From 2005 British quoted companies will have to report on the risks facing their business, their future prospects and current performance in a new statutory Operating and Financial Review (OFR). For the first time, the efficacy of a business's risk management process will be under the external spotlight. Companies will be required, not just to confirm the existence of a risk management process, but to spell out specific risks and explain how the business is managing them. Omission of relevant information or misleading statements could result in unlimited fines and criminal proceedings.
Current reporting requirements focus primarily on quantitative data relating to tangible assets and past performance. Annual reports may contain information relating to current business performance, but little forward-looking qualitative information that could be helpful to users in assessing a business's future prospects.
The OFR is set to change this. This directors' overview of the company will require businesses to 'look ahead at possible future trends and developments' and report on all matters that would enable shareholders and other stakeholders to 'assess the company's strategies and potential for them to succeed.' This will entail wider reporting of factors that could impact business performance, including future strategies, opportunities, risks and uncertainties facing the business and intangibles such as the quality of the workforce, the strength of key relationships with customers, suppliers and regulators, and impacts on society and the environment.
Transparency and accountability
In July 2002 the Government published its White Paper, Modernising Company Law, which supported many of the proposals of the wide-ranging Company Law Review. A key element was a new mandatory Operating and Financial Review, designed to increase transparency and director accountability, by improving the quality, usefulness and relevance of company information.
It aimed to improve users' understanding of the business and its prospects, and to encourage shareholders to exercise effective and responsible control.
Some items were always to be included in the OFR; other items were to be included only when directors, in good faith, judged them to be relevant to an understanding of the business.
Although a voluntary form of the OFR has been in use for some time, the content and rigour of company reporting vary widely. A significant proportion of large companies fall well short of the Accounting Standards Board's (ASB's) current statement of best practice for the OFR. This recommends discussion of major risks and the directors' approach to managing them, in areas such as skill shortages; technological change; dependence on major suppliers or customers; environmental issues; product liability; regulatory issues; change in demographic, political or macro-economic conditions, and other reputational risks.
In July 2003 the Government announced its intention to fast-track the mandatory OFR as part of its response to restoring trust in UK business following the spate of corporate scandals. In May 2004 the Government issued its Draft Regulations on the Operating and Financial Review and Directors' Report and its Practical Guidance for Directors. The OFR will apply to all but the smallest British companies listed on the main UK stock exchange or on major overseas exchanges for financial years commencing on or after 1 January 2005. Following a consultation period, the statutory OFR proposals will be implemented later in 2004 by secondary legislation under the existing Companies Act 1985.
The Draft Regulations incorporate requirements under the EU's Accounts Modernisation Directive, effective from the same date, which has similar aims to the OFR. The Modernisation Directive requires companies to include in their annual reports an 'enhanced review' of operations, with improved and more transparent reporting on financial and non-financial matters.
It will apply to a greater number of businesses than the OFR, as it will include AIM and OFEX listed medium and large companies.
New reporting demands
The OFR aims to be a 'balanced and comprehensive analysis of the development and performance of the business of the company and its subsidiary undertakings'.
It should set out the 'main trends and factors underlying the development, performance and position of the business', both during the past financial year and those likely to affect it in the future. It should enable shareholders and other stakeholders to assess the company's strategies and potential to succeed so they can make timely and well-informed decisions about their interest ('stake') in the business. When determining whether a particular item should be included in the OFR, the acid test is whether its omission, mis-statement or inadequate description could misrepresent the business to stakeholders and influence their judgements.
Although the primary audience for the OFR is a company's 'members' - its investors - other stakeholders, such as employees, customers, suppliers, regulators, or pressure groups will also be relevant. Their behaviour towards the company, based on their requirements, expectations, experience and understanding of it, have the potential to impact the business's future performance and prospects. In deciding what should be included in the OFR, directors will therefore need to take a broad view, which takes into account the agendas not only of their investors, but also of other key stakeholders.
Directors will be required to state whether the OFR has been prepared in accordance with relevant reporting standards and, if not, why not.
This is consistent with the 'comply or explain' principle used in the Combined Code and elsewhere. The company's external auditors will need to express an opinion on whether the directors have prepared the review 'after due and careful inquiry', thereby providing high-level assurance to users of the report.
To assist directors in determining what should be included, the Government has issued Practical Guidance for Directors, which sets out six principles to apply in arriving at their judgements, and six criteria for establishing an effective process. The Guidance also includes a useful checklist of ten questions for directors when implementing the process. Further guidance will be provided by the OFR standard to be developed by the ASB.
Implications for the risk manager
So what does all this mean for the risk manager? The OFR will undoubtedly raise the profile of risk management within a business. The results of risk management work and the judgements made on specific risks will now enter the public domain and be subject to widespread external scrutiny by shareholders, regulators, pressure groups and other stakeholder interests.
Practical Guidance for Directors highlights the need for the future significance of a risk to be taken into account when determining whether it should be included in the OFR. 'A specific business risk may be well managed today, and its immediate consequences may therefore be small, but it may nonetheless be of potential significance in the future ... assessments may well be affected by an appreciation of the risk, of management action to mitigate it, and the timescale within which it might become significant'.
The Guidance also stresses the need to assess impacts in a systematic and comprehensive way. An item which at first sight appears minor, may be material if it affects key stakeholders. For example, a nominal fine for environmental pollution has only a minor short-term financial impact, but may have grave longer-term consequences for the business's reputation.
Equally, an issue that on a standalone basis appears immaterial, may have a potentially significant impact when considered in conjunction with other risks and impacts.
Low likelihood/high impact threats and opportunities, such as expected regulatory changes, should also be considered. Users of the OFR need to know 'not only about probable events with significant impacts, but also about less likely events if their impact would be highly significant'.
Directors will therefore need to consider both a risk's probability of occurrence and its likely impact.
An effective risk management system which enables risks to be identified, assessed, compared and accumulated across the business, will be critical in meeting these new demands. Risk managers will need to ensure that their business's risk management systems can provide the requisite information.
Rising to the OFR challenge
Getting the balance right will enable directors to build stakeholder trust and enhance reputation by explaining their stewardship of the business and demonstrating that it is well run. Getting it wrong by missing or understating the impact of relevant risks, by including bland 'boilerplate' statements or by swamping the OFR with irrelevant minutiae which conceal the true business picture, could dent stakeholder confidence and result in fines or prosecutions.
The stakes for the risk manager have never been higher. This is your opportunity to rise to the challenge and support your directors in providing that 'balanced and comprehensive analysis' of business risks which is critical to success of the OFR - and to the future success of your business.
- Jenny Rayner is director of independent risk management and corporate governance consultancy Abbey. She will be running a workshop on the implications for risk managers of the new OFR at the Institute of Risk Management's annual Risk Forum at Keele University on 20-21 September 2004, E-mail: jenny@abbeyconsulting.co.uk
OFR CONTENTS
The OFR must always include:
- a statement of the business, objectives and strategies of the company
- a description of the resources available
- a description of the principal risks and uncertainties
- a description of the capital structure, treasury policies and objectives and liquidity of a company.
It should also include details 'to the extent necessary' for an assessment of the business, relating to:
- employees
- environmental matters
- social and community issues
- the persons with whom the company has relations which are essential to its business
- receipts from, and returns to, members of the company in relation to shares held by them.
The review should include analysis using financial and other key performance indicators. These should be selected to allow the business's development, performance or position to be 'measured most effectively'.
INFORMATION AND GUIDANCE AVAILABLE NOW
- Draft Regulations on the Operating and Financial Review and Directors' Report: A consultative document, DTI, May 2004 - Will be updated following the 6 August 2004 end of consultation period.
- The Operating and Financial Review: practical guidance for directors, DTI May 2004 - To be updated to reflect changes made to the regulations.
Both the above available from
- Accounting for People: Report of the Task Force on Human Capital Management, October 2003. Available from www.accountingforpeople.gov.uk
- Operating and Financial Review Statement, Accounting Standards Board, January 2003. See www.asb.org.uk
FORTHCOMING
- Accounting Standards Board (ASB) to prepare a detailed OFR standard to. Exposure draft planned for second half 2004; to be finalised in 2005.