Corporate governance
Page 4 of 5
Internal control and risk management /
The Group operates a system of internal control, which is maintained and reviewed in accordance with the Combined Code 2008 (replaced as from 1 January 2011 by the Corporate Governance Code), the Listing Rules, the Disclosure and Transparency Rules and the guidance contained in the Turnbull Report (as revised).
Internal control governance /
The Board sets out in this section the actions undertaken during the year and up to the date of this report.
Responsibilities
The Board has ultimate responsibility for ensuring that the Group adopts a suitable system of internal control and reviews this annually to ensure its effectiveness. It delegates some of this responsibility to the Audit Committee. In turn, the Audit Committee places reliance on reports it receives from management, the Group internal audit function and the external auditors. Day-to-day responsibility for embedding the Group’s system of internal controls lies with the executive and senior management teams, and the reporting and detailed consideration of internal control matters are the responsibility of the Group’s risk committees.
Internal control framework
The Group’s system of internal controls is designed to manage, but cannot eliminate, the risk of the Group not achieving its overall objectives. The Group’s internal control framework can only be expected to provide reasonable but not absolute assurance that the Group’s assets and reputation are safeguarded and are not subject to material loss or financial misstatement. The Group’s system incorporates controls designed to mitigate against strategic, financial, commercial, operational, governance and other risks. As they are not controlled by the Group, the Group’s joint ventures and associates adopt their own policies and procedures, and the Group therefore places reliance on the systems of internal controls operating within our partners’ businesses.
Whilst the control environment provides this level of reasonable assurance, nevertheless the Board recognises that aspects of the internal control framework can always be further improved and steps were taken in 2010 as follows:
| 1. | KPMG was commissioned in March to undertake a comprehensive independent review of the Group’s overall control environment and, as appropriate, to provide recommendations as to how it might be further improved. Those recommendations have now been implemented. |
| 2. | KPMG performed site visits at a dozen of the Group’s offices to conduct interviews and walkthrough testing of controls. |
| 3. | By November, the Group had revised and re-launched all of its policies and procedures globally. An online training programme for more than 500 of the Group’s senior managers facilitated the implementation of these policies. |
| 4. | The finance function reporting lines were changed and a number of key appointments were made to strengthen the financial control environment. Appointments included new regional CFOs for Aegis Media in North America and Western Europe and a new Financial Controller for Aegis Group plc. Further resources are being provided in key areas to support regional management teams. |
| 5. | The Group identified the need for, and has recruited, a Director of Risk and Audit with broad responsibility for risk management and internal control, as well as oversight of the internal audit function. The Director of Risk and Audit will report into the Audit Committee and the Group Chief Financial Officer. Following this appointment, internal audit will continue to be strengthened in 2011. |
| 6. | A new Group-wide financial reporting and consolidation system was also commissioned, to facilitate and improve the reporting process. This system is in the final stages of development and testing and will be rolled out across the Group in the first half of 2011. |
| 7. | The Group’s three risk committees now each report directly into the Audit Committee and are each chaired by the most appropriate senior executive director. Aegis Media and Synovate’s risk committees are chaired by their respective Chief Executive Officers and the Head Office risk committee is chaired by the Group Chief Financial Officer. |
| 8. | The 2010 annual self-certification compliance process has been updated and reinforced to ensure alignment with the revised policies and procedures. |
| 9. | The Group has undertaken a program of testing financial controls using Deloitte in a number of key markets and via self assessment in all other markets. Improvements identified by this testing program are being actioned by business units and monitored by internal audit. |
| 10. | The Group formalised its whistle-blowing procedures, known as “Speak-up”, and rolled them out across the Group during 2010. |