Internal control and risk management


The Board is responsible for the group’s systems of internal control and risk management and reviews each year the effectiveness of those systems. Such systems are designed to manage, rather than eliminate, the risk of failure to achieve business objectives; any system can provide only reasonable and not absolute assurance against material misstatement or loss. The process in place for reviewing BT’s systems of internal control includes procedures designed to identify and evaluate failings and weaknesses, and, in the case of any categorised as significant, procedures exist to ensure that necessary action is taken to remedy the failings.
     The Board also takes account of significant social, environmental and ethical matters that relate to BT’s businesses and reviews annually BT’s corporate social responsibility policy. The company’s workplace practices, specific environmental, social and ethical risks and opportunities and details of underlying governance processes are dealt with in the Business review – Our people.
     We have enterprise wide risk management processes for identifying, evaluating and managing the significant risks faced by the group. These processes have been in place for the whole of the 2008 financial year and have continued up to the date on which this document was approved. The processes are in accordance with the Revised Guidance for Directors on the Combined Code published by the Financial Reporting Council (the Turnbull Guidance).
     Risk assessment and evaluation takes place as an integral part of BT’s annual strategic planning cycle. We have a detailed risk management process, culminating in a Board review, which identifies the key risks facing the group and each business unit. This information is reviewed by senior management as part of the strategic review. Our current key risks are summarised in Business review – Group risk factors.
     The key features of the enterprise wide risk management process comprise the following procedures:

green_arrow senior executives collectively review the group’s key risks and have created a group risk register describing the risks, owners and mitigation strategies. This is reviewed by the Operating Committee before being reviewed and approved by the Board;
   
green_arrow the lines of business carry out risk assessments of their operations, have created registers relating to those risks, and ensure that the key risks are addressed;
   
green_arrow senior executives with responsibilities for major group operations report quarterly with their opinion on the effectiveness of the operation of internal controls in their area of responsibility;
   
green_arrow the group’s internal auditors carry out continuing assessments of the quality of risk management and control, report to management and the Audit Committee on the status of specific areas identified for improvement and promote effective risk management in the lines of business operations; and
   
green_arrow the Audit Committee, on behalf of the Board, considers the effectiveness of the operation of internal control procedures in the group during the financial year. It reviews reports from the internal and external auditors and reports its conclusions to the Board. The Audit Committee has carried out these actions for the 2008 financial year.

New subsidiaries acquired during the year have not been included in the above risk management process. They will be included for the 2009 financial year. Joint ventures and associates, which BT does not control, have not been dealt with as part of the group risk management process and are responsible for their own internal control assessment.
     The Board has approved the formal statement of matters which are reserved to it for consideration, approval or oversight. It has also approved the group’s corporate governance framework, which sets out the high level principles by which BT is managed and the responsibilities and powers of the Operating Committee and the group’s senior executives. As part of this framework, the development and implementation of certain powers relating to group-wide policies and practices are reserved to identified senior executives.

 

<< Previous   back to top   Next >>