Internal control

The Board is ultimately responsible for the Group’s system of internal control and for reviewing its effectiveness. However, such a system is designed to manage, rather than eliminate, the risk of failure to achieve business objectives, and can provide only reasonable, not absolute, assurance against material misstatement or loss.

The Board confirms that there is an ongoing process for identifying, evaluating and managing the significant risks faced by the Group, which has been in place for the year under review and up to the date of approval of the Annual Report and Accounts. This process is regularly reviewed by the Board and accords with the guidance.

The principal elements of the internal control framework are as follows:

(a) Risk identification and evaluation

Managers are responsible for the identification and evaluation of significant risks applicable to their areas of business, together with the design and operation of suitable internal controls. These risks may be associated with a variety of internal or external sources including market cycles, acquisitions, people, technical risks such as engineering and project management, health and safety risks, control breakdowns, disruptions in information systems, natural catastrophe and regulatory requirements. The identified risks, and the controls in place to manage them, are subject to continual reassessment. The process is formally reviewed by the Board annually.

The Chief Executive reports to the Board on significant changes in the business and the external environment that affect significant risks. The Finance Director provides the Board with monthly financial information which includes key performance and risk indicators.

(b) Authorisation procedures

Documented authorisation procedures provide for an auditable trail of accountability. These procedures are relevant across Group operations and provide for successive assurances to be given at increasingly higher levels of management and, finally, to the Board.

(c) Management of project risk

Project risk is managed throughout the life of a contract from the bidding stage to completion.

Detailed risk analyses covering technical, operational and financial issues are performed as part of the bidding process. Authority limits applicable to the approval of bids relate both to the specific risks associated with the contract and to the total value being bid by Keller, or any joint venture to which Keller is a party. Any bids involving an unusually high degree of technical or commercial risk, for example those using a new technology or in a territory where we have not previously worked, must be approved at a senior level within the operating company. A revised, web-based project risk management system is currently being implemented across the EMEA division, which is intended to be rolled out across the rest of the Group.

On average, our contracts have duration of around six weeks but larger contracts may extend over several months. The performance of contracts is monitored and reported by most business units on a weekly basis. In addition, thorough reviews are carried out by senior managers on any poorly performing jobs and full cost-to-complete assessments are routinely carried out on extended duration contracts.

Further detail on the management of project risk is provided in the section headed ‘Principal risks and KPIs’ on page 7.

(d) Budgeting and forecasting

There is a comprehensive budgeting system with an annual budget approved by the Board. This budget includes monthly profit and loss accounts, balance sheets and cash flows. In addition, detailed quarterly forecasts are prepared for the two subsequent years. Forecasts for the full year are updated during the year.

(e) Financial reporting

Detailed monthly management accounts are prepared which compare profit and loss accounts, balance sheets, cash flows and other information with budget and prior year, and significant variances are investigated.

(f) Cash control

Each business reports its cash position weekly. Regular cash forecasts are prepared to monitor the Group’s short- and medium-term cash positions and to control immediate borrowing requirements.

(g) Investments and capital expenditure

All significant investment decisions, including capital expenditure, are referred to the appropriate divisional or Group authority level.

(h) Independent reviews

The Group has a structured programme of independent, outsourced reviews, covering tendering, operational processes and internal financial controls. The intention is to conduct an independent review of all material business units at least once every three to four years. As discussed in the section headed ‘Audit Committee’, since July 2010 this programme has been undertaken by PricewaterhouseCoopers. The programme is approved and monitored by the Audit Committee, which reviews the findings of each such exercise.

(i) Self-certification

Once a year, managers are asked to confirm the adequacy of the systems of internal financial and non-financial controls for which they are responsible; and their compliance with Group policies, local laws and regulations; and to report any control weaknesses identified in the past year.

The management of financial risks is described in the financial review and the management of the principal risks and uncertainties facing the Group is described in the operating review.