Peachtree 2015 Annual Report Download - page 45

Download and view the complete annual report

Please find page 45 of the 2015 Peachtree annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 168

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168

Principal Risk Risk Background Management and Mitigation
9. Information Management and Protection (including cyber)
Sage fails to adequately
understand, manage and
protect data
During the period of acquisition many established
processes, whilst appropriate to smaller businesses,
did not develop in line with Sages growth.
This risk is an evolution from 2014. During 2015,
organisational and structural changes have been
made to manage the risk and to transition to the
new ways of working.
Creation of a global ‘OneIT’ function reporting to the global
Chief Information Officer, to support the operation of
'One Sage’ through common supporting IT infrastructure,
practices and systems
A network of Information Security Officers oversees compliance
with the IT Controls Framework, which defines
the key controls which are required
Maintenance of formal certification schemes, such as PCI,
across specific parts of the business, with internal and external
validation of compliance
On-going assurance activities are performed across the estate
by Internal Auditagainst the IT Controls Framework. Results
are tracked and reported to the Audit and Risk Commiee
In progress:
Global incident management procedures including rating
of incidents and escalation, as required
Excellence in Governance initiative being undertaken across
revised ways of working and policies to enhance effectiveness
10. Regulatory and Legal Framework
Sage fails to understand
and effectively operate
within the legal and
regulatory framework
applying to its services
Sage operates in an increasingly complex external
environment, while at the same time continuing to
evolve its service offerings to the market. Many of
Sages activities and services are subject to legal
and regulatory influences, which continue to
develop in parallel.
It is therefore essential to monitor the evolving legal
and regulatory environment, understand in a timely
manner how this applies to the business, and take
appropriate steps to ensure compliance.
This risk is an evolution from 2014.
All legal resources across Sage report directly to the global
Legal Director
The legal function uses internal and external resources
to monitor planned and realised changes in legislation
All product contracts are reviewed and approved through
the global legal function
A suite of policies are in place to support key legislation,
including Data Protection and anti-Bribery
A Code of Ethics policy is in place across the business which
provides clarity over how colleagues are expected to behave.
On-line training is provided to support it, and to record levels
of understanding
A Group Whistleblowing policy and arrangements are in operation,
to allow colleagues to raise issues without fear of recrimination,
and to provide early oversight of issues
In progress:
Development and communication of the 'Sage Way' of working,
and on-going drive towards a 100% compliance culture
Developing the financial viability statement
In developing the financial viability statement, it was determined that a five year period should be used, consistent with the period of the Groups
strategic plan and reflecting a typical life of on-premise products without upgrade.
Management reviewed the principal risks, and considered which of these risks might threaten the Groups viability. It was determined that none of
the individual risks would in isolation compromise the Groups viability, and so a number of different severe but plausible principal risk combinations
were considered.
Having identified the severe but plausible risk combinations, a cross functional group of senior managers, including representatives from Finance,
Risk, IT, Product Marketing and Legal, estimated the monetary impact of each scenario. These impacts were based on similar examples in the public
domain and internal estimates of remediation costs.
The impacts were modelled for both year one and year four of the forecast period to ensure that expected changes in the Groups product mix,
through migration towards a greater proportion of cloud based products, did not adversely impact on the Groups viability.
As set out in the Audit and Risk Commiee’s report on page 70, the Directors reviewed and discussed the process undertaken by management,
and also reviewed the results of reverse stress testing performed to provide an illustration of the reduction in revenue that would be required to
break the Groups covenants or exhaust all available cash.
The Directors’ financial viability statement is contained in the Directors’ Report on page 93.
The Sage Group plc | Annual Report & Accounts 2015 43
FINANCIAL STATEMENTSGOVERNANCESTRATEGIC REPORT