GOVERNANCE REPORT
77
An External Quality Assessment (“EQA”) of Internal Audit is carried out every three to five years with the last one being undertaken at the end of 2019. The EQA was completed by an independent firm which assessed the function against the Chartered Institute of Internal Auditors standards with an overall rating of Generally Conforms. This is the highest rating that can be achieved. The function remains on its journey of continuous improvement with the full sponsorship of the Audit Committee. WHISTLEBLOWING The Group has a whistleblowing policy and procedure in place and an external confidential reporting hotline. The Group has also conducted an awareness campaign to encourage employees of the Group to raise in confidence concerns about possible improprieties in financial reporting, other operational matters or inappropriate behaviours in the workplace. The Chair of the Audit Committee is the Whistleblowing Champion.
RISK MANAGEMENT AND INTERNAL CONTROL The Board has overall responsibility for establishing and maintaining the Group’s systems of internal control and for undertaking an annual review of the control systems in place. The Group operates a “three lines of defence” model. The first line of defence is line management who devise and operate the controls over the business. The second line functions are Risk Management, Compliance and Actuarial Assurance, which oversee the first line, ensure that the system of controls are sufficient and are operated appropriately, and also measure and report on risk to the Group Risk and Compliance Committee. The third line is Internal Audit, who provide independent assurance to the Board and its Committees that the first and second lines are operating appropriately. The Group’s internal control systems comprise the following key features: • establishment of clear and detailed terms of reference for the Board and each of its Committees; • a clear organisational structure, with documented delegation of authority from the Board to senior management; • a Group policy framework, which sets out risk management and control standards for the Group’s operations; and • defined procedures for the approval of major transactions and capital allocation. The Audit Committee keeps under review the adequacy and effectiveness of the Group’s internal controls. It is the view of the Committee that the Group’s system of risk management and internal controls is currently appropriate to the Group’s needs. INTERNAL AUDIT The Committee receives an annual plan from the Director of Group Internal Audit, updates on internal audit work carried out at each meeting and the internal audit end of year report. In 2019, the Committee: • continued to oversee the Internal Audit function with the Director of Group Internal Audit reporting directly to the Audit Committee Chair; • oversaw the engagement of PwC to work with the Internal Audit team on the combined internal audit assurance work, to complete the audit plan for 2019 (and noted that another firm will need to be engaged to provide support to the Internal Audit team in 2020 and beyond following the expected appointment of PwC as external auditor); • reviewed the rolling 12 month internal audit plan ensuring the alignment to the key risks of the business; • reviewed results from audits performed, including any unsatisfactory audit findings and related actions plans; • reviewed open audit actions and monitored progress against them; and • conducted an assessment of the Internal Audit function. Monitoring and review of the scope, extent and effectiveness of the activity of the Group Internal Audit department is an agenda item at each Committee meeting. The Committee considers and approves the Internal Audit plan annually and looks to ensure its alignment with the external audit and the Group’s risk management approach. Reports from the Director of Internal Audit include updates on audit activities, progress of the Internal Audit plan, the results of any unsatisfactory audits and the action plans to address these areas. The Committee reviews the resource requirements of the Internal Audit department and is satisfied that it has the appropriate resources identified. The Committee held private discussions with the Director of Group Internal Audit as necessary during the year. The Committee Chair also meets with the Director of Group Internal Audit regularly outside the formal Committee process, approves his performance appraisal, and sets his annual objectives.
On behalf of the Audit Committee
Paul Bishop Chair, Audit Committee 11 March 2020
Powered by FlippingBook