Risk and Internal Control

The Board is responsible for the Group's systems of internal control and for reviewing its effectiveness, whilst the role of management is to implement Board policies on risk and control. Such a system is, however, designed to manage rather than eliminate the risks of failure to achieve business objectives. In pursuing these objectives, internal controls can only provide reasonable assurance against misstatement or loss. The UK Corporate Governance Code recommends that the Board reviews the effectiveness of the Group's system of internal controls at least annually, including financial, operational and compliance controls, and risk management.

The Board has conducted reviews of the effectiveness of the system of internal controls through the processes described within the principal risks and uncertainties section of the Strategic Report on page 28 and 29 of the 2017 Annual Report and are satisfied that it accords both with the UK Corporate Governance Code and with the Turnbull Guidance. The Board has not identified or been advised of any failings or weaknesses which it has determined to be significant.

Risk management

The Group's risk assessment process and the way in which significant business risks are managed is a key area of focus for the Board.

The Group's assessment of the principal risks and uncertainties, as described within the Strategic Report on page 28 and 29 of the 2017 Annual Report, outlines the ongoing process for identifying, evaluating and managing the significant risks faced by the Group. The Board confirms that it has conducted a robust assessment of the principal risks. In July 2017, it identified health and safety as a further principal risk, which has been disclosed as part of the principal risks disclosure.

Internal control

The Group has an established framework of internal controls, which includes the following key elements:

  • The Board reviews Group strategy, and the Executive Committee are accountable for performance within the agreed strategy.
  • The Group and its subsidiaries operate control procedures designed to ensure complete and accurate accounting of financial transactions and to limit exposure to loss of assets or fraud.
  • The Audit Committee meets regularly and its responsibilities are set out in the Audit Committee Report. It receives reports from the Internal Audit function on the results of work carried out under an annually agreed audit programme. The Audit Committee has full and unfettered access to the internal and external auditors.
  • The Internal Audit function facilitates a process whereby operating entities provide certified statements of compliance with specified and appropriate key financial controls. These controls are then cyclically tested by Internal Audit to ensure they remain effective, and are being consistently applied.
  • The Audit Committee will annually assess the effectiveness of the assurance provided by the internal and external auditors. Every five years an external assessment is also undertaken with regard to the assurance provided by the Internal Audit department. An external assessment was undertaken by Grant Thornton in 2017 and further information may be found in the Audit Committee Report on page 85 of the 2017 Annual Report.

Conflicts of Interest

The Companies Act 2006 places a duty upon Directors to ensure that they do not, without the Company's prior consent, place themselves in a position where there is a conflict, or possible conflict, between the duties they owe the Company and either their personal interests or other duties they owe to a third party. If any Director becomes aware that they, or any party connected to them, have an interest in an existing or proposed transaction with the Company, they must notify the Board as soon as practicable. The Board has the authority to authorise a conflict if it is determined that to do so would be in the best interests of the Company.


Back to top