Jump to:
Principal risks and uncertainties

Risk management

Protecting our business
and competitive position

We believe that anticipating and managing our risks effectively not only protects our business but enables us also to be more competitive in the markets in which we operate. Consequently we have placed considerable focus in recent years on ensuring that we have the right skills and processes in place to identify and manage our risks effectively.

As part of this focus we have brought together a Risk team within the business which is made up of specialists who are able to advise the Group on matters relating to legal risk, health, safety and environmental risk, insurance, governance and all matters relating to standards and compliance.

The Risk team is led by the Company Secretary who reports to the Executive Chairman, with a direct reporting line also to the Chairman of the Audit Committee.

Our aim is to identify, evaluate and manage any risks facing the business, rather than to try to eliminate all risk. We recognise that our internal control systems can provide only reasonable and not absolute assurance against material misstatement or loss.

Risk management framework

We have a risk management framework in place which enables us to identify, assess, measure, manage and monitor any risks which may prevent the business from meeting its objectives. The framework has been developed in accordance with Financial Reporting Council Guidance and provides us with a single picture of the threats, uncertainties and opportunities we face. This enables the Board and senior management to make appropriate decisions to limit and control the impact that these risks may have on our goals and objectives.

Internal audit

We have an internal audit team which sits within the Risk team and consists of three qualified accountants, each with a ‘Big Four’ background. The work of the internal audit team is linked closely to the risk management framework with the internal audit plan designed to give assurance around the key risk areas identified through the risk management framework.

The way in which risks are identified and managed, and the way in which risk reporting links to the work of the internal audit team, is shown below.

Responsibilities in relation to risk management

The Board

The Board has overall responsibility for deciding the extent and nature of the risks that the business should take to achieve its objectives. It is responsible also for ensuring that the Group maintains sound internal control and risk management systems, as well as for reviewing the effectiveness of those systems. In order to do this, the Board receives regular reports from management, the internal audit team and the external auditors, via the Audit Committee, on the effectiveness of the systems of internal control and risk management. The Board is satisfied that the systems are embedded within the day-to-day activities of the business and cover all material controls, including financial, operational and compliance controls, and that the Group continues to be compliant with the provisions of the UK Corporate Governance Code relating to internal control.

Audit Committee

The membership and attendance at Committee meetings during the year is shown on the Corporate governance page.

The Audit Committee meets three times a year with the Executive Directors, the Finance Director for Group Services, the Company Secretary and representatives from the external auditors also in attendance. The external auditors meet also with individual members of the Audit Committee during the year without the other attendees present.

The Committee is chaired by Martin Towers, who has considerable recent financial experience. He is a fellow of the Institute of Chartered Accountants in England and Wales and has held a number of senior finance roles, including working as Group Finance Director at Kelda Group PLC until 2008. The Board considers therefore that he has the relevant financial experience required to fulfil the role of Chairman of the Audit Committee.

At each Committee meeting there are reports from the internal auditors on the adequacy and effectiveness of the financial, operational and compliance controls in place across the Group. Our internal and external audit teams work closely together to minimise risks and enhance shareholder value and the external auditors report also to the Audit Committee any material risks identified during their interim review and the full year audit.

In addition the Audit Committee also:

The Committee’s Terms of Reference are in line with the recommendations in the UK Corporate Governance Code and the Institute of Chartered Secretaries and Administrators (ICSA) Guidance on Terms of Reference for Audit Committees. Copies of the Terms of Reference are available from the Company Secretary and are on our website at www.kcomplc.com.

Risk Committee

The Risk Committee consists of senior management and specialists from across the Group and meets quarterly to consider all types of risk. The Committee is responsible for reviewing progress in mitigating risks and discussing and agreeing actions relating to any new risks that have been identified. The Committee prepares a report for the Board after each meeting.

Our risk management process

The relationship with the external auditors

The Audit Committee is responsible for overseeing the relationship with the external auditors to ensure that the external auditors continue to be independent, objective and effective in their work, as well as considering the re-appointment of the auditors each year in light of this.

We have an ‘Engagement of External Auditors’ policy which is adhered to when selecting firms to perform non-audit work. This policy excludes the auditors from providing certain services, such as internal audit services, litigation support, remuneration advice and legal advice services. All other non-audit work is assessed separately and is awarded to the firm considered best suited to perform the work. Any such work with a fee greater than 25 per cent of the annual audit fee must be approved by the Chairman of the Audit Committee before the external auditors may be appointed.

During the year the fee for the external audit of the Group and its subsidiaries, along with other services pursuant to legislation, was £228,000 (2011: £228,000). In addition to this, the external auditors provided services to the value of £59,000 (2011: £227,000) relating to tax services and pensions advice. In both areas, the auditors’ existing knowledge of the Group was considered to be a key factor when selecting the firm to perform the work.

PricewaterhouseCoopers LLP were appointed as auditors in 2006 following a comprehensive tendering process. Each year the Audit Committee considers the continued independence of the auditors and believes that audit partner rotation is a key control in ensuring continued independence and objectivity by reducing the risk of familiarity whilst retaining the detailed understanding of the business which the external auditors have gained over time. During the year Ian Morrison was appointed as the audit partner following the rotation of Steve Denison away from the audit.

PricewaterhouseCoopers LLP formally confirm their continued independence to the Audit Committee each year and the measures they have taken to ensure that they comply with best practice and professional and regulatory requirements in this area.

Financial risk management

Each part of our business produces a budget on an annual basis which is reviewed by management and ultimately approved by the Board. A longer-term five-year plan is also in place which is updated annually and approved by the Board to enable them to have a clear longer-term view of financial projections.

The annual budget is updated quarterly as the year progresses. Performance against budget and quarterly reforecast is monitored at monthly senior management meetings and is reported to, and reviewed by, the Board each month. Further information about the financial risk management policies in place, and in particular the way in which credit risk, liquidity risk, interest rate risk and foreign currency risk are managed, are in note 28 to the accounts.

Controls around consolidation

The basis of consolidation for the financial statements is detailed in note 2 to the accounts. Strong controls are in place around the process for preparing consolidated accounts. The work of consolidation is performed by experienced, qualified accountants and a review of the consolidation forms part of the audit work performed by our external auditors.

Principal risks and uncertainties

As with all businesses, we are affected by a number of risks and uncertainties, of which some are beyond our control. The table on the right sets out the principal risks and uncertainties which could have a material adverse effect on the Group and have been identified through the risk management framework.

This is not an exhaustive list and there may be risks and uncertainties of which currently we are unaware, or which are believed to be immaterial, which could have an adverse effect on the business.

Area
 
Change in
level of risk
Why is it important?
 
What are we doing to mitigate the risk?
 

Security and resilience of IT, networks and data

We operate communication networks across the UK and host data for customers alongside operating our own IT systems internally. This means that we are dependent on the secure operation and resilience of our information systems, networks and data.

We have various policies and procedures in place across the Group to ensure that we maintain best practice and appropriate compliance in relation to all of our key systems and networks. All new starters are made aware of these policies and procedures through their induction and we have launched mandatory online training for all employees and contractors during the year. The Risk Committee considers specifically information security at each meeting and monitors the ongoing mitigation of the specific risks identified. We have held the ISO 27001 Information Security Management standard since 2007, which demonstrates the robustness of our security processes and the continuous improvement required by the standard.

Reliance on key third party partners and suppliers

Our strategic agreements with BT and Phoenix IT Group mean we are dependent on the performance of these third parties to provide certain services to our customers.

We use dedicated teams to maintain close relationships with our key partners and suppliers. These relationships have continued to work well during the year. We have appropriate contracts and service levels in place and monitor performance to ensure that our customers are receiving the best possible service at all times.

Business continuity

Business continuity in the event of a crisis or disaster is a risk we continue to monitor and mitigate against. It is essential to many of our customers that we can continue to provide services even when a significant incident occurs.

This continues to be a key area of focus across the Group. We are currently working towards compliance with the BS 25999 Business Continuity standard and have now achieved this in the Network Services, Managed Services and Collaboration activities of our Kcom brand. A comprehensive testing programme has been implemented during the year to test our business continuity plans. Any learning points arising from these tests are fed back into the plans to ensure that these reflect the most efficient and effective way of keeping our critical processes operating in the event of an incident.

Customer service and delivery

One of the ways in which we seek to differentiate ourselves from our competitors is in the service and delivery that we provide to our customers. Failing to deliver a service that differentiates us would clearly result in us failing to meet one of our key business objectives.

Over the last year we have organised our Customer Operations team within our Kcom brand to ensure that our people are focused primarily on our customers and to ensure that wherever possible we strive to meet or exceed customer expectations. We have invested also in upgrading our network monitoring systems to enable us to provide a much better quality service to our managed service customers. We have a dedicated Customer Experience team and measure regularly our performance with customers through customer satisfaction surveys, which we plan to continue.

Recruitment and retention of the right people

People are our greatest asset and ensuring that we recruit and retain the right calibre of people with the right skill-set is key to the success of our business.

We have a comprehensive people strategy in place which aims to ensure that we recruit and retain the right people for our business. In the year the focus of the people strategy has been on strengthening the leadership capability within the business and on developing a clear set of values to drive the culture of the business. In the coming year, the focus will expand to identifying and managing our talent and ensuring that our recruitment, reward and retention strategies are strengthened further. There is more detailed information available on the people strategy on the Corporate responsibility page.

Back to top