Operation of governance framework Role of the Board
Risk management The Board has ultimate responsibility for ensuring that business risks are effectively managed. The Board has delegated regular review of the risk management procedures to the Cyber Security Committee in relation to cyber risks, and to the Audit Committee in relation to all other risks. The Board reviews the overall risk environment on at least an annual basis. The day-to-day management of business risks is the responsibility of the Executive Committee (“ExCom”). Internal control The Group has a system of internal controls which aims to support the delivery of the Group’s strategy by managing the risk of failing to achieve business objectives and to protect the stewardship of the Group’s assets. As with all such systems, the goal is to manage risk within acceptable parameters, rather than to eliminate risk entirely. The Group can therefore only provide reasonable and not absolute assurance that the business objectives and asset stewardship will be delivered successfully. In addition, the Group insures against various risks, but certain risks remain difficult to insure, due to the breadth and cost of cover. In some cases, external insurance is not available at all, or at least not at an economically viable price. The Group regularly reviews both the type and amount of external insurance that it buys in conjunction with its insurance brokers. For a more detailed review of risk management processes, the principal risks faced by the Group and their mitigation, see pages 29 to 37. The Audit Committee is responsible for reviewing the effectiveness of the risk management and internal control systems. The steps it takes in relation to the review are set out on page 74. The Audit Committee makes recommendations to the Board on the effectiveness of risk management and internal controls, which the Board considers, together with reports from the Cyber Security Committee, in forming its own view on the effectiveness of the risk management and internal control systems. During the year ended 30 September 2025, the Board reviewed the effectiveness of the Group’s risk management and internal control systems together with internal control findings issued by our auditor. We confirm that the processes outlined above and on page 74 have been in place for the year under review and up to the date of this Annual Report and Accounts, and that these processes accord with the UK Corporate Governance Code and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. While we have had a number of improvements identified through our internal audit reports issued throughout the year, management has agreed the required actions and is working to close these down. We report on these regularly to the Audit Committee and are working with local management to continuously improve controls and processes across the business. Executive remuneration During the year, we operated within the Remuneration Policy approved by shareholders. Details of how the Remuneration Policy has been applied during this financial year are set out on pages 81 to 93 of the Remuneration Committee Report.
The Board is responsible for reviewing, challenging and approving the strategic direction of the Group, while providing strong values-based leadership of the Company, within a framework of prudent and effective controls which enable risk to be assessed and appropriately managed. The Board reviews the Group’s business model and strategic objectives to ensure that the necessary financial and human resources are in place to achieve these objectives, to sustain them over the long term and to review management’s performance in their delivery. The Board sets the tone of the Company’s values and ethical standards and manages the business in a manner to meet its obligations to shareholders and other stakeholders. The Board receives information on at least a monthly basis to enable it to review trading performance, forecasts and strategy and it has a schedule of matters specifically reserved for its decision. The most significant of these are: • Approval of strategic plans, the annual budget and any material changes to them • Oversight of the Group’s operations, ensuring competent and prudent management, sound planning and an adequate system of internal control and governance • Through the Audit Committee, oversight of financial reporting systems and information and adherence to appropriate accounting policies • Changes to the structure, size and composition of the Board and Executive Committee, and oversight of the Company culture and the ethical standards of the leadership and the independence of Non-Executive Directors, taking into consideration prudent succession planning • Approval of the acquisition or disposal of subsidiaries and major investments and capital projects • Approval of the dividend, treasury and banking policies, including the Group’s capital structure • Through the Remuneration Committee, the delivery of an effective executive and senior management Remuneration Policy • Receiving reports on the views of shareholders and approval of all documents put to shareholders at a general meeting or circulated to shareholders • Approval of the appointment of key advisers The Board has a schedule of specific matters reserved for its decision where it feels they are critical to the ongoing success of the business and are of a significant nature to merit the Board having such a decision reserved to it. The Group also has a Group authority matrix (which documents the levels of authority delegated from the Board to various role holders within the Group). The schedule of matters reserved for decision by the Board and the Group authority matrix are complementary documents and are designed to ensure that decisions are either made by the Board or delegated to an appropriate senior colleague within the Group. As noted above, the operational management of the Group is delegated to the Executive Committee. The Board also delegates other matters to Board Committees and management as appropriate.
NCC Group plc — Annual report and accounts for the year ended 30 September 2025 69
Made with FlippingBook Online newsletter maker