2024 Code - Internal Controls Declaration: What you need to know

What is the Internal Controls Declaration?

The FRC has announced details of the New 2024 Corporate Governance Code, which creates the requirement for the board to make a public declaration an Internal Controls, this will require investment of time and resource to ensure compliance.

The changes will take effect for accounting periods beginning on or after 1st January 2026, so Boards will need to attest for years ending 31st December 2026 onwards. The declaration will be “as at” date and covers Operational, Compliance and Reporting (including Financial) controls and Boards will need to state how they have performed their monitoring of material controls in their annual report. Key elements that are required to be included in the annual report: 

• A description of how the board has monitored and reviewed the effectiveness of the framework;
• A declaration of effectiveness of the material controls as at the balance sheet date; and
• A description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues

What is the value to the Board and C-Suite

Compliance with new requirements will require investment, while avoidance of penalties or sanctions is a driver, where is the real value?

Avoiding penalties and sanctions that will be part of the enforcement regime are an important drive, however directors, the board and management teams should also see the introduction of the Internal Controls Declaration as an opportunity to drive value and efficiency in their business.

• Improvements in the control environment, risk management and optimisation of assurance will drive increases in quality, efficiency and insight, through:
  • Increased Executive Risk visibility with consistent measurement, metrics and leading indicators across the organisation – transition from a 'siloed reactive' to a 'consistent proactive' approach;
  • Deeper control awareness and improved MI will enable greater transparency and accountability across the business – data analytics will drive deeper insight and shared learnings;
  • Reduction in intensive manual activities and increased robustness and resilience of finance and IT functions.
• Almost 80 per cent of CFOs of US-listed companies said the overall quality of information in audited financial statements improved after SOx was introduced in the US¹
• Energising the team and as a platform for improving ‘controls culture’ and driving the right behaviours across the organisation, especially with further changes on the horizon, such as the new ESG disclosure rules.

1. According to a poll by the Center for Audit Quality in 2017
  

How long will compliance take and when do you need to start preparing?

Below you will find a sample road map to compliance with the new Code. Clearly, your business will have its own unique challenges, and the nature and size of your organisation being important considerations as you develop your road map. Experience has shown us that the sooner you start to plan for the transition, the higher the effectiveness and efficiency of the change programme, an example road is shown below:

How can we help

• Support the board in preparing a Road Map to compliance including - deploy and implement a methodology and the operational processes, to drive robust and reliable outputs that the Board has full confidence to certify the Statement on Internal Controls
• Deliver bespoke awareness sessions focused on the new statements and disclosures, tailored for both NEDs and Senior Management
• Help you identify, manage and assure risks in accordance with your risk appetite.
• Performance of a detailed Internal Controls Declaration readiness assessment, by subject matter experts, to provide you with insight into the current state of relevant processes and controls, remediation activities required and advise on supporting tools 
• Design new processes and controls to address gaps, advise on improvements to the efficacy and efficiency of existing processes controls and practical recommendations for improvement
• Provide specific recommendations on how to optimise automation and how to leverage tooling to minimise manual processes
• Wherever your business is on the controls and risk management maturity journey, we can help you achieve your objectives within your timetable, and provide you with a solution that is ‘sustainable by design.’
• We will take care of the heavy lifting:
  • Our subject matter experts are fast but thorough, we will perform detailed process and control deep dives leveraging our extensive experience across Reporting, Compliance and Operational Controls
  • This will provide you with insight into the current state of controls, remediation activities required, tools that can support you and the amount of effort required to achieve your objectives within your timetable
  • Creating ‘sustainable by design’ documentation, processes and tools drawing on our rich capability of process mapping and control design expertise
  • We will design new controls to address gaps, advise on improvements to the efficiency of existing controls and recommendations to increase automation, for example help you integrate remediation activities into existing transformation projects or system changes/upgrades