Experian 2009 Annual Report Download - page 59

Download and view the complete annual report

Please find page 59 of the 2009 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 152

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152

57Experian Annual Report 2009
Introduction
2 – 7
Governance
Corporate governance statement Financial statements
73 – 148
Business review
8 – 43
Business review
8 – 43
Information and communication
The Group has a comprehensive
system of budgetary control,
including monthly performance
reviews for each major business.
These reviews are at a detailed level
within each region and at a high
level for the board.
On a monthly basis, the achievement
of business objectives, both
nancial and non-nancial,
is assessed using a range of
performance indicators. These
indicators are regularly reviewed to
ensure that they remain relevant and
reliable.
The Group has whistleblowing
procedures in place for employees
to report suspected improprieties.
Monitoring
A range of procedures is
used to monitor the effective
application of internal control in
the Group, including management
assurance, through the ongoing
risk management process, and
independent assurance, through
internal audit reviews and reviews
by specialist third parties.
The internal audit department’s
responsibilities include reporting
to the audit committee on the
effectiveness of internal control
systems, focusing on those areas
considered to be of greatest risk to
the Group.
Follow-up processes are used to
ensure appropriate response to
changes and developments in risks
and the control environment.
Senior management makes
presentations on risk to the audit
committee, which reports regularly
to the board on the risks facing the
Group’s business.
The audit committee has delegated
responsibility from the board for
reviewing the effectiveness of
the Group’s internal controls and
receives an annual report on the
controls over these risks. This
includes risks arising from social,
ethical and environmental matters.
The Group has in place a number of
strategic project committees, whose
reviews are considered an essential
part of the delegated authorities
process. These committees have
established processes, which
include risk assessment as an
integral component.
The Group has in place a full-time
Global Enterprise Risk Manager.
Control environment and
control activities
The Group has established
procedures and detailed matrices
for delegated authority which ensure
that decisions that are signicant,
either because of their value or the
inherent degree of risk, are taken at
an appropriate level.
The Group has implemented
appropriate strategies to deal with
each signicant risk that has been
identied. These strategies include
internal controls, insurance and
specialised treasury instruments.
The Group sets out principles,
policies and standards to be
adhered to throughout its business.
These include risk identication,
management and reporting
standards, ethical principles and
practice, accounting policies,
treasury policy, information security
policy and policy on fraud and
whistleblowing.
Group’s system of internal control in
accordance with the ‘Internal Control
Revised Guidance for Directors’
contained in the Combined Code.
The audit committee has kept under
review the effectiveness of this system
of internal control and has reported
regularly to the board.
The board reviews annually the
effectiveness of the key procedures
which have been established to provide
internal control.
The key procedures, which operate
throughout the year, are as follows:
Risk assessment
The Group sets out its objectives
clearly as part of its planning
process and organisation design.
These objectives are incorporated
as part of the planning cycle and
are supported by the use of both
nancial and non-nancial key
performance indicators.
Risks are methodically anticipated,
identied, assessed and
appropriately mitigated as part of an
enterprise-wide risk management
process operating throughout
the Group on an ongoing basis
and headed by an executive risk
management committee (‘ERMC’),
supported by regional risk
management committees (‘RRMC’).
The ERMC has responsibility
for oversight of the Group’s risk
management process and monitors
and evaluates the Group’s global
risk prole. Responsibility for
evaluation and mitigation of
regional risks falls to the RRMC,
to which Experian’s business units
submit reports on a quarterly basis,
detailing identied risks, associated
mitigation strategies and the status
of implemented action steps.