The accounting firm studied the annual reports of the top 130 ASX listed companies and found that many firms chose to provide only “limited generic” information regarding their compliance with the requirements of principle 7 (recognise and manage risk), particularly recommendation 7.2, the CEO and CFO sign off to the board on financial statements and risk management.

However, KPMG found that only 44 per cent of the top 130 listed firms disclosed that the board received the CEO/CFO sign off and just 45 per cent of disclosing firms provided any details of the sign off, despite details being key to the reader of the reports making a judgment on the companies risk and internal control systems.

While non-disclosure does not equate to non-compliance, or that non-disclosing firms do not have confidence in their risk and internal controls systems, it could cause problems, KPMG reported.

The CEO/CFO sign off is mandated by the US Sarbanes-Oxley Act (SOX), but it is also regarded as a cornerstone of good corporate governance. Disclosing nothing on the basis that compliance has been achieved limits the opportunity to enhance stakeholder confidence and understanding of the confidence and integrity of the systems and the sign off.

There are also concerns that using generic wording to describe the sign offs is reducing the usefulness and value that a more comprehensive disclosure can provide.

“By choosing to access public capital, companies take on an obligation to consider governance issues seriously and to make proper disclosure to the market,” said Dr Ian Pollard, a member of the ASX’s implementation review group for the principles. “That is not an onerous expectation given the fundamental nature of the issue.”

Pollard, who is also a chairman and director of both large and small listed companies, added that the framework intends to accommodate the diverse needs of Australian listed firms. “However, we found that this flexibility is not well understood, particularly by smaller companies, and needs to be communicated more effectively,” he said.

Despite the lack of disclosure on the part of some firms, KPMG’s study also unearthed some best practises among reporting companies. Packaging giant Amcor received praise for its full wording of the CEO/CFO sign off, its referral to the implementation of policies adopted by the board, while OneSteel was also praised for its detailed descriptions of the CEO/CFO sign off and its description of its business risk profiling system and its key risks.

According to senior risk figures, the issue is not necessarily the structure of the ASX guidelines, but that they are voluntary. “We are struggling with the volume of all of this, and trying to determine how much of this we’re going to do in the future,” said one head of risk at one of the firms praised in the report. “Where do you draw the line on these things and its another job entirely to quantify the benefits.” With |so many non voluntary initiatives to deal with, and questions over the commonality of approach across SOX and the ASX guidelines, there are concerns that the ASX guidelines are left behind.

Stuart Fagg is the Editor of Risk Management magazine, Lawyers Weekly’s sister publication

7.2 — What is it?

Recommendation 7.2 is often referred to as the principles-based version of Sarbanes-Oxley Act section 404. It requires firms to disclose when they have not met the requirements for a CEO/CFO sign off to the board on financial statements and the systems of risk management and internal controls; and specified items in accordance with suggested disclosure in Recommendation 7.3 and other guidelines including a description of the risk profile and the system of risk management and internal control.