Governance in focus

A deeper dive

Our Governance in focus series provides a deeper dive, guidance and views on key aspects of the latest developments.

Audit Committee effectiveness

In the short time since we issued the first edition of Audit Committee effectiveness framework in 2015, the profile and the agenda of the audit committee has continued to grow. This new edition has been updated to include the FRC’s 2016 updates to the UK Corporate Governance Code and the Guidance on Audit Committees, the new Ethical Standard for Auditors and some other key narrative reporting considerations for audit committees.

In addition to meeting requirements under the Code to perform an annual assessment of the effectiveness of the audit committee, this framework will also help committees keep pace with the new calls on the audit committee’s time and attention.

Audit committee effectiveness

Cyber risk reporting in the UK

Cyber crime is growing more rapidly than cyber security, and organisations have never been more at risk from cyber attacks. This is our first survey of cyber reporting practices covering the full FTSE 100 and we have designed it to identify examples of good practice and offer insight to all listed companies about how to keep the users of annual reports better informed.

We looked at reporting practices in the FTSE 100 around:

  • Whether companies are identifying cyber as a principal risk, how they are categorising and describing the risk and its impact;
  • Cyber crime, and whether companies have reported an increase in the level of cyber risk since the prior year;
  • The clarity of explanation of activities to mitigate the risk;
  • How clearly companies describe the ownership of cyber risk, particularly at board level; and
  • Disclosure of the level of specialist experience and expertise around the boardroom table.

We are confident you will find the results of our analysis stimulating. We have also included a helpful summary to enable you to identify potentially worthwhile additions to your existing reporting.

Cyber risk reporting in the UK

“Whilst the digitally connected world of course presents threats, it also presents huge opportunities for those nimble enough to embrace them. The opportunity is not just about new business models, but also about the increased engagement with customers and suppliers, enabling better information exchange, increased efficiency and greater value.

The potential damage of cyber attacks is a significant threat so annual report disclosure of cyber risk, risk mitigations such as planning, training and testing and even disclosing cyber breaches within the annual report is important information for shareholders as it highlights the risks and lets them know how seriously companies are taking it. It also demonstrates a company’s understanding of the cyber threats that they face. Our survey revealed a wide range in the quality of disclosure made by companies. Some do this very well, but the majority could make improvements.”

William Touche, 
Leader of Deloitte UK Centre for Corporate Governance

Our governance library

Explore our governance library to find recent editions of our governance publications and updates.  Directors may register to receive updates by email and can become members of the Deloitte Academy to attend briefings and debate topics in a private setting. For further details contact

The Global Center collaborates with Deloitte member firms to promote dialogue and activity on the critical topic of corporate governance and its impact on corporations and their boards, investors, and others.

Access our Global Center for Corporate Governance

Governance in brief

Our Governance in brief series give you a summary of the latest corporate governance developments, incorporating details of the source, relevant dates and links to further information.

Read the latest publication

Did you find this useful?