Internal control

The Directors have overall responsibility for the Group’s system of internal control and for reviewing its effectiveness. To fulfil this responsibility the Directors have established a Performance Management Framework within which each of the Group’s businesses operates. Within this framework, the management of each of the businesses considers strategic, operational, commercial and financial risks, and identifies risk mitigation actions. Whilst acknowledging the overall responsibility for the system of internal control, the Directors are aware that the system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide reasonable and not absolute assurance against material misstatement or loss.

During the period under review, the Directors were not aware of any control breakdowns which resulted in a material loss to the Group.

The Performance Management Framework, which includes an ongoing process for identifying, evaluating and managing the significant risks faced by the Group, has been in place throughout the financial year and up to the approval date of the Directors’ Report and Accounts. Each business unit’s management identifies and assesses the key business risks affecting the achievement of its objectives. Business unit management also identifies the risk management processes used to mitigate the key risks to an acceptable level and, where appropriate, additional actions required to further manage and mitigate them. The risk summaries developed out of this process are updated at least annually. In addition, Corporate Centre management considers those risks to the Group’s strategic objectives that may not be identified and managed at the business unit level.

In connection with quarterly business reviews, relevant executives discuss risk management activities with Corporate Centre management. The key risks and mitigation strategies are also discussed at least annually with the Audit Committee as well as the full Board.

The risk management processes described above are applied to major decision-making processes such as acquisitions as well as operational risks within the business including environmental, health and safety.

The other key elements of the Performance Management Framework, which constitutes the control environment are:

Business strategy reviews

Each business is required to prepare a strategic position assessment taking into account the current and likely future market environment and competitive position of the business with specific consideration given to strategic risk. The Corporate Centre management reviews the strategy with each business and the Board is presented with a summary of the plans.

Business reviews

On a quarterly basis, Corporate Centre management performs extensive reviews with each business. These reviews consider current and projected financial and operating results, and address the progress of key strategic and operating initiatives, the risks affecting their achievement and the actions being taken by business unit management to manage the risks and achieve their objectives.

Financial plans

Each business prepares financial plans in accordance with a prescribed format, which includes consideration of risks. Management at the Corporate Centre reviews the financial plans with the business units and a summary is presented to the Board for approval.

Balance sheet reviews

Business unit and Corporate Centre financial management conduct periodic, on-site reviews of underlying rationale and support for the significant line item components comprising the balance sheets for each business in the Group.

Investment project authorisation

All significant investment project expenditures are subject to a formal investment project authorisation process, which takes into account, inter alia, operational, financial and technical risks. For significant investment projects a post-investment analysis is completed to facilitate continuous improvement in the investment planning process, including risk identification and mitigation.

Reporting, analysis and forecasts

All businesses are required to report monthly to the Corporate Centre on financial performance. Comparisons are made with plan, forecast and prior year, and significant variances and changes in the business environment are explained. Each business reassesses its forecast for the financial year on a monthly basis. Quarterly, each business prepares a forecast for the following 18 months and reviews projections for the current and following year.

Financial strategy

The financial strategy includes assessment of the major financial risks related to interest rate exposure, foreign currency exposure, debt maturity and liquidity. There is a comprehensive global insurance programme using the external insurance market and some limited use of an internal captive insurance company. Group Treasury manages hedging activities, relating to financial risks, with external cover for net currency transaction exposures. The Group Tax function manages tax compliance and tax risks associated with the Group’s activities. The Audit Committee, through periodic direct reports from the Group Treasurer and Group Vice-President, Tax, oversees the financial strategy as well as the tax strategy, and considers the associated risks and risk management techniques being used by the Group.

Reporting certifications

In connection with the preparation of the annual financial statements, senior business general management and financial management sign a certificate which includes a declaration regarding the existence of internal controls, the proper recording of transactions and the identification and evaluation of significant business risks. These certifications were expanded to encompass section 302 of the Sarbanes-Oxley Act of 2002 (the “Act”) in support of statements required to be made by Tomkins’ Chief Executive Officer and Finance Director. See further discussion of Sarbanes-Oxley below.

Sarbanes-Oxley

As a foreign private issuer (FPI) listed on the NYSE in the US, the Group is subject to the provisions of the Sarbanes-Oxley Act of 2002 (the “Act”). In particular, Section 404 of the Act requires certifications by management regarding the effectiveness of internal controls over financial reporting and requires the independent auditors to express an opinion on such internal controls. Accordingly, the Group undertakes each year a comprehensive, risk-based approach to testing its internal controls to ensure Tomkins’ compliance with the requirements of Section 404 of the Act. The Tomkins Chief Executive Officer and Chief Financial Officer have issued their report attesting to the Group’s compliance with the Act as of 29 December 2007. While management’s certification and the external auditor’s opinion on internal controls over financial reporting are necessarily reported in Tomkins’ US SEC filings, the results of Tomkins’ compliance with the Act also serve to further underpin the internal control framework for the Group.

Internal Audit

The Group has an established internal audit function; the Vice President – Internal Audit directs the activities of the internal auditors on a day-to-day basis and has a direct reporting line to the Chairman of the Audit Committee of the Board. Internal Audit’s responsibilities include performing independent objective assurance activities in order to evaluate the adequacy and effectiveness of the Group’s system of internal control and risk management processes. The Internal Audit plan is constructed to provide geographic coverage on a cyclical basis while tailoring to address specific risk concerns. During the year, it reported regularly to the Audit Committee on its internal audit reviews of the Group’s operations.

The Directors confirm that the effectiveness of the system of internal control for the year ended 29 December 2007 has been reviewed in line with the criteria set out in the guidance for Directors in the Combined Code.

Back to top