Internal Control & Risk Management
The Company has established an Internal control framework encompassing both its financial and non-financial controls, the effectiveness of which is regularly reviewed by the Board and senior executives, including the Associate Directors.
The Board is ultimately responsible for maintaining the effectiveness of the Group's risk management processes and the system of internal control, whilst it is the role of management to implement Board policies on risk and control. The Board is assisted in discharging its duties by the Audit Committee, which provides a direct link to both internal and external auditors through regular meetings. Such a system is designed to effectively manage, rather than eliminate, the risks that are significant to the fulfilment of the Group's business objectives of long-term growth of shareholder value via the maximisation of future earnings, and the safeguarding of the Group's assets.
In accordance with the requirements of the Code, the Group has operated a continuous process for identifying, evaluating and managing any significant risk faced by the Group. The process is designed to ensure that all significant risks to the achievement of the Group's objectives are identified on a timely basis, assessed and managed effectively.
Any system of internal control can only provide reasonable and not absolute assurance that all significant business risks will be fully mitigated. However, by ensuring that the system of internal control reflects the risk environment in which the Group operates, the system should provide adequate assurance that the key risks facing the Group are properly managed.
The Board sets the overall strategy and policy of the Group and has put in place a well-defined organisational structure, with clearly understood lines of responsibility and delegation of authority to help ensure that strategies and policies are effectively implemented and adhered to.
Detailed operational procedures are adopted and followed by the Group's principal functional activities and are designed to incorporate key controls. These key controls are subject to periodic review to ensure that they are being operated effectively and that they are suitable to manage any significant business risks faced by the Group. Staff can raise concerns regarding any impropriety over financial reporting or other matters through a "whistle blowing" policy.
The risk management processes and internal controls are continuously reviewed for effectiveness and assessed by the Board, as part of their Executive responsibilities. The Board considers all significant aspects of internal control, including financial, operational and compliance controls, as well as the risk management process adopted by the Group, and believes this will provide the ability to promptly identify and appropriately respond to areas of material concern. The review process is based on the reports made to the Board by the Risk Control/Internal Audit Manager and the Associate Director of Retail Audit, as well as other ad hoc reports from Management. The Board also takes into consideration any matters raised by the Audit Committee. The Audit Committee has reviewed both the effectiveness and level of internal audit resources available within the Group and believes that it is appropriate for the size and nature of the risks facing the Group.