EasyJet 2011 Annual Report Download - page 52

Download and view the complete annual report

Please find page 52 of the 2011 EasyJet annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 108

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108

Corporate governance
Continued
The internal control regime is enhanced by the
operation of a whistleblower reporting function. The
system is operated by a specialist external third-party
service provider and allows employees to report
concerns in confidence on a no names basis.
The Audit Committee has approved the processes
and reporting structure for the function and receives
regular reports on the operation of the function.
Risk management
The Board is responsible for determining the nature
and extent of the significant risks it is willing to take in
achieving its strategic objectives. During 2011, the risk
management process was refreshed; increasing the
level of rigour of risk identification, evaluation and
mitigation. This is combined with enhanced risk
reporting to the Executive Management Team and
the Board. The process is underpinned by rigorous
annual risk identification workshops completed by
both the functional managers and the Executive
Management Team. The process focuses on both
strategic and operational level risks. This process is
coordinated by the Risk Manager who reports to the
Head of Risk and Assurance. The Head of Risk and
Assurance reports to the Chief Financial Officer and
the Chairman of the Audit Committee.
To ensure that risk is effectively managed a number of
key activities are undertaken, as defined by the
Executive Directors:
Ongoing assurance and risk management is
provided through the various monitoring reviews
and reporting mechanisms that are embedded
into the business operations. Key monitoring
reviews include those conducted continuously in
weekly meetings. Operational meetings include
the Safety Audit Group which meets monthly to
discuss safety, security and environmental risks.
The Safety Review Board meets monthly, or more
regularly where events require, to review safety
performance. In addition, there are regular
Commercial, Financial and IT functional meetings
The Executive Management Team meets regularly
to consider significant risks. Individual department
and overall business performance is reviewed.
The reporting of significant risks to the Executive
Management Team and the Board has been
enhanced by the refined risk management
processes referred to above
Internal Audit considers, reviews and tests internal
control and business risk matters as defined by its
risk based audit plan. Further details of the Internal
Audit function’s operations are set out below
The Directors review the effectiveness of internal
control, including operating, financial, compliance
and risk management controls, which mitigate the
significant risks identified. The mechanisms used by
the Directors to review the effectiveness of these
controls include:
Reports from management. Reporting is
structured to ensure that key issues are escalated
through the management team and ultimately to
the Board as appropriate
Discussions with senior personnel throughout the
Company
Consideration by the Audit Committee of any
reports from internal and external auditors; and
The controls, which mitigate or minimise the high-
level risks, are reviewed to ensure that they are in
operation. The results of this review are reported
to the Board which considers whether these high-
level risks are effectively controlled
Internal audit
Internal Audit’s work is designed to provide effective
risk based coverage over the internal control
environment. This is summarised in an audit plan,
which is approved by the Board and Audit Committee
and updated on a rolling quarterly basis.
The Internal Audit department reviews the extent to
which systems of internal control:
are effective
are adequate to manage easyJet’s risks; and
safeguard the Company’s assets
Internal Audit’s key objectives are to provide
independent and objective assurance on risks and
controls to the Board and senior management and
to assist the Board with meeting its corporate
governance and regulatory responsibilities. During the
year the effectiveness of the Internal Audit function
was confirmed through an independent external
quality assessment performed by Mazars LLP.
The Head of Internal Audit reports to the Head of Risk
and Assurance. The Risk and Assurance function was
formed in August 2011 which combines the
responsibilities for Internal Audit, risk management
coordination and fraud investigation into a single
function.
The Head of Internal Audit was invited to and
attended all of the Audit Committee meetings in the
year and reported regularly on Internal Audit reviews
at the Executive Management Team meetings during
the course of the year.
The role of Internal Audit and the scope of its work
continue to evolve to take account of changes within
the business and emerging best practice. A formal
audit charter is in place.
50
easyJet plc
Annual report
and accounts 2011