Experian 2010 Annual Report Download - page 68

Download and view the complete annual report

Please find page 68 of the 2010 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 164

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164

Experian Annual Report 2010 Governance66
Corporate governance statement (continued)
Principles, policies and standards to
be adhered to throughout the business.
These include risk management policy,
accounting policies, treasury policy,
information security policy and policy on
fraud and whistleblowing.
Dened review and approval procedures
for major transactions, capital
expenditure and revenue expenditure.
Regional and global strategic project
committees comprised of senior
executives responsible for reviewing
and evaluating all signicant business
investments, developments and
divestments, prior to submission of
relevant cases for the approval of the
Board or relevant principal operating
subsidiary (depending on the size of
the investment) risk assessment is an
integral component of the evaluation
process.
Appropriate strategies to deal with each
signicant risk that has been identied,
including internal controls, insurance
and specialised treasury instruments.
Information and communication
The Board, as part of the comprehensive
system of budgetary control in the Group,
receives a monthly nance report, which
includes a Group nancial summary,
Group results, forecasts and sales trends
and an investor relations analysis. The
report also includes detailed business
trading summaries and provides the
Board with information required for
decision-making and management
review purposes. More detailed monthly
performance reviews take place at a
regional level.
The Audit Committee receives global
risk management reports during the
year which are generated through the
facilitated, quarterly contribution of
managers in each area of Experians
business; including facilitated
contributions from key governance
functions such as Information Security,
Business Continuity, Legal, Government
Affairs, Compliance, Finance, Group
Corporate Secretariat, Internal Audit
and Technology Services. All risk
assessment information is consistently
captured and centrally held in a series
of risk registers. Any risks inherent
in material litigation cases are also
specically drawn to the Audit
Committee’s attention to enable a more
detailed consideration. During the
year, the Audit Committee received a
presentation on IT/technology risk which
dealt with the current global environment,
Experians major IT platforms,
governance, controls and risk issues.
On a monthly basis, the achievement
of business objectives, bothnancial
and non-nancial, is assessed using a
range of performance indicators. These
indicators are regularly reviewed to
ensure they remain relevant and reliable.
In addition, the global risk management
policy provides for the ongoing
identication and escalation of new and
emerging risks to management and the
Board as appropriate.
There are fraud and whistleblowing
procedures in place in the Group
for employees to report suspected
improprieties and the Audit Committee
receives regular reports on this area
from the Head of Global Internal Audit.
Monitoring
The Group has a well-developed system
of planning, incorporating Board
approval of Group strategy and budgets.
Performance against the agreed plan is
subsequently monitored and reported to
the Board each time it meets.
The Audit Committee has delegated
responsibility from the Board for the
annual review of the effectiveness of
the Group’s system of internal control
and receives an annual report on the
controls over relevant risks (including
risks arising from social, ethical and
environmental matters). The Committee
also reviews a variety of reports on risk,
including material risk reports, material
litigation reports, information security
reports and regulatory and compliance
reports.
Each business unit is responsible for
the day-to-day management of risk and
for ensuring that risk exposure remains
within established limits. The global
risk management policy outlines, for
business units, the expectations in
relation to escalation of identied risks,
control weaknesses or gaps. In addition,
certicates are provided annually by
each business unit and key function to
conrm compliance with the Groups
regarding management of risk across
the Group; this enables a consistent
approach to the management of risk at
regional and business unit level.
Management monitors the Groups risk
prole on an ongoing basis. Regional risk
committees oversee the management of
regional risks consistent with Experians
risk appetite, strategies and objectives.
Global operational related risks,
including technology and project risks,
are monitored by a newly formed global
operations risk management committee.
This committee was established in
the fourth quarter of the year under
review and oversees the management
of operational related risks associated
with the Groups shared service and
data centres as well as global product
development and delivery activities.
The regional and global operations
risk committees review summary risk
assessments and internal audit results,
evaluate signicant exposures, make
mitigation decisions and enforce
mitigation progress, monitor changes in
the regional/operational risk prole and
escalate signicant risks and issues to an
executive risk management committee.
The primary responsibility of the
executive risk management committee,
which is comprised of senior Group
executives, is to oversee the management
of global risks. The regional, global
operations and executive risk committees
operate to a synchronised quarterly cycle
as part of an enterprise risk management
process – this ensures relevant risk
information flows from the regional and
global operations risk committees to the
executive risk management committee
and from the executive risk management
committee to the Board and/or Audit
Committee, as appropriate.
Control environment
The Group has an established
framework, which includes the following
key features:
Terms of reference for the Board and
each of its committees.
A clear organisational structure,
with well documented delegation of
authority from the Board to principal
subsidiaries and regular reporting to the
Board in respect of the exercise of the
delegations.