Board composition and division of responsibilities continued
Risk management The Board has ultimate responsibility for ensuring that business risks are effectively managed. The Board has delegated regular review of the risk management procedures to the Cyber Security Committee in relation to cyber risks and to the Audit Committee in relation to all other risks. The Board reviews the overall risk environment on at least an annual basis. The day-to-day management of business risks is the responsibility of the Executive Committee. Internal control The Group has a system of internal controls which aims to support the delivery of the Group’s strategy by managing the risk of failing to achieve business objectives and to protect the stewardship of the Group’s assets. As with all such systems, the goal is to manage risk within acceptable parameters rather than to eliminate risk entirely. The Group can therefore only provide reasonable and not absolute assurance that the business objectives and asset stewardship will be provided successfully. In addition, the Group insures against various risks, but certain risks remain difficult to insure, due to the breadth and cost of cover. In some cases, external insurance is not available at all, or at least not at an economically viable price. The Group regularly reviews both the type and amount of external insurance that it buys in conjunction with its insurance brokers. For a more detailed review of risk management processes, the principal risks faced by the Group and their mitigation, see pages 40 to 48. The Audit Committee is responsible for reviewing the effectiveness of the risk management and internal control systems. The steps it takes in relation to the review are set out on page 92.
The Audit Committee makes a recommendation to the Board on effectiveness which the Board considers, together with reports from the Cyber Security Committee, in forming its own view on the effectiveness of the risk management and internal control systems. During the year ended 31 May 2021, the Board reviewed the effectiveness of the Group’s risk management and internal control systems. We confirm that the processes outlined above and on page 92 have been in place for the year under review and up to the date of approval of this Annual Report and Accounts and that these processes accord with the UK Corporate Governance Code and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. We also confirm that no significant failings or weaknesses were identified in relation to the review. Executive remuneration During the year, we operated within the Remuneration Policy approved by shareholders at the 2020 AGM. Details of how the Remuneration Policy has been applied during this financial year are set out on pages 103 to 108 of the Remuneration Committee Report.
86
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Made with FlippingBook Converter PDF to HTML5