The FRC released its consultation document on proposed changes to the code this May, having last updated the code in 2018. Airmic’s submission was jointly authored by Airmic CEO Julia Graham and Hoe-Yeong Loke, Airmic’s head of research.
Given the permanent state of crisis today where risks are interconnected and fast-evolving, Airmic made the submission in the spirit of ensuring that risks are not addressed in silos. The Airmic submission noted that risk registers and internal audit programmes are inadequate if they are set less frequently than the context demands. It called for both to be dynamic and operate in unison otherwise a time lag can develop between the activities of assessing risk and the assurance of it. This would prevent organisations from gaining a false sense of confidence in the face of today’s risks.
Airmic has collaborated with bodies such as the Chartered Institute of Internal Auditors (CIIA) – the co-host of the 5 September roundtable – the accountancy body ACCA, the Professional Risk Managers' International Association (PRMIA) and British Standards Institute (BSI) Committee RM/1 on the issues at hand. This had included collaboration on research on risk culture, which also formed the basis for Airmic’s submission to the FRC.
Together with BSI Committee RM/1, Airmic is calling for the FRC to set out the characteristics that organisations should use to identify a risk as an emerging risk. As noted in the Airmic submission, key to this list is the lack of an established body of knowledge, which can be tested as part of an audit.
The submission also reflected on the need for the Corporate Governance Code and its associated guidance to address the ‘how’ in managing emerging risks, as well as the ‘what’ and the ‘why’. Airmic said it looked forward to engaging more closely with the FRC on emerging risks, especially in the course of the update of guidance on the Code.
High profile corporate collapses had prompted the UK government to review standards for corporate governance.
First among these collapses in recent years was Carillion, the UK’s second-largest construction firm and a major strategic supplier to the UK public sector, with work ranging from hospitals to building roads.
Carillion collapsed under £1.3bn of debt in January 2018, entering compulsory liquidation. At the time of going bust, Carillion was working on around 420 public sector contracts.
Behaviour and culture
Airmic is recommending that the Three Lines Model be referenced in guidance documents to the code, to enable a better understanding of the role of risk management in relation to internal audit, and the relationship between them and with the governance and leadership of an organisation. The model is not currently referenced in current FRC guidance.
Based on its research on how the reasons behind most corporate collapses relate to behaviour and culture, Airmic is also calling for risk culture to be measured and incentivised. This includes the alignment of remuneration with the organisation’s purpose and performance.
A major influence on the latest submission was research conducted with the Association of Chartered Certified Accountants (ACCA) and the Professional Risk Managers' International Association (PRMIA), called “Risk culture: building resilience and seizing opportunities”, published in April 2023.
Airmic itself previously participated in the FRC’s report “Creating Positive Risk Culture”, released in December 2021.