Follow us

The Financial Reporting Council (FRC) has published its annual review of corporate governance reporting for 2024, which discusses the quality of reporting against the UK Corporate Governance Code 2018. This follows the release of its annual review of corporate reporting in the 2023/2024 reporting season more generally, which was published in September (see our blog post here).

Following the publication of the revised version of the Governance Code in January this year, this is the penultimate review which will consider reporting against the 2018 version of the Code. The 2024 version of the Code will apply to financial years starting on or after 1 January 2025, except for the changes to reporting on risk management and internal controls in provision 29 which will apply to financial years beginning on or after 1 January 2026 (see our snapshot for more details).

The FRC reviewed the disclosures made by 100 FTSE 350 and Small Cap companies which follow the Code, though the sample group was expanded to 130 companies when reviewing risk management and internal controls reporting, given the more substantive changes being introduced in this area by the 2024 Code.

Overall, this year the FRC found that far fewer companies departed from the Code, which the FRC views as resulting primarily from increased compliance with the provisions of the Code relating to the alignment of pension contributions, as companies have been able to move away from non-compliant arrangements. In 2024 only 28 of the companies sampled disclosed departing from at least one Code provision, down from 63 in 2023 (and 78 in 2022).

Findings of note in the review include:

  • Risk management and internal controls systems – None of the companies in the sample reported early adoption of the changes to provision 29, though a number of companies referred to on-going work in preparation for these changes. However, the FRC observed that fewer than half of the companies reviewed had reported appropriately on their review of effectiveness of these systems;
  • Cyber and IT risk – 89% of companies included cyber security as a principal risk and 27% included IT as a separate standalone principal risk; and
  • AI – The FRC noted a significant increase in reporting on AI, with 73% of the companies discussing AI-related matters, and 26 listing AI as an emerging risk.

As usual, the review includes specific examples of good reporting drawn by the FRC from the reports they reviewed.

 

Related categories

Key contacts

Isobel Hoyle photo

Isobel Hoyle

Professional Support Lawyer, London

Isobel Hoyle
Greg Mulley photo

Greg Mulley

Partner, London

Greg Mulley
Gareth Sykes photo

Gareth Sykes

Partner, UK Head of Corporate Governance Advisory, London

Gareth Sykes
Isobel Hoyle Greg Mulley Gareth Sykes