Barclays 2011 Annual Report Download - page 50

Download and view the complete annual report

Please find page 50 of the 2011 Barclays annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 286

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286

Risk management and internal control
The Directors have responsibility for ensuring that management maintain
an effective system of risk management and internal control and for
reviewing its effectiveness. Such a system is designed to manage rather
than eliminate the risk of failure to achieve business objectives and can
only provide reasonable and not absolute assurance against material
misstatement or loss.
Barclays is committed to operating within a strong system of internal
control that enables business to be transacted and risk taken without
exposing itself to unacceptable potential losses or reputational damage.
The Group Internal Control and Assurance Framework (GICAF) is the
overarching framework that sets out Barclays approach to internal
governance. It establishes the mechanisms and processes by which the
Board directs the organisation, through setting the tone and expectations
from the top, delegating its authority and monitoring compliance.
The purpose of the GICAF is to identify and set minimum requirements
in respect of the main risks to achieving the Group’s strategic objectives
and to provide reasonable assurance that internal controls are effective.
The key elements of the Group’s system of internal control, which is
aligned to the recommendations of The Committee of Sponsoring
Organizations of the Treadway Commission (COSO), are set out in the
risk control frameworks relating to each of the Group’s Key Risks and in
the Group operational risk framework. As well as incorporating our internal
requirements, these reflect material Group-wide legal and regulatory
requirements relating to internal control and assurance. The GICAF is
reviewed and approved on behalf of the Chief Executive by the Group
Governance and Control Committee at least annually. The Board Risk
Committee also reviews the GICAF annually.
Effectiveness of internal controls
The Directors review the effectiveness of the system of internal control
semi-annually. An internal control compliance certification process is
conducted throughout the Group in support of this review. Key
controls are also assessed on a regular basis for both design and
operating effectiveness. Issues arising out of business unit risk and
control assessments are considered to identify pervasive themes.
Where appropriate, issues affecting more than one business unit may
be categorised as having Group level significance and are reported to
the Board Audit Committee via the Group Governance and Control
Committee. The Board Audit Committee monitors resolution of any
identified control issues of Group level significance through to a
satisfactory conclusion. In addition, regular reports are made to the
Board Audit Committee by management, internal audit and the finance,
compliance and legal functions covering in particular financial controls,
compliance and operational controls.
Risk control framework
Processes are in place for identifying, evaluating and managing the
significant risks facing the Group in accordance with the guidance
‘Internal Control: Revised Guidance for Directors on the Combined Code’
published by the Financial Reporting Council (the Turnbull Guidance).
The Board regularly reviews these processes through its principal Board
Committees. During 2011, the Principal Risks Policy, a material component
of the GICAF, was updated to ensure that governance of non-financial
risks was expanded and aligned to the structures already in place for
financial risks. Regular risk reports are made to the Board covering risks
of Group significance including credit risk, market risk, funding risk,
operational risk and legal risk. The Board Risk Committee receives reports
covering the Principal Risks as well as reports on risk measurement
methodologies and risk appetite. Further details of risk management
procedures are given in the Risk Management section on pages 67 to 158.
Legal entity governance
During 2011, the Group developed an enhanced policy for the governance
of subsidiary entities, increasing focus on, and ensuring senior
management’s line of sight to, the legal entity structure of the Group.
A framework of varying minimum standards has been introduced, with
the most onerous requirements being placed on larger or more complex
subsidiaries that are deemed to carry greater risk. Compliance with the
enhanced policy is overseen by the Group's Legal Entity Review Committee.
Controls over financial reporting
A framework of disclosure controls and procedures is in place to support
the approval of the Groups financial statements. The Legal and Technical
Review Committee is responsible for reviewing the Groups financial reports
and disclosures to ensure that they have been subject to adequate
verification and comply with legal and technical requirements, and reports
its conclusions to the Disclosure Committee. The Disclosure Committee,
which is chaired by the Group Finance Director, considers the content,
accuracy and tone of the disclosures, reporting its conclusions to the
Group Executive Committee and the Board Audit Committee, both of
which review its conclusions and provide further challenge. Finally, the
Board reviews and approves results announcements and the Annual Report
for publication and ensures that appropriate disclosures have been made.
This governance process is in place to ensure both management and the
Board are given sufficient opportunity to review and challenge the Groups
financial statements and other significant disclosures before they are
made public. It also provides assurance for the Chief Executive and Group
Finance Director when providing certifications as required under the
Sarbanes-Oxley Act 2002 and recommended by the Turnbull Guidance.
Throughout the year ended 31 December 2011, and to date, the Group
has operated a system of risk management and internal control, which
provides reasonable assurance of effective and efficient operations
covering all controls, including financial and operational controls and
compliance with laws and regulations.
Management’s report on internal control over financial reporting
Management is responsible for establishing and maintaining adequate
internal control over financial reporting. Internal control over financial
reporting is a process designed under the supervision of the principal
executive and principal financial officers to provide reasonable assurance
regarding the reliability of financial reporting and the preparation of
financial statements for external reporting purposes in accordance with
International Financial Reporting Standards (IFRS) as adopted by the
European Union and the International Accounting Standards Board (IASB).
Internal control over financial reporting includes policies and procedures
that pertain to the maintenance of records that, in reasonable detail,
accurately and fairly reflect transactions and dispositions of assets; provide
reasonable assurances that transactions are recorded as necessary to
permit preparation of financial statements in accordance with IFRS and
that receipts and expenditures are being made only in accordance with
authorisations of management and the respective Directors; and provide
reasonable assurance regarding prevention or timely detection of
unauthorised acquisition, use or disposition of assets that could have a
material effect on the financial statements.
Internal control systems, no matter how well designed, have inherent
limitations and may not prevent or detect misstatements. Also, projections
of any evaluation of effectiveness to future periods are subject to the risk
that internal controls may become inadequate because of changes in
conditions, or that the degree of compliance with the policies or
procedures may deteriorate.
Directors’ report continued
48 Barclays PLC Annual Report 2011 www.barclays.com/annualreport