Our Business

Are you looking for...

Internal Control

The Board is responsible for the Group’s system of internal control. It seeks regular assurance to satisfy itself that the system is functioning effectively in managing risks in the manner which it has approved. Such a system can only provide reasonable, and not absolute, assurance against material misstatement or loss, as it is designed to manage rather than eliminate the risk of failure to achieve business objectives.

Throughout the year ended 31 December 2007, the Group has operated a system of internal control which includes an ongoing risk management process for identifying, evaluating and managing the significant risks faced by the Group. During the year, the Board has continued to review the effectiveness of the Group’s system of financial and non-financial controls including operational and compliance controls, risk management and the Group’s most significant risks and mitigating actions.

In addition, as part of the process of preparing this statement, the Board has also performed its annual assessment of the effectiveness of internal controls. No significant weaknesses or failings in the system of internal controls were identified in this annual assessment. Management continually takes action to improve internal controls, either as a result of its own initiative or in response to reports from internal audit and other oversight review functions.

Changes in financial regulation continue within the industry. The Group’s risk management processes are kept under regular review to ensure that the Group responds appropriately both to actual and proposed regulatory changes.

The Group’s management operates a risk management process, producing a Group-wide risk profile. This identifies the Group’s significant risks, the probability of those risks occurring and their impact should they occur, and has the prime responsibility for the design and operation of suitable controls and mitigating actions. The risk management process is complemented by a formalised reporting and escalation process for control issues. Internal audit has a key role in maintaining the control environment by providing independent assurance on the effectiveness of the Group’s internal control systems. The Group Risk Committee oversees the risk management process, regularly considers the Group-wide risk profile, and receives monitoring reports to update it on progress.

The Group is committed to developing and maintaining an appropriate risk management framework and culture with the aim of continuing to ensure that management understand the key risks that the business faces. This is achieved through an organisational structure with clear reporting lines and governed by appropriate business monitoring mechanisms, codes of conduct and policy statements.

The system of internal control has been in place throughout 2007 and up to the date of approval of the Annual Report & Accounts. It accords with the guidance from the Turnbull Committee.

In reviewing the effectiveness of this system, the Board takes into account the work of the Audit Committee which receives reports from the Group Risk Committee on the Group’s significant risks and how these are being managed. The Board also considers reports from internal audit, external audit, compliance and management on the system of internal control, adherence to regulatory requirements and material control weaknesses, if any, together with actions taken to address them. The Chairman of the Audit Committee reports on the outcome of each meeting to the Board, where appropriate, and the Board also receives minutes of these Committee meetings.

Legal | Privacy | Accessibility