Internal controls
The Board has ultimate responsibility for the systems of internal control maintained by the Group and for reviewing their effectiveness. The systems are intended to provide reasonable assurance, but not an absolute guarantee, against material financial misstatement or loss, and include the safeguarding of assets, the maintenance of proper accounting records, the reliability of financial information, compliance with appropriate legislation, regulation and best practice, and the identification and containment of business risks.
During the year, the Audit Committee, on behalf of the Board, has reviewed the effectiveness of the framework of the Group's systems of internal control, the principal features of which are as follows:
Control environment
The key features of the control environment include the terms of reference for the Board and each of its committees; a clear organisational structure, with documented delegation of authority from the Board to executive management; a Group policy framework, which establishes a governance structure for the Group that effectively oversees operations world-wide and assists the Group in achieving its ambitions; and defined procedures for the approval of major transactions and capital allocation.
Risk identification and assessment
The Board has in place a system of business risk management, which has been integrated throughout the Group into the business planning and monitoring process.
The Group’s risk management and control framework is designed to support the identification, assessment, monitoring and control of risks significant to the achievement of its business objectives. During the year work has commenced to align this framework to the requirements of the Financial Services Authority’s Prudential Sourcebook. Risk management functions within the business are responsible for assessing and reporting the potential impact and probability of the most significant risks identified across the Group and the adequacy of related mitigation programmes. This includes assessing and reporting risks arising from the Group’s financial, regulatory and operational activities as well as social, ethical and environmental risks. The results of these assessments are reviewed by the Group Business Risk Committee, under the chairmanship of the Group Finance Director and reported to the Board at each meeting. The overall risk management process is reviewed six monthly by the Group Audit Committee and annually by the Board.
Control procedures and monitoring systems
The Group has a well-developed system of planning and monitoring, which incorporates Board approval of a rolling three year Group Plan. Performance against the Plan is subsequently monitored and monthly reports are presented to the Board. Performance is also reported formally through the publication of Group results and accounting policies applied consistently throughout the Group. Operational management report frequently to the executive directors and the Board receives regular representations from management responsible for each principal business operation. The Group has well-established internal audit, risk management and compliance functions. There are formal procedures in place for both internal and external auditors to report independently conclusions and recommendations to management and to the Audit Committee.