The FRC Guidance recommends internal control practices for UK listed companies to assist them in assessing the application of the Code’s principles and compliance with the Code’s provisions with regard to internal control.
Our systems of internal control are designed and operated to support the identification, evaluation and management of risks affecting the group. These include controls in relation to the financial reporting process and the preparation of consolidated accounts, and extend across all areas of operations. They are subject to continuous review as circumstances change and new risks emerge.
Key features of the systems of internal control are:
- the risk management system described above;
- written policies and procedures within our businesses;
- clearly defined lines of accountability and delegations of authority;
- management of operating risk by using appropriate infrastructure (including regional hubs and specialist group functions), controls, systems and codified ways of working (including standard project methodology) and codified people management routines throughout the business;
- business continuity planning, including preventative and contingency measures, back-up capabilities and the purchase of insurance;
- maintenance of a state of preparedness towards compliance with Section 404 of the US Sarbanes-Oxley Act through the identification and testing of key financial controls under our Internal Financial Control (IFC) programme. This is a voluntary initiative, which strengthens internal control systems and processes within the group;
- risk management policies and procedures including segregation of duties, transaction authorisation, monitoring, financial and managerial review and comprehensive reporting and analysis against approved standards and budgets;
- a treasury operating framework and group treasury team, accountable for all treasury activities, which establishes policies and manages liquidity and financial risks, including foreign exchange, interest rate and counterparty exposures, and incorporates group and regional treasury committees that monitor these activities and compliance with the policies. Treasury policies, risk limits and monitoring procedures are reviewed regularly by the audit committee on behalf of the board; and
- a group tax policy and tax operating framework which forms the basis of tax governance across the group and is managed by our group tax function which monitors tax risk and implements strategies and procedures to control it, and which is also reviewed regularly by the audit committee on behalf of the board.
Assurance on systems of internal control and their effectiveness is obtained through:
- an established, regular routine of management reviews and performance reviews by the Chief Executive and excom, with half-yearly reporting to the board;
- reviews and testing of key financial controls;
- internal audit reviews including programme assurance for large change projects;
- testing of certain aspects of the internal financial control systems by the external auditors during the course of their statutory examinations and regular reports to the audit committee by the internal and external auditors;
- our regional and group function finance, control and assurance committees consider the results of these reviews within each region and group function twice a year, together with feedback from country audit committees, to confirm that controls are functioning and to ensure that any material breakdowns and remedial actions have been reported to the appropriate boards of directors; and
- in relation to our associated undertakings and joint ventures, these matters are reviewed at the level of the associates’ or joint ventures’ boards or equivalent governing committees.
At the half year and at the year end the members of regional and country business executive committees, each of our functional directors (legal and corporate affairs; marketing; integrated supply; and human resources), each of the direct reports to the Chief Financial Officer (finance and control; internal audit; corporate finance and strategy; tax; treasury; and investor relations), and the head of our procurement and global business services units (including information technology) are required to submit to the Group Company Secretary on behalf of the board formal letters of representation on compliance with internal controls and key policies, including the group’s Code of Business Conduct and Ethics and Anti-Bribery Policy. These bi-annual letters also require the notification of continuing or potential significant financial, regulatory, environmental or other exposures.
These letters form the subject of reports to the audit committee, and cover all subsidiary companies, as well as MillerCoors LLC. Certain of our executive directors and executive committee members sit on the boards of MillerCoors LLC and of relevant holding companies within major associates such as CR Snow, Anadolu Efes and Castel. Directors and members of the executive committee also make annual written declarations of interests and are obliged to report without delay any potential or actual conflicts of interest which may arise.