The FRC Guidance recommends internal control practices for UK listed companies to assist them in assessing the application of the Code’s principles and compliance with the Code’s internal control provisions.
Our systems of internal control are designed and operated to support the identification, evaluation and management of risks affecting the group. These include controls in relation to the financial reporting process and the preparation of consolidated accounts, but extend across all areas of operations. They are subject to continuous review as circumstances change and new risks emerge.
Key features of the systems of internal control are:
- the risk management system described above;
- written policies and procedures within our businesses;
- clearly defined lines of accountability and delegations of authority;
- management of operating risk by using appropriate infrastructure, controls, systems and people throughout the businesses;
- business continuity planning, including preventative and contingency measures, back-up capabilities and the purchase of insurance;
- maintenance of a state of preparedness towards compliance with Section 404 of the US Sarbanes-Oxley Act through the identification and testing of key financial controls under its Internal Financial Control (IFC) programme. This is a voluntary initiative, which strengthens internal control systems and processes within the group;
- risk management policies and procedures including segregation of duties, transaction authorisation, monitoring, financial and managerial review and comprehensive reporting and analysis against approved standards and budgets;
- a treasury operating framework and group treasury team, accountable for all treasury activities, which establishes policies and manages liquidity and financial risks, including foreign exchange, interest rate and counterparty exposures, and incorporates group and regional treasury committees that monitor these activities and compliance with the policies. Treasury policies, risk limits and monitoring procedures are reviewed regularly by the audit committee on behalf of the board, with the policy having been refreshed in the year under review; and
- a group tax policy and tax operating framework which forms the basis of tax governance across the group and is managed by our group tax function which monitors tax risk and implements strategies and procedures to manage it, and which is also reviewed regularly by the audit committee on behalf of the board.
Assurance on compliance with systems of internal control and on their effectiveness is obtained through regular management reviews, reviews of key financial controls, internal audit reviews including programme assurance for large change projects, testing of certain aspects of the internal financial control systems by the external auditors during their statutory examinations and regular reports to the audit committee by the internal and external auditors. Our regional and group function finance, control and assurance committees consider the results of these reviews within each region and group function twice a year, together with feedback from country audit committees, to confirm that controls are functioning and to ensure that any material breakdowns and remedial actions have been reported to the appropriate boards of directors. In relation to our associated undertakings or joint ventures, these matters are reviewed at the level of the associates’ or joint ventures’ boards or other governing committees.
At the half year and year end the members of regional and country business executive committees, each of our functional directors (corporate finance and strategy; legal and corporate affairs; marketing; and integrated supply and human resources), each of the direct reports to the Chief Financial Officer (finance and control; global business including information technology; internal audit; tax; treasury; and investor relations) are required to submit to the Group Company Secretary, on behalf of the board, formal letters of representation on compliance with internal controls and key policies. Notification of continuing or potential significant financial, regulatory, environmental and other exposures is also required to be given. These letters of representation are supported by back-to-back letters from the executive committees of all global business functions and country operating businesses, and cover the entire group. Material matters reported in these letters are reported to the audit committee.
Executive directors and executive committee members sit on the boards or management committees of major associated companies such as MillerCoors, CR Snow, Anadolu Efes and Castel. Directors and members of the executive committee also make annual written declarations of interests and are obliged to report without delay any potential or actual conflicts of interest which may arise.
The directors are responsible for the group’s systems of internal control and for reviewing their effectiveness annually. The board has conducted a review of the effectiveness of the group’s internal controls covering material financial, operational and compliance controls and risk management systems for the year under review. Where necessary, actions were taken to remedy any weaknesses identified by the board’s review of the internal control system. The systems of internal control are designed to manage, rather than eliminate, the risk of failure to achieve business objectives and can provide reasonable, but not absolute, assurance against material misstatement or loss. In reviewing these, the board has taken into account the results of all work carried out by internal and external auditors.
The board, with advice from the audit committee, completed its annual review of the effectiveness of the system of internal control and risk management for the period since 1 April 2014, in accordance with the FRC Guidance.