Internal control
The Board has overall responsibility for the system of internal control. A sound system of internal control is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss. The process of managing the risks associated with social, environmental and ethical impacts is also discussed under “Corporate responsibility”.
The Board has established procedures that implement in full the Turnbull Guidance “Internal Control: Revised Guidance for Directors on the Combined Code” for the year under review and to the date of approval of the annual report. These procedures, which are subject to regular review, provide an ongoing process for identifying, evaluating and managing the significant risks faced by the Group. See the management’s report on internal control over financial reporting.
Monitoring and review activities
There are clear processes for monitoring the system of internal control and reporting any significant control failings or weaknesses together with details of corrective action. These include:
- a formal annual confirmation provided by the Chief Executive and Chief Financial Officer of each Group company certifying the operation of their control systems and highlighting any weaknesses, the results of which are reviewed by regional management, the Audit Committee and the Board;
- a review of the quality and timeliness of disclosures undertaken by the Chief Executive and the Chief Financial Officer which includes formal annual meetings with the operating company or regional chief executives and chief financial officers and the Disclosure Committee;
- periodic examination of business processes on a risk basis including reports on controls throughout the Group undertaken by the Group internal audit department who report directly to the Audit Committee; and
- reports from the external auditors on certain internal controls and relevant financial reporting matters, presented to the Audit Committee and management.
Any controls and procedures, no matter how well designed and operated, can provide only reasonable and not absolute assurance of achieving the desired control objectives. Management is required to apply judgement in evaluating the risks facing the Group in achieving its objectives, in determining the risks that are considered acceptable to bear, in assessing the likelihood of the risks concerned materialising, in identifying the Company’s ability to reduce the incidence and impact on the business of risks that do materialise and in ensuring that the costs of operating particular controls are proportionate to the benefit.
Review of effectiveness
The Board and the Audit Committee have reviewed the effectiveness of the internal control system, including financial, operational and compliance controls and risk management, in accordance with the Combined Code for the period from 1 April 2008 to 19 May 2009, the date of approval of the Group’s annual report. No significant failings or weaknesses were identified during this review. However, had there been any such failings or weaknesses, the Board confirms that necessary actions would have been taken to remedy them.
Disclosure controls and procedures
The Company maintains “disclosure controls and procedures”, as such term is defined in Exchange Act Rule 13a-15(e), that are designed to ensure that information required to be disclosed in reports the Company files or submits under the Exchange Act is recorded, processed, summarised and reported within the time periods specified in the Securities and Exchange Commission rules and forms, and that such information is accumulated and communicated to management, including the Company’s Group Chief Executive and Chief Financial Officer, as appropriate, to allow timely decisions regarding required disclosure.
The directors, the Chief Executive and the Chief Financial Officer have evaluated the effectiveness of the disclosure controls and procedures and, based on that evaluation, have concluded that the disclosure controls and procedures are effective at the end of the period covered by this document.