Internal control

The board has overall responsibility for the group’s system of internal controls and for reviewing its effectiveness. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can provide only reasonable and not absolute assurance against material misstatement or loss.

The Code on Corporate Governance has a requirement for the directors to review annually the effectiveness of the group’s system of internal controls. This requires a review of the system of internal controls to cover all controls including:

  • Financial;
  • Operational;
  • Compliance; and
  • Risk management.

Formal guidance for directors on the implementation of the requirements, entitled “Internal Control: Guidance for Directors on the Combined Code”, was published in September 1999 (“the Turnbull guidance”). The board has established the procedures necessary to implement the Turnbull guidance and was fully compliant with it during 2010 and up to the date of approval of the financial statements.

The Audit Committee has reviewed the effectiveness of this system of internal controls and reported thereon to the board.

The directors have responsibility for maintaining a system of internal controls which provides reasonable assurance of effective and efficient operations, internal financial control and compliance with laws and regulations.

The board has delegated to executive management the planning and implementation of the system of internal controls within an established framework which applies throughout the group.

  • Risk management

  • The board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the group for the year under review and up to the date of approval of the financial statements. This risk management process is regularly reviewed by the board in accordance with the guidance provided by Turnbull. The board confirms that no significant control weaknesses were identified in the review process despite the significant challenges posed by the current environment. The group’s approach to risk management is further detailed in the Risk Management section.

    The Audit Committee reviews the internal audit programmes. The Head of Group Internal Audit reports regularly to the Audit Committee. The Audit Committee also reviews the half-year and annual financial statements and the nature and extent of the external audit. There are formal procedures in place for the external auditors to report findings and recommendations to the Audit Committee. Any significant findings or identified risks are examined so that appropriate action can be taken.

    The Risk and Compliance Committee reviews the compliance and risk management programmes and monitors total risk levels across the group, in line with the overall policy approved by the board. The Risk and Compliance Committee supports the board in carrying out its responsibilities for ensuring that risks are properly identified, reported, assessed and controlled, and that the group’s strategy is consistent with the group’s risk appetite. The Group Head of Risk and Compliance reports regularly to the Risk and Compliance Committee.

    The group has in place a Speaking Up (or “whistleblowing”) Policy, which allows all staff and other people, who work with or for the group, to raise any concerns they may have about suspected wrongdoing within the group, and ensures that anyone raising a concern in good faith can feel safe and confident that the group will treat the concern seriously, provide adequate protection and ensure fair treatment for the person raising the concern. In addition, the group has in place a Code of Ethics, which lays down the standards of responsibility and ethical behaviour to be observed by all employees of the group.

    The group’s business involves the acceptance and management of a range of risks. The group’s system of internal controls is designed to provide reasonable, but not absolute, assurance against the risk of material errors, fraud or losses occurring. It is possible that internal controls can be circumvented or overridden. Further, because of changes in conditions, the effectiveness of an internal control system may vary over time.

  • Internal control procedures

  • The group’s internal control procedures are designed to safeguard the group’s net assets, support effective management of the group’s resources and provide reliable and timely financial reporting both internally to management and those charged with governance and externally to other stakeholders. They include the following:

    • An organisational structure with formally defined lines of responsibility and delegation of authority.
    • Established systems and procedures to identify, control and report on key risks. Exposure to these risks will be monitored mainly by the Risk and Compliance Committee through the operations of the committees accountable to it. These committees include the Group Credit Committee, the Banking Assets and Liabilities Committee, the Life Assurance Assets and Liabilities Committee, the Group Operational Risk Committee, the Group Counterparty Credit and Market Risk Committee and the Group Compliance Committee. Their activities are described in the Risk Management section. The terms of reference of these committees, whose members include executive directors and senior management, are reviewed regularly by the board.
    • The preparation and issue of financial reports, including the consolidated annual accounts is managed by the Group Finance department with oversight from the Audit Committee. The group’s financial reporting process is controlled using documented accounting policies and reporting formats issued by the Group Finance department to all reporting entities (including subsidiaries) within the group in advance of each reporting period end. The Group Finance department supports all reporting entities with guidance in the preparation of financial information. The process is supported by a network of finance and actuarial managers throughout the group, who have responsibility and accountability to provide information in keeping with agreed policies, including the completion of reconciliations of financial information to processing systems. Its quality is underpinned by arrangements for segregation of duties to facilitate independent checks on the integrity of financial data. The financial information for each entity is subject to a review at reporting entity and group level by senior management. The half year and annual accounts are also reviewed by the Audit Committee in advance of being presented to the Board for their review and approval.
    • Comprehensive budgeting systems are in place with annual financial budgets prepared and approved by the board. Actual results are monitored and there is regular consideration by the board of progress compared with budgets and forecasts.
    • There are clearly defined capital investment control guidelines and procedures set by the board.
    • Responsibilities for the management of credit, investment and treasury activities are delegated within limits to line management. In addition, group and divisional management has been given responsibility to set operational procedures and standards in the areas of finance, tax, legal and regulatory compliance, internal audit, human resources and information technology systems and operations.
    • The internal audit function, which has a group wide remit, acts as the third line of defence and is responsible for carrying out a risk-based, independent assessment of the adequacy, effectiveness and sustainability of the group’s governance, risk management and control processes. The Head of Group Internal Audit reports directly to the Board of Directors through the Audit Committee for audit assurance purposes and to theGroup Chief Executive Officer for administrative purposes. The Audit Committee reviews the scopeand nature of the work of Group Internal Auditon an ongoing basis to confirm its independence and undertakes an independent external review of Group Internal Audit on a regular basis.
    • Compliance in the group is controlled centrally under the Group Head of Risk and Compliance. Divisional compliance officers are in place in all ofthe group’s operating divisions. The Group Head of Risk and Compliance reports to the Group Chief Executive and the Risk and Compliance Committee and has direct access to the Board Risk and Compliance Committee.
    • There is a risk management framework in place in each business throughout the group whereby executive management reviews and monitors, on an ongoing basis, the controls in place, both financial and non financial, to manage the risks facing that business.

Please note this content represents the Company’s current Corporate Governance, to find out more about the Corporate Governance for the 2009-2010 financial year please access this PDF

Email alert

Register to keep up-to-date with the latest news and events via email.

Irish Life & Permanent Group Holdings plc - Incorporated and registered in Ireland. Registered office: Irish Life Centre, Lower Abbey Street, Dublin 1. Registered No: 474438.

Irish Life & Permanent Group Holdings plc is a mixed financial holding company supervised by the Central Bank of Ireland under the Financial Conglomerates Directive, and is the holding company for regulated entities in the IL&PGH plc group.