The Board is responsible for the operation and effectiveness of the Group’s system of internal controls and risk management. There is an ongoing process for identifying, evaluating and managing the significant risks faced by the Group. It is regularly reviewed by the Board and complies fully with the Turnbull guidance.
The internal control systems are designed to meet the Group’s particular needs and the risks to which it is exposed and by their nature can only provide reasonable but not absolute assurance against misstatement or loss.
The effectiveness of this process has been reviewed by the Audit Committee, which reports its findings to the Board. The processes used by the Audit Committee to review the effectiveness of the system of internal control include discussions with management on significant risk areas identified and the review of plans for, and results from, internal and external audits.
The Audit Committee reports the results of its review of the risk assessment process to the Board. The Board then draws its collective conclusion as to the effectiveness of the system of internal control. The key procedures, which the directors have established with a view to providing effective internal control, are as follows:
Indication of business risks
The processes to identify and manage the key risks to the success of the Group are an integral part of the internal control environment. Such processes, which are reviewed and improved as necessary, include strategic planning, the appointment of senior managers, the regular monitoring of performance and control over capital expenditure and acquisitions.
The Group Executive Committee reviews all business activities to identify the nature and extent of the significant risks facing the Group, including those risks arising from social, environmental and ethical issues and undertakes risk review audits.
In identifying significant risks to which the Group is exposed, it reviews the results of any relevant internal audit reviews and agrees mitigating actions, when possible.
Through the work of the Executive and Audit Committees, the Board is provided with a balanced assessment of the significant risks associated with the Group’s operations and the effectiveness of the system of internal controls.
A “whistleblowing” telephone hotline service has been introduced in many operating companies in the Group (including all those in the UK and US) allowing employees to raise issues of concern in relation to dishonesty or malpractice on an entirely confidential basis.
The Audit Committee receives regular reports on any matters raised through this service and monitors its use throughout the Group. Similar arrangements are being considered for Group companies in other jurisdictions subject to compliance with local legal requirements.
Quality and integrity of personnel
The integrity and competence of personnel is ensured through high recruitment standards and subsequent training courses. High quality personnel are seen as an essential part of the control environment.
The Board has overall responsibility for the Group. Each executive director has been given responsibility for specific aspects of the Group’s affairs. A clearly defined organisational structure exists within which individual responsibilities are identified and can be monitored.
The management of the Group as a whole is delegated to the Chief Executive and the executive directors. The conduct of Sage’s individual businesses is delegated to the local executive management teams.
These teams are accountable for the conduct and performance of their businesses within the agreed business strategy. They have full authority to act subject to the reserved powers and sanctioning limits laid down by the Board and to Group policies and guidelines.
The Group utilises internal audit resource supplied by KPMG to review compliance with procedures and assess the integrity of the control environment. Internal audit acts as a service to the businesses by assisting with the continuous improvement of controls and procedures. Actions are agreed in response to its recommendations and these are followed up by the Audit Committees to ensure that satisfactory control is maintained.
A comprehensive budgeting system is in place, with annual budgets for all operating subsidiaries being approved by respective subsidiary boards. Subsequently the combined budget is subject to consideration and approval by the Board. Management information systems provide the directors with relevant and timely information required to monitor financial performance.
Investment appraisal (including acquisitions)
Budgetary approval and defined authorisation levels regulate capital expenditure. As part of the budgetary process the Board considers proposals for research and development programmes. Acquisition activity is subject to internal guidelines governing investment appraisal criteria, financial targets, negotiation, execution and post-acquisition management.