For companies applying the UK Corporate Governance Code, the current guidance in respect of internal control and risk management is the Financial Reporting Council (FRC)'s publication Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (link to FRC website). This document serves as a reference for boards, prompting them to consider how they effectively manage risk within their business and ensuring a sound monitoring of internal controls, while also highlighting related reporting responsibilities in respect of these areas, such as principal risk disclosures, internal control statements and the longer term viability statement.  This has been echoed by the changes in the 2018 UK Corporate Governance Code, which calls for boards to carry out a robust assessment of the company’s emerging risks as well as principal risks.

For companies complying with US requirements to report on internal controls over financial reporting, the Guidance is a suitable framework as noted by the US Securities and Exchange Commission (SEC).

Possible attestation over internal controls over financial reporting

In December 2019, Sir Donald Brydon’s report of the independent review into the quality and effectiveness of audit proposed a signed attestation by the CEO and CFO to the Board that an evaluation of the effectiveness of the company’s internal controls over financial reporting had been completed and whether or not they were effective. This is expected to be a subject for consultation during 2020/2021.

Guidance for non-Code companies

For those companies not applying the UK Corporate Governance Code, the FRC, in April 2016, issued non-mandatory guidance on the going concern basis of accounting and reporting on solvency and liquidity risks.  Small and micro companies have been scoped out of the guidance but may find parts of it to be a useful in making their going concern assessment.