The proposals from the Corporate Governance Code Monitoring Committee earlier this year to update the code do not go far enough for many organizations. Among others, the NBA, Eumedion and BDO had such criticisms. Cm: Name some important points.
During the consultation on the update proposals, there was a positive response to a number of proposals, but there was also clear criticism. This usually means updating the code so that it reflects current market ideas, but not being ambitious or encouraging laggards to adapt to best practices. Here are some points in the code that experts believe can be improved.
Declaration on risk management (VOR)
The auditing firm BDO calls it a ‘missed opportunity’ that the recommendation from the Committee on the Future of the Accounting Sector (Cta) to introduce a Risk Management Statement (VOR) has not been included in the proposals for updating the Corporate Governance Code. The CTA conducted an analysis of control statements in the United States and the United Kingdom and concluded that a Board of Directors would be wise to issue a statement on what risk management systems are used to mitigate operational, compliance and reporting risks.
In the current Code, these non-binding provisions are limited to financial risks. “A clearer role for the auditor will also be appropriate here to provide assurance regarding this management statement regarding risk management,” BDO believes.
The NBA industry association also says they see an absolute added value in a VOR for businesses. “In that light, we regret, despite the aforementioned positive recommendation from the Minister of Finance, that the related recommendation from the Committee on the Future of the Accounting Sector (Cta), further elaborated by Leiden University, has not been included in the update proposal,” the NBA board wrote. reply.
Further update of risk management
Eumedion also agrees with that sentiment. The investor interest organization regrets that the risk management has only been updated in the internal audit function. Minister of Finance Hoekstra had asked the committee about this in response to the results of risk management in a report from Leiden University. ‘Responsibility for risk management is a crucial part of the code,’ the then outgoing finance minister wrote in a letter to parliament. “I am convinced in committee that it will ensure that the Code remains relevant and up-to-date on this point.”
The control statement focuses on financial reporting risks, and according to the organization, nothing has changed in the 19 years the Code has existed. ‘If the recommendations are [het Leidense rapport] If the monitoring committee finds it too controversial to include it in the code, the minister will probably have no choice but to translate the recommendations into legislation, ‘Eumedion replies.
Make sustainability more ambitious
A frequent complaint is that the code has been adapted to European rules and is not very ambitious. CSRD and CSDD go even further than what the update proposals aim for. “Eumedion believes that the proposals in question more or less codify existing market practices (‘common practice’) instead of encouraging ‘middle group’ of listed companies and delaying the introduction of ‘best practices’ in the market; the original purpose of the code.” The Council for Annual Reporting advises on a number of points to refer to the detailed provisions in guidelines such as the CSRD.
Special attention to IT security
BDO wonders why there has been no attention paid to digitization and cybersecurity. This should be explicitly stated in the section on risk management. ‘In all studies of high-impact risks in organizations, cybercrime is among the biggest risks as a threat to continuity and damage to reputation. It shows that the management of a company cannot avoid integrating cyber security into the company’s existing internal control and risk system. ‘
The Communications Board
In addition, the Board of Supervisors’ communication on the election of auditors needs to be improved, the NBA replies. It was also a point at Cta that the industry association does not see reflected in the update proposals. The NBA supports these recommendations from the CTA and urges that they be included in the Code. In particular, communication about the auditor’s results meets the information needs of several stakeholders. ‘