Internal Control and Risk Management
The Audit Committee is responsible for reviewing the effectiveness of the Group’s system of internal control.
The system of internal control is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss. The Group has the necessary procedures in place to ensure that there is an ongoing process for identifying, evaluating and managing the principal risks to the Group. These procedures are in line with the Financial Reporting Council’s (FRC’s) guidance.
The Board has established a clear organisational structure with defined authority levels. The day-to-day running of the Group’s business is delegated to the Executive Directors of the Company who are supported by members of the Executive Management Committee (“EMC”) comprising of the heads of each business Sector and functional heads of Group FP&IS and Group Finance. The EMC and Executive Directors visit each operating unit on a regular basis and meet with both operational and finance management and staff.
Key financial and operational measures relating to revenue, cash and receivables are reported on a weekly basis. Detailed management accounts and KPIs are prepared monthly using a robust proprietary reporting system to collect and analyse financial data in a consistent format. Monthly results are measured against both budget and half year reforecasts which have been approved and reviewed by the Board. All capital expenditure above predefined amounts must be supported by a paper prepared by management.
All financial data is taken directly from the trial balance of each business held in their local ERP systems and reanalysed and formatted in a separate Group management reporting system, operated by the Group finance department. There is no rekeying of financial data and very limited use is made of spreadsheets by the Group businesses to report monthly financial results. The Group finance department continues to develop the functionality of this management reporting system to provide greater insights into the activities of the Group’s businesses, both financial and operational. The Group’s Internal Auditor regularly audits the base data at each business to ensure it is properly reported through to the Group management reporting system.
As part of the year end close process each business is required to complete a self-assessment that evaluates their financial control environment in their business, which is designed to identify weaknesses in controls. These assessments are critically reviewed by the Group’s Director of Internal Audit and a summary for each business is prepared for the Audit Committee. In addition, senior management of each business are required to confirm their adherence with Group accounting policies, processes and systems of internal control by means of a representation letter addressed to the Audit Committee.
The principal risks and uncertainties that are currently judged to have the most significant impact on the Group’s long term performance are set out in the Annual Report & Accounts 2018.