Governance and Culture: 5 Areas to Address the New Corporate Governance Code

As of January 1, new provisions of the UK Corporate Governance Code designed to strengthen risk management and accountability are in force with further requirements commencing next year. Many organisations are still scrambling to implement necessary changes to their risk and control programmes.

AuditBoard’s report, UK Corporate Governance: Turning Compliance Into a Strategic Advantage, revealed that 89% of professionals expect an increase in workload due to the new provisions while citing a lack of bandwidth coupled with a misalignment of priorities across their organisation as the biggest obstacles. Perceived shortfalls in resources, stakeholder buy-in, clarity of responsibilities, expertise, budgets, and technology further compound this problem.

For those still coming to grips with the Code, the good news is that there are no penalties for noncompliance — at least for the time being. More importantly, however, is that there are tangible benefits to be achieved from both the journey and the destination of compliance. Successful implementation requires the sustained and collaborative efforts of the board, senior executives, risk and compliance teams, middle management, and the internal audit function and forces us to have full and frank conversations about organisational priorities, governance, risks, and controls — all of which can only be a good thing.

As auditors, we can play a significant role in advising and supporting our organisations through this process. Having recently prepared for the Global Internal Audit Standards, we have fresh experience with performing gap analyses and building plans to achieve full conformance. By communicating the extent and value of the work needed, we can help establish clarity of responsibilities for a concerted approach with commitment at all levels and ensure budgets and resources are appropriately targeted and prioritised.

In this article I offer some thoughts on practical steps we can follow to ease the process of aligning with the Code and optimise the benefits. 

Quick Overview of the New Code Requirements

First let us remind ourselves of the thrust of the new provisions. The UK has always been a leader in corporate governance and the changes keep that tradition alive by focusing on:

• Strengthening the independence of auditing functions and the objectivity of auditors.
• Achieving a “balanced and understandable” assessment of risk and control.
• Extending the board’s role to include responsibility for maintaining the effectiveness of the risk and control framework.

Accordingly, boards need timely, relevant, and reliable information on a regular basis from management in first and second line roles, internal auditors, external auditors, and other sources. From such inputs boards must make a yearly assessment of the organisation’s risk appetite and tolerance, risk culture, risk management processes, and system of internal control spanning “all material controls, including financial, operational, reporting, and compliance controls.”

In my view, this hinges on organisational culture. While some may seek merely to comply with the letter of the Code, a more valuable result can be achieved by observing its spirit. To instil long-term changes in behavioural outcomes requires a shift in the collective mindset via an integrated approach involving top-down leadership and the full participation of key functions.

Let me break it down as follows:

1. Strategy, purpose, and vision.
2. Board effectiveness.
3. Clarity and alignment of responsibilities.
4. Talent and performance management.
5. Governance, risk, and control.

1. Strategy, Purpose, and Vision

Setting clear goals: The board should clearly define the organisation’s purpose, values, and strategic direction. This is essential to focus and align efforts in all functions and across all levels.

Engaging with stakeholders: Regular and meaningful engagement with stakeholders — strategic partners, employees, shareholders, investors, lenders, customers and clients, suppliers, community representatives, and others — ensures the organisation’s goals resonate with their expectations. Transparent communication builds trust and reinforces commitment to the core purpose.

Potential barriers and resolution: Transitioning to new governance practices may face resistance within the organisation through natural inertia, uncertainty, and fear. Clear, consistent communication, keeping stakeholders involved in the change process, and equipping them with the skills and resources to adjust to new expectations are all essential.

2. Board Effectiveness

Diversity: A diverse board with varied skills, experiences, and perspectives is better equipped to address complex challenges.

Continuity: Effective succession planning ensures the organisation remains resilient and prepared for leadership changes.

Compensation: Remuneration policies must be fair, transparent, and aligned with performance.

Evaluation: Conducting annual assessments of the board’s performance utilising both internal and external reviews fosters a culture of continuous improvement.

Potential barriers and resolution: Achieving a truly diverse board can be challenging. Proactive recruitment strategies and a commitment to diversity and inclusion policies can help mitigate this issue.

3. Clarity and Alignment of Responsibilities

Separation of roles: The roles of the Chair, CEO, and senior executives must be clearly defined to ensure clarity and avoid overlaps, gaps, and confusion. This separation helps avoid conflicts of interest, enables accountability and ensures the board can effectively oversee management and organisational activity.

Board committees: In most organisations, the contribution of specialised committees with well-defined responsibilities is vital to the effective operation of the board. Each committee needs a clear mandate and must operate independently to provide appropriate checks and balances.

Potential barriers and resolution: Ambiguity in role definitions can lead to inefficiencies and weaknesses in governance. Developing clear, documented role descriptions and conducting regular reviews are vital processes to address this issue.

4. Talent and Performance Management

Attracting and retaining talent: Competitive pay and attractive conditions are vital for keeping the people you want.

Alignment of goals: Individuals at all levels need to see how their efforts contribute to shared targets at a team, divisional, and corporate level.

Performance monitoring: Performance must be reliably tracked, reported, and reviewed.

Rewards (and other consequences): Linking compensation and rewards to performance metrics drives sustainable growth. Poor performance must also be addressed.

Potential barriers and resolution: Teams and individuals tend to operate in silos and focus on their own priorities. Shared and aligned goals keep organisations working as a single entity.

5. Governance, Risk, and Control

Risk and control: Robust internal control systems are vital for safeguarding assets and ensuring financial accuracy. Regular reviews and updates help maintain their effectiveness. Risk management should be integrated into strategic planning and decision-making processes.

Potential barriers and resolution: Implementing and maintaining effective systems is resource-intensive. Prioritising critical controls and leveraging technology can enhance efficiency and effectiveness. Independent assurance. Independent assurance from internal and external auditors builds confidence and provides insights for improvement.

Winning Hearts and Minds

Governance is not static. Regularly reviewing and updating practices ensures they are effective and relevant. The “comply or explain principle” remains a cornerstone of the Code. Leaders should provide clear, cogent explanations for any deviations and demonstrate that alternative approaches are equally effective.

Implementing the new requirements is not just about compliance but a means of embedding a culture of excellence and accountability within an organisation. By following the outlined guidance, organisation can strengthen their governance frameworks, enhance stakeholder trust, and drive long-term success.