The Board has ultimate responsibility for the Group’s risk management framework and system of internal control and the ongoing review of their effectiveness. The Board has reviewed the Group’s system of controls including financial, operational, compliance and risk management on a regular basis throughout the year. However, any such system can only provide reasonable and not absolute assurance against any material misstatement or loss.
The Company has established processes and procedures necessary to enable the Directors to report on internal controls in compliance with the Code. These processes and procedures involve the analysis, evaluation and management of the key risks to the Group.
The other key elements of the Group’s system of internal control include:
- a comprehensive system of financial reporting;
- an organisational and management Board structure with clearly defined levels of authority and division of responsibilities;
- a Risk Committee, which is chaired by the Chief Executive Officer and is attended by representatives from senior management and operational staff. The Risk Committee formally reports to the Audit Committee twice a year; and
- a programme of site audit visits, covering a significant proportion of the sites each year. Although the Group does not have a dedicated internal audit function, an operational, finance and health and safety audit are carried out at the estates by qualified Head Office personnel. The results of the audits are reported to and reviewed by the Risk and Audit Committees and appropriate action taken as required.
The Risk Committee reviews and identifies risks facing the Group and ensures that appropriate controls are in place to review each issue raised. Each identified risk is assigned a ‘Risk Owner’. The Risk Committee have also devised an annual plan of work where a review is undertaken of particular areas of the business. Depending on the nature of the project, a third-party consultant may be appointed to assist in the review.
The Group has continued to develop its risk management framework and has reappraised its risks in the light of the changes in the external environment during the last year.
The Group has also considered the requirements of the Bribery Act 2010 and taken steps to ensure that it has adequate procedures as set out by the Act.
The Group continues to strengthen its risk management processes to ensure these are embedded as part of the Group’s culture. The Turnbull Guidance sets out best practice on internal control to assist companies in applying the Code’s principles with regards to internal control. The Board, with advice from the Audit Committee continues to review the effectiveness of internal control with no significant failings or weaknesses identified.