The Board is responsible for Rotork’s system of risk management and internal control and the Board’s review of the system’s effectiveness is completed with the assistance of the Audit Committee.
During 2017, the Board regularly reviewed the effectiveness of the Group’s risk management and internal control systems and can confirm that no significant failings or weakness were identified in relation to these reviews. The systems which were in place for the year under review, and up to the date of approval of the report, are in accordance with the Code and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting.
Main features of the Group’s risk management process An established risk review process at a divisional level results in a ‘bottom up’ assessment of the risks facing the Group. These are consolidated before the ‘top down’ review is performed by management and then by the Board to ensure the risk population is complete and adequately assessed.
An Executive Risk Summary is presented to the Board on a quarterly basis. This includes a set of Key Risk Indicators which provide a means of monitoring the Group’s risk exposures and focusses the Board on risks where the Group exceeds, or will potentially exceed, risk appetite. Quarterly reporting is supplemented as necessary by more detailed monthly reporting to the Board by the executive management team on new or evolving risks, the effectiveness of existing mitigations and plans to further strengthen mitigations.
Main features of the Group’s internal control systems
All members of the Board receive Audit Committee papers and prior meeting minutes, which contain the Audit Committee’s assessment of the effectiveness of the Group’s risk management and internal control systems. All non-executive directors are members of the Audit Committee and the executive directors attend Audit Committee meetings.
Key elements of the framework which enables Rotork to respond appropriately to financial, operational, compliance and any other risks, include:
- Group wide policies and procedures, including authority levels and division of responsibilities;
- Training of staff on policies and procedures relevant to their roles;
- Ongoing monitoring of business performance, Key Risk Indicators and levels of compliance with procedures;
- A formal schedule of reserved matters for the Board, including responsibility for reviewing Group strategy;
- A formal whistleblowing policy (revised in 2017) with an external whistleblowing hotline;
- Robust assurance processes and controls over financial reporting and health and safety procedures; and Regular controls confirmations from the business.
At the start of 2017, Rotork’s internal audit function comprised a dedicated central team supported by a team of in-house accountants and Head Office staff. Unfortunately both members of the central team resigned during the year as they wanted to relocate with their families. As a result, PwC have been retained to cover these roles. The function is now led by an experienced Head of Risk and Internal Audit from PwC. Staffing of the central risk and internal audit team will be kept under review during 2018.
During the year, the internal audit team identified improvement recommendations as a result of their work. Management are charged with implementing the required improvements to controls. The status and effectiveness of actions are monitored by internal audit and regularly reported to the Audit Committee.
Further details of the Group’s internal control and risk management systems and the process for identifying, evaluating and managing the principal risks faced by the Group during 2017, including the Board’s risk appetite, can be found on pages 18 to 24 of the Annual Report.