Internal control and risk management
The Board is responsible for the Group’s system of internal controls and risk management policies and for reviewing its effectiveness. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss. The Board has applied Principle C.2 of the Code by establishing a continuous process for identifying, evaluating and managing the Group’s significant risks, including risks arising out of Bodycote’s corporate and social engagement.
The Board believes that the Group maintains an effective system of internal controls which is in accordance with the FRC’s guidance entitled ‘Internal Control: Revised Guidance for Directors’ (formerly referred to as the Turnbull Report guidance) and, in the view of the Board, no significant deficiencies have been identified in the system. The system was in operation throughout 2015 and continues to operate up to the date of the approval of this report. The Board’s monitoring covers all controls, including financial, operational and compliance controls and risk management systems. It is based principally on reviewing reports from management and from internal audit to consider whether any significant weaknesses are promptly remedied or indicate a need for more extensive monitoring. The Audit Committee assists the Board in discharging these review responsibilities. In September 2014 the FRC issued guidance on ‘Risk Management, Internal Control and Related Financial and Business Reporting’ which replaces the ‘Internal Control: Revised Guidance for Directors’ currently being applied by the Group. The new guidance was applied in the Group’s 2015 accounting period.
The Group prepares a comprehensive annual budget which is closely monitored and updated quarterly. The Group’s authority matrix clearly sets out authority limits for those with delegated responsibility and specifies what can only be decided with central approval.
The Board with the assistance of the Internal Audit department monitors the Group’s internal financial control system. Internal Audit reviews are conducted on the basis of plans approved by the Audit Committee, to which Internal Audit reports are submitted on a regular basis.
Every Bodycote site provides assurance on specified financial and non-financial controls through a control self-assessment process. The results are validated by Internal Audit through spot checks and are reported to the Audit Committee. In addition, the President and the Vice President of Finance of each division sign a letter of representation annually to confirm the adequacy of their systems of internal controls, their compliance with Group policies, relevant laws and regulations, and that they have reported any control weaknesses through the Group’s assurance processes.
During 2015, in compliance with provision C.2.1 of the Code, management performed a specific assessment for the purpose of this Annual Report. Management’s assessment, which has been reviewed by the Audit Committee and the Board, included a review of the Group’s key strategic and operational risks, which is summarised from work performed by the Group Head of Risk and the Group’s Risk Committee to identify risks (by means of workshops, interviews, investigations and by reviewing departmental or divisional risk registers). Further information regarding the ways in which the principal business risks and uncertainties affecting the Group are managed is shown on pages 24 to 26. No new significant risks were identified as part of this process, and the necessary actions have been or are being taken to remedy any significant failings or weaknesses identified as part of the reviews.