Studying this technical article and answering the related questions can count towards your verifiable CPD if you are following the unit route to CPD and the content is relevant to your learning and development needs. One hour of learning equates to one unit of CPD. We'd suggest that you use this as a guide when allocating yourself CPD units.

It is crucial that readers of companies' published financial statements are presented with useful and understandable information. It has long been required under some jurisdictions that to enhance the usefulness and understandability of financial statements, there should be a narrative discussion provided by management (e.g. directors' reports or management's discussion and analysis).

In December 2010, the International Accounting Standards Board (IASB) published its Practice Statement on Management Commentary, which sets out principles for entities to follow in relation to such disclosures.

An area of particular interest is the reporting of risk. The global economic problems of the last few years prompted many to question whether risk is properly highlighted to the users of financial information. The IASB's statement contains specific guidance on reporting risk. But this is not the first IASB document to address risk disclosure. IFRS 7, Financial Instruments: Disclosures, contains extensive disclosure requirements in relation to risk exposure.

The stated objective of the statement is to assist management in presenting useful management commentary that relates to financial statements that have been prepared in accordance with International Financial Reporting Standards (IFRS). It does not mandate which companies should provide commentary, or how frequently it should be produced. When it is presented it should be clearly identified as such and the extent to which the IASB's principles have been followed should be explained.

The purpose of commentary is as follows: 'Management commentary should provide users of financial statements with integrated information that provides a context for the related financial statements. Such information explains management's view, not only about what has happened, including both positive and negative circumstances, but also why it has happened and what the implications are for the entity's future.'

The fact that both positive and negative circumstances are mentioned indicates that the commentary should present a balanced view – exploring for example the reasons for increases in revenue or profitability, but also the risks that may have been taken to achieve such results. Specifically the statement states that one of the factors that will help users to assess the performance of the entity and the actions of its management is information on the entity's risk exposures, its strategies for managing risks and the effectiveness of them.

In terms of presentation, commentary should not duplicate information given in the notes to the financial statements, and should be consistent with the related financial information.

The statement does not prescribe a format for the commentary, or even the elements that must be included. It does however suggest that commentary should include information that is essential to an understanding of:

a) The nature of the business.

b) Management's objectives and its strategies for meeting them.

c) The entity's most significant resources, risks and relationships.

d) The results of operations and prospects.

e) The critical performance measures and indicators that management uses to evaluate the entity's performance against objectives.

Disclosures on risk

Focusing on c), management should disclose an entity's principal risk exposures and changes in those risks, together with its plans and strategies for bearing or mitigating those risks, as well as disclosure of the effectiveness of its risk management strategies. This disclosure helps users to evaluate the nature of an entity's risk exposure, and how management plans to overcome or mitigate that risk. Management should distinguish the principal risks and uncertainties facing the entity, rather than listing all possible risks and uncertainties, thereby focusing the users' attention on the main areas of risk exposure.

Management should disclose its principal strategic, commercial, operational and financial risks, which are those that may significantly affect the entity's strategies and progress of the entity's value. The classification of risks on this basis is not compulsory, but it may help users to better understand the nature of risk exposure. Risks can be internal or external and it may also help users' understanding if this is clarified. In some cases risk exposure can create reactions which are potentially beneficial to the entity, so the commentary should be balanced in discussing negative consequences but also potential opportunities.

Risks should be discussed in a specific way. The statement suggests that using boilerplate discussions will not enhance the usefulness of financial information, for example, discussing 'financial risk' in general terms. Three broad categories of financial risk may be relevant to an entity – credit risk, liquidity risk and market risk. These categories can then be divided into more specific risk categories such as interest rate risk and currency risk. Commentary can only be useful if it provides a discussion of a specific risk. However, the problem that can arise here is the potential duplication of information that is required to be disclosed under IFRS 7. Nonetheless as a basic principle, commentary should be used to discuss risk exposure at a company-wide, holistic level, whereas the notes to the accounts should focus specifically on the requirements of the accounting standard.

IFRS 7: disclosures

IFRS 7 contains extensive disclosure requirements in relation to financial instruments, many of which focus on risk exposure. Examples of some common financial instruments that fall within the scope of the standard are cash and cash equivalents, trade payables and receivables, loans, investments, and derivatives.

The stated objective of IFRS 7 is to require entities to provide disclosures in their financial statements that enable users to evaluate:

a) The significance of financial instruments for the entity's financial position and performance.

b) The nature and extent of risks arising from financial instruments to which the entity is exposed during the period and at the reporting date, and how the entity manages those risks. The qualitative disclosures describe management's objectives, policies and processes for managing those risks. The quantitative disclosures provide information about the extent to which the entity is exposed to risk, based on information provided internally to the entity's key management personnel. Together, these disclosures provide an overview of the entity's use of financial instruments and the exposures to risks they create.

Looking at the qualitative disclosures, a narrative is required for each of the risks to which an entity is exposed – namely credit risk, liquidity risk and market risk. This should:

  • Identify the risk exposures of financial instruments and how they arise.
  • Identify the objectives, policies and processes for managing the risks and methods used to measure risk.
  • Describe any changes from the previous reporting period.

Essentially, an entity should describe why it is exposed to risk, how management aims to control and mitigate the risk, and whether there have been changes to this in the preceding year. For example, a typical disclosure in relation to currency risk may discuss the entity's international operations which expose it to risk, and may specify which currencies in particular create risk exposure. The disclosure would then go on to describe management's strategy in relation to the risk, for example the use of foreign exchange forwards to manage exposure to currency fluctuations.

This type of disclosure was seen as unusual when IFRS 7 was first introduced, as it was the first accounting standard to specifically require a detailed discussion in the financial statements regarding management's monitoring of risk, and strategy towards risk. It mirrors the thinking behind other standards (such as IFRS 8, Operating Segments) in its aim of enabling users to view financial statement disclosures, in this case disclosure specific to financial instruments and risk management activities 'through the eyes of management'.

In addition to qualitative disclosures, IFRS 7 requires extensive quantitative disclosures. For each category of risk, entities must disclose summary quantitative data on risk exposure at reporting date, based on information provided internally to key management personnel and any concentrations of risk. The requirement that information should be as provided to key management (typically board level) echoes the point made above regarding information being made available to users of the financial statements as seen 'through the eyes of management'.

Specific requirements attach to each risk category. For example, in relation to credit risk, analysis of the age of financial assets that are past due but not impaired is required. This could include for example an analysis of outstanding receivables. In relation to market risk, there is an onerous requirement relating to sensitivity analysis. A sensitivity analysis is required for each type of market risk (currency, interest rate and other price risk) to which an entity is exposed at the year-end. This should illustrate how profit or loss and equity would have been affected by 'reasonably possible' changes in the relevant risk variable, as well as the methods and assumptions used in preparing such an analysis. Continuing the example relating to foreign exchange risk, an entity could quantify the impact on profit and equity if an exchange rate relevant to currency risk exposure were to increase or decrease by 10%.

Practical considerations

Confusion may be caused if the discussion of risk factors differs in the commentary compared to the notes to financial statements. For example, different sensitivities may have been used to illustrate risk exposure in the two. To avoid this problem, the disclosures should be as streamlined as possible, but should avoid duplication of information which detracts from overall usefulness.

It is also important that users understand that the notes to the financial statements focus solely on risk exposure relating to financial instruments, whereas the commentary will be broader in its discussion of risk.

In order to produce meaningful information, the entity should determine key user groups, as the disclosure should be focused on their needs. Groups may include analysts, credit rating agencies and regulators as well as shareholders and investors, and they may have varying needs in terms of the level of sophistication of the information provided.

Finally, entities need to ensure that there is an audit trail. The notes to the financial statements will clearly be audited and so controls must be in place to ensure errors are detected. Controls need to be in place not only over calculations, but also assumptions made, such as the determination of concentrations of risk as required by IFRS 7, and principal risks as stated in the statement. Management commentary is outside the scope of detailed audit work, but it should be consistent with the financial information on which the audit opinion is provided.

Lisa Weaver is an examiner for ACCA, teaching fellow at Aston Business School, and freelance lecturer and writer.