June 03, 2024
Share This:

How does your company currently verify and approve material disclosures? Many internal processes depend on broad-brush sign-offs from a few people based on their own expertise. As the regulatory and legal landscape evolves, companies ahead of the trend are increasingly seeking greater assurance before making public disclosures, including through more robust verification and fact-checking practices.

The old state of verification

For a diminishing number of companies, taking a broad-brush sign-off approach remains the key strategy to ensure material statements are accurate. Reports may be drafted with input from multiple teams, with individuals assigned responsibility for each section. Under this model, the burden of responsibility lies with individuals to ensure material statements are accurate and not misleading. Sign-off is given via email, or in verbal governance meetings with limited requirement to directly link material statements to corroborating evidence, or to generate an audit log or verification report.

While this level of governance may work for some teams—particularly those with a small number of employees or a higher risk appetite—relying on broad sign-off potentially exposes companies to risks that are otherwise avoidable.

Reducing reporting risk exposure with internal controls

As the global trend towards more evidence-based disclosure standards gains momentum—particularly for ESG reporting and more robust internal controls being implemented in the UK and beyond—the old way of sign-off is unlikely to remain adequate for most listed companies. Regulatory bodies in Australia, the United Kingdom and the United States all emphasise the need for evidence-based internal controls to ensure that material statements are accurate. 

 

Reporting regulations in Australia: In Australia, the ASX Corporate Governance Council Principles 4th Edition recommends that “reports are based on a sound system of risk management and internal control… Independent assurance processes (including external audit review or other assurance engagements) do not remove these responsibilities.” Previously, a sweeping sign-off from individuals, coupled with external assurance, might have been enough to satisfy regulations. But in an evolving regulatory landscape, relying solely on external auditors will soon be unsatisfactory. 

Reporting regulations in the UK:  In the United Kingdom, the revised Corporate Governance Code indicates that boards will be responsible for not only establishing the company’s risk management and internal control framework, but for maintaining it. This regulatory focus on risk management and internal controls ties in with the new requirement for an annual board declaration. Disclosures for publicly listed companies need to adhere to the level of accuracy enshrined in Schedule 10A of the Financial Services and Markets Act 2000 (FSMA), which potentially gives shareholders the right to sue UK listed companies that publish misleading information to the market. 

Reporting regulations in the US: For many years, listed companies in the USA have been working under the onerous requirements of the Sarbanes-Oxley Act (or SOX), which is designed to protect investors from fraudulent financial reporting by corporations. At its core, the Act enshrines corporate responsibility around reporting and allows for significant penalties for corporate officers who do not comply with its obligations.

The new standard: evidence-linked verification

Internal controls that link disclosures to relevant evidence ensure that both your company and the individuals within it are protected. This includes verifying material statements, and is particularly important if you are in a highly regulated industry, or are exposed to government scrutiny or shareholder activism. Taking a broad-brush sign-off approach relies solely on individuals’ knowledge of their work stream and area of expertise; this leaves your reporting processes vulnerable to human error and employee churn, particularly when up against tight deadlines. False or misleading statements can be disastrous for a company’s reputation and shareholder confidence, as well as expose businesses—and, increasingly, individual directors—to regulatory action.

Upgrading your verification processes with an audit log, verification report—or by using verification software such as Atticus, which automates the creation of both— will help mitigate the risks of broad sign-off by:

  • Providing a clear, central record of what’s been approved, when, and by whom. 
  • Supporting material statements with appropriate data.
  • Reducing the likelihood of human error by requiring clear sources to back-up each statement. 
  • Safeguarding against the loss of important information when people move roles or leave the company. 

An evidence-linked internal verification process ensures that multiple people have dug into the appropriate source material to ensure that the statements being made are accurate, and supported by appropriate evidence. Internal controls also clarify expectations across teams, with a standardised approach that ensures all employees are using the same process. Rather than replacing the old sign-off approach, internal verification makes it more rigorous because an individual’s name becomes attached to each claim in a centralised document—and an audit log can be produced to outline any changes.

Leading companies conduct evidence-linked verification.

Atlas Arteria (ASX100) uses verification software to improve ownership.

Atlas Arteria, an ASX100 company in the global infrastructure sector, uses Atticus for their verification. Investor Relations Manager Alasdair Morrison explains that being able to assign ownership of specific material statements to individuals “really puts an emphasis on personal accountability, and ensuring the person responsible for verifying a statement has the right evidence to back up the claim.” This increased accountability fosters a higher level of scrutiny during verification, further reducing risk for the business. In turn, internal verification can improve the overall quality of a company’s governance by offering enhanced oversight, a single source of truth, and precise reporting. 

Kingfisher (FTSE100) ensures greater internal control with verification software.

In the UK, international home improvement company Kingfisher has streamlined internal and external audit processes by centralising critical company information within Atticus. Using Atticus, over 100 staff members were able to collaborate and centralise the verification of key disclosures including the annual report. As Deputy Company Secretary Daniel Rose explains, “Previously, our verification processes required Word documents to be divided into separate sections for reviewers to assess content and provide confirmation through SharePoint. Excel was also used to coordinate the verification of the annual report.” For Kingfisher, Atticus ensures a higher level of internal control on their financial and material disclosures, reducing the company’s exposure to regulatory risk. 

The consolidation of all our information into one accessible location has proven to be extremely beneficial for external and internal audit processes.

Daniel Rose
Deputy Company Secretary, Kingfisher plc

Get started with evidence-linked verification.

As the level of required governance increases across industries, consider getting started with simple ways to enhance accountability for verifying statements. While it can be daunting to overhaul internal processes, software can help make the transition easy. With a small uptick in effort, you will see both a gradual increase in the quality of your reporting and overall efficiency gains. Dozens of listed companies across the ASX100, LSE, and US markets are already using Atticus—get in touch to find out more.