Experian 2016 Annual Report Download - page 74

Download and view the complete annual report

Please find page 74 of the 2016 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 188

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188

Risk management and internal control
The Board is responsible for establishing, maintaining and reviewing sound risk management and internal control systems. There
is an ongoing process in place for identifying, evaluating and managing the principal risks Experian faces, including risks relating
to social, ethical and environmental matters. This process was in place for the financial year and up to the date of approval of this
Annual Report. Full details of the Experian risk management and internal control systems and processes can be found in the
Principal risks section of the Annual Report. The specific processes underlying the elements of the Groups risk framework are
set out below.
Monitor Maintain comprehensive risk registers representing the current risk and control environment, and deploy a
software solution to provide enhanced monitoring
Review of controls and follow-ups by management, Group Internal Audit and third parties
Use Group Internal Audit to independently assess the adequacy and effectiveness of the system of internal controls
Report on risk to the Audit Committee, addressing material and emerging risks, material litigation, information
security and business continuity, regulatory compliance and social media
Utilise the Audit Committee to monitor the Groups risk management and internal control systems
Review by the Audit Committee each year of the effectiveness of Experians systems of risk management and
internal control; receive an annual report on the controls over relevant risks; and ongoing review of principal
risks and uncertainties identified by the Group’s risk assessment processes
Identify Assess the potential effect of each strategic, operational and financial risk on the achievement of our business
objectives, and the Group’s corresponding risk appetite
Identify and escalate new, emerging or changing risks, significant incidents, significant control gaps and risk acceptance
Consider external factors arising from our operating environment and internal risks arising from the nature of
our business, its controls and processes, and our management decisions
Analyse Produce Board- and Group-level finance reports, including financial summaries, results, forecasts and revenue
trends, investor relations analysis and detailed business trading summaries
Conduct regional-level detailed performance reviews
Report to regional risk committees, the Executive Risk Management Committee and the Audit Committee on
the status of principal and emerging risks, the progress of strategic projects and acquisitions, and escalation of
significant accepted risks
Report to the Audit Committee by Group Internal Audit on assurance testing and fraud and confidential helpline
investigation results
Evaluate Evaluate compliance with policies and standards addressing risk management, compliance, accounting, treasury
management, information security and business continuity, fraud
Follow formal review and approval procedures for major transactions, capital expenditure and revenue expenditure
Monitor budgetary and performance reviews tied to KPIs and achievement of objectives
Apply a risk scoring system, based on our assessment of the probability of a risk materialising, and the impact
(including speed) if it does
Require executive management confirmations of compliance with Experian’s corporate governance and corporate
responsibility processes
Mitigate Apply active risk remediation strategies, including internal controls, formal exception processes, insurance and
specialised treasury instruments
Use formal review and approval procedures for significant accepted risks
Risk management is an essential element of running a global, innovation-driven business like Experian. It helps to achieve long-term
shareholder value and to protect the Groups business, people, assets, capital and reputation. It operates at all levels throughout
the organisation, across regions, business activities and operational support functions. Experian’s approach to risk management
encourages clear decisions about which risks are taken and how they are managed, based on an understanding of their potential
strategic, commercial, financial, compliance, legal and reputational implications.
As risk management and internal control systems are designed to manage rather than eliminate the risk of failure to achieve
business objectives, they can provide reasonable, but not absolute, assurance against material financial misstatement or loss.
For certain joint arrangements, the Board relies on the systems of internal control operating within the partners’ infrastructure
and the obligations of the partners’ boards, relating to the effectiveness of their own systems.
Corporate governance report continued
72 Governance Corporate governance report