Internal controls and risk management The Board is responsible for establishing, maintaining and monitoring the Group’s system of risk management and internal control and reviewing its effectiveness. The Committee monitors the performance of management in this area. We have an ongoing process for identifying, evaluating and managing the principal risks faced by the Group, which has been in place for the year under review are deemed effective up to the date of approval of the Annual Report and Accounts. The Group’s non-cyber security risks are monitored by the Audit Committee on behalf of the Board, which sets aside time for an in-depth discussion of notable or changing risks to the business. A description of the process for managing risk, together with a description of the principal risks and strategies to manage those risks, is provided on pages 64 to 72. Cyber risks are reviewed by the Cyber Security Committee; the Cyber Security Committee Report can be found pages 103 to 105. Internal control systems are designed to meet the particular needs of the Group and the risks to which it is exposed. By their nature, however, internal control systems are designed to manage rather than eliminate the risk of failure and can provide only reasonable but not absolute assurance against material misstatement or loss. During the year, the Group has implemented new systems which have brought about some changes in controls, as the Group transitions away from historical systems. These controls are deemed effective, however will require further changes in the forthcoming year as we continue to embed new ways of working across all our systems. Key elements of the risk management and internal control system are described below. Enhancements during the year are highlighted while the other elements have all been in place throughout the year. Controls relating to financial reporting and preparation of the Annual Report and Accounts • Information provided to management covering financial performance and key performance indicators, including non‑financial measures (enhanced by new KPIs and targeted management reports) • A detailed budgeting process where business units prepare plans for the coming year (enhanced with new standardised reporting, discretionary cost reviews and consolidation models and systems) • Procedures for the approval of capital expenditure and investments and acquisitions (enhanced by standardised capital approval request forms) • Monthly operational reviews to monitor and reforecast results as required against the annual operating plan, with major variances followed up and management action taken where appropriate Other controls • Defined management structure and delegation of authority to Committees of the Board, subsidiary boards and associated business units (enhanced by more detailed authorities and guidance notes) • Recruitment standards and training to ensure the integrity and competence of staff • Anti-bribery, security and compliance training for all colleagues • Clearly documented internal procedures set out in the Group’s ISO 9001:2015 accredited quality manual • Regular internal audits of key processes and procedures under the Group’s ISO 9001 and ISO 27001 accredited quality assurance process • Monitoring of any whistleblowing or fraud reports The external auditor regularly reports its findings on those areas of internal control which it assesses as part of the external audit and half-year review to the Board and the Audit Committee.
With respect to VIU calculations the Committee reviewed assumptions used in future cash flows that underpin the valuation of goodwill. With respect to FVLCTS calculations the Committee reviewed the sustainable earnings used in the calculation and the multiple applied (considering two valuations performed by independent third parties that compiled evidence of comparable companies and precedent transactions). The Committee concurred with the view of management that no impairment should be recognised as either the discounted future cash flows or fair value was higher than carrying value. Fair value measurement – separately identifiable intangible assets (Current year focus item: see Note 34 to the Financial Statements) As part of the acquisition of the IPM business (see Note 34) the Group has acquired an intangible asset relating to the customer relationships acquired with a fair value of £91.4m. The valuation approach taken is the income approach, specifically the multi-period excess earnings method (MEEM). As part of this valuation exercise the discount rate and revenue growth rate have been identified as key sources of estimation and uncertainty and have been identified that have a significant risk of resulting in a material adjustment to the carrying amounts of assets and liabilities in the next financial year. A description of such estimates and reasonably possible sensitivities is described in Note 34. The Committee has reviewed management’s assessment of the fair value of separately identifiable intangible assets acquired by considering the independent valuation performed by a third party, management assumptions and reasonably possible sensitivities and is satisfied that it is reasonable. The Group’s approach to materiality In considering the materiality of any individual issue or issues in aggregate, the Group looks at a range of qualitative and quantitative measures to assess whether or not omitting, misstating or obscuring information could reasonably be expected to influence decisions that the primary users of general purpose financial statements make on the basis of those financial statements. The range of measures includes (but is not limited to) the primary Financial Statements themselves, the individual line item in question, and whether or not the issue moves the result from one side of an inflection point to another (for example, turning a profit into a loss or a net asset into a net liability). Qualitative and quantitative measures are both considered as is any potential impact on remuneration or banking arrangements such as debt covenants. Internal audit The internal audit function is responsible for internal audit, the assurance of other quality systems and processes, and monitoring the embedding of risk management processes throughout our operations. The internal audit plan was approved by the Committee during the financial year and a number of audits were performed, the findings of which have been reviewed by the Committee. During the year, seven internal audit reports were issued covering a range of risk areas including key financial controls, procurement processes, order to cash, expenses processing, engagement of contractors, and internal cyber security. No significant issues were raised, and all identified control issues and related corrective actions are reported to the Audit Committee. Implementation of the agreed management actions is monitored on an ongoing basis by internal audit. The Group will look to increase the scope of the audit plan during FY23, drawing on third party resource provided under co-source arrangements, and through the use of data analytics.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
97
Made with FlippingBook Online newsletter maker