The Board has overall responsibility for the Group’s internal control systems and for monitoring their effectiveness. Implementation and maintenance of the internal control systems are the responsibility of the executive directors and senior management. The effectiveness of the internal control systems is reviewed regularly by the Audit Committee, the main operating boards, the Group Risk and Compliance Committee during 2009 and the Risk Committee going forwards.
The Board regularly reviews actual and forecast performance of its businesses against their one year plans and other key performance indicators. Lines of responsibility and delegated authorities are clearly defined. The Group’s control policies and procedures are published on a dedicated intranet site, which is regularly updated and accessible throughout the Group. Senior managers are required to confirm compliance with these policies throughout the year. The results of this confirmation process are considered by the Audit Committee on behalf of the Board.
The Combined Code requires directors to review and report to shareholders on the Group’s internal control systems, which include financial, operational and compliance controls, and risk management.
The Board has controls in place to identify, evaluate and manage significant risks faced by the Group on an ongoing basis and for determining the effectiveness of the system of internal controls. Where failings or weaknesses are identified, actions are taken to remedy those failings or weaknesses. Established procedures, including those already described, are in place to comply with the Code. The Board assesses the effectiveness of internal control systems on the basis of:
- Regular reports by management to the main operating boards and the Audit Committee on the adequacy and effectiveness of internal control systems and significant control issues.
- The Group Risk and Compliance Committee’s review of the process for formally identifying, evaluating and managing the significant risks to the achievement of the Group’s objectives. In 2010, the Risk Committee will also have a role in this review.
- The regular compliance reports from the Group Risk and Compliance Director.
- Reports from the Group Chief Internal Auditor to the Audit Committee on the results of internal audits.
The Board takes regular account of the significance of social, environmental and ethical matters to the businesses of the Group. The work of the CSR Committee, which is chaired by the Group Chief Executive, is outlined in the CSR Committee report section.
The Group’s internal control systems are designed to manage, rather than eliminate, the risk of failure to meet business objectives and can only provide reasonable, but not absolute, assurance against material misstatement or loss. In assessing what constitutes reasonable assurance, the Board has regard to materiality and to the relationship between the cost of, and benefit from, internal control systems.
For 2009, the Board was able to conclude, with reasonable assurance, that appropriate internal control systems were maintained throughout the year.
