The Board’s policy is to have systems in place which optimise the Group’s ability to manage risk in an effective and appropriate manner. The Board has delegated to the Executive Committee responsibility for identifying, evaluating and monitoring the risks facing the Group and for deciding how these are to be managed. In addition to formal reviews of risk management by the Executive Committee, members are expected to report to the Committee as necessary the occurrence of any material control issues, serious accidents or events that have had a major commercial impact, or any significant new risks which have been identified. Such matters are reported to the next Board meeting and/or Audit Committee meeting as appropriate.

As part of its remit, the Governance and Risk Sub-Committee develops strategy for and provides oversight and direction on all matters relating to risk management. It reports formally on an annual basis to the Executive Committee and to the Board.

GKN’s enterprise risk management programme facilitates a common, Group-wide approach to the assessment of risks and the way in these are monitored, managed and controlled. Risk profiling is undertaken at plant, divisional and corporate levels using a software tool which provides a consistent set of risk definitions and a common approach to probability and impact. A broad spectrum of risks are considered, including those relating to strategy, operational performance, financial (including credit risk, risk financing and fraud), product engineering and technology, business reputation, human resources, health and safety, and the environment. Consolidated ‘risk maps’ are reviewed by divisional management, the Executive Committee, the Audit Committee and the Board.

A summary of those risks which could have a material impact on the Group is given on pages 30 and 31 of the 2009 Annual Report.

The Group also has in place systems and procedures for exercising control and managing risk in respect of financial reporting and the preparation of consolidated accounts. These include:

• the formulation and deployment of Group accounting policies and procedures, supported by regular bulletins from the central and divisional finance teams on the application of accounting standards;
• Group and divisional policies governing the maintenance of accounting records, transaction reporting and key financial control procedures;
• a proprietary internal control monitoring system, GKN Reporting and Integrity Procedures (GRIP), to assess compliance with key financial controls on monthly, quarterly and annual cycles;
• monthly operational review meetings which include, as necessary, reviews of internal financial reporting issues and financial control monitoring; and
• ongoing training and development of financial reporting personnel.

Each year all Group businesses are required formally to review their business risks and to report on whether there has been any material breakdown in their internal controls. This formal review is supplemented by an interim review conducted at the half year. Companies also have to confirm annually whether they have complied with statutory and regulatory obligations as well as with the policies which support the GKN Code.

The Group’s systems and procedures are designed to identify, manage and, where practicable, reduce and mitigate the effects of the risk of failure to achieve business objectives. They are not designed to eliminate such risk, recognising that any system can only provide reasonable and not absolute assurance against material misstatement or loss.

The review process

The Board reviews the Group’s systems of internal control and risk management on an ongoing basis by:

• setting the strategy of the business at both Group and divisional level and, within the framework of this, approving an annual budget and medium term projections. Central to this exercise is a review of the risks and opportunities facing each business and the steps being taken to manage these;
• reviewing on a regular basis operational and financial performance and updated forecasts for the current year. Comparisons are made with budget and the prior year and appropriate action plans put in place to optimise operational and financial performance;
• retaining primary responsibility for acquisition and divestment policy, and the approval of major capital expenditure, major contracts and financing arrangements. Below Board level there are clearly defined management authorities for the approval of capital expenditure, major contracts, acquisitions, investments and divestments, together with an established framework for their appraisal, which includes a risk analysis and post-implementation plan and, where appropriate, a post-acquisition review;
• keeping under review the Group’s pension fund arrangements and receiving reports on the Group’s treasury activities, having approved the operating policies and controls for this function, and on matters relating to taxation;
• performing at least annually a review of the Group’s insurance and risk management programmes;
• receiving an annual report, following its review by the Executive Committee, on corporate social responsibility matters, which includes the environmental, health and safety performance of the Group’s operations; and
• reviewing an annual management development and succession plan. The Executive Committee also reviews management development issues at least annually.

The Board receives an annual report from the Audit Committee concerning the operation of the systems of internal control and risk management. This report, together with the reviews by the Board during the year of the matters described above, enables the Board to form its own view on the effectiveness of the systems.

The Audit Committee is responsible for reviewing the ongoing control processes, and the actions undertaken by the Committee to discharge this responsibility are described in the Audit Committee’s report on pages 50 and 51 of the 2009 Annual Report.

To assist it in this role the Committee liaises closely with the Corporate Audit department which, using a risk-based audit programme, reviews and tests the systems, controls, processes, procedures and practices across the Group. The Head of Corporate Audit, who reports directly to the Finance Director, meets regularly with the Chairman of the Audit Committee, the Group Chairman and the Chief Executive. The department’s reports are seen by the relevant members of the Executive Committee and are summarised quarterly for the Audit Committee. The resolution of any control issues raised by Board members or in reports reviewed by the Audit Committee is discussed in Committee with management.

The Board has reviewed the effectiveness of the Group’s systems of internal control and risk management during the period covered by this annual report. It confirms that the processes described above, which accord with the guidance on internal control appended to the Code (the revised Turnbull Guidance), have been in place throughout that period and up to the date of approval of the annual report. The Board also confirms that no significant failings or weaknesses were identified in relation to the review.