Board Priorities 2024: Internal Controls
11 January 2024
All companies, led by their boards, must have some form of enterprise risk framework, ideally accompanied by a clear risk-appetite statement and well-understood assurance processes. Boards should ensure these internal controls provide a clear line of sight to the ground level relative to the principal risks each organisation faces.
These controls cannot exist in a compliance silo. To be effective, they rely on a healthy culture, where a common purpose and values and aligned behaviours are considered central to business objectives and continually reinforced by tone from the top. Where paying 'lip service', whether it be on matters of ESG, compliance or internal controls, is challenged. Creating such a culture is by no means easy.
Getting this right will: (1) mitigate directors' personal risk profile, recognising that directors are responsible for the powers they delegate and are always ultimately accountable for their discharge; (2) validate risk appetite and tolerance; (3) mitigate the risk of the reputational fallout from an event which cuts across an organisation's stated purpose and values; and (4) if done properly, allow risk management and related controls to become value enhancing and not just value preserving.
This publication is a joint publication from Ashurst LLP and Ashurst Risk Advisory LLP, which are all part of the Ashurst Group.
Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of risk advisory (non-legal) services.
This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.