L'enfant terrible

Dr Ulysses Chioatto discusses the many challenges of adopting the RG 247 regulatory guide.

Happy birthday RG 247! On 27 March 2014, this new regulatory guide turned a year old. Directors of listed entities are only now coming to grips with this new enfant terrible’s effect on their duties as fiduciaries in dealing with misleading and deceptive conduct in their financial reporting.

Directors must be aware that there is now a stronger emphasis on better financial reporting about the key drivers of a business, including its strategy and future prospects and the key material business risks to achieving that strategy and future prospects.

RG 247 gives guidance to listed entities on how to prepare the operating and financial review (OFR) section of the annual report in compliance with the requirements of section 299A(1)(a)-(c) of the Corporations Act 2001.

A key element of the Australian Securities and Investments Commission’s (ASIC’s) interpretation of the Act is its expansion of the concept of “prospects for future financial years” to include “material business risks”.

Local and global changes

Directors could be forgiven for feeling “punch drunk” given the noisy field of contenders for the title of champion risk management system.

Although the drive to enhance risk management systems and improve disclosure and reporting on risk management practices is no longer mere lip service, directors face getting a fat lip in their attempts to take on the many major developments that address some of the perceived shortcomings of the current financial reporting regime.

Directors may be aware of the release of the International Integrated Reporting (IR) Framework in December 2013.

Among other things, the IR Framework requires companies that choose to use it to answer the following: “What are the specific risks and opportunities that affect the organisation’s ability to create value over the short, medium and long term, and how is the organisation dealing with them?”

Closer to home, the Australian Securities Exchange (ASX) Corporate Governance Council ironically released its third edition of its Principles and Recommendations on the birthday of RG 247.

The guidelines represent better corporate governance practices. A key focus of the draft for the guidelines, issued in August 2013, was on risk management, including establishing a risk committee, conducting risk management reviews at least annually, internal audit of risk management processes and disclosing how they have regard to economic, environmental and social sustainability risks.

The risk committee has made it to the final cut, but it has been downgraded to a mere footnote and watered down in the text to read: “The board of a listed entity should have a committee or committees to oversee risk.”

The third edition does not come into effect until a company’s first full financial year starting on or after 1 July 2014.

Directors should also note that the emphasis on risk management and more meaningful disclosure has been a global pursuit since the 2008 financial crisis. Subsequent new disclosure regulations have been created in the US, Canada and the UK that require public disclosure of details on how boards oversee the effectiveness of risk management processes.

Competing risk standards

The ASX council’s guidelines cite both the International Organization for Standardization (ISO) and the Committee of Sponsoring Organizations of the Treadway Commission (COSO) standards on risk management.

The ISO standard (31000), published on 13 November 2009, is a family of standards relating to risk management. It enables all strategic, management and operational tasks of an organisation throughout projects, functions and processes to be aligned to a common set of risk management objectives.

One of the key paradigm shifts with ISO 31000 is a change in how risk is conceptualised. It now defines “risk” from “chance or probability of loss” to “the effect of uncertainty on objectives” so “risk” then refers to positive possibilities as well as negative ones.

In 2001, COSO, a joint initiative of US private sector organisations, engaged PricewaterhouseCoopers to further develop an enterprise risk management and financial reporting framework. The Enterprise Risk Management - Integrated Framework was published in 2004.

COSO’s approach is generally considered overly complicated and not as user friendly as
ISO 31000.

Directors can understandably point out that setting the context of “material business risks” is coloured by these competing international risk management standards. However, the standards should be used to better address the disclosure of material business risks.

Meaningful disclosure for shareholders should include the most significant areas of uncertainty and be limited to risks that could affect the entity’s achievement of the financial prospects, rather than be an exhaustive list of generic risks or no risks at all.

Directors should explain why each identified risk is significant and how these risks can be controlled or managed – and the international standards help to do this.

ISS study on RG 247

RG 247 gives guidance on generating effective disclosure in the OFR. Institutional Shareholder Services recently completed a study into this question and reviewed the annual reports of 38 S&P/ASX 200 companies in the extractive and mining services sectors, comparing the quality of disclosure against RG 247’s provisions on business strategies, prospects and material business risks.

Our report identified the features that make these disclosures meaningful.

Such disclosure is important to investors, but it is difficult to decipher from the current level of disclosure how important the board and management regard the risks involved.

One way directors may indicate the importance of these risks is by linking the management of them to the key performance indicators (KPIs) in determining remuneration for key management personnel (KMP).

Our study analysed the degree to which the identified material business risks were linked
to KPIs.

We found that of the 30 annual reports that identified material business risks, 11 of them linked some of those risks to the KPIs of their KMP.

These KPIs were all part of short-term incentive schemes, with two companies also linking risks to the KPIs in long-term incentive schemes.

The most often recurring risk linked to a KPI was the health, safety and environment (HSE) risk.

The HSE risk was linked to a HSE KPI in eight of the 11 times a material business risk was linked to a KPI.

Disclosure carve-out

There is a carve-out provision, but it cannot be abused by companies.

Directors can omit disclosures on business strategies and prospects in their annual reports where such disclosure is “likely to result in unreasonable prejudice” to the entity.

ASIC considers it a rarity for entities to rely on this exemption as a basis of disclosing no information on business strategies and prospects.

It states: “If information has been omitted under the exemption in section 299A (3), the OFR must disclose this under the terms of that provision.”

Our study found that not much notice has been paid to using the “unreasonable prejudice exemption”.

Only six of the 38 annual reports indicated that the company was relying on the exemption, but it seemed that all companies were omitting some information on the basis of this exemption without spelling it out.

Forge: a live example

The recent voluntary administration of the engineering, construction and maintenance service provider Forge Group, provides a good example of where disclosures consistent with RG 247 requirements may have more clearly revealed Forge’s situation in 2013, given the rosy picture painted in its annual report of its underlying business, prospects and risks.

In retrospect, it should have been reasonable to expect that its 2013 annual report contain some indicators of its problems, given how soon after filing its 2013 annual report Forge was placed into voluntary administration.

This was not the case. Forge’s 2013 annual report was very positive on its performance and outlook.

In particular, the chairman’s letter and managing director’s report in its 2013 annual report gave the distinct impression that Forge was in a healthy financial position and had strong prospects with no relevant material business risks cited that could reasonably have been expected to be known.

What to expect

ASIC has indicated that listed entities will be required to disclose their material business risks in order to satisfy the law relating to misleading or deceptive conduct.

The interaction between section 299A of the Corporations Act and the misleading or deceptive conduct provisions suggests that the requirement to prominently and meaningfully disclose material business risks increases the more positive disclosures about prospects.

We found many egregious examples in our study, which should concern directors in terms of what to expect next.