Skip to content

Corporate governance statement

Internal control and risk management

Internal control

The Directors are responsible for maintaining, and for reviewing the effectiveness of, the Company’s system of internal control including internal financial control. This is designed to provide reasonable, but not absolute, assurance regarding (a) the safeguarding of assets against unauthorised use or disposition and (b) the maintenance of proper accounting records and the reliability of financial information used within the business or for publication. These controls are designed to manage rather than eliminate the risk of failure to achieve business objectives due to circumstances which may reasonably be foreseen and can only provide reasonable and not absolute assurance against material misstatement or loss.

Internal control over financial reporting

The Company has in place internal control and risk management systems in relation to the Company’s financial reporting process and the Group’s process for the preparation of consolidated accounts. These systems are described above and in more detail under the headings ‘Internal control framework’ and ‘Risk management’.

During the financial year, no changes in risk management and internal control systems over financial reporting have occurred that have materially affected, or are reasonably likely to have materially affected, the Group’s financial reporting.

Standing instructions

In response to The Bribery Act 2010, the Company recently revised and is relaunching its code on business integrity covering matters such as bribery, business conduct and ethics. It is one of a number of Standing Instructions to employees of the Group designed to enhance internal control. Along with the Finance Standing Instructions, these are regularly updated and made available to staff through the Company’s intranet.

Organisation structure

A clear organisational structure exists, detailing lines of authority and control responsibilities. The performance management system establishes targets, reinforces accountability and awareness of controls, and identifies appropriate training requirements.

Information systems

Information systems are developed to support the Company’s long-term objectives and are managed by a professionally staffed Technology Services team within the Chief Financial Officer’s organisation. Appropriate policies and procedures are in place covering all significant areas of the business.

Strategic plan

The business agenda is determined by the strategy setting out the agreed targets for financial return and service standards, and identifying and prioritising improvement opportunities to deliver those targets. Each year the Board approves the strategy, which is supported by a detailed financial plan for the year ahead. Progress against the plan is regularly monitored.

Management accounting system

A comprehensive management accounting system is in place providing management with financial and operational performance measurement indicators. Detailed management accounts are prepared monthly to cover each major area of the business. Variances from plan and previous forecasts are analysed, explained and acted on in a timely manner. As well as regular Board discussions, monthly meetings are held by the Management Team to discuss performance with specific projects being discussed when required. Throughout 2009/10, the Capital Investment Committee, chaired by the Chief Financial Officer, was instrumental in maintaining tight control of capital and major contract expenditure and headcount. All major corporate projects are audited regularly.

Internal control framework

Effective corporate governance remains key to the business. The Company continues to review its internal control framework to ensure it maintains a strong and effective internal control environment. The effectiveness of the framework has been under regular review by the Management Board. The Group will continue to comply with the Combined Code on corporate governance and the UK Listing Authority rules.

Business controls are reviewed on an ongoing basis by the internal control function which operates internationally and to a programme based on risk assessment. Professionally qualified personnel manage the department with experience gained from both inside and outside the industry. A risk-based audit plan, which provides assurance over key business processes and commercial and financial risks facing the Company, is approved by the Audit Committee quarterly.

The Audit Committee considers significant control matters raised by management and both the internal and external auditors and reports its findings to the Board. Where weaknesses are identified, the Audit Committee ensures that management takes appropriate action. No significant failings or weaknesses were identified during 2009/10.

Risk management

The Company has a structure and process to help identify, assess and manage risks. This process has been in place throughout the year to which these statements apply and up to the date of their approval.

The Risk Group consists of the Management Board, the Head of Corporate Risk and Internal Control and key senior executives. Meeting quarterly, it reviews the Company’s key risks contained in the corporate risk register and ensures that all new and emerging risks are appropriately evaluated and any further actions identified. The Risk Group also provides policy and guidance to those responsible for managing the individual risks and to the departmental risk leaders.

The management of each major area of corporate risk is subject to review by an appropriate ‘assurance body’. This includes a review of the controls in place to mitigate the risks and the further actions being taken by management. The Risk Group reports quarterly to the Audit Committee to assist the Board in the management of risk in accordance with the October 2005 Revised Guidance for Directors on the Combined Code.

The risk management process includes multiple opportunities for rigorous discussion and debate to assess the relative profile of each risk to the other. The outcome includes a heat map. This plots each critical risk on an impact and likelihood scale. For each critical risk, mitigating actions exist and are actively managed. This process is iterative and refreshed on an ongoing basis. This report does not include the mapped results and mitigating actions for the principal risks because of the sensitive commercial nature of some of management’s plans.

Liquidity risk is discussed in more detail within the Chief Financial Officer’s statement. The Company’s Treasury Committee, chaired by the Group Treasurer, is responsible for managing liquidity risk and operates within clearly defined parameters.


Resolutions to reappoint the retiring auditor, Ernst & Young LLP, and to authorise the Directors to determine its remuneration will be proposed at the 2010 Annual General Meeting.

back to top