Accountability, Risk Management and Internal Control

Internal control and risk management

The Board has overall responsibility for the system of internal control, which is designed to safeguard the assets of the company and ensure the reliability of the financial information for both internal use and external publication. The system complies with the requirements of the UK Corporate Governance Code and has been developed with reference to the Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. The Audit Committee has primary responsibility for the oversight of the company’s system of internal control, including the risk management framework and the work of the Internal Audit function. Internal Audit reports directly to the Committee and has the authority to review any part of the company and its businesses and to oversee the operation of the individual retail banners’ audit committees. 

The Audit Committee closely monitors the Group’s internal control and risk management systems and received regular reports from management and the Internal Audit and Risk Director covering the major risks and events faced by the business. Kingfisher’s approach is compliant with the requirements of the Code and developed with reference to the FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. The Committee provides an independent overview of internal control matters. Deloitte’s reports to the Committee include key audit risk and control findings relevant to the audit process.

The Board has responsibility for establishing a framework of prudent and effective controls, which enable risk to be assessed and managed. Our internal control environment is codified in a suite of policies, procedures and operating

standards. Delegated authorities are also in place to ensure approval for significant matters is derived at the appropriate level. Such procedures are subject to regular review and provide an ongoing process for identifying, evaluating and managing the significant risks faced by the company. This internal control environment is designed to manage rather than eliminate the risk of failure to achieve the business objectives and can provide only reasonable and not absolute assurance against material misstatement or loss.

Management is responsible for applying judgement when evaluating the risks the company faces in the achievement of its objectives and assessing the likelihood that they will come to fruition, and the appetite and potential for their mitigation. Further information regarding the Company's approach to risk management is set out in our Annual Report each year. 

Monitoring

There are clear processes for controlling and monitoring the system of internal control and reporting any significant control failings or weaknesses, together with details of corrective action. These include:

  • an annual planning process and regular financial reporting, comparing results with plan and the previous year, on a monthly and cumulative basis;
  • written reports from the CEO and CFO at each Board meeting;
  • documented reports from retail banner CEOs and Group function diretcors to the Audit Committee on the control environment in their business and improvements made, as appropriate; and
  • reports and presentations to the Board on certain areas of specialist risk. These include treasury, insurance, tax, governance, and pensions.

A formal bi-annual certification is provided by the Chief Executive Officer and Finance Director of each Operating Company, stating that appropriate internal controls were in operation and confirming compliance with the company's policies and procedures. Any weaknesses are highlighted and the results are reviewed by Operating Company management, the Group Audit and Risk Management Director, the Deputy Chief Financial Officer, the Audit Committee and the Board. The internal audit function monitors and selectively checks the results of this exercise, ensuring that representations made are consistent with the results of its work during the year.

The Internal Audit function monitors and selectively checks the results of this exercise, ensuring that representations made are consistent with the results of its work during the year. Each year, the Internal Audit function’s reviews are aligned to the company’s risks. The function works with the retail banners and Group functions to develop, improve and further embed risk management tools and processes into their operations.  The Internal Audit function reports to each scheduled Audit Committee meeting and at least annually to the Board.