Risk Management and Internal Control
Internal financial control and risk management
The Audit Committee acknowledges its responsibilities to assist the Board to fulfil its responsibilities for the Group’s risk management and internal financial control systems, including the adequacy and effectiveness of the control environment, controls over financial reporting and the Group’s compliance with the UK Corporate Governance Code.
All business areas of the Group prepare annual operating plans and budgets and these are regularly reviewed and updated as necessary throughout the year. Performance against budget is monitored centrally and at operational level. The cash position of the Group is monitored daily and variances from expected levels are thoroughly investigated.
Clear guidelines are in place for capital expenditure and investment decisions. These include budget preparation, appraisal and review procedures and delegated authority levels.
Effective controls ensure that the Group’s exposure to avoidable risk is minimized. Throughout the year the Committee reviewed reports on material controls within the Group, which included, amongst other things, that proper accounting records are maintained, financial information used within all business areas is reliable and up-to-date, and the financial reporting processes comply with relevant regulatory reporting requirements.
The Company has in place internal controls and risk management systems in relation to the Company’s financial reporting processes for preparation of consolidated accounts. These systems include policies and procedures that relate to the maintenance of records which accurately and fairly reflect transactions, provide reasonable assurance that transactions are recorded as necessary to permit the preparation of financial statements, require representatives of the Company to certify that their reported information gives a true and fair view of the state of affairs of the business and its results for the period, and review and reconcile reported data.
Management accounts are reviewed by senior management and the Board. Performance against budget and forecasts is discussed at Audit Committee and Board meetings, including key performance indicators.
It should be recognized that all control processes are designed to manage, rather than eliminate, the risk of assets being unprotected and guard against their unauthorized use, culminating in the failure to achieve business objectives. Internal controls will only provide reasonable and not total assurance against material misstatement or loss.
To fulfill its duties, the Audit Committee reviewed:
- the External Auditor’s letter and their Audit Committee reports;
- reports on key audit areas and significant deficiencies in the financial control environment from Internal Audit;
- reports on the systems of internal financial control and risk management;
- the Group’s approach to IT and cyber security;
- the Groups whistle-blowing policy and the ongoing compliance of the policy including reviewing reports from Internal Audit, provided by the external service provider and any actions arising therefrom; and
- reports on significant systems implementations.
Accordingly, the Audit Committee confirms there is a process for identifying, evaluating and managing risks faced by the Group and the operational effectiveness of the appropriate controls, all of which have been in place throughout the year and up to the date of approval of the 2017 Annual Report and Accounts.
Reviewing the effectiveness of internal control
As referred to above, throughout the financial year the Board, through the Audit Committee and assisted by the Internal Audit function, reviews the effectiveness of internal control and the management of risk. The Internal Audit function reports into the Audit Committee and has authority to review any relevant part of the Company or its business and has a planned schedule of reviews that coincide with the Company’s risks. In addition to financial and business reports, the Audit Committee has reviewed medium- and longer-term strategic plans, reports on key operational issues, tax, treasury, risk management, legal matters and Committee reports, including Internal and External Auditors’ reports.