The Corporate Governance Principles and Recommendations 3rd Edition (Principles and Recommendations), which was released on 27 March 2014 by the ASX Corporate Governance Council (Council), requires that companies disclose their internal audit and assurance protocols to investors.

It was recently reported1 that only approximately half of ASX listed companies have internal audit functions. With the new Principles and Recommendations commencement date fast approaching, it is now more important than ever that all ASX listed companies have established either:

  • a formal internal process; or
  • an assurance protocol arrangements for independently verifying and safeguarding corporate reporting.

In this Alert, Partner Brian Moller and Trainee Solicitor Kaitlyn Rafter outline the internal audit functions and assurance protocols which will become mandatory for companies from 1 July 2014, as well as provide a brief overview of the new information sheet released by ASIC in relation to audit quality.

Key points

  • The Principles and Recommendations will require listed companies to comply with more intensive reporting and a greater standard of corporate governance practices.
  • All listed companies are required to meet the corporate governance practices which are contained in the Principles and Recommendations (or provide cause for not doing so).
  • The disclosure is required to be made by a listed company in either its annual report or on the company's website.
  • A number of recommendations have been released by ASIC in a new information sheet which addresses the responsibilities and obligations of directors and audit committee members in audit quality of audit committees.
  • The Principles and Recommendations take effect for a listed entity's first full financial year commencing on or after 1 July 2014.

The Principles and Recommendations

As highlighted in a previous Alert, the latest Principles and Recommendations, albeit seeking to provide companies with greater flexibility for their corporate governance reporting, will require listed companies to comply with more onerous reporting and a heightened standard of corporate governance practices in Australia.

In doing so, the Principles and Recommendations (which were released in 2007 and amended in 2010) aim to incorporate lessons from the Global Financial Crisis and other local and global corporate governance developments.

What are the requirements?

Under Listing Rule 4.10.3, companies listed on the ASX are required to meet the corporate governance practices which are contained in the Principles and Recommendations. If they do not, a company must disclose its decision not to comply and its reasons for not doing so.

The Principles and Recommendations now provide that all companies should disclose:

  • a company's internal audit function, including how the function is structured and what role it performs; or alternatively;
  • if a company does not have an internal audit function, it must disclose this fact, as well as disclosing the processes that the company employs for evaluating and continually improving the effectiveness of its risk management and internal control processes. This includes, but is not limited to, explaining:
    • the processes for the appointment and removal of the external auditor; and
    • the rotation of the audit engagement partner.

Where a listed company decides it is able to oversee the corporate reporting process efficiently and effectively, without establishing an entirely separate audit committee, the fact that it does not have an audit committee must also be disclosed.

According to the Principles and Recommendations, these heightened audit reporting requirements are to serve a dual purpose of risk management, as well as to safeguard the integrity of the company's corporate reporting.

The requirement under Listing Rule 12.7, that a listed company must have an audit committee in place for the entirety of the financial year still remains in the following circumstances:

  • where it is listed on the S&P All Ordinaries Index at the beginning of your financial year;
  • where it is listed on the S&P/ASX 300 Index at the beginning of your financial year; or
  • if it has been included in the S&P/ASX 300 index for the first time less than three months before the beginning of that financial year, it must take steps to comply with Structure and Disclosure Requirements within three months of the beginning of the financial year.

How to comply: Your corporate governance statement

The disclosure is required to be made by a listed company in either its annual report or pursuant to Listing Rule 4,10,3 which allows disclosure to be made on the company's website instead.

The Council has encouraged listed companies to provide a "holistic and informative explanation of their corporate governance framework" in disclosing compliance with the listing rules or under the Principles and Recommendations.

However, please note that this does not mean that it is simply enough to state that you have complied with the recommendation of the Principles and Recommendations. Rather, companies need to explain what policies and practices have been implemented and where readers can find further information about those policies and practices (ie on company websites).

How to comply: Audit committees – new ASIC information sheet

ASIC recently released Information Sheet 196 Audit quality: the role of directors and audit committees ( INFO 196). INFO 196 lists a number of recommendations in order to assist directors and audit committees in ensuring the quality of the external audit of a financial report.

INFO 196 makes it clear that directors (whether or not they are members of a company's audit committee), as well as audit committee members, have a crucial role in supporting audit quality.

INFO 196 dictates that directors and audit committees should consider the following in order to ensure audit quality and effectiveness:

  • non-executive directors recommending auditor appointments and setting audit fees;
  • assessing the commitment of the auditors to audit quality;
  • reviewing the resources devoted to the audit, including the amount of partner time and the use of experts;
  • accountability within the audit firm for quality;
  • support by company management for the audit process;
  • two-way communication with the auditor on concerns and risk areas;
  • ensuring independence of the auditor, and
  • reviewing audit firm responses to findings from ASIC audit inspections.

When will this take effect?

The Principles and Recommendations take effect for a listed entity's first full financial year commencing on or after 1 July 2014.

This means that companies with a 30 June balance date are required to adopt the Principles and Recommendations for the financial year ending 30 June 2015. Companies with a 31 December balance date are expected to adopt the Principles and Recommendations for the financial year ended 31 December 2014. However, the Council has encouraged listed entities to adopt the Principles and Recommendations earlier.

Footnote

1King, A. 2014 ASX rules a windfall for internal auditors, Australian Financial Review, 16 April, viewed 16 April 2014 < http://www.afr.com/p/national/professional_services/asx_rules_windfall_for_internal_l7dtaijvomhoir1gld5wij >

© HopgoodGanim Lawyers

Award-winning law firm HopgoodGanim offers commercially-focused advice, coupled with reliable and responsive service, to clients throughout Australia and across international borders.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.