Internal Control and Risk Management
Informa manages risk by deploying structures, policies, processes and systems that identify, evaluate and manage the Group’s risk exposure. The Group aims to uphold a risk culture through which consistent, enterprise-wide risk management is embedded in the organisation, in a way that supports the Company’s growth strategies and can dynamically adapt to changing environments.
The Board is responsible for determining the nature and extent of the principal risks it is willing to take to achieve the Group’s strategic objectives, and for Informa’s system of internal controls and reviewing its effectiveness. The system is designed to manage rather than eliminate the risk of failure to achieve business objectives. It can only provide reasonable rather than absolute assurance against material misstatement or loss, a concept that recognises that the cost of control procedures should not exceed its expected benefits.
Responsibility for the day-to-day management of the Group rests with the Group Chief Executive, supported by Informa's Executive Management Team that meets regularly to consider the implementation of Group strategies, plans and policies, monitor operational and financial performance and manage risks. Each Division is given operational autonomy, as far as possible, within an internal control framework.
Informa has a number of internal control and risk management systems and procedures around financial reporting, including:
- Business planning: the Operating Divisions produce and agree an annual business plan against which the performance of the business is regularly monitored.
- Financial analysis: each Division’s operating profitability and capital expenditure are closely monitored. Management incentives are tied to financial results. These results include explanations of variance between forecast and budgeted performance, and are reviewed in detail by Executive Management on a monthly basis. Key financial information is regularly reported to the Board.
- Group Authority Framework: the framework provides clear guidelines on approval limits for capital and operating expenditure and other key business decisions for all Divisions.
- Risk assessment: risk assessment is embedded into the operations of the Group and is reported upon to the EMT, Risk Committee, Audit Committee and the Board.
The Board regularly reviews the effectiveness of the Group’s system of internal controls, including financial, operational and compliance controls, risk management and the Group’s high level internal control arrangements. The Audit Committee has been charged by the Board with oversight of the above controls and has considered the following factors in determining the overall effectiveness of the Group’s risks and associated control environment:
- The Risk Committee, a sub-committee of the Audit Committee, reports on the effectiveness of risk management, governance and compliance activity within the Group.
- The Audit Committee has approved a schedule of work to be undertaken by the Group’s nominated external auditor during the period and receives reports on any issues identified in the course of its work, including internal control reports on control weaknesses. Any identified issues are reported to the Audit Committee and are tracked until conclusion.
- The Audit Committee has approved a schedule of work to be undertaken by the Group’s Internal Audit Team during the period. It receives reports on any issues identified around the Group’s business processes and control activities over the Group’s key risk areas, including following up on the implementation of management action plans to address any identified control weaknesses, and reporting any overdue actions to the Audit Committee.
KPMG LLP is engaged to provide the Group with Internal Audit services and acts as Head of Internal Audit.