The Board is ultimately responsible for the Society's systems of internal control and for reviewing their effectiveness. Responsibility for individual areas of control has been allocated to nominated managers under the Financial Services Authority's (FSA) senior management responsibilities regime. Such systems are designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide only reasonable but not absolute assurance against material mis-statement or loss.
The Board confirms there is a process for identifying, evaluating and managing the significant risks faced by the Society. The process has been in place throughout the whole of 2003, is regularly reviewed by the Board and accords with the Turnbull Guidance. The process used by the Board to review the effectiveness of the systems of internal control includes the following:
The main features of the risk and control framework are outlined below:
Risk Management The Board is responsible for approving the Society's strategy, its principal markets and the level of acceptable risk. It has established Board Committees and Executive Committees to administer a risk management process which identifies the key risks facing the business and ensures they are managed effectively. These risks include those which derive from social, environmental and ethical issues that are relevant to the Society's business and the interests of its stakeholders, and which are reported upon separately in the consolidated Sustainability Report for the financial services Boards of Co-operative Group. Each risk in the Risk Register is assigned to an appropriate manager who is responsible for ensuring that it is managed in accordance with the Society's risk management process. The Society's risk management process is kept under review to ensure that it accords with best practice and the evolving requirements of the FSA.
Control Environment The Board has established an organisational structure with clearly-defined lines of responsibility and delegation of authority to appropriately qualified management. Policies and procedures are well documented and communicated throughout the organisation. Human resource policies, including those relating to recruitment and training, maintain standards of competency and integrity.
Matters reserved to the Board are clearly defined and appropriate authorisation limits and reporting procedures have been established, with Board approval being required for larger items of expenditure. The Society provides extensive training and guidance for sales representatives in order to ensure that they are competent to meet all appropriate regulatory standards.
Information and Communication The Society has comprehensive systems of strategic planning and financial reporting. Three year strategic plans and annual budgets are approved annually by the Board. Strategic business initiatives and investment spending plans are also individually approved by the Board. Actual results compared with budget and prior periods are reviewed by the Board quarterly.
Control Activities Internal control procedures have been tailored to the requirements of individual business activities. Rigorous controls in areas of significant risks include clear parameters for delegation of authority, segregation of duties, regular reporting and review.
The Audit and Risk Committee assists the Board in overseeing the process for identifying, evaluating and managing risks, considering internal and external audit reports, and reviewing the Society's financial statements.
Monitoring Systems The operation of the system of internal control is the responsibility of line management. It is subject to independent review by Internal Audit and, where appropriate, by the Society's external auditor and external regulators. The reports of all of these bodies on internal control are reviewed by the Audit and Risk Committee on behalf of the Board. The Audit and Risk Committee ensures that, where necessary, appropriate corrective action is taken.
The Appointed Actuary monitors the solvency position of the Society's long term business fund regularly, and a Financial Condition Report providing a detailed assessment of solvency, and the fund's ability to withstand substantial variations in financial conditions, is prepared annually and considered by the Board. The solvency position is monitored daily during periods of market turbulence. The Society has exceeded the required solvency reserves throughout the year. Similarly, the solvency position of the general insurance business has exceeded statutory requirements throughout the year.
Review and Corrective Action In 2003 the Board was strengthened by the appointment of two independent professional non-executive directors with significant financial sector and actuarial experience respectively. In addition to reviewing the work of the internal audit and risk management functions, the Audit and Risk Committee reviews the Society's annual financial statements and the basis of the directors' certificate accompanying the annual return to the FSA, and examines the scope of external audit and the reports of the external auditor. The Committee also received a report confirming that each manager responsible for managing risks recorded in the Society's Risk Register had re-assessed the status of each risk profile at the year-end and had confirmed that risks had been managed in accordance with the Society's risk management process throughout the year.
The internal audit function undertakes independent assessments of risk and the adequacy of related controls in the Society and its operational subsidiaries. Findings and recommendations for strengthening the control framework are agreed with management and the implementation of agreed changes is monitored by Internal Audit. The Audit and Risk Committee reviews internal audit coverage and performance, considers significant findings and recommendations and monitors the progress achieved by management in relation to implementing audit recommendations. Internal Audit has unrestricted access to all records, personnel and property of the Society and is entitled to receive such information as is necessary for the performance of its work.
The Society's compliance function monitors and enforces compliance mainly in relation to conduct of business regulation by the FSA, the Data Protection Act, the General Insurance Standards Council and the Mortgage Code issued by the Council of Mortgage Lenders. The Regulatory Compliance Committee, which reported quarterly to the Board, reviews the Society's compliance strategy and annual compliance programme and monitors performance against the programme.
The internal audit function reports to the Audit and Risk Committee and along with external auditors provides additional advice and information to the Committee.
During the year, regular assessments of the Society's significant risks and related controls have been reported to the Executive Committee.
During the year the Society was subject to a risk assessment by the FSA, commonly referred to as an Arrow risk assessment. The Board has confirmed to the FSA that all issues identified during the assessment are being addressed in accordance with the agreed timetable.
The Audit and Risk Committee, on behalf of the Board, has reviewed the effectiveness of the Society's systems of internal control for the year and up to the date of approval of the annual report and accounts. As might be expected in a group of this size and complexity, a small number of internal control irregularities occurred during the period under review. These were identified on a timely basis and appropriate actions taken. None of these irregularities in internal control resulted in any material losses which require disclosure.
