Internal Control and Risk Management
Risk management strategy and framework
The objectives of the Directors and Melrose senior management include safeguarding and increasing the value of the businesses and assets of the Group for stakeholders as a whole. Achievement of these objectives requires the development of policies and appropriate internal control frameworks to ensure the Group’s resources are managed properly, and for key risks to be identified and mitigated where possible.
The Board recognises that it is ultimately responsible for determining the nature and extent of the principal risks it is willing to take in pursuit of its strategic objectives. It also recognises the need to define a risk appetite for the Group, to maintain sound risk management and internal control systems, and to monitor its risk exposures and mitigation measures to ensure that the nature and extent of risks taken by the Group are aligned with, and proportionate to, its strategic objectives.
The Group operates on a decentralised basis and the Board has established an organisational structure with clear reporting procedures, lines of responsibility and delegated authority. Consistent with this, the Group operates a top-down, bottom-up approach to risk management, comprising Board and Melrose senior management oversight coupled with bottom-up risk management embedded in the day-to-day activities of its individual businesses.
There is an ongoing process for identifying, evaluating, tracking and managing the principal risks faced by the Group and these systems, which are subject to regular monitoring and review, have been in place since 2019.
The systems, processes and controls that are in place accord with the guidance contained in the Financial Reporting Council’s “Guidance on Risk Management, Internal Control and Related Financial Business Reporting” and the UK Corporate Governance Code.
The Audit Committee monitors, oversees and reviews the effectiveness of the risk management and internal control processes implemented across the Group, through regular updates and discussions with management and a review of the key findings presented by the external and internal auditors. The Board is responsible for considering the Audit Committee’s recommendations and ensuring implementation by divisional management of those recommendations it deems appropriate for the business. A description of the Audit Committee’s activities during 2020 on risk management can be found on the Audit Committee page or on pages 104 to 105 of the 2020 Annual Report.
During 2020, in accordance with provisions 28 and 29 of the UK Corporate Governance Code, the Board continued to monitor the effectiveness of the Group’s risk management and internal control systems. The Board concluded that the Group’s risk management and internal control systems and processes were operating effectively. Follow-up actions in respect of progress and improvement in relation to financial controls are further discussed in the Audit Committee report on pages 103 to 107 of the 2020 Annual Report.
The Board has undertaken an exercise to consider its risk appetite across a number of key business risk areas. The results of this review indicate the relative appetite of the Board across the risk factors at a specific point in time. Any material changes in risk factors will impact the Board’s assessment of its risk appetite.
The Board has a higher risk appetite towards its strategic risks, with a balanced appetite towards operational and commercial risk, and macro-economic and political risk. The Board seeks to minimise all health and safety risks and has a low risk appetite in relation to legal, compliance and regulatory risk. Similarly, a conservative appetite is indicated by the Board with respect to pension and finance-related risk and information technology cyber risk.
The results of the risk appetite review will support the Board’s decision-making processes during 2021. The Board undertakes a review of its risk appetite at least annually.
Internal financial controls and reporting
The Group has a comprehensive system for assessing the effectiveness of the Group’s internal controls, including strategic business planning and regular monitoring and reporting of financial performance. A detailed annual budget is prepared by senior management and thereafter is reviewed and formally adopted by the Board.
The budget and other targets are regularly updated via a rolling forecast process and regular business review meetings are held with the involvement of senior management to assess performance. The results of these reviews are in turn reported to, and discussed by, the Board at each meeting. The Group engages BM Howarth as internal auditor. A total of 28 internal audit physical visits were completed by BM Howarth and EY during 2020 across the Group. As was common across most large, geographically dispersed companies during 2020, COVID-19 disruption presented a number of challenges and limitations due to restricted international travel and extended periods of remote working for many site-based finance teams. Further details about the additional assurance measures that were taken to mitigate the impact of COVID-19 disruption on internal controls during 2020 can be found in the Audit Committee report on pages 103 to 107 of the 2020 Annual Report.
The Directors can report that based on the sites visited and reviewed in 2020, there has been progress across the Group following the 2020 internal audit programme and that the majority of the recommendations presented in the internal audit report have been or are in the process of being implemented.
The Audit Committee also monitors the effectiveness of the internal control process implemented across the Group through a review of the key findings presented by the external and internal auditors. Management are responsible for ensuring that the Audit Committee’s recommendations in respect of internal controls and risk management are implemented.
Compliance and ethics
The Company takes very seriously its responsibilities under the laws and regulations in the countries and jurisdictions in which the Group operates and has in place appropriate measures to ensure compliance. A compliance framework is in place comprising a suite of policies governing anti-bribery and anti-corruption, anti-money laundering, anti-facilitation of tax evasion, competition, conflict minerals, trade compliance, data privacy, whistleblowing, treasury and financial controls, anti-slavery and human trafficking, document retention and joint ventures. These policies are in place within each business and, other than in respect of certain policies where it would not be appropriate for them to have such a broad reach, they generally apply to all Directors, employees (whether permanent, fixed-term, or temporary), pension trustees, consultants and other business advisers, contractors, trainees, volunteers, business agents, distributors, joint venture partners or any other person working for or performing a service on behalf of the Company, its subsidiaries and/or associated companies in which the Company or any of its subsidiaries has a majority interest.
During 2020, the Melrose Code of Ethics and Group compliance policies were updated to bring them up to date with key regulatory and legal developments and to align more closely with the Group’s sustainability principles. They have been fully implemented across all business units together with refreshed risk assessment guidance, and they continue to be monitored to ensure their effectiveness for the Group. The Group also introduced its first Group-wide conflict minerals policy, and further details about this can be found on page 67 of the 2020 Annual Report. Online compliance training continued to be conducted within all businesses, covering topics such as anti-trust, trade compliance and export controls, data privacy, anti-bribery and anti-corruption and anti-money laundering, to enhance and supplement the existing compliance regime.
The Company’s Modern Slavery Statement is approved by the Board annually and the current statement is available on this website. Under Melrose’s decentralised group structure, each division is responsible (where applicable) for publishing their own Modern Slavery Statements in accordance with the requirements under the Modern Slavery Act 2015 and are supported by Melrose where needed. To support the Company’s belief in the importance of this matter, it has a Group-wide policy on the prevention of modern slavery and human trafficking, which the businesses have rolled out to employees, along with an online compliance training module. Please also refer to section 1 on page 97 of the 2020 Annual Report for details of the Company’s whistleblowing policies and procedures.
BDO LLP have been engaged to conduct an independent non-financial review programme of the GKN Aerospace and GKN Automotive divisions, to test and provide additional external assurance in respect of those businesses’ key compliance areas and safeguards as a result of their relative scale and complexity. COVID-19 travel restrictions have caused some delay to the original site visit schedule. However, site visits recommenced during the fourth quarter of 2020. A total of 37 physical site visits were conducted in 2020, which included GKN Aerospace sites across the UK, Netherlands, India, Singapore, Thailand, Sweden, and Norway, as well as GKN Automotive sites including those located in Mexico, France, Malaysia, Germany, Italy, India and Japan.