The Board is responsible for the Group’s system of internal control and for regularly reviewing its effectiveness. Procedures have been designed for, inter alia, the safeguarding of assets against unauthorised use or disposition, maintaining proper accounting records and the reliability of financial information used within the business or for publication. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives and can only provide reasonable and not absolute assurance against material errors, losses or fraud. There is an ongoing process of identifying, evaluating and managing the key risks faced by the Group, which has been in place throughout the year under review and up to the date of approval of the 2011 Annual Report and Accounts. This process is regularly reviewed by the Board. The Group’s key internal control procedures include the following:

• the Board has responsibility to set, communicate and monitor the application of policies, procedures and standards in areas including operations, finance, legal, commercial and regulatory compliance, human resources and health and safety, information security and property management and corporate social responsibility and the environment and these policies are cascaded to the businesses via the MOB review process and additional internal communication channels
• authority to operate the individual businesses comprising the Divisions that make up the Group who then delegate to Managing Directors, within limits set by the Group, including the recruitment of the underlying management teams. The Board establishes key operations, functional and financial reporting standards for application across the whole Group and this is cascaded through the MOB review process. These are supplemented by operational standards set by local management teams, as required for the type of business and geographical location of each subsidiary and business unit
• comprehensive annual financial plans are prepared at the individual business unit level and summarised at a Divisional and Group level. Financial plans are reviewed and approved by the Board following challenge within the MOB review process. Capital expenditure is subject to rigorous budgetary control beyond specified levels and detailed written proposals have to be submitted to the Board. Expenditure on acquisitions is the subject of appropriate consideration, review and approval by the Board
• results are monitored routinely by means of comprehensive management accounts and actual progress against plan is challenged directly by Executive Directors of the Board on a Group-wide basis and at the business unit level each month. The Non-Executive Directors challenge the Executive Directors at each Board meeting
• a framework is in place to identify, assess and mitigate the major business risks, including credit, liquidity, operations, reputation, information security, regulatory and fraud. The framework also includes specific provision for risk-based due diligence in respect of business acquisitions and new customer contracts. Exposure to business risk is monitored as an integral part of the MOB review process and by the Audit Committee
• the MOB process is supplemented across many of the Group’s businesses, including all the regulated financial services businesses, by a number of formally constituted risk committees. These committees provide an appropriate means to routinely monitor the risk profile for these businesses, including regulatory risks, and for proposed mitigating actions to be challenged and tracked. During the course of 2011 a new Group Financial Services (FS) Governance Forum was established to provide enhanced Group oversight of all
  financial services business streams. The forum is chaired by Vic Gysin, will have an independent member and when fully established will meet quarterly
• the Group Risk and Business Assurance function reports to the Group Finance Director and independently to the Audit Committee. In addition to independently facilitating the Group’s risk management framework, it delivers a risk-based internal audit programme, to provide assurance on the effectiveness of the internal control structures operating across the business. The annual audit programme is focused on areas of greatest risk to the Group, as determined by the Group risk framework, and an independent view of those risks is taken by the Group Risk and Business Assurance function. Work continues to further segregate the internal audit function that reviews FSA regulated financial services businesses with a reporting line into the FS Governance Forum, as described previously
• in addition, regulatory risks and compliance matters are overseen by the Group Compliance Director reporting through the Group Finance Director and independently to the Audit Committee. Dedicated compliance teams within the relevant businesses independently monitor regulatory compliance by way of risk-based work programmes and support operations in identifying and mitigating regulatory risks as an integral part of the Group risk framework
• both the Group Compliance function and Group Risk and Business Assurance function routinely apprise the Group’s senior management and the Audit Committee of their work programmes and findings. The Board keeps under review the effectiveness of this system of internal control. The key mechanisms used by the Board to achieve this include regular MOB review reports, periodic updates from the Audit Committee based on its review of risk management, business assurance and compliance reports by the relevant Group functions; discussions with and reports from the external auditors and other advisers.

Through the above mechanisms, the Board and the Audit Committee have performed a Group-wide review of the effectiveness of the internal control system, including financial and operational controls and risk management in accordance with the Code for the period from 1 January 2011 to the date of approval of this Annual Report and Accounts. The Board and the Audit Committee is satisfied with the process of monitoring the effectiveness of internal controls and complies with the Internal Control Guidance for Directors in the Code issued by the Institute of Chartered Accountants in England and Wales and in the revised Turnbull Guidance (2005).