Corporate Governance - Internal Controls
The Board is responsible for ensuring that there is a system of internal control and for reviewing its effectiveness. Such a system
is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable
and not absolute assurance against material misstatement or loss. The Board has implemented the Guidance on Internal Control
(the “Turnbull Guidance”) and confirms that the necessary procedures and management structures have been in place for the year
under review and up to the date of approval of the Annual Report and Accounts. these procedures provide for a continuous process
for identifying, evaluating and managing the significant risks the Group faces. The Board has incorporated into its meeting calendar
and agenda, procedures to enable risk management and internal control to be considered on a regular basis during the year and,
at its meeting on 27 November 2007, the Board undertook a specific full risk and internal control assessment of the Group’s
operations based on reports and analyses from the Audit and Risk Management Committees and from the Group’s internal auditor.
The Board has, therefore, in compliance with the Combined Code, formally reviewed the effectiveness of the Group’s system
of internal control. The Board’s monitoring procedures cover all controls including financial, operational and compliance controls
and risk management. These monitoring procedures are based, principally, on complementary strategic and business unit risk
appraisals conducted in conjunction with the Group’s risk management advisers and the Group’s internal auditor. It has conducted
a formal annual review covering all controls including financial, operational, compliance and risk management in accordance with
the Internal Control Guidance for Directors on the Combined Code. Following its review the Board determined that it was not aware
of any significant deficiency or material weakness in the system of internal control. The Audit Committee, supported by a UK/Europe
Executive Risk Management Group and a US Executive Safety Committee, has been delegated responsibility by the Board for
discharging its internal control review responsibilities. A summary of the principal internal control structure and risk management
processes in place across the Group is set out below.
Whilst the management of each business unit is responsible for internal control and risk management within its own business
and for ensuring compliance with the Group’s risk management and internal control programme, Executive Risk Management
Groups have been established in both the UK/Europe and the US. These groups meet on a quarterly basis and, with the support
of the Company’s insurers and risk management consultants, engage the Group’s senior operational management in monitoring
risk assessments, reviewing action plans on improving internal controls, evaluating new risk management initiatives and considering
insurance related issues and claims trends aimed at embedding a risk management culture throughout the Group.
There is also a comprehensive Group-wide system of budget planning with frequent reporting of results to each level of management
as appropriate, including monthly reporting to the Board. Budgetary planning reviews, involving the Executive Directors and Divisional
Executives, include the identification and assessment of business and financial risks inherent in each Division with the key issues
evaluated by the Board.
Material associates have not been dealt with as part of the Group for the purposes of applying the Turnbull Guidance.
The Chairman of the Audit Committee reports to the Board on internal control and risk management issues following each
Audit Committee meeting.
The Board has formal procedures in place for the approval of investment and acquisition projects, with designated levels of authority,
supported by post investment review processes for all major acquisitions and major capital expenditure.