The Turnbull Report, officially titled “Internal Control: Guidance for Directors on the Combined Code,” was first issued in 1999. Prepared by a working party of the Institute of Chartered Accountants in England and Wales (ICAEW) and endorsed by the London Stock Exchange, this report provides essential guidance to the directors of UK-listed companies regarding risk management and internal controls.
Key Revisions
- 2005: The guidelines were revised to incorporate feedback and evolving practices in corporate governance.
- 2014: The Financial Reporting Council (FRC) issued an expanded document that superseded the Turnbull Report, providing a more comprehensive set of guidelines.
Risk Management
Risk management encompasses identifying, evaluating, and managing risks to achieve business objectives. The Turnbull Report stresses a proactive approach to risk management, urging companies to integrate it into their strategic planning processes.
Internal Controls
Internal controls are mechanisms put in place to ensure the integrity of financial reporting, compliance with laws and regulations, and effective and efficient operations. The report emphasizes that directors should regularly review the effectiveness of these controls.
Risk Management Cycle
The risk management cycle includes identification, assessment, response, monitoring, and reporting.
Internal Control Components
According to the Turnbull Report, effective internal control systems should have the following components:
- Control Environment: The overall atmosphere created by an organization’s governance and management.
- Risk Assessment: Identifying and analyzing risks that may prevent achieving objectives.
- Control Activities: Policies and procedures to address risks.
- Information and Communication: Ensuring relevant information is communicated in a timely manner.
- Monitoring: Regularly assessing the performance of internal controls.
Importance
The Turnbull Report remains crucial for the following reasons:
- Enhancing Corporate Governance: It provides a structured framework to ensure accountability and transparency.
- Risk Mitigation: By offering guidelines on risk management, the report helps companies anticipate and address potential issues.
- Regulatory Compliance: Helps companies stay compliant with statutory requirements, thus avoiding penalties.
Practical Implementation
Companies such as Tesco and Barclays have adopted the Turnbull principles to strengthen their internal control systems, resulting in improved governance and reduced incidents of fraud and financial misstatement.
Considerations
While implementing the Turnbull guidelines, companies should consider:
- Tailoring to Organizational Size: Customizing the guidance based on company size and complexity.
- Regular Reviews: Continuously updating risk management and internal control practices to adapt to changing business environments.
- Combined Code: The initial set of principles and guidelines on corporate governance for UK companies.
- Cadbury Report: A precursor to the Turnbull Report, focusing on corporate governance best practices.
- Financial Reporting Council (FRC): The UK regulatory body that oversees corporate governance and financial reporting.
Turnbull Report vs. Sarbanes-Oxley Act (SOX)
While both documents aim to improve corporate governance, the Sarbanes-Oxley Act is a US federal law with mandatory provisions, whereas the Turnbull Report is a set of guidelines for UK companies.
FAQs
What is the main purpose of the Turnbull Report?
To provide guidance on risk management and internal control practices for UK-listed companies, ensuring robust corporate governance.
How often should companies review their internal controls?
The Turnbull Report recommends regular reviews to ensure effectiveness and responsiveness to changing risks and business environments.