Internal Control and Risk Management

Risk management strategy and framework

The objectives of the Directors and senior management are to safeguard and increase the value of the business and assets of the Group. Achievement of these objectives requires the development of policies and appropriate internal control frameworks to ensure the Group’s resources are managed properly and any key risks are identified and mitigated, where possible.

The Board recognises that it is ultimately responsible for determining the nature and extent of the principal risks it is willing to take to achieve its strategic objectives. It also recognises the need to define a risk appetite for the Group, to maintain sound risk management and internal control systems and to monitor its risk exposures and mitigations to ensure that the nature and extent of risks taken by the Group are consistent and aligned with its strategic objectives.

The Board confirms that there is an ongoing process for identifying, evaluating and managing the principal risks faced by the Company and that these systems, which are subject to regular monitoring and review, have been in place for the year under review and up to the date of approval of the Annual Report and financial statements.

The Board further confirms that the systems, processes and controls in place accord with the guidance contained in the Financial Reporting Council’s “Guidance on Risk Management, Internal Control and Related Financial Business Reporting”.

The Audit Committee monitors the effectiveness of the risk management and internal control processes implemented across the Group, through regular updates and discussions with management and a review of the key findings presented by the external and internal auditors. The Board is responsible for considering the Audit Committee’s recommendations and ensuring implementation by management of those recommendations it deems appropriate for the business. A description of the Audit Committee’s activities during the year on risk management can be found at /about-us/governance/audit-committee/ or on page 60 of the 2015 Annual Report.

During 2015, in accordance with provision C.2.3 of the UK Corporate Governance Code, the Board instructed the Audit Committee to undertake a robust review of the effectiveness of the Group’s risk management and internal control systems, covering all material controls including financial, operational and compliance controls. The Audit Committee reported its findings to the Board. From this review of the risk management and internal control systems, the Board did not identify, nor was it advised of, any failings or weakness which it would determine to be significant. The Board concluded that the Group’s risk management and internal control systems and processes were operating effectively and therefore a confirmation in respect of necessary actions to be undertaken has not been considered appropriate.

The Group operates on a decentralised basis and the Board has established an organisational structure with clear reporting procedures, lines of responsibility and delegated authority. Consistent with this, the Group operates a top-down/bottom-up approach to risk management, comprising Board and senior management oversight coupled with bottom-up risk management embedded in the day-to-day activities of its individual businesses.

Risk appetite

The Board has undertaken a comprehensive exercise to consider its risk appetite across a number of key business risk areas. The results of this review indicate the relative appetite of the Board across the risk factors at a specific point in time. Any material changes in risk factors will impact the Board’s assessment of its risk appetite.

The Board has a higher risk appetite towards its strategic and operational risks and a balanced appetite towards macro-economic and political risk. The Board seeks to minimise all health and safety risks and has a low risk appetite in relation to legal, compliance and regulatory risk. Similarly, a conservative appetite is indicated by the Board with respect to pension and finance-related risks.

The results of the risk appetite review will support the Board’s decision making processes during 2016. It is the intention to undertake a review of the Board’s risk appetite at least annually.

Internal financial controls and reporting

The Group has a comprehensive system for assessing the effectiveness of the Group’s internal controls, including strategic business planning and regular monitoring and reporting of financial performance. A detailed annual budget is prepared by senior management and thereafter is reviewed and formally adopted by the Board.

The budget and other targets are regularly updated via a rolling forecast process and regular business review meetings are held with the involvement of senior management to assess performance. The results of these reviews are in turn reported to and discussed by the Board at each meeting. The Group engages BM Howarth as internal auditor. A total of 22 internal audit visits, covering 44.4% of Group turnover, were completed during 2015. It is intended that all remaining Brush sites not visited in 2015 shall be visited in 2016.

The Directors are pleased to report that there were no material deficiencies and that the majority of the recommendations presented in the internal audit reports have now been, or are in the process of being, implemented.

The Board confirms that, from the review of internal controls, it has not determined any significant failings or weaknesses that it considers to require remedial action. The Board also confirms that it has not been advised of any material weaknesses in the internal control systems that relate to financial reporting.

The Audit Committee also monitors the effectiveness of the internal control process implemented across the Group through a review of the key findings presented by the external and internal auditors. Management is responsible for ensuring that the Audit Committee’s recommendations in respect of internal controls and risk management are implemented.

Compliance and ethics

The Company takes very seriously its responsibilities under the laws and regulations in the countries and jurisdictions in which the Group operates and has in place appropriate measures to ensure compliance. A compliance framework is in place comprising a suite of policies governing anti-bribery and anti-corruption, anti-money laundering, competition, trade compliance, data privacy, whistleblowing, document retention and joint ventures. These policies are in place within each business and apply to all directors, employees (whether permanent, fixed-term, or temporary), pension trustees, consultants and other business advisers, contractors, trainees, volunteers, business agents, distributors, joint venture partners or any other person working for or performing a service on behalf of the Company, its subsidiaries and/or associated companies in which the Company or any of its subsidiaries has a majority interest.

In addition, in conjunction with their internal audit function, BM Howarth conduct compliance audits across the Group and its businesses to identify any areas for improvement. Furthermore, an anti-bribery and anti-corruption assurance exercise is undertaken by the Group on an annual basis.

During 2015, the Company implemented an externally-hosted whistleblowing hotline across the Group, together with a roll-out of a Group-wide online compliance training platform, covering topics such as antitrust, trade compliance and export controls, data privacy, anti-bribery and anti-corruption and anti-money laundering. Between its launch in November 2015 and 31 December 2015, 7,159 modules of the training platform were completed by employees of the Group.