Board Priorities 2024: Internal Controls
11 January 2024
All companies, led by their boards, must have some form of enterprise risk framework, ideally accompanied by a clear risk-appetite statement and well-understood assurance processes. Boards should ensure these internal controls provide a clear line of sight to the ground level relative to the principal risks each organisation faces.
These controls cannot exist in a compliance silo. To be effective, they rely on a healthy culture, where a common purpose and values and aligned behaviours are considered central to business objectives and continually reinforced by tone from the top. Where paying 'lip service', whether it be on matters of ESG, compliance or internal controls, is challenged. Creating such a culture is by no means easy.
Getting this right will: (1) mitigate directors' personal risk profile, recognising that directors are responsible for the powers they delegate and are always ultimately accountable for their discharge; (2) validate risk appetite and tolerance; (3) mitigate the risk of the reputational fallout from an event which cuts across an organisation's stated purpose and values; and (4) if done properly, allow risk management and related controls to become value enhancing and not just value preserving.
T: + 44 7823 341 024
E: Will.Chalk@ashurst.com
Will Chalk is a Partner in the Corporate practice at Ashurst. He provides corporate governance and compliance advice to UK listed, AIM and larger private companies. This includes advice on directors' duties, FCA Handbook and AIM Rules requirements, narrative reporting obligations and governance code recommendations. He also provides advice on how boards can respond to the increasingly important ESG agenda, including cyber preparedness. Will spends a lot of his time delivering induction and update training to individual directors, boards, and senior management teams as well as general counsel and company secretaries.
T: + 44 7930 323 758
E: Nisha.Sanghani@ashurst.com
Nisha is a Partner within Ashurst Risk Advisory and head of the Regulatory, Governance, Operational Risk & Resilience team.
With over 18 years of consultancy and in-house commercial experience, Nisha is renowned for her product and business knowledge. Her experience includes providing deep technical governance and risk expertise as well as leading complex regulatory projects. Before joining the Ashurst consulting team as one of the founding Partners of the UK Risk Practice, Nisha founded Rosediem Consulting which she led as CEO for nine years. Rosediem was awarded ‘Best Specialist Financial Regulatory Consulting Firm’, and Nisha was recognised by The CEO Publication as one the UK’s top 20 dynamic CEO’s.
Well-known for her ability to provide interpretations for some of the most complex practical challenges and due to her commercially minded approach to compliance, risk and governance, Nisha is often called upon by Board level executives for advice and support.
This publication is a joint publication from Ashurst LLP and Ashurst Risk Advisory LLP, which are all part of the Ashurst Group.
Ashurst Risk Advisory LLP services do not constitute legal services or legal advice, and are not provided by qualified legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of risk advisory (non-legal) services.
This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.