Internal Control and Risk Management
Risk management strategy and framework
The objectives of the Directors and senior management are to safeguard and increase the value of the business and assets of the Group. Achievement of these objectives requires the development of policies and appropriate internal control frameworks to ensure the Group’s resources are managed properly and any key risks are identified and mitigated, where possible.
The Board recognises that it is ultimately responsible for determining the nature and extent of the principal risks it is willing to take to achieve its strategic objectives. It also recognises the need to define a risk appetite for the Group, to maintain sound risk management and internal control systems and to monitor its risk exposures and mitigations to ensure that the nature and extent of risks taken by the Group are consistent and aligned with its strategic objectives.
There is an ongoing process for identifying, evaluating and managing the principal risks faced by the Company.
The systems, processes and controls in place accord with the guidance contained in the Financial Reporting Council’s “Guidance on Risk Management, Internal Control and Related Financial Business Reporting”.
The Audit Committee monitors the effectiveness of the risk management and internal control processes implemented across the Group, through regular updates and discussions with management and a review of the key findings presented by the external and internal auditors. The Board is responsible for considering the Audit Committee’s recommendations and ensuring implementation by management of those recommendations it deems appropriate for the business. A description of the Audit Committee’s activities on risk management can be found on the Audit Committee page or on page 42-43 of the 2017 Annual Report.
During 2017, in accordance with provision C.2.3 of the UK Corporate Governance Code, the Audit Committee undertook a robust review of the effectiveness of the Group’s risk management and internal control systems, covering all material controls including financial, operational and compliance controls. The Audit Committee reported its findings to the Board. From this review of the risk management and internal control systems, the Board did not identify, nor was it advised of, any failings or weaknesses which it would determine to be significant. The Board concluded that the Group’s risk management and internal control systems and processes were operating effectively.
The Group operates on a decentralised basis and the Board has established an organisational structure with clear reporting procedures, lines of responsibility and delegated authority. Consistent with this, the Group operates a top-down/bottom-up approach to risk management, comprising Board and senior management oversight coupled with bottom-up risk management embedded in the day-to-day activities of its individual businesses.
The Board has undertaken a comprehensive exercise to consider its risk appetite across a number of key business risk areas. The results of this review indicate the relative appetite of the Board across the risk factors at a specific point in time. Any material changes in risk factors will impact the Board’s assessment of its risk appetite.
The Board has a higher risk appetite towards its strategic and operational risks and a balanced appetite towards macroeconomic and political risk. The Board seeks to minimise all health and safety risks and has a low risk appetite in relation to legal, compliance and regulatory risk. Similarly, a conservative appetite is indicated by the Board with respect to pension and finance related risks.
The results of the risk appetite review will support the Board’s decision making processes. It is the intention to undertake a review of the Board’s risk appetite at least annually.
Internal financial controls and reporting
The Group has a comprehensive system for assessing the effectiveness of the Group’s internal controls, including strategic business planning and regular monitoring and reporting of financial performance. A detailed annual budget is prepared by senior management and thereafter is reviewed and formally adopted by the Board.
The budget and other targets are regularly updated via a rolling forecast process and regular business review meetings are held with the involvement of senior management to assess performance. The results of these reviews are in turn reported to, and discussed by, the Board at each meeting. The Group engages BM Howarth as internal auditor. A total of 25 internal audit visits, 21 of which were Nortek sites, were completed during 2017.
There were no material deficiencies at Brush and the majority of the recommendations presented in the internal audit reports have now been, or are in the process of being, implemented. There were some deficiencies found in HVAC’s internal financial controls at two sites. This prompted immediate action by the Finance Director and the Melrose accounting function, including strengthening of the local accounting functions, implementation of more comprehensive and robust controls and a specific action plan to address the shortcomings identified. The internal auditor has scheduled follow up visits at each site to review progress. The Committee has already seen significant progress and is confident that the Nortek Global HVAC sites have already improved, and will continue to improve, their internal financial controls under Melrose ownership.
The Audit Committee also monitors the effectiveness of the internal control process implemented across the Group through a review of the key findings presented by the external and internal auditors. Management is responsible for ensuring that the Audit Committee’s recommendations in respect of internal controls and risk management are implemented.
Compliance and ethics
The Company takes very seriously its responsibilities under the laws and regulations in the countries and jurisdictions in which the Group operates and has in place appropriate measures to ensure compliance. A compliance framework is in place comprising a suite of policies governing anti-bribery and anti-corruption, anti-money laundering, competition, trade compliance, data privacy, whistleblowing, document retention, joint ventures and anti-slavery and human trafficking. These policies are in place within each business and apply to all directors, employees (whether permanent, fixed-term, or temporary), pension trustees, consultants and other business advisers, contractors, trainees, volunteers, business agents, distributors, joint venture partners or any other person working for or performing a service on behalf of the Company, its subsidiaries and/or associated companies in which the Company or any of its subsidiaries has a majority interest.
In addition, in conjunction with their internal audit function, BM Howarth conducts compliance audits across the Group and its businesses to identify any areas for improvement. Furthermore, an anti-bribery and anti-corruption assurance exercise is undertaken by the Group on an annual basis.
The Company has an externally-hosted whistleblowing hotline which functions across the Group, together with a Group-wide online compliance training platform, covering topics such as antitrust, trade compliance and export controls, data privacy, anti-bribery and anti-corruption and anti-money laundering.