Accountability, Risk Management and Internal Control

Internal control and risk management

The Board has overall responsibility for the system of internal control, which is designed to safeguard the assets of the company and ensure the reliability of the financial information for both internal use and external publication. The system complies with the requirements of the UK Corporate Governance Code and has been developed with reference to the Guidance on Risk Management, Internal Control and Related Financial and Business Reporting.

The Board confirms that it has reviewed the effectiveness of the internal control system, including financial, operational and compliance controls and risk management in accordance with the Code, for the period from 1 February 2018 to the date of approval of the Annual Report and Accounts 2018/19.

The Board has approved a set of policies, procedures and frameworks for effective internal control. The company has procedures for the delegation of authorities for significant matters, to ensure approval is sought at the appropriate level. These procedures are subject to regular review and provide an ongoing process for identifying, evaluating and managing the significant risks faced by the company. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide only reasonable and not absolute assurance against material misstatement or loss.

Management is required to apply judgement in evaluating the risks facing the company in achieving its objectives, in determining the risks that are considered acceptable to bear, in assessing the likelihood of those risks materialising, in identifying the company's ability to reduce the incidence and impact on the business of risks that do materialise, and in ensuring the costs of operating particular controls are proportionate to the benefit provided. Further information regarding our approach to Risk Management is provided in the 2018/19 Annual Report & Accounts.


There are clear processes for controlling and monitoring the system of internal control and reporting any significant control failings or weaknesses together with details of corrective action. These include:

  • an annual planning process and regular financial reporting, comparing results with plan and the previous year on both a monthly and cumulative basis;
  • written reports from the Chief Executive Officer and Chief Financial Officer which are submitted to each Board meeting;
  • regular formal reports from Operating Company management to the Audit Committee on the control environment in their business and actions taken to maintain or improve the environment as appropriate; and
  • reports and presentations to the Board on certain areas of specialist risk. These include treasury, insurance, tax and pensions.

A formal bi-annual certification is provided by the Chief Executive Officer and Finance Director of each Operating Company, stating that appropriate internal controls were in operation and confirming compliance with the company's policies and procedures. Any weaknesses are highlighted and the results are reviewed by Operating Company management, the Group Audit and Risk Management Director, the Deputy Chief Financial Officer, the Audit Committee and the Board. The internal audit function monitors and selectively checks the results of this exercise, ensuring that representations made are consistent with the results of its work during the year.

The internal audit function reviews each year are aligned to the Company's risks. The function works with the Operating Companies to develop, improve and embed risk management tools and processes into their business operations. Internal Audit reports directly to the Audit Committee and has the authority to review any relevant part of the company and its businesses and to oversee the operation of the individual Operating Companies' audit committees. The function provides the Audit Committee and the Board with objective assurance on the control environment across Kingfisher.