Sally Freeman, National Managing Partner – Risk Consulting, KPMG, said: “ The third edition of the ASX Principles is the first full revision since 2007 – in other words since the Global Financial Crisis. The lessons learned from the GFC have been reflected in a raft of important changes, including the obligation on companies to disclose details of their internal audit function – or lack thereof.
“Greater disclosure of risk is also evident - economic, environmental, and social sustainability. We are pleased however that despite the terrible shocks caused by the GFC, the ASX has not been tempted down the heavily regulated route, and has stuck with a principles-based approach, which we strongly support as the best way to rebuild confidence and trust”.
The renewed emphasis on risk is enshrined in Principle 7 which sets out the need for listed companies to have at least one committee to oversee risk, the majority of whose members should be independent directors. The Principle calls on companies to spell out details of their internal audit functions, or the processes they employ for evaluating and improving risk management and internal control processes. And it requires companies to disclose whether they have material exposure to a range of risks and how they intend to mitigate them.
Another notable change, post-GFC, is in Principle 3, which demands that companies ‘act ethically and responsibly’. This is a notable strengthening of the previous exhortation on them to ‘actively promote ethical and responsible decision-making’.
Sally Freeman said: “Principle 7 is, to me, the most fundamental of the changes, and reflects the central place of risk in modern business, post-GFC. The focus on internal audit is also important - in a recent KPMG global survey of audit committee chairs, most were very keen for their internal audit functions to assess key risks as well as checking the internal controls, but many doubted these functions had enough skills and resources to do the job. This is something companies need to address”.
She added: “While the ASX Principles and Recommendations set the requirements for corporate Australia, it should be noted that many listed entities already have a board-level risk committee, which we increasingly see going beyond the previous focus on the annual risk assessment. Companies are now making much more effort on embedding risk into their operations – it has moved from theory into implementation. Risk is often the inverse of strategy and a company which clearly documents and manages its risk appetite and mitigation strategies is optimising its commercial positioning in the market”.