| |
The Directors have overall responsibility for the Group’s system of internal control and for reviewing its effectiveness. To fulfil this responsibility, the Directors have established a Performance Management Framework within which each of the Group’s businesses operates. Within this framework, the management of each of the businesses considers strategic, operational, commercial and financial risks, and identifies risk-mitigation actions. Whilst acknowledging the overall responsibility for the system of internal control, the Directors are aware that the system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide reasonable, but not absolute assurance against material misstatement or loss.
During the period under review, the Directors were not aware of any control breakdowns which resulted in a material loss to the Group.
The Performance Management Framework, which includes an ongoing process for identifying, evaluating and managing the significant risks faced by the Group, has been in place throughout the financial year and up to the approval date of the Directors’ Report. Each business unit’s management identifies and assesses the key business risks affecting the achievement of its objectives. Business unit management also identifies the risk management processes used to mitigate the key risks to an acceptable level and, where appropriate, additional actions required to further manage and mitigate them. The risk summaries developed out of this process are updated at least annually. In addition, Group-level management considers those risks to the Group’s strategic objectives that may not be identified and managed at the business unit level. The key risks, which are detailed in Principal risks and uncertainties, and mitigation strategies are also discussed at least annually with the Audit Committee as well as the full Board.
The risk management processes described above are applied to major decision-making processes such as acquisitions as well as operational risks within the business including environmental, health and safety.
The other key elements of the Performance Management Framework, which constitutes the Company’s control environment, are set out below.
Business strategy reviews
Each business is required to prepare a strategic position assessment taking into account the current and likely future market environment and competitive position of the business with specific consideration given to strategic risk. Group-level management reviews the strategy with each business and the Board is presented with a summary of the plans.
Business reviews
On a quarterly basis, Group-level management performs extensive reviews with each business. These reviews consider current and projected financial and operating results, and address the progress of key strategic and operating initiatives and risk management activities.
Financial plans
Each business prepares financial plans in accordance with a prescribed format, which includes consideration of risks. Group-level management reviews the financial plans with the business units and a summary is presented to the Board for approval.
Balance sheet reviews and walkthroughs of controls
Business unit and Group-level financial management conduct periodic on-site reviews of the underlying rationale, support and controls for the significant line item components comprising the balance sheets for each business in the Group. Additionally, remote ‘walkthroughs’ of controls over transaction processes for our newer, smaller businesses and joint ventures are conducted to reach those distant locales cost-effectively.
Investment project authorisation
All significant investment project expenditures are subject to a formal investment project authorisation process which takes into account, inter alia, operational, financial and technical risks. Post-investment analysis is conducted to facilitate continuous improvement in the investment planning process, including risk identification and mitigation.
Reporting, analysis and forecasts
All businesses are required to report monthly to Group-level management on financial performance. Comparisons are made with plan, forecast and prior year, and significant variances and changes in the business environment are explained. Each business formally reassesses its forecast for the financial year on a quarterly basis with monthly updates by exception. At the half-year and during the preparation of the annual financial plan, each business prepares a forecast for the following 18 months and reviews projections for the current and following year.
Financial strategy
The financial strategy includes assessment of the major financial risks related to interest rate exposure, foreign currency exposure, debt maturity and liquidity. There is a comprehensive global insurance programme in place, relying principally on the strength of the Group’s financial reserves in the form of retained risk self-insurance in concert with the external insurance market for excess and catastrophic cover. Group Treasury manages hedging activities, relating to financial risks, with external cover for net currency transaction exposures. The Group Tax function manages tax compliance and tax risks associated with the Group’s activities. The Audit Committee, through periodic direct reports from the Group Treasurer and the Vice-President, Tax, oversees the financial strategy as well as the tax strategy, and considers the associated risks and risk-management techniques being used by the Group.
Reporting certifications
In connection with the preparation of the annual financial statements, senior business general management and financial management sign a certificate which includes a declaration regarding the existence of internal controls, the proper recording of transactions and the identification and evaluation of significant business risks. These certifications were expanded to encompass section 302 of Sarbanes-Oxley in support of statements required to be made by the Company’s Chief Executive and Finance Director.
Sarbanes-Oxley
As a foreign private issuer listed on the NYSE in the US, the Group is subject to the provisions of Sarbanes-Oxley. In particular, section 404 of Sarbanes-Oxley requires an assessment and certification by management regarding the effectiveness of internal controls over financial reporting and requires the independent auditors to express an opinion on such internal controls. Accordingly, the Group undertakes each year a comprehensive, risk-based approach to testing its internal controls to ensure compliance with the requirements of section 404 of Sarbanes-Oxley. The Company’s management is responsible for establishing and maintaining adequate internal control over financial reporting and the Company’s Chief Executive and Finance Director have issued their report attesting to the Group’s compliance with section 404 of Sarbanes-Oxley as at 2 January 2010. While management’s certification and the independent auditors’ opinion on internal controls over financial reporting are reported as required in the Company’s SEC filings, the results of its compliance with Sarbanes-Oxley also serve to underpin the internal control framework for the Group.
During the year ended 2 January 2010, there have not been any changes in the Group's internal controls over financial reporting that have materially affected, or are reasonably likely to materially affect, those controls.
The Chief Executive and the Finance Director evaluated the effectiveness of the Company’s disclosure controls and procedures (as such term is defined in Rules 13a–15(e) and 15d–15(e) under the Exchange Act) as at 2 January 2010. Based on such evaluation, those officers concluded that, as at 2 January 2010, the Company’s disclosure controls and procedures were effective in ensuring that information required to be disclosed by the Company in the reports that it files or submits under the Exchange Act is recorded, processed, summarised and reported within the time periods specified in the SEC’s rules and forms and that such information is accumulated and communicated to the Company’s management, including the Chief Executive and the Finance Director, as appropriate, to allow timely decisions regarding required disclosures.
Internal Audit
The Group has an established internal audit function; the Vice-President, Internal Audit directs the activities of the internal auditors on a day-to-day basis and has a direct reporting line to the Chairman of the Audit Committee. Internal Audit’s responsibilities include performing independent objective assurance activities in order to evaluate the adequacy and effectiveness of the Group’s system of internal control and risk management processes. The Internal Audit plan is constructed to provide geographic coverage on a cyclical basis and tailored to address specific risk concerns. During the year, Internal Audit reported regularly to the Audit Committee on its internal audit reviews of the Group’s operations.
The Directors confirm that the effectiveness of the system of internal control for the year ended 2 January 2010 has been reviewed in line with the criteria set out in the guidance for Directors in the Combined Code.
|
|
