Corporate Governance
The Board has responsibility for the Group’s system of internal control and for monitoring and reviewing its effectiveness.
Any system of internal control is designed to manage, rather than eliminate, the risk of failure to achieve business objectives. The system can only provide reasonable, and not absolute, assurance against material financial misstatement or loss. The Board reviewed the effectiveness of internal control procedures during 2007. The principal features of the Group’s systems of internal control are:
Control environment
The Board encourages a culture of integrity and openness. The Company has an organisation structure with clear lines of accountability and authority across its worldwide operations, supported by appropriate reporting procedures. Each of the regional businesses is accountable to the Chief Executive and is managed within the strategic guidelines and delegated authorities adopted by the Board. An executive management team, chaired by the CEO and comprising the Executive Directors, regional directors and functional heads, meets regularly to discuss issues facing the Group.
Control procedures
Control procedures have been established in each of the Company’s operations to safeguard the Group’s assets from loss or misuse and to ensure appropriate authorisation and recording of financial transactions. Risk management procedures are in place for the Company’s operations, including its energy marketing and trading activities, which are overseen by the Global Commodities Risk Committee, which comprises executive and senior management, and is chaired by the Global Risk Manager. The Group treasury function operates under defined policies and the oversight of the Treasury Committee, chaired by the Chief Financial Officer. All acquisition and investment decisions are subject to disciplined investment appraisal processes.
Corporate plan
Executive management submits an annual corporate plan to the Board for approval. The plan for each business unit is the quantified assessment of its planned operating and financial performance for the next financial year, together with strategic reviews for the following four years. Group management reviews the plans with each operational team. The individual plans are based on key economic and financial assumptions and incorporate an assessment of the risk and sensitivities underlying the projections.
Performance monitoring
Monthly performance and financial reports are produced for each business unit, with comparisons to budget. Reports are consolidated for overall review by executive management, together with forecasts for the profit and loss account and cash flow. Detailed reports are presented to the Board on a regular basis.
Performance review
Each business unit is subject to a performance review with Group management regularly during the year. Actual results and forecasts for the year are compared to budget. Key operational and financial results are reviewed together with the risk profile and business environment of the reporting unit.
Investment projects
These are subject to formal review and authorisation procedures with designated levels of authority, including a review by an investment appraisal committee chaired by the CEO and comprising the Executive Directors and senior managers. Major projects are subject to Board review and approval.
Corporate reporting
The Company has a Disclosure Committee which is chaired by the Company Secretary and comprises members from the internal audit, corporate communications, global resources, operations and engineering, company secretariat and financial reporting departments. It reviews the Annual Report and the Summary Annual Report and in 2007 reviewed the 2006 Form 20F.
Risk identification and management
There is a continuous process for identifying, evaluating and managing the key risks faced by the Company. Activities are co-ordinated by the Risk Committee. The Risk Committee is chaired by the Chief Financial Officer and has responsibility, on behalf of the Board, for ensuring the adequacy of systems for identifying and assessing significant risks, that appropriate control systems and other mitigating actions are in place, and that residual exposures are consistent with the Company’s strategy and objectives. Assessments are conducted for all material entities.
Monitoring
The Board reviews the effectiveness of established internal controls through the Audit Committee, which receives reports from management, the Risk Committee, the Group’s internal audit function and the external auditors on the systems of internal control and risk management arrangements.
Internal Audit reviews the effectiveness of internal controls and risk management through a work programme which is based on the Company’s objectives and risk profile and is agreed with the Audit Committee. Findings are reported to operational and executive management, with periodic reporting to the Audit Committee.
Business unit managers provide annual self-certification statements of compliance with procedures. These statements give assurance that controls are in operation and confirm that programmes are in place to address any weaknesses in internal control. The certification process embraces all areas of material risk. Internal Audit reviews the statements on behalf of the Disclosure Committee and reports any significant issues to the Audit Committee.
