In the wake of the credit crunch, and with the significant failures exposed around corporate governance, the Financial Reporting Council commenced a review of the effectiveness of the UK’s Combined Code.
A progress report and summary of the consultation is available here. However some of the key points from a performance and risk management perspective are given below.
Many commentators on the review distinguished between the management of operational risks, for which the majority considered existing processes and guidance to be sufficient (at least for non-financial companies), and the management of strategic risks, in particular “high impact, low probability” risks. In the latter case the board’s responsibility for setting the risk appetite and profile of the company was of particular importance.
There was a view that not all boards had carried out this role adequately, and in discussion with the chairmen of listed companies many agreed that the financial crisis had led their boards to devote more time to consideration of the major risks facing the company. There were differing views about the extent to which risk management systems below board level may need to be reviewed in non-financial companies.
Some commentators on the review were critical of companies’ reporting on risk, which investors felt was often uninformative. In its most recent annual review, published in October 2009, the FRRP also identified some common failings in business reviews including lack of clarity about the business model and specific risks and uncertainties, and the use of boiler-plate descriptions.