Find it

Internal control


The Board has overall responsibility for the system of internal control, which is designed to safeguard the assets of the Company and ensure the reliability of the financial information for both internal use and external publication, and to comply with the Turnbull guidance and the Code.

The Board confirms that it has reviewed the effectiveness of the internal control system, including financial, operational and compliance controls and risk management in accordance with the Code, for the period from 1 February 2015 to the date of approval of this Annual Report and Accounts 2015/16.

If significant losses were to be incurred during the year as a result of a failure of controls, a detailed report would be provided to the Audit Committee and the Board. The Board confirms that no significant weaknesses were identified in relation to the review carried out during the year and, therefore, no remedial action was required.

The Board has approved a set of policies, procedures and frameworks for effective internal control. The Company has procedures for the delegation of authorities for significant matters, to ensure approval is sought at the appropriate level. These procedures are subject to regular review and provide an ongoing process for identifying, evaluating and managing the significant risks faced by the Company. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide only reasonable and not absolute assurance against material misstatement or loss.

The responsibility for designing, operating and monitoring the system and the maintenance of effective control is delegated to the management of each of the Operating Companies. The Company’s risk management and reporting process helps management to identify, assess, prioritise and mitigate risks. Management at each Operating Company has responsibility for the identification and evaluation of the significant risks applicable to their business and any mitigating actions to be taken. The Group Executive Committee reviews, identifies and evaluates the risks that are significant, as well as the mitigating actions against those risks. These are then considered by the Board. The types of risks identified included both strategic and material operational risks and are detailed on pages 31 to 35 of the Strategic Report.

Management is required to apply judgement in evaluating the risks facing the Company in achieving its objectives, in determining the risks that are considered acceptable to bear, in assessing the likelihood of those risks materialising, in identifying the Company’s ability to reduce the incidence and impact on the business of risks that do materialise, and in ensuring the costs of operating particular controls are proportionate to the benefit provided.


There are clear processes for controlling and monitoring the system of internal control and reporting any significant control failings or weaknesses together with details of corrective action. These include:

  • an annual planning process and regular financial reporting, comparing results with plan and the previous year on a monthly and cumulative basis;
  • written reports from the Chief Executive Officer and Chief Financial Officer submitted at each Board meeting;
  • regular formal reports from Operating Company management to the Audit Committee on the control environment in their business and actions taken to maintain or improve the environment as appropriate; and
  • reports and presentations to the Board on certain areas of specialist risk. These include treasury, insurance, tax and pensions.

A formal bi-annual certification is provided by the Chief Executive Officer and Finance Director of each Operating Company stating that appropriate internal controls were in operation and confirming compliance with the Company’s policies and procedures. Any weaknesses are highlighted and the results are reviewed by Operating Company management, the Group Audit and Risk Management Director, the Deputy Chief Financial Officer, the Audit Committee and the Board. The internal audit function monitors and selectively checks the results of this exercise, ensuring that representations made are consistent with the results of its work during the year.

The internal audit function follows a planned programme of reviews that are aligned to the Company’s risks. The function:

  • works with the Operating Companies to develop, improve and embed risk management tools and processes into their business operations;
  • reports directly to the Audit Committee and has the authority to review any relevant part of the Company and its businesses;
  • oversees the operation of the individual Operating Companies’ audit committees; and
  • provides the Audit Committee and the Board with objective assurance on the control environment across Kingfisher.