The Board has overall responsibility for the Group's system of
internal control, which is designed to safeguard the assets of the
Group and ensure the reliability of the financial information for
both internal use and external publication, and to comply with
the Turnbull guidance and the UK Corporate Governance Code.
The Board confirms that it has reviewed the effectiveness of
the internal control system, including financial, operational and
compliance controls and risk management in accordance
with the UK Corporate Governance Code, for the period from
29 January 2012 to the date of approval of this Annual Report.
If significant losses were to be incurred during the year as a
result of a failure of controls, a detailed report would be provided
to the Audit Committee and the Board. The Board confirms that
no significant weaknesses were identified in relation to the
review carried out during the year and therefore no remedial
action was required.
The Board has approved a set of policies, procedures and
frameworks for effective internal control. The Group has
procedures for the delegation of authorities for significant
matters to ensure approval is sought at the appropriate level.
These procedures are subject to regular review and provide an
on-going process for identifying, evaluating and managing the
significant risks faced by the Group. Such a system is designed
to manage rather than eliminate the risk of failure to achieve
business objectives and can provide only reasonable and not
absolute assurance against material misstatement or loss.
The responsibility for designing, operating and monitoring the
system and the maintenance of effective control is delegated
to the management of each Operating Company. The Group's
enterprise-wide risk management and reporting process helps
Group management to identify, assess, prioritise and mitigate
risk. Management at each Operating Company has
responsibility for the identification and evaluation of the
significant risks applicable to their business and any mitigating
actions to be taken. The Group Executive Committee reviews,
identifies and evaluates the risks that are significant at a Group
level, as well as the mitigating actions against those risks. These
are then considered by the Board. The types of risks identified
included both strategic and material operational risks and are
detailed on pages 25 to 27 of the report.
Management is required to apply judgement in evaluating the
risks facing the Group in achieving its objectives, in determining
the risks that are considered acceptable to bear, in assessing
the likelihood of those risks materialising, in identifying the
Group's ability to reduce the incidence and impact on the
business of risks that do materialise, and in ensuring the
costs of operating particular controls are proportionate to
the benefit provided.
There are clear processes for controlling and monitoring the
system of internal control and reporting any significant control
failings or weaknesses together with details of corrective action.
- an annual planning process and regular financial reporting,
comparing results with plan and the previous year on a
monthly and cumulative basis;
- written reports from the Group Chief Executive and
Group Finance Director submitted at each Board meeting;
- Operating Company management report formally to the Audit
Committee on a regular basis on the control environment in
their business and actions taken to maintain or improve the
environment as appropriate; and
- reports and presentations to the Board on certain areas
of specialist risk. These include treasury, insurance, tax
A formal quarterly certification is provided by the CEO and
finance director of each Operating Company stating that
appropriate internal controls were in operation and confirming
compliance with Group policies and procedures. Any
weaknesses are highlighted and the results are reviewed by
Operating Company management, the Group Audit and Risk
Management Director, the Group Finance and Planning
Director, the Audit Committee and the Board. The internal
audit function monitors and selectively checks the results of
this exercise, ensuring that representations made are consistent
with the results of its work during the year.
The internal audit function follows a planned programme of
reviews that are aligned to the Group's risks. The function:
- works with the Operating Companies to develop, improve and
embed risk management tools and processes into their
- reports directly to the Audit Committee and has the authority
to review any relevant part of the Group;
- oversees the operation of the individual operating businesses'
audit committees; and
- provides the Audit Committee and the Board with objective
assurance on the control environment across the Group.