EasyJet 2009 Annual Report Download - page 45

Download and view the complete annual report

Please find page 45 of the 2009 EasyJet annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 96

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96

43 easyJet plc Annual report and accounts 2009
Risk management
A formal bi-annual process is in place to identify, evaluate, manage and
report upon significant risks faced by the Company and is operated
by the Company Secretary under the direction of the Risk Committee.
The process involves a rigorous mandatory reporting regime across
middle tier management with reporting of risks subject to review by a
cross-functional Risk Committee which produces consolidated risk reports
for the Board.
An ongoing process for the effective management of risk has been defined
by the Directors and has been adopted as follows:
Ongoing assurance and risk management is provided through the various
monitoring reviews and reporting mechanisms embedded into the
business operations. Key monitoring reviews include those conducted
continuously in weekly meetings. Operational meetings include the
Safety Audit Group which meets monthly to discuss safety, security and
environmental risks. The Safety Review Board meets monthly, or more
regularly where events require, to review safety performance. In addition,
there are regular Commercial, Financial and IT functional meetings;
The Executive Management Team meets monthly to consider significant
current risks. Individual department and overall business performance is
reviewed. The reporting of significant risks to Executive Management
Team and the Board of the Company has been enhanced by the risk
management processes referred to above. Individual department and
overall business performance is reviewed;
Written reporting of current significant risks is provided to the Board on
a monthly basis. Control weaknesses or failings are considered by the
Board if they arise;
Internal audit considers, reviews and tests internal control and business
risk matters throughout the Group. Further details of the internal audit
function’s operations are set out below;
As described above, a bi-annual risk and control identification process,
together with annual control effectiveness testing, is conducted. The key
risks are identified and the key controls to manage these risks to the
desired level are also identified;
Action plans are set to address any control weaknesses or gaps in
controls identified.
The Directors reviewed the effectiveness of internal control, including
operating, financial, compliance and risk management controls, which mitigate
the significant risks identified. The procedures used by the Directors to
review the effectiveness of these controls include:
Reports from management. Reporting is structured to ensure that key
issues are escalated through the management team and ultimately to the
Board as appropriate;
Discussions with senior personnel throughout the Company; and
Consideration by the Audit Committee of any reports from internal and
external auditors;
The controls, which mitigate or minimise the high-level risks, are tested to
ensure that they are in operation. The results of this testing are reported
to the Board which considers whether these high-level risks are effectively
controlled.
Internal audit
Internal audit’s work is focused primarily on areas of greatest risk to easyJet,
as determined by management’s risk identification and assessment processes
as validated by Executive Directors. The output from this process is
summarised in an audit plan, which is approved by the Board and Audit
Committee, and updated on a rolling quarterly basis.
The Head of Internal Audit reports to the Group Finance Director and the
Chairman of the Audit Committee. The Head of Internal Audit was invited
to and attended all of the Audit Committee meetings in the year and has
reported regularly on internal audit reviews to the Executive Management
Team meetings during the course of the year. A formal audit charter is
in place.
The internal audit department reviews the extent to which systems of
internal control:
are effective;
are adequate to manage easyJet’s significant risks; and
safeguard the Company’s assets.
The key objectives are to provide independent and objective assurance on
risks and controls to the Board and senior management; and to assist the
Board with meeting its corporate governance and regulatory responsibilities.
The role of internal audit and the scope of its work continue to evolve to
take account of changes within the business and emerging best practice.