Marks and Spencer 2012 Annual Report Download - page 50

Download and view the complete annual report

Please find page 50 of the 2012 Marks and Spencer annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 116

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116

Risk interconnectivity
Key:
Top risk
Downgraded risk
Highlighted risk
International IT
security
IT
change
Multi-
channel
Our
people
New store
format
Our
customers
Food
safety
Programme/
workstream
management
Supply chain
management
Distribution
centre
restructure
Financial
position
Business
continuity
Food
competition
4
Product
costs
1
Economic
outlook
Corporate reputation
2
GM stock
management
3
Key supplier
failure
Governance Marks and Spencer Group plc Annual report and financial statements 2012 48
Accountability continued
Over time, globalisation, changing business models
and technological advances have resulted in a
business environment increasingly interconnected
through systems and processes. Whilst this can
be beneficial, it also increases the interdependency
of risk. As a Group, we recognise this and
continually strive to refine our risk management
processes in response.
The diagram depicts our current Group Risk
Profile, plus three risks removed since last year. It is
designed to highlight how changes to one risk could
impact on those connected to it, and on the profile
as a whole.
1 Deterioration in the Economic outlook
could impact our sales performance.
2 This requires greater control over General
Merchandise (GM) stock management.
3 Reduced order volumes could increase the
risk of Key supplier failure if they experience
pressure from other economic factors.
4 Competition over retail selling prices may require
us to reduce Product costs, increasing pressure
on suppliers.
Following significant mitigating activity, Product
costs is not considered a top risk to the Group at
this time. It still features in our detailed risk registers
and by understanding risk interconnectivity, we can
monitor factors such as the economy to ensure we
can appropriately manage any likely impact on our
supply base.
Risk: International
M&S Czech Republic operates
48 stores across six countries
selling primarily General
Merchandise (GM) goods. The
audit assessed the adequacy
and effectiveness of internal
controls over core operations,
including stores and support
functions. The report highlighted
areas for control improvement
in strategic decision-making at
a local level, GM stock
management and retail
operations. A pilot of a centrally
managed stock allocation and
range planning system has been
implemented.
Risk: New store format
Internal Audit scheduled a
review of our new store format
initiative due to the pace of
delivery and level of investment
in the programme. The scope
focused specifically on Property
and included processes relating
to project planning, cost control,
supplier selection and fire,
health & safety. The audit report
provided assurance to
management and the Audit
Committee that there were
robust programme management
controls in place and, although
some minor areas for
improvement were identified,
the overall control environment
was strong.
Risk and the role of Internal Audit
Internal Audit & Risk comprises both the Group Risk function and Internal Audit. Whilst Group Risk facilitates and manages
the risk process that is ultimately owned by the Group Board, Internal Audit is accountable to the Audit Committee. Audit
projects are often closely aligned to the Group Risk Profile (GRP) due to the risk-based approach used to prioritise audit work.
The following examples illustrate how Internal Audit work supports Group Risk whilst driving improvements to our control
environment and adding value in core business areas.
Management actions from all of our audits are tracked to completion and the status of these actions is reported to the Audit
Committee to ensure that the risks identified are appropriately addressed. This will, in turn, further mitigate the risks included
in our Group Risk Profile.
Risk: IT security
We engage a number of third-
party service providers who
host or process sensitive or
confidential data on our behalf.
Internal Audit reviewed the
processes and controls in place
to mitigate the risk of
unauthorised release or
exposure of such data. The
report confirmed that the
security assessment
methodology is robust, and that
significant external data hosting
or processing activities adhere
without exception, enforced by
our IT Change process.
Opportunities existed to improve
process compliance and
business area awareness for
smaller initiatives.
Risk: Food safety
Food innovation and quality help
to differentiate M&S and we are
committed to ongoing new
product development (NPD),
whilst maintaining food safety
standards. Internal Audit
conducted an audit review to
assess the adequacy and
effectiveness of internal controls
over NPD. The audit report
provided assurance that
effective controls exist over this
core process and also identified
opportunities to enhance
monitoring of product
development costs and the use
of success criteria.