Risk management and internal control

The Board acknowledges its overall responsibility for monitoring the Group’s risk management and internal control systems to facilitate the identification, assessment and management of risk and the protection of shareholders’ investments and the Group’s assets.

The directors confirm that there is a process for identifying, evaluating and managing the risks faced by the Group and the operational effectiveness of the related controls, which has been in place for the year under review and is up to the date of approval of the Annual Report. The directors also confirm that they have regularly monitored the effectiveness of the risk management and internal control systems (which cover all material controls including financial, operational and compliance controls) utilising the review process set out below.

Standards

There are guidelines on the minimum groupwide requirements for health and safety and environmental standards. There are also guidelines on the minimum level of internal control that each of the divisions should exercise over specified processes. Each business has developed and documented policies and procedures to comply with the minimum control standards established, including procedures for monitoring compliance and taking corrective action. The board of each business is required to confirm twice yearly that it has complied with these policies and procedures.

High-level controls

All businesses prepare annual operating plans and budgets which are updated regularly. Performance against budget is monitored at business unit level and centrally, with variances being reported promptly. The cash position at Group and business level is monitored constantly and variances from expected levels are investigated thoroughly. Clearly defined guidelines have been established for capital expenditure and investment decisions. These include the preparation of budgets, appraisal and review procedures and delegated authority levels.

Financial reporting

Detailed management accounts are prepared every four weeks, consolidated in a single system and reviewed by senior management and the Board.

They include a comprehensive set of financial reports and key performance indicators covering commercial and operational issues. Performance against budgets and forecasts is discussed regularly at Board meetings and at meetings between operational and Group management. The adequacy and suitability of key performance indicators are reviewed regularly. All chief executives and finance directors of the Group’s operations are asked to sign an annual confirmation that their business has complied with the Group Accounting Manual in the preparation of consolidated financial statements and specifically to confirm the adequacy and accuracy of accounting provisions.

Internal audit

The Group’s internal audit activities are co-ordinated centrally by the Director of Financial Control, who is accountable to the Audit Committee.

Our internal audit team adopts a risk-based approach to develop and deliver a balanced internal audit plan that provides assurance over our businesses’ key risks and related controls. Where issues are identified, action plans to make any necessary control improvements are agreed with business leaders.

All Group businesses are required to comply with the Group’s Financial Control Framework which sets out minimum control standards. Our internal audit plans are designed to include coverage of financial controls to provide assurance over how our businesses meet the requirements of the Financial Control Framework.

Assessment of principal risks

The directors confirm that, during the year, the Board has carried out a robust assessment of the principal and emerging risks facing the Group, including those that could threaten its business model, future performance, and solvency or liquidity. A description of these principal and emerging risks and how they are being managed and mitigated is set out on pages 78 to 86 of the Annual Report 2024.

Annual review of the effectiveness of the systems of risk management and internal control

During the year, the Board reviewed the effectiveness of the Group’s systems of risk management and internal control processes embracing all material systems, including financial, operational and compliance controls, to ensure that they remain robust. The review covered the financial year to 14 September 2024 and monitored for any material changes up to the date of approval of this Annual Report. The review included:

• the annual risk management review, a comprehensive process identifying the key external and operational risks facing the Group and the controls and activities in place to mitigate them, the findings of which are discussed with each member of the Board individually; and
• the annual assessment of internal control, which, following consideration by the Audit Committee, provided assurance to the Board around the control environment and processes in place around the Group, specifically those relating to internal financial control.

The Board evaluated the effectiveness of management’s processes for monitoring and reviewing risk management and internal control. No significant failings or weaknesses were identified by the review and the Board is satisfied that, where areas of improvement were identified, processes are in place to ensure that remedial action is taken and progress monitored.

The Board confirmed that it was satisfied with the outcome of the review of the effectiveness of the systems and processes and that they complied with the requirements of the 2018 Code.