john-lewis-partnership-plc-annual-report-2015
john-lewis-partnership-plc-annual-report-2015
john-lewis-partnership-plc-annual-report-2015
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Annual Report and Accounts <strong>2015</strong> John Lewis Partnership <strong>plc</strong> 107<br />
Risk management and<br />
internal audit activities<br />
The Partnership Board has ultimate<br />
responsibility for the Partnership’s system<br />
of internal control and risk management and<br />
reviewing its effectiveness.<br />
The Partnership Board delegates the<br />
monitoring of internal control and risk<br />
management processes to the Committee.<br />
The Committee seeks assurance from<br />
the work of the Group Risk Management,<br />
and Internal Audit and Operational Risk<br />
Management departments, which provide<br />
objective assurance on the effectiveness of<br />
those arrangements through the delivery of a<br />
risk-based work plan and risk<br />
management activities.<br />
The Head of Group Risk and the Head<br />
of Internal Audit and Operational Risk<br />
Management <strong>report</strong> functionally to the Chair<br />
of the Committee and operationally to the<br />
Acting Group Finance Director.<br />
The Partnership’s systems of risk<br />
management and internal control<br />
Risk management<br />
Assessing and managing risk is fundamental to<br />
safeguarding our Partners’ interests, protecting<br />
our reputation, complying with regulatory<br />
standards and achieving our business objectives.<br />
Executive management is responsible for<br />
identifying and evaluating the principal business<br />
risks and for implementing and maintaining<br />
systems for managing those risks in an efficient<br />
and effective manner.<br />
To enable this, the Partnership has developed<br />
a risk management framework, including a<br />
process for how we identify, evaluate, manage<br />
and monitor the principal risks faced by the<br />
Partnership, supported by tools, dedicated<br />
Partners and a risk governance structure.<br />
Further details on this can be found on pages<br />
42 to 43, along with details of our principal risks<br />
and how we mitigate them, on pages 45 to 47.<br />
Strategic, operational, financial and compliance<br />
risk areas are all included within the scope of<br />
these activities.<br />
Internal control<br />
The systems of internal control we have<br />
established are designed to manage, rather than<br />
eliminate, the risk that is inherent in pursuit of<br />
our business objectives. As a consequence, our<br />
internal controls can only provide reasonable,<br />
and not absolute, assurance against material<br />
misstatement or loss.<br />
The Committee monitors the development<br />
of our policies and systems for identifying,<br />
evaluating and managing the principal risks<br />
throughout the Partnership. On a quarterly<br />
basis, the Committee receives an updated<br />
Risk Report on progress on the principal<br />
Partnership risks identified as part of the<br />
business planning process.<br />
Strategic risks<br />
e.g. risk of us “taking the wrong investment decision”<br />
Operational risks<br />
e.g. risk of us “doing the right thing, in the wrong way”<br />
Financial risks<br />
e.g. risk of us “doing things in a way that loses money<br />
or incurs unnecessary liabilities”<br />
Compliance risks<br />
e.g. risk of us “not doing what Regulators require”<br />
The Committee <strong>report</strong>s regularly to the<br />
Partnership Board, which seeks assurance<br />
that the systems of internal control for<br />
risk management are operating effectively.<br />
Reporting is through management<br />
representations, the work of internal audit<br />
and other means of assurance.<br />
During the year, the Committee focussed on<br />
IT controls including meeting with Divisional IT<br />
Directors to understand plans to strengthen<br />
our IT controls framework. Additionally the<br />
Committee oversaw the updating of the<br />
Partnership’s Internal Controls Framework.<br />
At the end of the year, the Committee<br />
conducted an <strong>annual</strong> review of the effectiveness<br />
of the risk management framework, supported<br />
by a self certification exercise by management.<br />
During the year and for <strong>2015</strong>/16<br />
Strengthening and embedding<br />
our risk management framework<br />
During the year, the Committee has<br />
overseen further strengthening and<br />
embedding of the risk management<br />
framework within the Partnership as part<br />
of a continuous improvement programme.<br />
This included initiating a review by external<br />
consultants of our framework.<br />
Outcome of our actions<br />
In response, new tools have been<br />
developed, new practices implemented<br />
and our risk governance structure has been<br />
refined. These are now in use and provide<br />
a consistent basis across the Partnership<br />
for more efficient identification, evaluation<br />
and communication of emerging risk and<br />
control issues.<br />
Focus areas for <strong>2015</strong>/16<br />
In the following year, we plan to formalise<br />
the identification and monitoring of<br />
measures for our principal risks and their<br />
mitigations, to give us better warning of<br />
changes to our risks and the resilience of our<br />
internal controls.<br />
Introduction Partnership difference Principles Strategy Performance Governance Financial statements