. Both islands are seeking to maintain their adequacy status which enables free movement of personal data with the EU. New Guernsey and Jersey regulatory bodies to be established. Slide 48

49 Risks and challenges which area is of most concern for you? Regulatory Regulators may require the provision of information, conduct audits, and obtain access to premises if they determine it is necessary. Reputational Non-compliance with the GDPR could result in brand damage, loss of consumer trust, loss of employee trust, and customer attrition. Financial Fines of up to 4% of the total global annual turnover can be enforced depending on the breach severity. You may also experience loss of revenue, and high litigation and remediation costs. Operational Data subjects can impose data processing bans, suspend data transfers, and order the correction of an infringement. This could result in restricted EU operations and invalidated data transfers. Slide 49

50 What does GDPR good look like? 1. There is an organisational view on what data privacy means. 2. You understand how privacy and data protection fit in to your overall strategy. 3. There is a clear understanding of what data is held, where it is and who has access to it. 4. You know how well you are protecting the data, and where you are not. 5. The risks introduced to the data by third parties are well understood and managed. 6. The data is being used for the purpose that you have committed to, and nothing more. 7. Your privacy model is designed with agility in mind given the ever changing privacy landscape and changes in strategy. 8. You understand your legal obligations here and abroad and you are tracking developments in regulation. Slide 58

51 What might a good GDPR programme look like? Data discovery and mapping Tech stack functionality to deliver subject rights Culture, training and change Roles and responsibilities Policies and controls design Third parties/ Vendor risk management Breach management Risk management and governance systems Ongoing programme maintenance Project Management Office Remediation Fix identified issues Embed new processes and controls Slide 51

52 Emerging market trends in GDPR programmes Internal audit Programme assurance Second opinion requests Contentious business Uplift in IA inquiries for GDPR support. Programmes are starting to mature to the point of needing validation and testing. GDPR is now residing on corporate risk registers, because generally the IA cycle is closely connected to the content of those registers. Programme assurance looks at whether the set-up of the programme is optimised (vision and strategy; governance; requirements and metrics) Programme assurance also monitors the delivery of the programme and checks it s on track measured against the programme requirements and metrics. Organisations are seeking second opinion on whether the right programme choices have been made. Requests are concerned with the quality of the choices made on the actual programme priorities and content. There is a shortage of skilled data privacy professionals inhouse. An increase in awareness of the litigation risks involved in getting data protection wrong. Organisations starting to notice that there is more to GDPR than fines. New focus on Personal Data Breach notification, with organisations thinking afresh about how they will handle things going wrong. Slide 52

53 What are Audit Committees asking? Is it too early to audit the GDPR programme? Timing GDPR will be in effect in four months and now is the perfect time for an audit as it will uncover areas of unmitigated risk and provide early and actionable feedback. Value add A lot more value can be added by doing an audit before rather than after a regulatory breach. What should be in my internal audit scope? Programme scope Obtain confidence on the programme scope, approach and resources. Failure to deliver is often a result of poor scoping, ineffective leadership, insufficient resourcing and expertise. Key questions Is the programme considering all the relevant risks? How are they engaging with the business? Are they hitting their milestones? How do I upskill my team to do this? Core skills The same basic principles apply to the GDPR programme (as they do to others) as it relates to appraising risk, running a compliance programme and embedding change. Supplementing the team Data Protection experts can help ask the right questions and identify risk areas. Slide 53

54 GDPR - closing thoughts The GDPR is effective from May 2018 Many businesses will struggle to be compliant by then Need to at least ensure you understand the risks and that you are working to a prioritised plan Compliance will be a journey regulatory guidance and industry practice will continue to involve. Consider how you deal with data privacy risks in a business-as-usual context: Privacy control framework Three lines of defence model Third party assurance Board reporting and oversight Regulatory engagement Slide 54

55 Thank you! This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it PricewaterhouseCoopers LLP. All rights reserved. In this document, refers to the UK member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see for further details KA-OS Slide 55