Experian 2015 Annual Report Download - page 72
Download and view the complete annual report
Please find page 72 of the 2015 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.Defined
governance
structure
• Defined Board and Board committees’ terms of reference
• Defined global and regional authorities
• Review of significant business commitments through global and regional strategic project committees
• Oversee the risk management process through global and regional risk management committees
• Report regularly on risk to the Audit Committee and Board
Identify risks • Assess the potential effect of each strategic, operational and financial risk on the achievement of our
business objectives, and the Group’s corresponding risk appetite
• Identify and escalate new, emerging or changing risks, significant control gaps and risk acceptance
• Consider external factors arising from our operating environment and internal risks arising from the
nature of our business, its controls and processes, and our management decisions
Evaluate control
environment
• Evaluate compliance with policies and standards addressing risk management, compliance,
accounting, treasury management, information security, fraud and whistleblowing
• Follow formal review and approval procedures for major transactions, capital expenditure
and revenue expenditure
• Monitor budgetary and performance reviews tied to KPIs and achievement of objectives
• Apply a risk scoring system, based on our assessment of the probability of a risk materialising,
and the impact (including speed) if it does
• Require executive management confirmations of compliance with Experian’s corporate governance
and corporate responsibility processes
Respond to risks • Have active risk remediation strategies, including internal controls, insurance and specialised
treasury instruments
• Use formal review and approval procedures for significant accepted risks
Communicate • Board- and Group-level finance reports, including financial summaries, results, forecasts and revenue
trends, investor relations analysis and detailed business trading summaries
• Regional-level detailed performance reviews
• Regional and executive risk management committee and Audit Committee risk reporting on the status
of principal and emerging risks, the progress of strategic projects and acquisitions, and escalation of
significant accepted risks
• Group Internal Audit reporting to the Audit Committee on assurance testing and fraud and confidential
helpline investigation results
Monitor • Comprehensive risk registers representing the current risk and control environment
• Management, internal audit and third-party control reviews and follow-ups
• Group Internal Audit independent assessment of the adequacy and effectiveness of the system
of internal controls
• A variety of Audit Committee risk reporting, addressing material and emerging risks, material litigation,
information security, regulatory compliance and social media
• Audit Committee annual review of the effectiveness of Experian’s systems of risk management
and internal control; receipt of an annual report on the controls over relevant risks
Tone of the organisation
First Line
Business unit management
and process owners
Second Line
Independent risk management
and compliance functions
Third Line
Internal assurance
providers
Board risk oversight
Three lines of defence – Assurance model
Executive managementBoard risk oversight
Corporate governance report continued
70 Governance •Corporate governance report