The board has overall responsibility for the group’s system of internal controls and for reviewing its effectiveness. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can provide only reasonable and not absolute assurance against material mis-statement or loss.

• Financial
• Operational
• Compliance and
• Risk Management

Formal guidance for Directors on the implementation of the new requirements entitled “Internal Control: Guidance for Directors on the Combined Code”, was published in September 1999 (“the Turnbull guidance”). The board has established the procedures necessary to implement the Turnbull guidance and was fully compliant with it during 2007 and up to the date of approval of the financial statements.

The Audit Committee has reviewed the effectiveness of these systems of internal control and reported thereon to the board.

The board has delegated to executive management the planning and implementation of the systems of internal control within an established framework which applies throughout the group.

The directors have responsibility for maintaining a system of internal control which provides reasonable assurance of effective and efficient operations, internal financial control and compliance with laws and regulations. The board has established an ongoing process for identifying, evaluating and managing the significant risks faced by the group. This risk management process is regularly reviewed by the board in accordance with the guidance provided by Turnbull.

The group’s business involves the acceptance and management of a range of risks. The group’s system of internal control is designed to provide reasonable, but not absolute, assurance against the risk of material errors, fraud or losses occurring. It is possible that internal controls can be circumvented or overridden. Further, because of changes in conditions, the effectiveness of an internal control system may vary over time. During 2007, the group suffered losses of €11.7m arising from the fraudulent activities of a rogue solicitor.  The group has reviewed its system of internal control in the light of these losses, and has strengthened them, where appropriate.

The group’s key internal control procedures include the following:

• An organisational structure with formally defined lines of responsibility and delegation of authority.
• Established systems and procedures to identify, control and report on key risks. Exposure to these risks is monitored mainly through the operations of the recently established Group Risk Committee. The Group Risk Committee, in turn, delegates responsibility for the monitoring and management of specific risks to committees accountable to it. These committees include the Group Credit Committee, the Group Operational Risk Committee and the Group Assets and Liabilities Committee. The terms of reference of these committees, whose members include executive directors and senior management, are reviewed regularly by the board.
• Comprehensive budgeting systems are in place with annual financial budgets prepared and approved by the board. Actual results are monitored and there is regular consideration by the board of progress compared with budgets and forecasts.
• There are clearly defined capital investment control guidelines and procedures set by the board.
• Responsibilities for the management of credit, investment and treasury activities are delegated within limits to line management. In addition, management has been given responsibility to set operational procedures and standards in the areas of finance, legal and regulatory compliance, internal audit, human resources and information technology systems and operations.
• The internal audit function, which is centrally controlled, monitors compliance with the group’s policies and standards and the effectiveness of internal control structures across the group. The work of internal audit follows a risk based approach. The Group Head of Internal Audit reports to the Group Chief Risk Officer and the Audit Committee and has direct access to the Audit Committee.
• Compliance in the group is controlled centrally under the Group Head of Compliance. Divisional compliance officers are in place in all of the group’s operating divisions.
• There is a risk management programme in place in each business throughout the group whereby executive management reviews and monitors, on an ongoing basis, the controls in place, both financial and non financial, to manage the risk facing that business.

The Audit Committee also reviews the half year and annual financial statements and the nature and extent of the external audit. There are formal procedures in place for the external auditors to report findings and recommendations to the audit committee. Any significant findings or identified risks are examined so that appropriate action can be taken.