Internal Control and Risk Management

Investors

Home » Investors » Governance » Internal Control and Risk Management

The Board confirms in accordance with Principle C.2 of the Code that it has maintained a sound system of internal control, to safeguard shareholders investment and the Company’s assets. There is an ongoing process for identifying, evaluating and managing the significant risks faced by the Group that has been in place throughout the year ended 30 June 2009 and up to 23 September 2009, which is regularly reviewed by the Board and accords with the Turnbull guidance.

The Group’s system of internal control is designed to manage risks that may impede the achievement of the Group’s business objectives rather than to eliminate those risks entirely. The system of internal control therefore provides only reasonable, not absolute, assurance against material misstatement or loss. The system of internal control does, however, provide reasonable assurance that potential problems can be identified promptly and appropriate remedial action taken.

The Group operates internal controls to ensure that the Group’s financial statements are reconciled to the underlying financial ledgers. A review of the consolidation and financial statements is completed by management to ensure that the financial position and results of the Group are appropriately reflected.

The Board is responsible for the Group’s system of internal control and for reviewing its effectiveness. It is the responsibility of the Executive Directors and senior management to implement and maintain the Group’s internal control and risk management systems in accordance with policy approved by the Board. The key aspects of the Group’s system of internal control and risk management framework are as follows:

i) a clear organisational structure with defined levels of authority and responsibility for each operating division;

ii) extensive financial and management reporting systems under which financial and operating performance is consistently reviewed against budget and forecasts at divisional, regional and Group level on a monthly basis;

iii) principal risk areas are embedded in the Group’s monthly management reporting system so that risk identification and the control of risk are a routine aspect of management responsibility. These risks include:

the market, including changes in the macroeconomic environment, sales and quality of product;
liquidity, including the availability of sufficient borrowing facilities;
people, including the development of a skilled and experienced workforce;
subcontractors and suppliers;
securing sufficient land;
Government regulation, including obtaining planning permission;
construction, including achieving key milestones and the impact on the environment and social surroundings;
health and safety; and
failure of the Group’s IT systems; and

iv) internal control and risk management systems are supported by the Group internal audit team which is responsible for advising senior management, the Executive Directors and, through the Audit Committee, the Board on the operation and effectiveness of those systems. The internal audit team undertakes a planned programme of audit appraisals across Group operations approved by the Audit Committee, including full divisional audits and targeted audits of key risk areas such as the land viability process, land acquisition control and monitoring, work in progress and subcontractor payment controls. Where the internal audit team does not have the expertise or resources required to conduct complex audits they use external expertise. For example, during the year ended 30 June 2009, PricewaterhouseCoopers LLP assisted with the internal audit of the Group treasury function.

In accordance with Principle C2.1 of the Code the Board regularly reviews the effectiveness of the Group’s system of internal controls, covering all material controls including financial, operational and compliance controls and risk management systems. A risk framework has been developed for all business processes by the Internal Audit function and approved by the Audit Committee. This framework forms the basis of the internal control audit plan for the year ahead, which tests if controls are being applied effectively in each operating division. Material issues identified during internal audits and follow-up action plans are reviewed by the Executive Directors and by the Board on a quarterly basis, and necessary actions are immediately taken to remedy any failings in the internal control system.

During the course of its review of systems of internal control, the Board has not identified nor been advised of any failings or weaknesses which it has determined to be significant. Therefore, a confirmation of necessary actions has not been considered appropriate.

In addition, the management teams of all operating divisions identify key risks in their monthly management reports to the Executive Committee and complete a control self assessment twice a year in which they confirm that they have applied appropriate levels of control. The Audit Committee, as a standing agenda item every six months, reviews the risk framework to determine if the system of internal control remains effective and report on their findings to the Board. During the year under review, the Executive Committee prioritised the risk framework by identifying the risks considered most significant to the Group. For each of the risks identified, an assessment has been made of the probability and potential impact on the business and these risks are reported on internally and reviewed during internal audits and control self assessments.