Risk management and internal control

The Board acknowledges its overall responsibility for monitoring the Group’s risk management and internal control systems to facilitate the identification, assessment and management of risk and the protection of shareholders’ investments and the Group’s assets. The directors recognise that they are responsible for providing a return to shareholders, which is consistent with the responsible assessment and mitigation of risks.

The directors confirm that there is a process for identifying, evaluating and managing the risks faced by the Group and the operational effectiveness of the related controls, which has been in place for the year under review and up to the date of approval of the annual report. They also confirm that they have regularly monitored the effectiveness of the risk management and internal control systems (which cover all material controls including financial, operational and compliance controls) utilising the review process set out below.


There are guidelines on the minimum group-wide requirements for health and safety and environmental standards. There are also guidelines on the minimum level of internal control that each of the divisions should exercise over specified processes. Each business has developed and documented policies and procedures to comply with the minimum control standards established, including procedures for monitoring compliance and taking corrective action. The board of each business is required to confirm twice yearly that it has complied with these policies and procedures.

High-level controls

All businesses prepare annual operating plans and budgets which are updated regularly. Performance against budget is monitored at business unit level and centrally, with variances being reported promptly. The cash position at Group and business level is monitored constantly and variances from expected levels are investigated thoroughly.

Clearly defined guidelines have been established for capital expenditure and investment decisions. These include the preparation of budgets, appraisal and review procedures and delegated authority levels.

Financial reporting

Detailed management accounts are prepared every four weeks, consolidated in a single system and reviewed by senior management and the Board. They include a comprehensive set of financial reports and key performance indicators covering commercial, operational, environmental and people issues. Performance against budgets and forecasts is discussed regularly at Board meetings and at meetings between operational and Group management. The adequacy and suitability of key performance indicators is reviewed regularly. All chief executives and finance directors of the Group’s operations are asked to sign an annual confirmation that their business has complied with the Group Accounting Manual in the preparation of consolidated financial statements and specifically to confirm the adequacy and accuracy of accounting provisions.

Internal audit

The Group’s businesses employ internal auditors (both employees and resources provided by major accounting firms other than the firm involved in the audit of the Group (except where expressly permitted by the Audit Committee)) with skills and experience relevant to the operation of each business. All of the internal audit activities are co-ordinated centrally by the Group’s Director of Financial Control, who is accountable to the Audit Committee.

All Group businesses are required to comply with the Group’s financial control framework that sets out minimum control standards. A key function of the Group’s internal audit resources is to undertake audits to ensure compliance with the financial control framework and make recommendations for improvement in controls where appropriate. Internal audit also conducts regular reviews to ensure that risk management procedures and controls are observed. The Audit Committee receives regular reports on the results of internal audit’s work and monitors the status of recommendations arising. The Committee reviews annually the adequacy, qualifications and experience of the Group’s internal audit resources and the nature and scope of internal audit activity in the overall context of the Group’s risk management system. The Group’s Director of Financial Control meets with the Chair of the Audit Committee as appropriate but at least quarterly, without the presence of executive management, and has direct access to the Chairman of the Board.

Assessment of principal risks

The directors confirm that, during the year, the Board has carried out a robust assessment of the principal and emerging risks facing the Group, including those that could threaten its business model, future performance, solvency or liquidity. A description of the principal and emerging risks and how they are being managed and mitigated is set out on pages 94 to 101 of our Annual Report 2022.

Annual review of the effectiveness of the systems

During the year, the Board reviewed the effectiveness of the Group’s systems of risk management and internal control processes embracing all material systems, including financial, operational and compliance controls, to ensure that they remain robust. The review covered the financial year to 17 September 2022 and the period to the date of approval of the Annual Report 2022. The review included:

  • the annual risk management review, a comprehensive process identifying the key external and operational risks facing the Group and the controls and activities in place to mitigate them, the findings of which are discussed with each member of the Board individually (refer to the risk management section on pages 94 to 101 of the Annual Report 2022 for details of the process undertaken); and
  • the annual assessment of internal control, which, following consideration by the Audit Committee, provided assurance to the Board around the control environment and processes in place around the Group, specifically those relating to internal financial control.

The Board evaluated the effectiveness of management’s processes for monitoring and reviewing risk management and internal control. No significant failings or weaknesses were identified by the review and the Board is satisfied that, where areas of improvement were identified, processes are in place to ensure that remedial action is taken and progress monitored.

The Board confirmed that it was satisfied that the systems and processes were functioning effectively and complied with the requirements of the 2018 Code.




Our use of cookies

We use necessary cookies to make our site work. We’d also like to set optional analytics cookies to help us improve it. We won’t set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie policy

Analytics cookies

We’d like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

For more detailed information about the cookies we use, see our Cookie policy