The Group has an ongoing process for identifying, evaluating and managing the significant risks that it faces. The Board regularly reviews the process, and the Board considers that the process accords with the Turnbull Guidance on internal control.
View the discussed principal risks and uncertainties facing the Group in PDF format (68kb)
The Board receives regular updates on the views of shareholders through briefings from the Chairman and the Executive Directors, reports from the The Board considers acceptance of appropriate risks to be an integral part of business and unacceptable levels of risk are avoided or reduced and, in some cases, transferred to third parties. Internal controls are used to identify and manage acceptable levels of risk. The Directors acknowledge their responsibility for establishing and maintaining the Group's system of internal control, and for reviewing its effectiveness. Although the system can provide only reasonable and not absolute assurance of material misstatement or loss, the Group's system is designed to provide the Directors with reasonable assurance that any risks or problems are identified on a timely basis and dealt with appropriately. The Group has established an ongoing process of risk review and certification by the business heads of each operating unit.
Certain of the Group's businesses are subject to significant risk. Each identified business risk is assessed for its probability of occurrence and its potential severity of occurrence. Where necessary, the Board considers whether it is appropriate to accept certain risks that cannot be fully controlled or mitigated by the Group.
The Group's risk management process was embedded throughout the businesses during the financial year ended 30 April 2007 and up to the date of the approval of this report. The Board has carried out a review of the effectiveness of the Group's internal control environment and such reviews are supported on an ongoing basis by the work of the Audit Committee. The Board is satisfied that processes are in place to ensure that risks are appropriately managed.
The Board has designated specific individuals to oversee the internal control and risk management processes, while recognising that it retains ultimate responsibility for these. The Board believes that it is important that these processes remain rooted throughout the business and the managing director of each operating unit is responsible for the internal control framework within that unit. The Audit Committee meets with representatives of operating units because this is one way for an independent and objective appraisal of risk management to be obtained.
The Board has a number of matters reserved for its consideration, with principal responsibilities being to agree the overall strategy and investment policy, to approve major capital expenditure, to monitor performance and risk management procedures of senior management, to ensure that there are proper internal controls in place and to consider major acquisitions or disposals. The Directors have full and timely access to information with Board papers distributed in advance of meetings.
Self-assessment of risk conducted by the Directors and senior management is ongoing and has been considered at several levels, with each division maintaining a separate risk profile.
The Group Risk Assurance (or internal audit) function, which is outsourced to and managed by Deloitte, reports to the Audit Committee and is utilised in monitoring risk management processes to determine whether internal controls are effectively designed and properly implemented. A risk-based approach is applied to the implementation and monitoring of controls. The monitoring process also forms the basis for maintaining the integrity and improving where possible the Group's risk management process in the context of the Group's overall goals.
The Audit Committee reviews Group Risk Assurance plans, as well as external audit plans and any business improvement opportunities that are recommended by the external auditors.
Virgin Rail Group has its own audit committee and internal audit function. The Group's risk management process does not specifically cover Virgin Rail Group, but the Group maintains an overview of Virgin Rail Group's business risk management process through representation on the board and audit committee. Stagecoach management representatives also meet regularly with representatives of Virgin Rail Group to ensure that the joint venture follows appropriate risk management procedures.
