The Experian Board is responsible for the Group's system of internal control and for reviewing its effectiveness. This system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide reasonable, but not absolute, assurance against material misstatement or loss.
There is an ongoing process for identifying, evaluating and managing the significant risks faced by the Group including those risks relating to social, environmental and ethical matters. This meets the requirements of the Combined Code on Corporate Governance.
The Board will review annually the effectiveness of the key procedures that have been established to provide internal control. The Audit Committee also keeps under review the effectiveness of systems of internal control and will report regularly to the Board.
The key procedures are as follows:
Risk assessment
- Experian sets out its objectives clearly as part of its planning process. These objectives are then incorporated as part of the planning cycle and are supported by the use of both financial and non-financial key performance indicators.
- Regular presentations on risk are made to the Audit Committee that reports regularly to the Board on the risks facing the business.
- The Audit Committee has delegated responsibility for considering operational, financial and compliance risks on a regular basis and receives reports on the controls over these risks annually. This includes risks arising from social, environmental and ethical matters.
Control environment and control activities
- Experian has established procedures for delegated authority that ensure that decisions that are significant, either because of their value or their inherent degree of risk, are taken at an appropriate level.
- Experian has implemented appropriate strategies to deal with each significant risk that has been identified.
- Experian has set out policies and standards that are to be adhered to across the business. These include risk identification, management and reporting standards, ethical principles and practice, accounting policy, treasury policy, information security policy and policy on fraud and whistle blowing.
Information and communication
- There is a comprehensive system of budgetary control including monthly performance reviews for each major business. These reviews are at a detailed level within the business and at a high level for the Board.
- On a monthly basis, the achievement of business objectives, both financial and non-financial, is assessed using a range of key performance indicators. These indicators are reviewed to ensure that they remain relevant and reliable.
- Experian has whistle blowing procedures for employees to report suspected improprieties.
Monitoring
- A range of procedures is used to monitor the effective application of internal control across Experian, including management assurance through the ongoing risk management process, and independent assurance through internal audit reviews and review by specialist third parties.
- The internal audit department's responsibilities include reporting to the Audit Committee on the effectiveness of internal control systems, focusing on those areas considered to be of greatest risk to Experian.
- Follow-up processes are used to ensure there is an appropriate response to changes and developments in risks and the control environment.
Top of page
