The directors are responsible for the Group’s established system of internal control and for reviewing its effectiveness. The Directors confirm that the actions it consider necessary have been or are being taken to remedy any significant failings or weaknesses identified from its review of the system of internal control. This has involved matters reported to it and developing plans and programmes that it considers are reasonable in the circumstances. The Board also confirms that it has not been advised of material weaknesses in the part of the internal control system that relates to financial reporting. No system of internal control can provide absolute assurance against material misstatement or loss. Such a system is designed to provide the directors with reasonable assurance that problems are identified on a timely basis and dealt with appropriately. The key procedures that have been established and designed to provide effective internal financial control are:
Part of the comprehensive management reporting discipline involves the preparation of detailed annual budgets by all operating units. These budgets are reviewed by the executive directors and are then summarised and submitted to the Board for approval. Weekly revenue and profit forecasts are received from all operating units followed by monthly management accounts, which are prepared promptly and reported against the approved budget. Consolidated monthly management accounts, including detailed profit analysis (with comparisons to budget, latest forecasts and prior year together with a treasury report (including comparison to our financial covenants)) are prepared providing relevant, reliable and up to date financial and other information to the Board. Profit and cash flow forecasts for the current year are prepared and submitted to the Board four times during the year.
We have a clearly defined framework for capital expenditure which is controlled centrally. Appropriate authorisation levels and limits beyond which such expenditure requires the prior approval of the executive directors, or in certain circumstances, the Board, are clearly established. There is a prescribed format for capital expenditure applications which places a high emphasis on the overall Group strategy or support for the expenditure and requires a comprehensive and justified financial appraisal of the business case being put forward. All significant corporate acquisitions or investments are controlled by the Board or a Board sub-committee, and are subject to detailed investment appraisal and performance of due diligence procedures prior to approval by the Board.
A number of our key functions, including treasury, taxation, internal audit, risk management, litigation, IT strategy and development, environmental issues and insurance are dealt with centrally. Each of these functions reports to the Board on a regular basis, through the Chief Executive or the Group Finance Director. The treasury function operates within the terms of clearly defined policy statements. The policy statements exist to ensure that we are not exposed to any unnecessary risk and that where appropriate there is hedging against foreign currency and interest rate risks. The Audit & Risk Committee reviews reports from management, the internal audit department and the external auditors to provide reasonable assurance that internal control procedures are in place and are being followed. Formal procedures have been established for instituting appropriate action to correct weaknesses identified from the above reports.
An ongoing process is in place for identifying, evaluating and managing the significant risks we face. The process is subject to regular review by the Board directly and by the Audit & Risk Committee. The process accords with the FRC Internal Control: Guidance to Directors (formerly known as the Turnbull Guidance. Although the Board’s overall responsibility for internal control is recognised, the positive contribution made by senior management to the establishment and ongoing development of risk management within the Group is acknowledged. In reviewing the effectiveness of our system of internal control, the Board takes into consideration a number of key elements, which include financial controls, investment controls, management reporting and the various review, steering, policy and Board committees.
Group Internal Audit
Following a review, the shape and structure of the internal audit team changed at the end of the financial year. The Head of Risk and Audit is a chartered accountant with six years of internal audit experience at the Company and six years with the National Audit Office. He will oversee a risk based internal audit programme using the services of outsourced contract providers.
The internal audit plan is risk based and has a focus on those areas which are critical to the business objectives.
Audit & Risk Committee
The role of the Committee includes the review, update and approval of the annual internal audit plan, direction to the internal audit function, to external auditors and to management in the review of internal financial controls.
Risk Management Group
The Risk Management Group is formed of the executive directors together with invited senior executives. The Head of Risk & Internal Audit co-ordinates the risk management activities of the Risk Management Group working closely with members of the internal audit department. The agreed objectives for the risk management framework have been achieved during the year and all significant risks have been reviewed. A Risk Map has been developed and regularly updated to show the actions taken to minimise risks throughout the Group, the policies in force and the other sources of assurance upon which reliance is placed to mitigate risk.
Divisional and Group functional key risks
To enable consistent and focused monitoring, reporting, evaluation and management of significant Group risks, the executive committee owner of each key risk and the relevant senior managers have reviewed the plans, actions and initiatives which have taken place or are underway and documented them in the risk map.
Year end compliance reporting
A formal process exists for year end risk management compliance reporting, requiring senior operating company, divisional and Group executive management to confirm their responsibilities for risk management and internal control. Ultimate compliance reporting is required of each and every Board member.
Steps have been taken to embed internal control and risk management further into the operations of the business and to deal with areas of improvement which come to the attention management and the Board. The Group’s systems of internal are designed to manage rather than eliminate the risk of failure achieve business objectives and can only provide reasonable absolute assurance against material misstatement or loss.
External auditors' independence
The Audit & Risk Committee, with the assistance of the Head of Risk and Internal Audit, followed a process to review and monitor the external auditors' independence and objectivity and the effectiveness of the audit process. Further information can be found on pages 42 and 43 of the 2015 Annual Report.
Engagement of non-audit services
The Board has adopted a formal policy on the engagement of the external auditors to supply non-audit services. Generally, the auditor will not be engaged to provide any additional services other than tax or accountancy advice and circulation audits. There may however, be circumstances where it would be in the Company’s and shareholders' interests if the auditor was engaged. Such circumstances are likely to be relating to either exceptional transactions or deemed not to be of a material nature. In all circumstances, the engagement of the auditor for non-audit work must be approved in advance by the Chairman of the Audit & Risk Committee.