Internal control and risk management
The Board is responsible for the Group’s system of internal controls and risk management policies and for reviewing its effectiveness. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material misstatement or loss. The Board has applied Principle C.2 of the Code by establishing a continuous process for identifying, evaluating and managing the Group’s significant risks, including risks arising out of Bodycote’s corporate and social engagement. The Board’s monitoring covers all controls, including financial, operational and compliance controls and risk management systems. It is based principally on reviewing reports from management and from internal audit to consider whether any significant weaknesses are promptly remedied or indicate a need for more extensive monitoring. The Audit Committee assists the Board in discharging these review responsibilities.
The Board believes that the Group maintains an effective system of internal controls which is in accordance with the FRC’s guidance entitled ‘Internal Control: Revised Guidance for Directors’ (formerly referred to as the Turnbull Report guidance) and, in the view of the Board, no significant deficiencies have been identified in the system. The system was in operation throughout 2016 and continues to operate up to the date of the approval of this report. Key elements of the Group’s system of internal control are as follows:
- The Group prepares a comprehensive annual budget which is closely monitored and updated quarterly. The Group’s authority matrix clearly sets out authority limits for those with delegated responsibility and specifies what can only be decided with central approval.
- The Board, with the assistance of E&Y, who provide Internal Audit services, monitors the Group’s internal financial control system. Internal audit reviews are conducted on the basis of a risk-based plan approved annually by the Audit Committee. The findings and recommendations from internal audit are reported on a regular basis to the Executive and Audit Committees.
- An annual internal control self-assessment, with management certification, is undertaken by every Bodycote site. The assessment covers the effectiveness of key financial and compliance controls. The results are validated by internal audit through spot checks and are reported to the Executive and Audit Committees.
- Group policies (including the Code of Conduct, Group authority matrix and finance policies) are documented and are available to all employees via the Group’s intranet system.
- The Chief Financial Officer, Group Financial Controller, President and Vice President of Finance for each division sign a letter of representation annually. This is to confirm the adequacy of their systems of internal controls, their compliance with Group policies, relevant laws and regulations, and that they have reported any control weaknesses through the Group’s assurance processes.
- A Group-wide risk register is maintained throughout the year to identify the Group’s key strategic and operational risks. Any changes to these risks during the year are promptly reported to the Executive Committee and the Board.
During 2016, in compliance with provision C.2.1 of the Code, management performed a specific assessment for the purpose of this Annual Report. Management’s assessment, which has been reviewed by the Audit Committee and the Board, included a review of the Group’s key strategic and operational risks, which is summarised from work performed by the Group Head of Risk and the Group’s Risk Committee to identify risks (by means of workshops, interviews and investigations, and by reviewing departmental or divisional risk registers). Further information regarding the ways in which the principal business risks and uncertainties affecting the Group are managed is shown on pages 24 to 27. No new significant risks were identified as part of this process, and the necessary actions have been or are being taken to remedy any significant failings or weaknesses identified as part of the reviews.