Corporate governance statement
Internal control and risk management
Risk management process
The board is responsible for the Group’s system of internal control and for reviewing its effectiveness. Any system can provide only reasonable and not absolute assurance against material misstatement or loss.
In December each year, the board approves a detailed budget for the year ahead. It also approves outline projections for the subsequent four years. A detailed review takes place at the half year. Actual performance against budget is monitored in detail regularly and reported monthly for review by the directors.
The board requires its subsidiaries to operate in accordance with corporate policies and to certify compliance with these policies on an annual basis.
The risk advisory group, which consists of the Chairman, the executive directors, the director of risk and compliance and the Company Secretary, meets four times a year. Twice a year it considers the risk assessments and risk registers produced by the subsidiaries and updates the Group risk register and top risks. It considers areas of specific risk and particular issues. It reports to the audit and risk committee.
The audit and risk committee considers the Group risk register and the nature and extent of the risks facing the Group. It reviews the top risks and the framework to mitigate such risks and reports to the board on a regular basis.
The audit and risk committee keeps under review the adequacy of internal financial controls in conjunction with the internal auditors and reports to the board regularly. An annual programme of work is carried out by the internal auditors. The operation of internal financial controls is monitored by regular management reviews, including a procedure by which operating companies certify compliance quarterly.
The consolidated financial statements for the Group are prepared by aggregating submissions from each statutory entity. Prior to submission to the Group reporting team the individual country submissions are reviewed and approved by the finance director of the relevant country. Once the submissions have been aggregated and consolidation adjustments made to remove the intercompany transactions, the consolidated result is reviewed by the Finance Director. The results are compared to the budget and prior year figures and any significant variances are clarified. Checklists are completed by each statutory entity and by the Group reporting team to confirm that all required controls, such as key reconciliations, have been performed and reviewed.
The financial statements, which are agreed directly to the consolidation of the Group results, are prepared by the Group reporting team and reviewed by the Finance Director. The supporting notes to the financial statements which cannot be agreed directly to the consolidation are prepared by aggregating submission templates from each market and combining this with central information where applicable. The financial statements and all supporting notes are reviewed and approved by the senior manager responsible for corporate reporting and the Finance Director.
Review of effectiveness
In accordance with the Turnbull guidance (2005), the board has reviewed the effectiveness of the Group’s framework of internal controls, including financial, operational and compliance controls and risk management systems, during 2008. The process for identifying, evaluating and managing the significant risks faced by the Group was in place throughout 2008 and up to 23 March 2009. The board also, where appropriate, ensures that necessary actions have been or are being taken to remedy significant failings or weaknesses identified from the review of the effectiveness of internal control.