The Board of Directors has overall responsibility for the Group’s system of internal control and has delegated responsibility for the implementation of this system to executive management. This delegation ensures the embedding of the system of internal control throughout the Group’s operations, and ensures that the organisation is capable of responding quickly to evolving business risks, and that significant internal control issues, should they arise, are reported quickly to appropriate levels of management. Such a system of internal control by its nature is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can provide reasonable, but not absolute, assurance against material misstatement or loss.
The key elements of the Group’s system of internal control include the following:
- a clearly defined organisation structure with formal lines of authority, accountability and responsibility;
- a formal schedule of matters specifically reserved for decision by the Board;
- regular assessment of major business, investment and financing risks;
- a comprehensive annual budgeting process and a review by the Board of actual performance compared with budget on a monthly basis;
- clearly defined and appropriate levels of authorisation for all transactions;
- the Audit & Compliance Committee and the internal audit function;
- the Internal Audit function operates independently of the business units;
- the Group Compliance Team operates independently of the business units;
- the chairman of the Audit & Compliance Committee reports to the Board on significant issues considered by the committee, and the minutes of its meetings are circulated to all directors;
- systematic monitoring and assessment of risk areas through management and Board reviews.
The main features of the Group’s internal control and risk management systems that relate specifically to the Group’s financial reporting and accounts consolidation process are:
- The review of reporting packages for each entity as part of the year-end audit process;
- The reconciliation of reporting packages to monthly management packs as part of the audit process and as part of management review;
- The validation of consolidation journals as part of the management review process and as an integral component of the year-end audit process;
- The review and analysis of results by the Group Finance Director and the Auditors with the management of each division;
- The review of audit management letters by the Group Finance Director, Head of internal audit and the Audit Committee; and the follow up of any critical management letter points to ensure issues highlighted are addressed.
- The approach by the Board is proactive in identifying possible weaknesses and obtaining the relevant degree of assurance on specific areas of internal control and not merely reporting by exception.