EC to update non-financial reporting directive
The European Commission (EC) is planning to update its non-binding guidance on how to implement the Non-Financial Reporting Directive and set out proposals for consultation in June 2020. The directive, which affects about 6000 companies in Europe, sets out how organisations can effectively communicate the environmental, social and ethical impacts of their behaviour to stakeholders.
Delegates heard how businesses in different countries had sought to implement the directive. In Germany, for example, companies had used a broad variety of formats to report non-financial data. In addition, 81% of companies had their statements audited with limited assurance, with only half publishing an audit certificate in this area, according to a recent study. A separate study examining 80 companies based in France, Germany and the UK, suggested that while almost all reported on their non-financial reporting policies, there was a lack of connection between the policies and outcomes, key performance indicators and risk .
Finally, the EC presented the results of its own initial consultation on how the directive is being implemented. “Some factors are affecting the effectiveness of the directive include the flexibility of the framework, the materiality definition and the assurance process of the information,” according to Tom Dodd, the B3 policy case officer for corporate transparency.
“While the implementation of the directive is still in its early phases across Europe, it is already clear that companies are struggling with the providing assurance that the data that goes into their non-financial reports is robust and reliable,” Farid Aractingi, ECIIA President, says. “That is clearly an area that internal auditors can help with because of their unique oversight role in their organisations.”
ECIIA has already advocated to DG FISMA that businesses adopt the three lines of defence model of corporate governance. Under the model, the first and second lines of defence are responsible for internal controls and risk management, while internal audit provides independent assurance that those systems are well-designed and functioning properly. “The model puts internal auditors in an ideal position to assist companies in ensuring accuracy in non-financial reporting,” Aractingi says.
The EC has adopted guidelines to help companies make better disclosure on the environmental and social impact of their activities.
The guidelines aim to help companies develop their non-financial reporting in ways that are more consistent and comparable. The EC says it wants to boost corporate transparency and performance, as well as encourage companies to embrace a more sustainable approach.
“Europe needs to take the lead in making economies greener and more sustainable,” Valdis Dombrovskis, Vice-President responsible for Euro and Social Dialogue, Financial Stability, Financial Services and Capital Market Union, said: “By providing relevant information on their environmental and social credentials, companies are doing themselves a favour and helping their investors, lenders and society at large.”
Meanwhile, the EC’s high-level expert group on sustainable finance has published its first report setting out concrete steps to create a financial system that supports sustainable investments. The Commission intends to explore some of the report’s recommendations that may help create a low carbon, more resource-efficient and sustainable economy.
“It will be very important for organisations to have robust processes underpinning their non-financial reporting systems,” Henrik Stein, ECIIA President, said. “Internal audit’s unique oversight position as the third line of defence gives it a critical role to play in helping organisations improve their non-financial reporting capabilities.”
The adoption of the new guidelines will supplement the already existing EU rules on non-financial reporting (Directive 2014/95/EU). Companies falling within its scope have to disclose relevant information on policies, risks and results as regards environmental matters, social and employee-related aspects, as well as respect for human rights, anti-corruption and bribery issues, and diversity on the boards of directors.
A major conference on emerging cyber issues held under the Slovak Presidency of the Council of the European Union has highlighted the need for businesses to work harder in areas such as cyber security, cyber research and development, crime, defence and diplomacy.
Over 180 delegates attended the gathering in Brussels in December to discuss a range of issues that need urgent attention. Those included how the Network and Information Security Directive (NIS) and the EU’s €1.8bn public-private partnership will help in the fight against cybercrime.
“This is an important initiative in an area of rapid change,” ECIIA President Henrik Stein, says. “Internal auditors will need to pay close attention to the outcome of such discussions if they are to continue to provide sound assurance over their organisations’ cyber responsibilities.”
Meanwhile, ECIIA and the Federation of European Risk Management Associations (FERMA) have already launched a joint initiative aimed at helping organisations strengthen their cyber defences. Its key objective is to help businesses define the best governance model when managing cyber risk.
The combined effectiveness of the various regulatory reforms made in the financial sector following the crisis of 2007-8 are unknown, according to respondents to the EU’s recent review of the issue.
Some attendees at a meeting in May, following the EU’s Call for Evidence on EU regulatory framework for financial services, said that the review was premature because many of the reforms had not had time to take effect.
“The reforms need time to bed in before there is further legislation in this area,” ECIIA President Henrik Stein says. “Internal auditors working in the sector are still helping their organisations put in place and test the appropriate controls and it will take time to see where further action may be required.”
Commissioner Jonathan Hill told the public hearing that the Commission was committed to legislating less and legislating better. He said he wants the Commission “to be more proportionate in the way legislation’s applied, more cautious before doing anything that might reduce liquidity, and more ambitious about reducing reporting and disclosure requirements where it’s appropriate”.
Many respondents urged the Commission to refrain from embarking on a process of deregulation until the full effect of the reforms was known.
For the summary of contributions to the call for evidence click here.
Three lines of defence model crucial to success of non-financial reporting
Internal audit can contribute most effectively to the successful implementation of the European Commission’s (EC) directive on non-financial reporting in organisations that have adopted the three lines of defence model of corporate governance, the ECIIA has told the EC.
Independent internal audit departments can help organisations transform their compliance with the directive from a box-ticking exercise to something that improves the accuracy and transparency of information across the entire enterprise.
“Internal audit has a broad view across all the systems and processes in organisations, and an in-depth understanding of risks and controls,” wrote ECIIA President Henrik Stein in the body’s response to the consultation. “This puts it in an ideal position to provide advice, assurance and insight around the reporting of non-financial information.”
As well as continuing to provide assurance to boards and senior management teams on how controls mitigate risks to the organisation, internal audit can also contribute significantly to non-financial reporting, for example, by reviewing:
The underlying processes for the production of the report, including governance
Risks identified in executive and board risk assessments around operational issues, stakeholder relationships, compliance and reputation
Issues of materiality
The balance between conciseness and transparency in the report
The accuracy of the description of the business model in the report.
For further reading on internal audit’s role in non-financial reporting, see: