Internal Controls and Risk Management
The Board is responsible for Rotork’s system of internal control and risk management and the review of the system’s effectiveness is done with the assistance of the Audit Committee.
During 2016, the Board regularly reviewed the effectiveness of the Group’s risk management and internal control systems. The systems which were in place for the year under review, and up to the date of approval of the report, are in accordance with the Code and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. No significant failings or weaknesses were identified.
Risk appetite framework and monitoring of risk management and internal controls
The Group has adopted a risk review process at a divisional level for many years, resulting in a 'bottom up' assessment and consolidation of the risks facing the Group before the “top down” review is performed. To complement this review process, the risk appetite framework (RAF) was introduced in 2015. This has:
- Enhanced the incorporation of risk into strategic decision making at Board and divisional management levels;
- Improved quantitative and qualitative insight into principal risks and associated trends;
- Enabled the Board to lead by example in creating a risk aware culture and ensured consistency in decision making; and
- Facilitated proactive risk mitigation.
A quarterly executive risk summary was also introduced in 2015 to ensure ongoing oversight of the Group‘s risk management and internal controls, with quarterly reporting being supplemented as necessary by monthly reporting to the Board by the executive management team on new or evolving risks.
The effectiveness of the new processes were reviewed during the course of the year, and were found to have resulted in improvements in the Board‘s decision making. Refinements to both the processes and analytical metrics used by the Board to assess and quantify risk to reflect best practice were made following the appointment of the Head of Risk and Internal Audit in April 2016.
In addition to the reporting framework described above, all members of the Board receive full Audit Committee papers and prior meeting minutes, which contain the Audit Committee‘s assessment of the effectiveness of the Group‘s risk management and internal control systems. All non-executive directors are members of the Audit Committee and the executive directors and the Chairman also attend Audit Committee meetings.
In the course of its activities during the year the internal audit team identified improvement recommendations at all locations visited. These were discussed with local management at the end of the audit and they are charged with implementing the agreed improvement actions.
Main features of the Group‘s risk management and internal control systems
Risk management and internal control can only provide reasonable, not absolute, assurance against material misstatement or loss, as it is designed to manage the risks rather than remove them altogether.
The systems cover controls which enable Rotork to respond appropriately to financial, operational, compliance and any other risks. Key elements include:
- Robust assurance processes and controls over financial reporting procedures;
- A formal schedule of reserved matters for the Board including responsibility for reviewing Group strategy;
- Clearly defined levels of authority and a division of responsibilities throughout the Group;
- Formal documentation procedures;
- A formal whistleblowing policy with an external whistleblowing hotline; and
- An internal audit function made up of accountants from head office and across subsidiaries, managed by an experienced Head of Risk and Internal Audit and supported by internal audit training, best practice and control procedures to monitor and identify weaknesses in internal controls. Further details of the Group’s internal control and risk management systems and the process for identifying, evaluating and managing the principal risks faced by the Group during 2016, including the Board’s approach to the principal risks the Group is willing to take in achieving its objectives (its ‘risk appetite’), are contained on pages 28 to 35 of the Annual Report.