The Directors have overall responsibility for the Group’s systems of internal control and for reviewing its effectiveness. These systems are designed to manage risk and can give reasonable, but not absolute, assurance against material misstatement or loss. The Board confirms that it has reviewed the effectiveness of the system of internal control.
Management is responsible for the design and operation of suitable internal control systems. The system of internal control is designed to ensure that transactions are executed in accordance with Management’s authorisation, that reasonable steps are taken to safeguard assets and to prevent fraud and that proper financial records are maintained. Management reports to the Board on material changes in the business and external environment which affect risk.
The principal procedures which have been put in place by the Board to provide effective internal control include:
- an organisation structure with clear operating and reporting procedures, authorisation limits, segregation of duties and delegated authorities;
- clearly defined management responsibilities have been established throughout the Group and the services of qualified personnel have been secured and duties properly allocated among them;
- a statement of decisions reserved to the Board;
- a risk management process which enables the identification and assessment of risks, that could impact business performance and objectives and ensures that appropriate mitigation plans are formulated to minimise the residual risk;
- a comprehensive budgeting process for each business and the central support services culminating in an annual Group budget approved by the Board;
- a comprehensive planning process for each business and the central support services culminating in an annual Group long-term plan, approved by the Board;
- a comprehensive financial reporting system with actual performance against budget, prior year, forecasts, performance indicators and significant variances reported monthly to the Board;
- a set of policies and procedures relating to operational and financial controls including capital expenditure;
- procedures for addressing the financial implications of major business risks, including financial instructions, delegation practices, and segregation of duties and these are supported by monitoring procedures;
- management at all levels are responsible for internal control over its respective business functions, and
- procedures for monitoring the effectiveness of the internal control systems include the work of the Risk and Audit Committee, management reviews, the use of external consultants and internal audit.
Internal audit considers the Group’s control systems by examining financial reports, by testing the accuracy of transactions and by otherwise obtaining assurances that the systems are operating in accordance with the Group’s policies and control requirements. Internal audit report directly to the Risk and Audit Committee on the operation of internal controls and make recommendations on improvements to the control environment if appropriate.
The Group has a robust framework in place to review the adequacy and monitor the effectiveness of internal controls covering financial, operational, risk management and compliance controls. The Board is satisfied that the system of internal control in place is appropriate for the business.
The Board has reviewed the effectiveness of the system of internal control up to the date of approval of the financial statements. The Risk and Audit Committee performed a detailed review and reported its findings back to the Board. The process used to review the effectiveness of the system of internal controls includes:
- review and consideration of the internal audit work programme and consideration of its reports and findings;
- review of the regular reporting from internal audit on the status of the internal control environment and the status of recommendations raised previously from their own reports and reports from the external auditor;
- review of reports from the external auditor which contain details of any material internal financial control issues identified by them in their work as auditors; and,
- review of the risk register reports, the counter measures in place to mitigate the risk, the remaining residual risk and actions required or being taken to further mitigate the risks.