Principal risks and their management
Monitoring risk throughout the Group
Board, Audit Committee and Executive Committee Principal and emerging risks formally reviewed regularly throughout the year by the Board, Audit Committee and Executive Committee. Thresholds for principal risks agreed.
Corporate functions analyze risk and control data, set policies and procedures
Semi-annual risk statements by senior management
Audit findings inform assessments of control effectiveness by Group Legal Reports from Group Legal inform audit priorities and plans for the coming year
Independent assurance
e.g. branches and distribution centers
Group and subsidiary level, e.g. legal, treasury, finance, tax and IT
Internal Audit function and other independent assurance
First level
Second level
Third level
Business operations implement policies
Set policies and procedures
Associates act in line with Ferguson’s Code of Conduct and Group policies
Monitor risks and controls
Test the design and effectiveness of procedures and controls
Manage risk program
Governance
Corporate functions
Strategic report
Frontline business operations and line management
Financials
Other information
Operational assurance process informs assessment of control effectiveness by Group Legal
Overall system of risk management reviewed by the Audit Committee on behalf of the Board.
Audit reports throughout the year
Fourth level
Ethics “Speak Up” helpline
The Board is accountable for the system of risk management at Ferguson. The Board, Audit Committee and Executive Committee review risks and controls in the context of the Group’s strategic plan and objectives. Throughout the year, information is provided directly from frontline operations, via corporate functions and independent assurance.
Ferguson plc Annual Report and Accounts 2020
53
