Experian 2011 Annual Report Download - page 73

Download and view the complete annual report

Please find page 73 of the 2011 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 164

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164

Governance Corporate governance statement 71
the Board, reviews the effectiveness of the
Group’s system of internal control.
The principal features of Experians system
of internal control and methods by which the
Board is confident that this system operates
effectively are set out below.
Risk assessment
There is an ongoing process in place for
anticipating, identifying, assessing and
mitigating the significant risks faced by
the Group. The process has operated
throughout the year under review and up to
the date of approval of the annual report.
The Group’s risk management and
governance framework is designed to
support the anticipation, identification,
assessment and mitigation of risks that
are significant to the achievement of the
Group’s business objectives. There is a
global risk management policy in place
which governs the management and control
of bothnancial and non-financial risks. The
policy describes the global risk framework
and defines risk management principles and
expectations regarding management of risk
across the Group; this enables a consistent
approach to the management of risk at
regional and business unit level.
Management monitors the Groups risk
profile on an ongoing basis. Regional risk
committees oversee the management of
regional risks consistent with Experian’s
risk appetite, strategies and objectives.
Global operational related risks, including
technology and project risks, are monitored
by a global operations risk management
committee. This committee oversees
the management of operational related
risks associated with the Group’s shared
service and data centres as well as global
product development and delivery activities.
The regional and global operations
risk committees review summary risk
assessments and internal audit results,
evaluate significant exposures, make
mitigation decisions and enforce mitigation
progress, monitor changes in the regional/
operational risk profile and escalate
significant risks and issues to an executive
risk management committee.
The primary responsibility of the executive
risk management committee, which is
comprised of senior Group executives,
is to oversee the management of global
risks. The regional, global operations and
executive risk committees operate to a
synchronised quarterly cycle as part of an
enterprise risk management process this
ensures relevant risk information flows
from the regional and global operations
risk committees to the executive risk
management committee and from the
executive risk management committee
to the Board and/or Audit Committee, as
appropriate.
Control environment
The Group has an established framework,
which includes the following key features:
Terms of reference for the Board and each
of its committees.
A clear organisational structure, with well
documented delegation of authority from
the Board to principal subsidiaries and
regular reporting to the Board in respect
of the exercise of the delegations.
Principles, policies and standards to
be adhered to throughout the business.
These include risk management policy,
accounting policies, treasury policy,
information security policy and policy on
fraud and whistleblowing.
Defined review and approval procedures
for major transactions, capital expenditure
and revenue expenditure.
Regional and global strategic project
committees comprised of senior
executives responsible for reviewing
and evaluating all significant business
investments, developments and
divestments, prior to submission of
relevant cases for the approval of the
Board or relevant principal operating
subsidiary (depending on the size of
the investment) risk assessment is an
integral component of the evaluation
process.
Appropriate strategies to deal with each
significant risk that has been identied,
including internal controls, insurance and
specialised treasury instruments.
Information and communication
The Board, as part of the comprehensive
system of budgetary control in the Group,
receives a monthlynance report, which
includes a Group financial summary, Group
results, forecasts and sales trends and
an investor relations analysis. The report
also includes detailed business trading
summaries and provides the Board with
information required for decision-making
and management review purposes. More
detailed monthly performance reviews take
place at a regional level.
The Audit Committee receives global risk
management reports during the year which
are generated through the facilitated,
quarterly contribution of managers
in each area of Experian’s business;
including facilitated contributions from key
governance functions such as Information
Security, Business Continuity, Legal,
Government Affairs, Compliance, Finance,
Group Corporate Secretariat, Internal
Audit and Technology Services. All risk
assessment information is consistently
captured and centrally held in a series of
risk registers. Any risks inherent in material
litigation cases are also specifically drawn
to the Audit Committees attention to enable
a more detailed consideration. During the
year, the Audit Committee received training
on information security.
On a monthly basis, the achievement of
business objectives, bothnancial and
non-nancial, is assessed using a range of
performance indicators. These indicators
are regularly reviewed to ensure they remain
relevant and reliable. In addition, the global
risk management policy provides for the
ongoing identification and escalation of new
and emerging risks to management and the
Board as appropriate.
There are fraud and whistleblowing
procedures in place in the Group
for employees to report suspected
improprieties and the Audit Committee
receives regular reports on this area from
the Head of Global Internal Audit.