Risk management

The Board confirms that there is an ongoing process for identifying, evaluating and managing significant risks faced by the Company, including those risks relating to social, environmental and ethical matters. This process was in place throughout the year under review and up to the date of approval of the Annual Report and accords with the revised guidance on internal control published in October 2005 (the “Turnbull Guidance”). The Audit Committee has kept under review the effectiveness of the system of internal control and has reported regularly to the Board. The key features of the risk management process are as follows:

· the Company has an internal Risk Committee which is responsible for monitoring the nature and extent of the risks across the business;

· the business conducts half yearly risk assessments based on identified business objectives which are reviewed and agreed by its executive management. Risks are categorised into strategic, operational, financial and compliance and are evaluated in respect of their potential impact and likelihood. These risk assessments are reviewed and updated quarterly by the Risk Committee and are reported to and reviewed by the executive management and Audit Committee; and

· the results of the business risk assessment form one of the bases for determining the internal audit plan. Audit reports in relation to the areas reviewed are discussed with the Risk Committee and agreed with the Audit Committee.

Internal control

The Company has an established framework of internal controls covering both financial and non-financial controls, the effectiveness of which is regularly reviewed by the executive management and the Board.

The Board is responsible for overall Group strategy, for approving revenue and capital budgets and plans, for approving major acquisitions and disposals and for determining the financial structure of the Group, including treasury and dividend policy.

The Board has established an organisational structure with clearly defined reporting lines and controls at all levels of management across the business, identifying transactions requiring approval by the Board or by the Approvals Committee.

The Approvals Committee, which comprises the Group Chief Executive and Chief Financial Officer, and for commercial transactions the relevant member of the executive management, is authorised by the Board to approve routine matters within agreed financial limits.

The Audit Committee assists the Board in the discharge of its duties regarding the Group’s accounts, accounting policies and the maintenance of proper internal financial controls.

The system of financial control also includes:

· a comprehensive system for budgeting and planning together with monitoring and reporting the performance of the Company’s business to the Board. Monthly results are reported against budget and prior year, and forecasts for the current financial year are regularly revised in the light of actual performance. These cover profits, cash flows, capital expenditure and balance sheets;

· a full appraisal of all major investment projects;

· key controls over major business risks including reviews against performance indicators and exception reporting, and the preparation of monthly management accounts;

· monthly reporting of treasury activities and risks, for review by senior executives; and

· annual reports covering treasury policies, pensions and insurance, for review by the Board and Audit Committee.

Additional non-financial controls include:

· key performance indicators to monitor customer service levels at every location, whilst summary level results are reported to the Board monthly;

· independent customer satisfaction surveys;

· a corporate responsibility programme which addresses the impact of the Company’s activities on the environment, workplace, marketplace and community;

· a Corporate Responsibility Committee which is responsible for reviewing delivery against corporate responsibility objectives, with annual updates provided to the Board;

· an Environmental Policy, which is reviewed annually by the Board;

· a Health and Safety Policy, which is reviewed annually by the Board;

· a Risk Management team, working with the business to assess health and safety risks and introduce systems to mitigate them. Details of major business incidents are reported to the Risk and Audit Committees and all notified accidents are investigated;

· reports under the Reporting of Injuries, Diseases and Dangerous Occurrence Regulations provided to the Board on a monthly basis;

· a commitment by the Company to ensure that its personnel meet high standards of integrity and competence. The Company’s systems cover recruitment, training and development of personnel, and the communication of Company policies and procedures throughout the organisation;

· business recovery plans to enable the business to continue with minimum disruption to customers in the event of a disaster. These plans are reviewed by the Risk and Audit Committees;

· a Code of Business Conduct (including whistle-blowing) which takes into account the interests of all stakeholders; and

· strict guidelines for the use of confidential customer data.

The Internal Audit team assists in maintaining adequate financial controls. It is also responsible for reviewing the effectiveness of those controls by undertaking an agreed schedule of internal audits each year and reporting its findings to the executive management, Risk and Audit Committees. The schedule of internal audits forms part of an audit plan approved by the Audit Committee annually.

Internal Audit meets annually with senior executives in order to complete a formal certification of the effectiveness of internal controls. These certificates are submitted to the Risk Committee. In turn, the Risk Committee provides a certificate to the Audit Committee in order to assist the Board with conducting its annual review of the effectiveness of internal controls in compliance with the Turnbull Guidance.

The Audit Committee has carried out a specific review of the effectiveness of the system of internal control during the year. This assessment considered all significant aspects of internal control arising during the period covered by this report including the work of internal audit. During the course of this review, the Audit Committee has not identified nor been advised of any failings or weaknesses which it has determined to be significant. Therefore a confirmation in respect of necessary actions has not been considered appropriate.