← Back to all briefings
Policy 6 min read Published Updated Credibility 92/100

UK Restoring Trust in Audit Consultation

The UK government’s Restoring Trust in Audit and Corporate Governance consultation proposed ARGA, tougher director duties, internal control attestations, and resilience reporting that organizations must map into board-level governance programs.

Kodi C.

Editor & Research Lead

Accuracy-reviewed by the editorial team

Policy pillar illustration for Zeph Tech briefings
Policy, regulatory, and mandate timeline briefings

On 18 March 2021 the UK Department for Business, Energy and Industrial Strategy (BEIS) released its long-awaited consultation paper, Restoring Trust in Audit and Corporate Governance. The 230-page document synthesizes recommendations from the Kingman Review, Competition and Markets Authority (CMA) study, and Brydon Review into a full reform agenda. BEIS proposed replacing the Financial Reporting Council (FRC) with a statutory regulator—the Audit, Reporting and Governance Authority (ARGA)—armed with stronger powers over auditors, directors, and company reporting. The consultation signaled a step-change in expectations for UK Public Interest Entities (PIEs) and large private companies regarding assurance, internal controls, resilience planning, and corporate reporting.

The proposals target three objectives: reinforce the UK’s reputation for high-quality corporate reporting and audit; improve competition and choice in the audit market; and strengthen shareholder and stakeholder engagement. Although the consultation invited feedback by 8 July 2021, boards and audit committees began assessing gaps immediately, anticipating legislation in the subsequent Parliamentary sessions.

Expanded regulatory perimeter

BEIS suggested widening the definition of PIEs beyond premium-listed companies to include AIM-listed entities above certain thresholds, large private companies with more than 750 employees and £750 million in annual turnover, and third-sector entities meeting similar criteria. ARGA would have the authority to add entities to the PIE list based on public interest considerations. The regulator’s remit would extend to overseeing audit committees, ordering restatements of company reports, and imposing sanctions directly on directors for breaches of corporate reporting and audit-related duties.

Governance teams needed to monitor whether their organization would fall within the expanded PIE scope. Companies approaching the thresholds were advised to begin adopting PIE-grade controls, including improved audit committee reporting to shareholders and readiness for ARGA supervision.

Internal controls and assurance reforms

One of the most consequential proposals is a UK-equivalent to the U.S. Sarbanes-Oxley internal control regime. Directors of PIEs would be required to provide an annual statement on the effectiveness of internal controls over financial reporting (ICFR), risk management, and fraud prevention. BEIS presented three options: a directors’ statement with board responsibility, an external auditor attestation similar to PCAOB AS 2201, or a market-led approach where companies choose the level of assurance. Many respondents expected BEIS to adopt a phased model requiring at least limited assurance by external auditors.

To prepare, boards began commissioning internal control frameworks aligned with the Committee of Sponsoring Organizations (COSO) standards, enhancing documentation, testing, and remediation processes. Internal audit functions were tasked with performing readiness assessments, identifying control owners, and ensuring segregation of duties in enterprise resource planning (ERP) systems. Audit committees needed to update charters to reflect oversight of the new statements and coordinate with external auditors on potential scope expansions.

Resilience and audit & assurance policy statements

BEIS introduced two new narrative disclosures: the Resilience Statement and the Audit & Assurance Policy (AAP). The Resilience Statement would consolidate existing going concern and viability disclosures into a single framework covering short-term (12 months), medium-term (five years or as appropriate), and long-term risks. Companies would discuss stress testing, reverse stress scenarios, and mitigating actions for climate change, cyber threats, supply chain disruption, and other principal risks.

The AAP would require companies to explain their approach to assurance over reported information beyond the statutory audit. Firms would outline the mix of internal and external assurance providers, how audit committees considered shareholder priorities, and whether additional assurance engagements—such as over ESG metrics—would be commissioned in the next three years. The policy would be subject to advisory shareholder votes at least every three years, increasing transparency and stakeholder engagement in assurance planning.

Fraud, director accountability, and enforcement

In response to corporate failures like Carillion and Patisserie Valerie, BEIS proposed new obligations on directors to actively prevent and detect fraud. Directors could face civil penalties for failing to maintain adequate controls and could be disqualified for serious breaches. ARGA would gain investigative powers to require documents, compel testimony, and refer criminal matters. The consultation also recommended extending the FRC’s Audit Enforcement Procedure to cover breaches by company directors, not just auditors.

Audit committees would be required to publish an annual report describing how they assessed the effectiveness of the external audit, including handling of auditor challenges and tendering decisions. ARGA could set Minimum Standard requirements for audit committees of FTSE 350 companies, covering auditor appointment, scope, independence, and communications with shareholders. These standards would be enforceable, with the regulator able to issue public reprimands or sanctions for non-compliance.

Competition measures for the audit market

BEIS adopted several CMA recommendations to diversify the FTSE 350 audit market, which has been dominated by the Big Four firms. The consultation proposed managed shared audits, where a challenger firm performs a meaningful portion of the group audit alongside a Big Four firm. Alternatively, a market share cap could limit the proportion of FTSE 350 audits held by any single firm. ARGA would monitor setup, collect data on audit quality indicators, and intervene if competition objectives were not met.

Companies were advised to prepare for dual-firm audits by mapping component audits, documenting group reporting packages, and investing in collaboration tooling. Audit committees needed to develop criteria for allocating work between firms, ensuring challenger firms gain experience on complex components without compromising quality. Procurement policies would require updates to evaluate challenger firms, manage independence rules, and handle potential dispute resolution between joint auditors.

Corporate reporting modernization

Beyond assurance reforms, BEIS recommended modernizing corporate reporting through a new corporate reporting framework that includes a simplified annual report and additional digital filings. ARGA would have the authority to require corrections to published reports and to direct companies to prepare alternative performance measure reconciliations. The consultation also proposed mandating UK companies to use the UK Single Electronic Format (UKSEF), aligning with ESEF requirements in the EU, and to tag key information using iXBRL for comparability.

For ESG reporting, BEIS signaled support for adopting the Task Force on Climate-related Financial Disclosures (TCFD) for premium-listed companies, with potential expansion to large private companies. ARGA would monitor climate disclosures and could commission thematic reviews, increasing pressure on companies to integrate climate governance into board agendas.

Implementation planning

Although legislative timelines were uncertain, leading companies initiated multi-year programs to address the proposals:

  1. Governance mapping. Assign board-level sponsors for internal control statements, resilience reporting, and AAP preparation. Update audit committee skill matrices to include internal control and assurance expertise.
  2. Control remediation. Conduct SOX-style walkthroughs, document process narratives, and remediate gaps in IT general controls, revenue recognition, and journal entry testing.
  3. Reporting infrastructure. Enhance consolidation systems and disclosure management tools to support granular scenario analysis, digital tagging, and assurance evidence repositories.
  4. Stakeholder engagement. Prepare communication plans for investors, lenders, and credit rating agencies outlining the impact of the new disclosures. Engage with shareholders on audit and assurance priorities ahead of advisory votes.
  5. Regulatory watch. Monitor BEIS updates, FRC-to-ARGA transition milestones, and interim guidance such as the FRC’s Minimum Standards for audit committees. Participate in consultation responses to shape final rules.

Post-consultation outcome

In May 2022 the government published its Restoring Trust government response, confirming plans to legislate for ARGA, extend PIE scope, and phase in resilience statements and internal control attestations.

On 16 October 2023 the Department for Business and Trade withdrew the draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023 to cut reporting burdens while signaling that ARGA and wider audit reforms would be delivered through future primary legislation. Government cuts red tape to boost growth and productivity

The consultation represented a decisive move toward more accountable corporate governance in the UK. Organizations that invested early in internal control maturity, resilience planning, and transparent assurance strategies positioned themselves to meet ARGA’s heightened expectations and to maintain stakeholder confidence as the reforms progressed from proposal to law.

Similar analysis

Additional analysis covering similar themes.

Continue in the Policy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Policy Advocacy Roadmap

    Coordinate cross-border policy advocacy aligned with EU Better Regulation, U.S. Administrative Procedure Act, Lobbying Disclosure rules, and Canadian transparency requirements.

  • AI Policy Implementation Guide

    Coordinate governance, safety, and reporting programmes that meet EU Artificial Intelligence Act timelines and U.S. National AI Initiative Act mandates while sustaining product…

  • Export Controls and Sanctions Policy Guide

    Integrate U.S. Export Control Reform Act, International Emergency Economic Powers Act, and EU Dual-Use Regulation requirements into trade compliance, engineering, and supplier…

Further reading

  1. Restoring Trust in Audit and Corporate Governance consultation — UK Department for Business, Energy & Industrial Strategy
  2. Government tackles big business audit failures with full reforms — UK Department for Business, Energy & Industrial Strategy
  3. Restoring Trust in Audit and Corporate Governance: Government response — UK Department for Business, Energy & Industrial Strategy
  4. Government cuts red tape to boost growth and productivity — UK Department for Business and Trade
  • UK audit reform
  • ARGA
  • Director accountability
  • Internal controls
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.