This excerpt taken from the ICI 6-K filed Mar 21, 2007.
Internal control and audit
In accordance with the Turnbull Guidance on internal control, the Board confirms that there is a process for identifying, evaluating and managing the significant risks to the achievement of the Groups strategic objectives. The process has been in place throughout 2006 and up to the date of approval of the Annual Report and Accounts, and accords with the Turnbull Guidance. This process is regularly reviewed either directly by the Board or by the Audit Committee, which reports its findings for consideration by the Board.
The Board also confirms that it is responsible for maintaining the Groups system of internal controls and for reviewing its effectiveness. The internal control systems are designed to meet the Groups particular needs and the risks to which it is exposed. They are designed to manage, rather than eliminate, the risks to the achievement of business objectives, and can only provide reasonable and not absolute assurance against misstatement or loss.
At the core of the risk management process is the Group risk register, and the support provided to the Board by the Group Risk Committee (GRC). The GRC is chaired by the Chief Financial Officer and comprises the heads of major corporate functions, the Chief Internal Auditor and the Group Vice President Legal.
The GRC consolidates, reviews and prioritises input from the businesses and management and reports its conclusions to the Audit Committee and the Board. Normally, the Audit Committee reports to the Board the results of its review of the risk management process for the full Group risk register. The full Board then reviews the Group risk register and draws its collective conclusions as to the effectiveness of the system of internal control. However, in 2006 the risk management process and performance were reviewed by the full Board, allowing Directors the opportunity to review the appropriateness of the Groups approach to risk. Further information on the risks faced by the Group is included in the Risk Factors section of the Business review on pages 33 to 35.
The processes to identify and manage the key risks to the success of the Group are an integral part of the internal control environment. Such processes include strategic planning, the appointment of senior managers, the regular monitoring of performance, control over capital expenditure and investments and the setting of high standards and targets for safety, health and environmental performance. Businesses are responsible for meeting the defined reporting timetables and compliance with Group accounting manuals, which set out accounting policies, controls and definitions. The Chief Executive receives a monthly summary of financial results from each business, and the Groups published quarterly financial information is based on a standardised and timely reporting process.
The Groups strategic direction has been regularly reviewed by the Board. Annual plans and performance targets for each business were set by the Chief Executive and were reviewed in total by the Board in the light of the Groups overall objectives.
Responsibility for monitoring compliance with Group policies and guidelines rests with the chief executive officers of the businesses and with senior managers at the Corporate Centre. Annual statements of compliance are provided to the Chief Executive, and these statements are reviewed by the relevant functional leader for each policy area. In turn, there is an annual report to the Audit Committee, on behalf of the Board, on the degree of compliance with Group policies and guidelines. Corrections to any weaknesses found are monitored and controls are developed to match changing circumstances.
The Internal Audit function reviews internal controls in all key financial activities of the Group, typically over a three-year cycle. It acts as a service to the businesses by assisting with the continuous improvement of controls and procedures. Actions are agreed in response to its recommendations and these are followed up to ensure that satisfactory control is maintained. Quarterly reviews have been conducted during the year between internal audit management and the senior management of the businesses to assess their current control status and to identify and address any areas of concern.
In accordance with the provisions of the Turnbull Guidance, the Board has undertaken its annual assessment of the effectiveness of the Groups system of internal controls, key inputs to the 2006 assessment have included:
Whilst areas for improvement in control have been identified and actions initiated as a result of the above processes, no significant shortcomings in internal control have been identified from the annual assessment.