Tesco 2011 Annual Report Download - page 75

Download and view the complete annual report

Please find page 75 of the 2011 Tesco annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 162

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162

Risk management and internal controls
Accountabilities
Accepting that risk is an inherent part of doing business, our risk
management systems are designed both to encourage entrepreneurial
spirit and also provide assurance that risk is fully understood and
managed. The Board has overall responsibility for risk management
and internal control within the context of achieving the Group’s
objectives. Executive management is responsible for implementing
and maintaining the necessary control systems. The role of Internal
Audit is to monitor the overall internal control systems and report on
their effectiveness to executive management, as well as to the Audit
Committee, in order to facilitate its review of the systems.
Background
The Group has a five-year rolling business plan to support the delivery
of its strategy. Every business unit and support function derives its
objectives from the five-year plan and these are cascaded to managers
and staff by way of personal objectives.
Key to delivering effective risk management is ensuring our people
have a good understanding of the Group’s strategy and our policies,
procedures, values and expected performance. We have a structured
internal communications programme that provides employees with
a clear definition of the Group’s purpose and goals, accountabilities
and the scope of permitted activities for each business unit, as well as
individual line managers and other employees. This ensures that all our
people understand what is expected of them and that decision-making
takes place at the appropriate level. We recognise that our people may
face ethical dilemmas in the normal course of business so we provide
clear guidance based on the Tesco Values. The Values set out the
standards that we wish to uphold in how we treat people. These are
supported by the Group Code of Business Conduct which offers
guidance on relationships between the Group and its employees,
suppliers and contractors.
Risk management
The Group maintains a Key Risk Register. The Register contains the key
risks faced by the Group, including their likelihood and impact, as well
as the controls and procedures implemented to mitigate these risks
(see table below). The content of the Register is determined through
regular discussions with senior management and review by the
Executive Committee and the full Board. A balanced approach allows
the degree of controllability to be taken into account when we consider
the effectiveness of mitigation, recognising that some necessary
activities carry inherent risk which may be outside the Group’s control.
Our key risks are summarised on pages 51 to 57 of the Business Review
section of this Annual Report.
The risk management process is cascaded through the Group, with
operating subsidiary boards maintaining their own risk registers
and assessing their control systems. The same process also applies
functionally in those parts of the Group requiring greater overview.
For example, the Audit Committee’s Terms of Reference require it
to oversee the Finance Risk Register. The Board assesses significant
SEE risks to the Group’s short-term and long-term value, and
incorporates SEE risks on the Key Risk Register where they are
considered material or appropriate. During the year the Board regularly
reviewed the Key Risk Register and undertook deep dive assessments
of property and fraud risks.
We recognise the value of the ABI Guidelines on Responsible
Investment Disclosure and confirm that, as part of its regular risk
assessment procedures, the Board takes account of the significance
of SEE matters to the business of the Group. We recognise that a
number of investors and other stakeholders take a keen interest in how
companies manage SEE matters and so we report more detail on our
SEE policies and approach to managing material risks arising from SEE
matters and the KPIs we use both on our website (http://www.tescoplc.
com/corporate-responsibility/) and in our Corporate Responsibility
Report 2011. To provide further assurance, the Group’s Corporate
Responsibility KPIs are audited on a regular basis by Internal Audit.
RISK MATRIX (LIKELIHOOD TO IMPACT)
Even
chance
Significant
Less than
likely
Moderate
Highly
probable
Catastrophic
Highly
improbable
Minor
More
than likely
Substantial
Likelihood ratings (over the next five years)
Impact ratings (over a one-year period)
High risk
Medium risk
Significant risk
The Company can totally control
this risk
The Company can largely
control this risk or influence the
environment
The Company is one of a number of
entities that can control the risk or
influence the environment
The Company can only marginally
influence or effect control in this risk
environment
The Company has no effective
influence over the control of this risk
Controllability factors
TESCO PLC Annual Report and Financial Statements 2011
71
Overview Business review Governance Financial statements