Internal control and risk management
The board has overall responsibility for the group’s system of internal control and for reviewing its effectiveness.
The board reviews the effectiveness of the system of internal control, including financial, operational, compliance and risk management, at least annually in accordance with the requirements of the Combined Code and the guidance set out within it. The system of internal control is reviewed for effectiveness and adequacy.
Such systems can only provide reasonable and not absolute assurance against material misstatement or loss, as they are designed to manage rather than eliminate the risk of failure to achieve business objectives.
The board reviews risk management and the effectiveness of the system of internal control through the Audit Committee. The board also keep under review ways in which to enhance the control and audit arrangements in the group. The Audit Committee receives reports every six months from the Group Chief Executive on the significant risks faced by the group, an assessment of the effectiveness of controls over each of those risks and an action plan to improve controls where this has been assessed as necessary. Any significant control weaknesses that have been identified as requiring remedy are also reported to the Audit Committee. The Auditors also report on significant control issues to this committee. The Internal Audit department provides objective assurance and advice on risk management and control.
The board confirms that procedures providing an ongoing process for identifying, evaluating and managing the principal risks faced by the group, have been in place for the year to 31 March 2007 and up to the date of the approval of the Annual Report.
Key elements of the group’s processes and procedures are: an organisation structure with clear lines of accountability; regular, structured reviews of business risk by senior management; a scheme of delegated authority; pre-approval of plans, budgets and significant investments; monthly reporting and monitoring of financial results, regulatory compliance and other key business measures; and independent assurance provided by both internal and external auditors.
Work continues to review and improve the system of internal controls across the group. Any controls weaknesses identified have action plans to remedy them and those plans are monitored by the Audit Committee and management team.
