Vodafone 2015 Annual Report Download - page 70

Download and view the complete annual report

Please find page 70 of the 2015 Vodafone annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 216

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216

In the year, the Committee appointed Ernst &
Young LLP to perform an independent review
of the effectiveness of the Group’s internal
audit department. This found that the
department continued to function well
and was meeting its key objectives and had
addressed all of the recommendations from
the last independent review, performed
in 2010.
In the 2016 nancial year, the Group Internal
Audit team in conjunction with other teams
that form part of the Group’s internal control
systems will be implementing an integrated
assurance mapping process to provide
a framework to allow the comprehensive
assessment of the assurance and compliance
activities for the Group’s signicant risks.
Compliance with section 404 of the
US Sarbanes-Oxley Act
The Committee takes an active role
in monitoring the Group’s compliance efforts
in respect of section 404 of the US Sarbanes-
Oxley Act, receiving three separate reports
from management in the year covering
scoping, the results of work performed and
plans for the evolution of the framework
in response to ongoing business changes.
The external auditor reported the status
of their work in relation to this matter in each
of their reports to the Committee.
Monitoring the Group’s risk
management system and
its effectiveness
The Group’s risk assessment process and
the way in which signicant business risks
are managed is a key area of focus for the
Committee. Our activity here was driven
primarily by the Group’s assessment of its
principal risks and uncertainties, as set out
on pages 32 to 37. As part of this work
the Committee maintains a programme
of in-depth reviews into specic nancial,
operational and regulatory areas of the
business. During the 2015 nancial year,
reviews were undertaken in the areas of:
a telecommunications network resilience and
related technology security;
a IT controls including customer and non-
customer related data security;
a the control environments in Vodafone
Italy, Vodafone Australia and Vodafone UK,
with the latter focusing on the integration
of the recently acquired Cable and
Wireless business and a major new billing
system project;
a risks and controls within Vodafone
Global Enterprise focusing
on contract management;
a shared services and Finance Operations,
focused on risk management and the
control environment;
a revenue recognition including planning for
the implementation of FRS 15 “Revenue”
which we currently expect to be effective
for the rst time for the 2019 nancial year;
a review of the ndings of an external review
over controls in relation to the M-Pesa
money transfer service; and
a setting discount rates for
impairment testing.
I also visited the Group’s shared service centre
in Pune, India to get a deeper understanding
of the nance activities managed from
that location and the control environment.
These reviews are critical to the role of the
Committee, as they allow us to meet key
business leaders responsible for these areas
and provide independent challenge to their
activities. We also undertook a number
of reviews in relation to the Group’s risk
management framework; we received reports
from the Group Audit Director on the
Group’s risk evaluation process and reviewed
changes to signicant risks identied at both
operating entity and Group levels.
During the year management transferred
the accountability for risk management
from Group Internal Audit to the Group
Risk and Compliance Director, a change
supported by the Committee. This change was
consistent with the requirements of the 2014
UK Corporate Governance Code.
Oversight of the
Group’s system of compliance
The Group held two deep dive sessions
on compliance related matters in the year.
These focused on the outputs of monitoring
activities of compliance with Group-wide
policies, the activities focused on driving
a consistent culture of compliance within
the organisation, the results of the use
of “Speak Up” channels in place to enable
employees to raise concerns about
possible irregularities in nancial reporting
or other issues such as breaches of the Code
of Conduct, and the outputs of any resulting
investigations. Further, we received summaries
of investigations into known or suspected
fraudulent activities by both third parties
and employees. We also met with the Group
HR Director in relation to the consequences
for employees of non-compliance with Group
policies. I also meet privately with the Risk
and Compliance Director outside the formal
committee process.
Nick Land
On behalf of the Audit and Risk Committee
19 May 2015
Board committees (continued)
Vodafone Group Plc
Annual Report 2015
68