The Board has overall responsibility for the system of internal control,
which is designed to safeguard the assets of the Company and ensure
the reliability of the financial information for both internal use and
external publication, and to comply with the Turnbull guidance
and the Code.
The Board confirms that it has reviewed the effectiveness of the
internal control system, including financial, operational and compliance
controls and risk management in accordance with the Code, for the
period from 1 February 2015 to the date of approval of this Annual
Report and Accounts 2015/16.
If significant losses were to be incurred during the year as a result of
a failure of controls, a detailed report would be provided to the Audit
Committee and the Board. The Board confirms that no significant
weaknesses were identified in relation to the review carried out
during the year and, therefore, no remedial action was required.
The Board has approved a set of policies, procedures and frameworks
for effective internal control. The Company has procedures for the
delegation of authorities for significant matters, to ensure approval
is sought at the appropriate level. These procedures are subject
to regular review and provide an ongoing process for identifying,
evaluating and managing the significant risks faced by the Company.
Such a system is designed to manage rather than eliminate the risk of
failure to achieve business objectives and can provide only reasonable
and not absolute assurance against material misstatement or loss.
The responsibility for designing, operating and monitoring the
system and the maintenance of effective control is delegated to the
management of each of the Operating Companies. The Company’s
risk management and reporting process helps management to
identify, assess, prioritise and mitigate risks. Management at each
Operating Company has responsibility for the identification and
evaluation of the significant risks applicable to their business and
any mitigating actions to be taken. The Group Executive Committee
reviews, identifies and evaluates the risks that are significant, as
well as the mitigating actions against those risks. These are then
considered by the Board. The types of risks identified included both
strategic and material operational risks and are detailed on pages
31 to 35 of the Strategic Report.
Management is required to apply judgement in evaluating the risks
facing the Company in achieving its objectives, in determining the risks
that are considered acceptable to bear, in assessing the likelihood of
those risks materialising, in identifying the Company’s ability to reduce
the incidence and impact on the business of risks that do materialise,
and in ensuring the costs of operating particular controls are
proportionate to the benefit provided.
There are clear processes for controlling and monitoring the system
of internal control and reporting any significant control failings or
weaknesses together with details of corrective action. These include:
- an annual planning process and regular financial reporting,
comparing results with plan and the previous year on a monthly
and cumulative basis;
- written reports from the Chief Executive Officer and Chief Financial
Officer submitted at each Board meeting;
- regular formal reports from Operating Company management to
the Audit Committee on the control environment in their business
and actions taken to maintain or improve the environment as
- reports and presentations to the Board on certain areas of specialist
risk. These include treasury, insurance, tax and pensions.
A formal bi-annual certification is provided by the Chief Executive
Officer and Finance Director of each Operating Company stating
that appropriate internal controls were in operation and confirming
compliance with the Company’s policies and procedures. Any
weaknesses are highlighted and the results are reviewed by
Operating Company management, the Group Audit and Risk
Management Director, the Deputy Chief Financial Officer, the
Audit Committee and the Board. The internal audit function monitors
and selectively checks the results of this exercise, ensuring that
representations made are consistent with the results of its work
during the year.
The internal audit function follows a planned programme of reviews
that are aligned to the Company’s risks. The function:
- works with the Operating Companies to develop, improve
and embed risk management tools and processes into their
- reports directly to the Audit Committee and has the authority
to review any relevant part of the Company and its businesses;
- oversees the operation of the individual Operating Companies’
audit committees; and
- provides the Audit Committee and the Board with objective
assurance on the control environment across Kingfisher.