Risk Management

An ongoing process for identifying, evaluating and managing the significant risks we face has remained in place throughout the year and up to the date of approval of this report. The process is subject to regular review by the Board directly and by the Audit & Risk Committee.

The process accords with the Turnbull Guidance on Internal Control for directors, as applicable for this accounting period. Although the Board's overall responsibility for internal control is recognised, the positive contribution made by senior management to the establishment and ongoing development of risk management within the Group is acknowledged.

In reviewing the effectiveness of our system of internal control, the Board has taken into consideration a number of key elements, which include financial controls, investment controls, management reporting and the various review, steering, policy and Board committees.

The following illustrate how the risk management process and the system of internal control operated during 2009:

Group Internal Audit

The Head of Internal Audit has recruited a skilled and experienced team to enable the agreed strategy to be fulfilled. The internal audit plan is risk based and has a focus on those areas which are critical to the achievement of business objectives.

Audit & Risk Committee

The role of the Audit & Risk Committee includes the review, update and approval of the annual internal audit plan, direction to the Internal Audit function, to external auditors and to management in the review of internal financial controls. The Audit & Risk Committee alerts the Board to any emerging issues and considers the draft papers prepared for the annual review of effectiveness of the risk management procedures adopted by the Company prior to being submitted to the Board for approval.

Risk Management Group

The Risk Management Group is formed of the Executive Committee together with invited senior executives. The Secretary and Group Legal Director co-ordinates the risk management activities of the Risk Management Group working closely with members of the Internal Audit department. The agreed objectives for the risk management framework have been achieved during the year and all significant risks have been reviewed. A risk map has been developed and regularly updated to show the actions taken to minimise risks throughout the Group, the policies in force and the other sources of assurance upon which reliance is placed to mitigate risk.

Divisional and Group functional key risks

To enable consistent and focused monitoring, reporting, evaluation and management of significant Group risks, the Executive Committee owner of each key risk and the relevant senior managers have reviewed the plans, actions and initiatives which have taken place or are underway and documented them in the risk map.

Year end compliance reporting

A formal process exists for year end risk management compliance reporting, requiring senior operating company, divisional and Group executive management to confirm their responsibilities for risk management and internal control. Ultimate compliance reporting is required of each and every Board member.

Steps have been taken to embed internal control and risk management further into the operations of the business and to deal with areas of improvement which come to the attention of management and the Board. The Group's systems of internal control are designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material mis-statement or loss.

Further relevant information is included in the Corporate Responsibility report, published on pages 44 to 45 of the 2010 Annual Report.