The Group Board is responsible for the Group’s system of internal control and for regularly reviewing its effectiveness. Procedures have been designed for, inter alia, the safeguarding of assets against unauthorised use or disposition, maintaining proper accounting records and the reliability of financial information used within the business or for publication. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material errors, losses or fraud. There is an ongoing process of identifying, evaluating and managing the significant risks faced by the Group, which has been in place throughout the year under review and up to the date of approval of the Annual Report and Accounts. This process is regularly reviewed by the Group Board. The Group’s key internal control procedures include the following:

• the Divisional Executive Board has responsibility to set, communicate and monitor the application of policies, procedures and standards in areas including operations, finance, legal, commercial and regulatory compliance, human resources and health and safety, information security and property management and corporate social responsibility and the environment
  
  
• authority to operate the individual businesses comprising the Divisions that make up the Group is delegated to their respective Managing Directors within limits set by the Divisional Executive Board under powers delegated by the Group Board. The appointment of executives to the most senior positions within the Group, other than Group Board appointments, requires the approval of the Divisional Executive Board. It establishes key operational, functional and financial reporting standards for application across the whole Group. These are supplemented by operating standards set by local management teams, as required for the type of business and geographical location of each subsidiary and business unit
  
  
• comprehensive annual financial plans are prepared at the individual business unit level and summarised at the Divisional and Group level. Financial plans are reviewed and approved by both the Divisional Executive Board and the Group Board. Capital expenditure is subject to rigorous budgetary control beyond specified levels and detailed written proposals have to be submitted to the Group Board. Expenditure on acquisitions is the subject of appropriate consideration, review and approval by the Group Board
  
  
• results are monitored routinely by means of comprehensive management accounts and actual progress against plan is challenged directly by executive members of the Group Board on a Group-wide basis at the business unit level each month
  
  
• a framework is in place to identify, assess and mitigate the major business risks, including credit, liquidity, operations, reputation, regulatory and fraud. The framework also includes specific provision for risk-based due diligence in respect of business acquisitions and new customer contracts. Exposure to business risks is monitored as an integral part of the monthly challenge to business results discussed above and by the Group Audit Committee
  
  
• the risk framework is supplemented in certain of the Group’s businesses, including all financial services related business streams, by a number of formally constituted local boards, which in turn are underpinned by dedicated risk committees. These provide an appropriate means to routinely monitor the risk profile of these businesses, including regulatory risks, and for proposed mitigating actions to be challenged and tracked
  
  
• the risk management framework is monitored and developed as required by the Group Risk and Business Assurance function, in conjunction with the Group Compliance function, to ensure that it remains appropriate to business requirements and consistent with best practice
  
  
• the Group Risk and Business Assurance function reports to the Group Finance Director and independently to the Group Audit Committee. In addition to independently facilitating the Group’s risk management framework, it delivers a risk-based internal audit programme, to provide assurance on the effectiveness of the internal control structures operating across the business. The annual audit programme is focused on areas of greatest risk to the Group, as determined by the group risk framework, and the independent view of those risks taken by the Group Risk and Business Assurance function
  
  
• in addition, regulatory risks and compliance matters are overseen by the Group Compliance function reporting through the Group Finance Director and independently to the Group Audit Committee. The Group Compliance Director and his team, in conjunction with dedicated Compliance teams within the relevant businesses, independently monitor regulatory compliance byway of risk-based work programmes and support operations in identifying and mitigating regulatory risks as an integral part of the Group’s risk framework
  
  
• both the Group Compliance function and the Group Risk and Business Assurance function routinely appraise the Group’s senior management and the Group Audit Committee of their work programmes and findings.

The Group Board keeps under review the effectiveness of this system of internal control. The key mechanisms used by the Group Board to achieve this include regular reports from the Divisional Executive Board; periodic updates from the Audit Committee based on its review of risk management, business assurance and compliance reports by the relevant Group functions; discussions with and reports from the external auditors and other advisors and periodic reports from relevant Regulators. In addition, the Divisional Executive Directors and Divisional Finance Directors provide annual confirmation that the Divisions’ internal controls and systems are designed:

• to provide accurate financial information
  
  
• to adequately safeguard, verify and maintain accountability of the Group’s Assets
  
  
• to ensure that provision is made for all amounts known to be irrecoverable at the balance sheet date
  
  
• to ensure that accruals are accurately stated and, to the extent that they are known, all potential liabilities have been notified.

At several of its meetings during the year, the Group Board considered the means by which it monitors the effectiveness of internal controls and concluded that it was satisfied with the process and its compliance with the Internal Control Guidance for Directors on the Combined Code issued by the Institute of Chartered Accountants in England and Wales.