Internal control & risk management
Accountabilities
Accepting that risk is an inherent part of doing business, our risk management systems are designed both to encourage entrepreneurial spirit and also provide assurance that risk is fully understood and managed. The Board has overall responsibility for risk management and internal control within the context of achieving the Group’s objectives. Executive management is responsible for implementing and maintaining the necessary control systems. The role of Internal Audit is to monitor the overall internal control systems and report on their effectiveness to Executive management, as well as to the Audit Committee, in order to facilitate its review of the systems.
Background
The Group has a five-year rolling business plan to support the
delivery of its strategy of long-term growth and returns for
shareholders. Every business unit and support function derives its
objectives from the five-year plan and these are cascaded to
managers and staff by way of personal objectives. Key to delivering
effective risk management is ensuring our people have a good
understanding of the Group’s strategy and our policies,
procedures, values and expected performance. We have a structured
internal communications programme that provides employees with a
clear definition of the Group’s purpose and goals,
accountabilities and the scope of permitted activities for each
business unit, as well as individual line managers and other
employees. This ensures that all our people understand what is
expected of them and that decision-making takes place at the
appropriate level. We recognise that our people may face ethical
dilemmas in the normal course of business so we provide clear
guidance based on the Tesco Values. The Values set out the
standards that we wish to uphold in how we treat people. These are
supported by the Group Code of Business Conduct which was launched
this year, replacing the Code of Ethics, and offers guidance on
relationships between the Group and its employees, suppliers and
contractors.
We operate a balanced scorecard approach that is known within
the Group as our Steering Wheel. This unites the Group’s
resources around our customers, people, operations, community and
finance. The Steering Wheel operates at all levels throughout the
Group. It enables the business to be operated and monitored on a
balanced basis with due regard for all stakeholders.
Risk management
The Group maintains a Key Risk Register. The Register contains the
key risks faced by the Group including their impact and likelihood,
as well as the controls and procedures implemented to mitigate
these risks. The content of the Register is determined through
regular discussions with senior management and reviewed by the
Executive Committee and the full Board. A balanced approach allows
the degree of controllability to be taken into account when we
consider the effectiveness of mitigation, recognising that some
necessary activities carry inherent risk which may be outside the
Group’s control. Where our risk management process identifies
opportunities to improve the business these are built into our
future plans.
The risk management process is cascaded through the Group with operating subsidiary boards maintaining their own risk registers and assessing their own control systems. The same process also applies functionally in those parts of the Group requiring greater oversight. For example, the Audit Committee’s Terms of Reference require it to oversee the Finance Risk Register. The Board assesses significant Social, Ethical and Environmental (SEE) risks to the Group’s short-term and long-term value, and incorporates SEE risks on the Key Risk Register where they are considered material or appropriate.
We recognise the value of the ABI Guidelines on Responsible Investment Disclosure and confirm that, as part of its regular risk assessment procedures, the Board takes account of the significance of SEE matters to the business of the Group. We recognise that a number of investors and other stakeholders take a keen interest in how companies manage SEE matters and so we report more detail on our SEE policies and approach to managing material risks arising from SEE matters and the KPIs we use at www.tesco.com/cr2010. To provide further assurance, the Group’s Corporate Responsibility KPIs are audited on a regular basis by Internal Audit.
Internal controls
The Board is responsible for the Company’s system of internal
control and for reviewing the effectiveness of such a system. We
have a Group-wide process for clearly establishing the risks and
responsibilities assigned to each level of management and the
controls which are required to be operated and monitored. The CEOs
of subsidiary businesses are required to certify by way of annual
governance returns that appropriate governance and compliance
processes have been adopted. For certain joint ventures, the Board
places reliance upon the internal control systems operating within
our partners’ infrastructures and the obligations upon
partners’ boards relating to the effectiveness of their own
systems.
Such a system is designed to manage rather than eliminate the
risk of failure to achieve business objectives and can only provide
reasonable and not absolute assurance against material misstatement
or loss. The Board has reviewed the effectiveness of internal
controls and is satisfied that the controls in place remain
appropriate.
Monitoring
The Board oversees the monitoring system and has set specific
responsibilities for itself and the various committees as set out
below. Both Internal Audit and our external auditors play key roles
in the monitoring process, as do several other committees including
the Finance Committee, Compliance Committee and Corporate
Responsibility Committee. The Minutes of the Audit Committee and
the various other committees (Finance, Compliance and Corporate
Responsibility Committees) are distributed to the Board and each
Committee submits a report for formal discussion at least once a
year. These processes provide assurance that the Group is operating
legally, ethically and in accordance with approved financial and
operational policies.
Audit Committee
The Audit Committee
reports to the Board each year on its review of the effectiveness
of the internal control systems for the financial year and the
period to the date of approval of the financial statements.
Throughout the year the Committee receives regular reports from the
external auditors covering topics such as quality of earnings and
technical accounting developments. The Committee also receives
updates from Internal Audit and has dialogue with senior managers
on their control responsibilities. It should be understood that
such systems are designed to provide reasonable, but not absolute,
assurance against material misstatement or loss.
Internal Audit
The Internal Audit department is fully independent of business
operations and has a Group-wide mandate. It undertakes a programme
to address internal control and risk management processes with
particular reference to the Turnbull Guidance. It operates a
risk-based methodology, ensuring that the Group’s key risks
receive appropriate regular examination. Its responsibilities
include maintaining the Key Risk Register, reviewing and reporting
on the effectiveness of risk management systems and internal
control with the Executive Committee, the Audit Committee and
ultimately to the Board. Internal Audit facilitates oversight of
risk and control systems across the Group through risk committees
in Asia and Europe and audit committees in a number of our
international businesses and joint ventures. The Head of Internal
Audit also attends all Audit Committee meetings.
External audit
PricewaterhouseCoopers LLP,
who have been the Company’s external auditor for a number of
years, contributes a further independent perspective on certain
aspects of our internal financial control systems arising from its
work, and reports to both the Board and the Audit Committee. Our
policy in relation to the reappointment of the external auditors is
to consider their engagement and independence annually.
The Committee has satisfied itself that PricewaterhouseCoopers
LLP is independent and there are adequate controls in place to
safeguard its objectivity. One such measure is the non-audit
services policy that sets out criteria for employing external
auditors and identifies areas where it is inappropriate for
PricewaterhouseCoopers LLP to work. Non-audit services work carried
out by PricewaterhouseCoopers LLP is predominantly the review of
subsidiary undertakings’ statutory accounts, transaction work
and corporate tax services, where their services are considered to
be the most appropriate. PricewaterhouseCoopers LLP also follows
its own ethical guidelines and continually reviews its audit team
to ensure its independence is not compromised.
Finance Committee
Membership of the Finance Committee includes Non-executive
Directors with relevant financial expertise, Executive Directors
and members of senior management. The Committee is chaired by Sir
Terry Leahy, CEO. The Committee usually meets twice a year and its
role is to review and agree the Finance Plan on an annual basis,
review reports of the Treasury and Tax functions and to review and
approve Treasury limits and delegations.
Compliance Committee
Membership of the
Compliance Committee includes three Executive Directors and members
of senior management. The Committee is chaired by Lucy
Neville-Rolfe, Corporate and Legal Affairs Director. The Committee
normally meets six times a year and its remit is to ensure that the
Group complies with all necessary laws and regulations and other
compliance policies in all of its operations world-wide. The
Committee has established a schedule for the regular review of
operational activities and legal exposure. Each business in the
Group has a Compliance Committee designed to ensure compliance with
both local and Group policies, and each Compliance Committee
reports to the Group Compliance Committee at least once a year.
Corporate Responsibility Committee
The
Corporate Responsibility Committee is chaired by the Corporate and
Legal Affairs Director, Lucy Neville-Rolfe and membership is made
up of senior executives from across the Group. It meets at least
four times a year to support, develop and monitor policies on SEE
issues and to review threats and opportunities for the Group.
Progress in developing Community initiatives is monitored by the
use of relevant KPIs for the businesses within the Group. The Board
formally discusses the work of the Committee on a regular basis,
including progress in implementing our Community Plan.
The Corporate and Legal Affairs department and the Trading Law
and Technical department provide assurance and advice on legal
compliance, health and safety, and SEE matters. These functions
report on their work on a regular basis and escalate matters as
appropriate.
Whistleblowing
The Group operates a whistleblowing policy and has a confidential
‘Protector Line’ service accessible to concerned
employees where they can report, anonymously if necessary, on
issues of malpractice within the business. Such issues include
illegal and unethical behaviour such as fraud, dishonesty and any
practices that endanger our staff, customers or the
environment.
Complaints made are treated as confidential and are
investigated. Where appropriate, matters will be escalated to the
Director of Group Security for further action.
Management
In our fast moving business, trading is tracked on a daily and
weekly basis, financial performance is reviewed weekly and monthly
and the Steering Wheel is reviewed quarterly. Steering Wheels are
operated in business units across the Group and reports are
prepared of performance against target KPIs covering the five
segments of the Steering Wheel (Customer, Operations, Community,
People and Finance) on a quarterly basis, enabling management to
measure performance. All major initiatives require business cases
normally covering a minimum period of five years.
Post-investment appraisals, carried out by management, determine
the reasons for any significant variance from expected
performance.
412.20p
Updated 02/09/2010 : 16:49







