The Board is ultimately responsible for the Group’s system of internal control and for reviewing its effectiveness. However, such a system is designed to manage, rather than eliminate, the risk of failure to achieve business objectives, and can provide only reasonable, not absolute, assurance against material misstatement or loss.
The Board confirms that there is an ongoing process for identifying, evaluating and managing the principal risks faced by the Group, which has been in place for the year under review and up to the date of approval of the Annual Report and Accounts. This process is regularly reviewed by the Board and accords with the guidance of the Financial Reporting Council.
Details on the identification and evaluation of risk can be found in the section headed ‘Principal risks and uncertainties’ on pages 26 to 28.
The principal elements of the internal control framework are as follows:
(a) Authorisation procedures
Documented authorisation procedures provide for an auditable trail of accountability. These procedures are relevant across Group operations and provide for successive assurances to be given at increasingly higher levels of management and, finally, to the Board.
(b) Management of project risk
Project risk is managed throughout the life of a contract from the bidding stage to completion.
Detailed risk analyses covering technical, operational and financial issues are performed as part of the bidding process. Authority limits applicable to the approval of bids relate both to the specific risks associated with the contract and to the total value being bid by Keller, or any joint venture to which Keller is a party. Any bids involving an unusually high degree of technical or commercial risk, for example those using a new technology or in a territory
where we have not previously worked, must be approved at a senior level within the operating company.
On average, our contracts have a duration of around six weeks but larger contracts may extend over several months. The performance of contracts is monitored and reported by most business units on a weekly basis. In addition, thorough reviews are carried out by senior managers on any poorly performing jobs and full cost-to-complete assessments are routinely carried out on extended duration contracts.
Further detail on the management of project risk is provided in the section headed ‘Principal risks and uncertainties’ on pages 26 to 28.
(c) Health and safety
Regular reporting, monitoring and reviews of health and safety matters are made to the HSE Committee and the Board.
(d) Budgeting and forecasting
There is a comprehensive budgeting system with an annual budget approved by the Board. This budget includes monthly profit and loss accounts, balance sheets and cash flows. In addition, forecasts are prepared for the two subsequent years. Forecasts for the full year are regularly updated during the year.
(e) Financial reporting
Detailed monthly management accounts are prepared which compare profit and loss accounts, balance sheets, cash flows and other information with budget and prior year, and significant variances are investigated.
(f) Cash control
Each business reports its cash position weekly. Regular cash forecasts are prepared to monitor the Group’s short- and medium-term cash positions and to control immediate borrowing requirements.
(g) Investments and capital expenditure
All significant investment decisions, including capital expenditure, are referred to the appropriate divisional or Group authority level.
(h) Internal audit
The Group has a structured programme of independent, outsourced audit reviews, covering tendering, operational processes and internal financial controls. The intention is to conduct an internal audit of all material business units at least once every four years. This programme has been carried out by PricewaterhouseCoopers since 2010. The programme is approved and monitored by the Audit Committee, which reviews the findings of each such exercise.
(i) Electronic Internal Control Questionnaire (‘EICQ’)
Each year, every principal business unit is required to complete an electronic questionnaire responding to whether key internal financial and non-financial controls are in place. The results of these questionnaires are summarised in a ‘heat map’, which is presented to and discussed by the Audit Committee. The responses to the questionnaires are also reviewed by PricewaterhouseCoopers during each internal audit.
(j) Annual compliance statement
Once a year, managers are asked to confirm the adequacy of the systems of internal controls for which they are responsible; and their compliance with Group policies, local laws and regulations; and to report any significant control weaknesses or ‘breakdowns’ identified in the past year.
(k) Business conduct
The Group’s business conduct handbook sets out the Group’s policies and processes with regards to conducting business in all business units worldwide. All business units are required to self-certify that they are compliant with the Group’s business conduct handbook and compliance with the handbook is considered as part of the independent reviews.
During 2015 the Code was revised and refreshed and its launch will take place during 2016.
(l) Whistleblowing procedures
Employees are encouraged to raise genuine concerns about malpractice at the earliest possible stage. In 2016 we are introducing a new externally facilitated whistleblowing hotline service for employees. Any issues raised under our procedures are thoroughly investigated and reported back to the Audit Committee.