Tesco 2009 Annual Report Download - page 50

Download and view the complete annual report

Please find page 50 of the 2009 Tesco annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 140

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140

48 REPORT OF THE DIRECTORS
Tesco PLC Annual Report and Financial Statements 2009
Risk management
The Group maintains a Key Risk Register. The Register contains the key
risks faced by the Group including their impact and likelihood as well as
the controls and procedures implemented to mitigate these risks. The
content of the Register is determined through regular discussions with
senior management and review by the Executive Committee and the full
Board. A balanced approach allows the degree of controllability to be taken
into account when we consider the effectiveness of mitigation recognising
that some necessary activities carry inherent risk which may be outside
the Groups control. Our risk management process recognises there are
opportunities to improve the business to be built into our future plans.
Our key risks are summarised on pages 38 to 40 of the Business Review.
The risk management process is cascaded through the Group with every
international CEO and local Boards maintaining their own risk registers
and assessing their control systems. The same process also applies
functionally in those parts of the Group requiring greater overview. For
example, the Audit Committee’s Terms of Reference require it to oversee
the Finance Risk Register. We also have a Corporate Responsibility Risk
Register which specifically considers Social, Ethical and Environmental
(SEE) risks. Oversight of these risks is the responsibility of the Corporate
Responsibility Committee. The Board assesses the significant SEE risks to
the Groups short-term and long-term value, and incorporates SEE risks on
the Key Risk Register where they are considered material or appropriate.
We recognise the value of the ABI Guidelines on Responsible Investment
Disclosure and confirm that, as part of its regular risk assessment
procedures, the Board takes account of the significance of SEE matters
to the business of the Group. We recognise that a number of investors
and other stakeholders take a keen interest in how companies manage
SEE matters and so we report more detail on our SEE policies and
approach to managing material risks arising from SEE matters and the
KPIs we use both on our website (www.tesco.com/cr-report09) and in
our Annual Corporate Responsibility Review 2009.
Internal controls
The Board is responsible for the Company’s system of internal control and
for reviewing the effectiveness of such a system. We have a Group-wide
process for clearly establishing the risks and responsibilities assigned to
each level of management and the controls which are required to be
operated and monitored.
The CEOs of subsidiary businesses are required to certify by way of annual
statements of assurance that the Board’s governance policies have been
adopted both in practice and in spirit. For certain joint ventures, the Board
places reliance upon the internal control systems operating within our
partners’ infrastructure and the obligations upon partners’ Boards relating
to the effectiveness of their own systems.
Such a system is designed to manage rather than eliminate the risk of
failure to achieve business objectives and can only provide reasonable
and not absolute assurance against material misstatement or loss.
The Board has conducted a review of the effectiveness of internal controls
and is satisfied that the controls in place remain appropriate.
Monitoring
The Board oversees the monitoring system and has set specific
responsibilities for itself and the various committees as set out below.
Both Internal Audit and our external auditors play key roles in the
monitoring process, as do several non-statutory committees including the
Finance Committee, Compliance Committee and Corporate Responsibility
Committee. The Minutes of the Audit Committee and the various non-
statutory committees (Finance, Compliance and Corporate Responsibility
Committees) are distributed to the Board and each committee submits a
report for formal discussion at least once a year. These processes provide
assurance that the Group is operating legally, ethically and in accordance
with approved financial and operational policies.
Audit Committee
The Audit Committee reports to the Board each year on its review of
the effectiveness of the internal control systems for the financial year
and the period to the date of approval of the financial statements.
Throughout the year the Committee receives regular reports from the
external auditors covering topics such as quality of earnings and technical
accounting developments. The Committee also receives updates from
Internal Audit and has dialogue with senior managers on their control
responsibilities. It should be understood that such systems are designed
to provide reasonable, but not absolute, assurance against material
misstatement or loss.
Internal Audit
The Internal Audit department is fully independent of business operations
and has a Group-wide mandate. It undertakes a programme to address
internal control and risk management processes with particular reference
to the Turnbull Guidance. It operates a risk based methodology, ensuring
that the Group’s key risks receive appropriate regular examination. Its
responsibilities include maintaining the Key Risk Register, reviewing and
reporting on the effectiveness of risk management systems and internal
control with the Executive Committee, the Audit Committee and ultimately
to the Board. Internal Audit facilitates oversight of risk and control systems
across the Group through audit and compliance committees in each of our
international businesses and our joint ventures. The Head of Internal Audit
also attends all Audit Committee meetings.
External audit
PricewaterhouseCoopers LLP, the Company’s external auditor, contributes
a further independent perspective on certain aspects of our internal
financial control systems arising from its work, and reports to both the
Board and the Audit Committee. The engagement and independence of
external auditors is considered annually by the Audit Committee before it
recommends its selection to the Board. The Committee has satisfied itself
that PricewaterhouseCoopers LLP is independent and there are adequate
controls in place to safeguard its objectivity. One such measure is the non-
audit services policy that sets out criteria for employing external auditors and
identifies areas where it is inappropriate for PricewaterhouseCoopers LLP to
work. Non-audit services work carried out by PricewaterhouseCoopers LLP
is predominantly the review of subsidiary undertakings’ statutory accounts,
transaction work and corporate tax services, where PWCs services are
considered to be the most appropriate. PricewaterhouseCoopers LLP also
follows its own ethical guidelines and continually reviews its audit team to
ensure its independence is not compromised.
Finance Committee
The Finance Committee, which is not a statutory committee, is chaired
by the CEO, Sir Terry Leahy, and membership includes Non-executive
Directors with relevant financial expertise, Executive Directors and
members of senior management. The Committee usually meets twice
a year and its role is to review and agree the Finance Plan on an annual
basis to review reports of the Treasury and Tax functions, and to review
and approve Treasury limits and delegations.
Compliance Committee
The Compliance Committee, which is not a statutory committee, is chaired
by the Corporate and Legal Affairs Director, Lucy Neville-Rolfe, and
includes three Executive Directors and members of senior management.
The Committee normally meets six times a year and its remit is to ensure
that the Group complies with all necessary laws and regulations in all of
its operations world-wide. The Committee has established a schedule
for the regular review of operational activities and legal exposure. Each
international business in the Group has a local compliance committee
designed to ensure compliance with local laws and regulations as well
as Group Compliance policies, and each country compliance committee
reports to the Group Compliance Committee on a regular basis.
Corporate governance continued