During the year, the committee reviewed and agreed with management's proposal to extend the company's 2019 long-term viability period to cover a seven-year period.
Pictured: Paulette Rowe, Brian May and Stephen Carter
- Brian May has chaired the committee since July 2013. He is a serving finance director of a FTSE 100 company and chartered accountant and is considered by the board to have recent and relevant financial experience.
- All members of the committee are independent non-executive directors and the Board is satisfied that the committee as a whole has competence relevant to the sector and its members have an appropriate level of experience of corporate financial matters.
- Other regular attendees at meetings at the invitation of the committee include the Chairman of the board, the CEO, the CFO, the company secretary, the head of audit and risk, the group controller, and representatives from the external auditor KPMG LLP (KPMG). None of these attendees are members of the committee.
- The representatives from KPMG and the head of audit and risk are each afforded time with the committee and the company secretary to raise freely any concerns they may have without management being present.
- The committee is authorised to seek outside legal or other independent professional advice as it sees fit, but has not done so during the year.
Audit committee members
Brian May (chair)
In my report this year I have sought to provide shareholders with an understanding of the work we have done as the audit committee to provide assurance on the integrity of the 2018/19 annual report and financial statements. All directors have a duty to act in a way they consider, in good faith, would be most likely to promote the success of the company for the benefit of its members as a whole, and have regard to other stakeholders as set out in s172 of the Companies Act 2006. The directors' responsibility statement in respect of the annual report and financial statements can be found in the Statement of directors' responsibilities.
The particular role of the audit committee is to ensure that the interests of shareholders are properly protected in relation to the company's financial reporting and internal control arrangements and to provide challenge to the decisions and approach made by the management team relating to the content and disclosures within the company's financial reports. As articulated in both the 2016 and 2018 versions of the Code, "the board should present a fair, balanced and understandable assessment of the company's position and prospects". The board asks the audit committee to advise on whether in fact "the annual report and accounts, taken as a whole, is fair balanced and understandable and provides the information necessary for shareholders to assess the company's position and performance, business model and strategy". The audit committee's role is to ensure that management's disclosures reflect the supporting detail or challenge them to explain and justify their interpretation and, if necessary, re-present the information. The committee is supported in this role by using the expertise of the external auditor, who in the course of the statutory audit, reviews the accounting records kept by the company to test whether information is being recorded in line with agreed accounting practices. The external auditor presents its findings to the shareholders as the owners of the business, and their report is set out in the Independent auditor's report. The committee reports its findings and makes recommendations to the board accordingly.
The audit committee is responsible for ensuring that the three-way relationship between the committee, the auditor and the company's management is appropriate. The external auditor must be independent of the company. Independence is a key focus for both the external auditor, whose staff must comply with their firm's own ethics and independence criteria which must be consistent with the FRC's Revised Ethical Standard 2016, and the committee, in order to ensure the integrity of the auditing process and the annual report and financial statements. Information on how the committee assesses the independence of the external auditor is set out in the Audit committee report.
In June 2018 the FRC published the 2017/18 versions of its audit quality inspection reports (AQIRs) of the 'big four' audit firms, including KPMG. The FRC, as the competent authority for audit regulation in the UK, were critical of the firms for different reasons, but their overall view was that there was a decline in audit quality. In response to its AQIR, KPMG have set in place an audit quality transformation plan and invested in face-to-face training courses for all their audit professionals, and have expressed their commitment to continue their focus on audit quality. The committee invited KPMG, at its meeting in September 2018, to explain their audit quality transformation plan and the initiatives being applied to their plans and strategy for our 2018/19 audit (see the Audit committee). The committee welcomes this commitment and will review the evidence of the enhancements to the processes later in the year.
During the year, the committee reviewed and agreed with management's proposal to extend the company's 2019 long-term viability statement to cover a seven-year period (see Audit committee), rather than the five-year period as in previous years. It was agreed that such an approach was appropriate given the nature of the regulatory regime in the water sector and the clarity of Ofwat's business plan assessment contributing to the longer-term planning horizon for the sector.
This is the last year when my report contains an overview of the company's whistleblowing arrangements (see Audit committee), as this work in future will be the direct responsibility of the board, reflecting the 2018 Code; however, the committee will act upon any relevant findings impacting its areas of responsibility as appropriate.
As chair of the committee I reiterate the board's view (see Corporate governance report) that the committee as a whole has competence relevant to the sector, as disclosed in the biographies of the relevant committee members (see Board of directors). All members contribute to the work of the committee and have the skills and necessary degree of financial literacy. As non-executive directors, my colleagues and I are of an independent mindset and would have no hesitation in seeking clarification and a full explanation from management or the external auditor on any matter we feel necessary.
Much of the work of the committee is necessarily targeted at the regulated activities of UUW, which represent over 98 per cent of group revenues and is a reflection of our commitment to safeguarding the interests of our stakeholders, particularly our shareholders and customers.
We continue to be committed to providing meaningful disclosure of the committee's activities. As chair of the audit committee, I am intent on ensuring that the committee's agenda is kept under review and keeps abreast of relevant developments. The details of the annual evaluation process of the committee's performance can be found in the Corporate governance report.
The following report was approved by the committee at its meeting held on 14 May 2019.
Chairman of the audit committee
Main responsibilities of the committee
- Make a recommendation to the board for the appointment or reappointment of the auditor, and to be responsible for the tender of the audit from time to time and to agree the fees paid to the auditor.
- Establish policies for the provision of any non-audit services by the auditor.
- Review the scope and the results of the annual audit and report to the board on the effectiveness of the audit process and how the independence and objectivity of the auditor has been safeguarded.
- Review the half-year and annual financial statements and any announcements relating to financial performance, including reporting to the board on the significant issues considered by the committee in relation to the financial statements and how these were addressed.
- Review the scope, remit and effectiveness of the internal audit function and the group's internal control and risk management systems.
- Review the group's procedures for whistleblowing (up until 31 March 2019), reporting fraud and other inappropriate behaviour and to receive reports relating thereto.
- Report to the board on how it has discharged its responsibilities.
What has been on the committee's agenda during the year
The committee has an extensive agenda of items of business focusing on the audit, assurance and risk processes within the business which it deals with in conjunction with senior management, the auditor, the internal audit function and the financial reporting team. In doing so it ensures that high standards of financial governance, in line with the regulatory framework as well as market practice for audit committees going forward, are maintained. There were four scheduled meetings of the committee during the year. Items of business considered by the committee during the year are set out in the table below.
- Considered the issues and findings brought to the committee's attention by the internal audit team and satisfied itself that management has resolved or is in the process of resolving any outstanding issues or concerns.
|See Audit committee|
- Reviewed and discussed the reports from the financial reporting team on the financial statements, considered management's significant accounting judgements, and the policies being applied and how the statutory audit contributed to the integrity of the financial reporting.
|See Audit committee|
- Reviewed the regulatory reporting process relating to the annual performance report for UUW as required to be submitted to Ofwat and noted the differences between the regulatory and statutory accounts.
- Reviewed the company's approach to the adoption of International Financial Reporting Standards (IFRS) IFRS 9 Financial Instruments and IFRS 15 Revenue from Contracts With Customers which was a particular focus for the committee. Updates on the adoption of IFRS 16 Leases, which would first impact the 31 March 2020 financial statements, were received.
|See Accounting policies|
- Reviewed the proposed audit strategy for the 2018/19 statutory audit, including the level of materiality applied by KPMG, audit reports from KPMG on the financial statements and the areas of particular focus for the 2018/19 audit, and tasked management to resolve any issues relating to internal controls and risk management systems.
|See Independent auditor's report|
- Reviewed the basis of preparation of the financial statements as a going concern (prior to making a recommendation to the board) as set out in the accounting policies.
|See Corporate governance report|
- Reviewed the long-term viability statement, in particular the extension of the period from a five-year to a seven-year term, prior to making a recommendation to the board.
|See Corporate governance report|
- Reviewed the results of the committee's assessment of the effectiveness of the 2017/18 external audit along with receiving a presentation from KPMG on the proposals for their Audit Quality Transformation Plan and confirmation of the independence of the auditor and made a recommendation to the board on the reappointment of KPMG as the external auditor at the forthcoming annual general meeting.
|See Audit committee|
- Reviewed the 2018/19 annual report and financial statements and provided a recommendation to the board that they complied with the Code principle to be 'fair, balanced and understandable'.
|See Audit committee|
- Reviewed KPMG's proposed audit quality improvement plan applicable to the 2018/19 statutory audit.
|See Audit committee|
- Approved revised terms of reference, which would be applied from 1 April 2019, reflecting the 2018 UK Corporate Governance Code prior to making a recommendation to the board.
|See Terms of reference - unitedutilities.com/corporate-governance|
- Reviewed the effectiveness of the risk management and internal control systems prior to making a recommendation to the board.
|See Audit committee|
- Negotiated and agreed the statutory audit fee for the year ended 31 March 2019 and agreed the fee approach for subsequent years.
|See Audit committee|
- Reviewed and approved the non-audit services and related fees provided by the external auditor for the year 2018 and approved the policy on non-audit services provided by the auditor for 2019/20.
|See Audit committee|
- Monitored fraud reporting and incidents of whistleblowing.
|See Audit committee|
- Biannual oversight and monitoring of the group's compliance with the Bribery Act which the board then reviews annually.
|See Audit committee|
- Approved the strategic internal audit planning approach and reviewed reports on the work of the internal audit function from the head of audit and risk.
|See Audit committee|
- Reviewed the quality and effectiveness of internal audit and the effectiveness of the current co-source arrangements.
|See Audit committee|
- Reviewed and approved the approach and internal audit plan for 2019/20.
|See Audit committee|
- Reviewed the conclusions of the committee's annual evaluation. The internally facilitated evaluation was undertaken as part of the overall board evaluation. The review explored: time management, the composition of the committee and the management of the meetings; the committee's processes and support; the agenda and work of the committee; and the priorities for change. All elements of the workings of the committee reviewed scored well. It was concluded that the committee continued to be effective.
|See Corporate governance report|
How we assessed whether "the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the company's position and performance, business model and strategy"
The committee, further to the board's request, has reviewed the annual report and financial statements with the intention of providing advice to the board on whether, as required by the Code, "the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the company's position and performance, business model and strategy".
To make this assessment, the committee received copies of the annual report and financial statements to review during the drafting process to ensure that the key messages being followed in the annual report were aligned with the company's position, performance and strategy being pursued and that the narrative sections of the annual report were consistent with the financial statements. The significant issues considered by the committee in relation to the financial statements were consistent with those identified by the external auditor in their Independent auditor's report.
The committee received regular updates on the calculation of underlying operating profit measures as one of the principal alternative performance measures (APMs). A guide to APMs can be found in Our performance in 2018/19. APMs are used in accordance with the ESMA guidelines and management highlights any impact on APMs as a result of changes to accounting methods/transactions.
The key performance indicators included in the strategic report (see How we measure our performance) were, among others, those used by management and some of which reflect the regulatory measures to be monitored by either Ofwat, the DWI or the EA during the 2015–20 period.
Additionally, the committee was satisfied that all the key events and issues which had been reported to the board in the executive team's monthly board reports during the year, both good and bad, had been adequately referenced or reflected within the annual report.
How we assessed the effectiveness of the external audit process
The committee, on behalf of the board, is responsible for the relationship with the external auditor, and part of that role is to examine the effectiveness of the audit process. Audit quality is a key requirement of the external audit process.
In June 2018, the FRC, as the competent authority for audit regulation in the UK, published its 2017/18 Audit Quality Inspection Reports (AQIRs)for each of the 'big four' audit firms, including KPMG. Such reports are published annually. In the AQIRs, the FRC identified areas of improvement for all four firms. KPMG was asked to make improvements in the following areas: to ensure that the extent and rigour of challenge of management in areas of judgement fully demonstrates professional scepticism; to strengthen the involvement of the group audit team in component audits; to improve the consistency and quality of audit work over pension scheme assets and liabilities; and to enhance the audit of management review controls, in particular for entities with long-term contracts. KPMG was identified as having made good progress in ensuring that its policies and procedures on independence complied with the requirements of the FRC Revised Ethical Standard 2016 (FRC's Ethical Standard).
It was reported in the 2018 audit committee report that KPMG had expressed its commitment to the committee to improve audit quality, providing extra resource to supplement the usual audit team in order to ensure additional oversight and review of the 2017/18 audit. Consequently, KPMG provided an overview of its updated Audit Quality Transformation Plan (AQTP) to address the improvements identified by the FRC, in its AQIRs, to the committee in September 2018. Their AQTP included: a more standardised audit approach; their intention to hold companies to account for the quality of the information provided to them in the audit process; their intention to provide more feedback to companies on the findings of their audit and provide additional senior level support to the KPMG audit teams during the audit. The committee will review the evidence of the enhancements to the external audit processes later in the year.
KPMG presented the strategy and scope of the external audit for the forthcoming financial year at the meeting of the committee held in September, highlighting any areas which would be given special consideration. KPMG report against this audit scope at subsequent committee meetings, providing an opportunity for the committee to monitor progress and raise any questions. Private meetings are also held at each committee meeting between the audit committee and representatives of the external auditor without management being present in order to encourage open and transparent feedback by both parties.
On completion of the external audit process at the full-year, all members of the committee, as well as key members of the senior management team and those who regularly provide input into the audit committee or have regular contact with the external auditor, complete a feedback questionnaire seeking their views on how well KPMG performed the year-end audit.
Views of the respondents were sought in terms of:
- the robustness of the external audit process and degree of challenge to matters of significant audit risk and areas of management subjectivity;
- whether the scope of the audit and the planning process were appropriate for the delivery of an effective and efficient audit;
- the quality of the delivery of the audit;
- the expertise of the audit team conducting the audit;
- that the degree of professional scepticism applied by the external auditor was appropriate;
- the appropriateness of the communication between the committee and the external auditor in terms of technical issues;
- the quality of the service provided by the external auditor;
- their views on the quality of the interaction between the audit partner, the audit senior manager and the company; and
- whether the statutory audit contributed to the integrity of the group's financial reporting.
The feedback was collated and presented to the committee's meeting in November 2018, at which the conclusions were discussed and any opportunities for improvement brought to the attention of the external auditor.
In summary, the committee concluded, that given KPMG's commitment to make improvements to its policies and processes impacting audit quality, and in relation to the additional oversight provided in relation to the 2017/18 audit, it was agreed that the external audit process and services provided by KPMG were satisfactory and effective.
How we assessed the independence of our external auditor
There are two aspects to auditor independence that the committee monitors to ensure that the external auditor remains independent of the company.
Firstly, in assessing the independence of the auditor from the company the committee takes into account the information and assurances provided by the external auditor confirming that all its partners and staff involved with the audit are independent of any links to United Utilities. KPMG confirmed that all its partners and staff complied with their ethics and independence policies and procedures which are fully consistent with the FRC's Ethical Standard including that none of its employees working on our audit hold any shares in United Utilities Group PLC. KPMG is also required to provide written disclosure at the planning stage of the audit about any significant relationships and matters that may reasonably be thought to have an impact on its objectivity and independence and that of the lead partner and the audit team. The lead audit partner must change every five years and other senior audit staff rotate at regular intervals.
Secondly, the committee develops and recommends to the board the company's policy on non-audit services and associated fees that are paid to KPMG. The EU Audit Directive (2014/56/EU) and Audit Regulation (537/2014) (the Regulation) came into force in the UK on 17 June 2016. Associated guidance was included in the FRC's Ethical Standard, which prohibits the statutory auditor from providing certain non-audit services to public interest entities (i.e. United Utilities Group PLC) as such services could impede their independence. The FRC's Ethical Standard clarified that non-audit services would be subject to a fee cap of no more than 70 per cent of the average annual statutory audit fee for the three consecutive financial periods preceding the financial period in which the cap will apply.
The cap will first apply for the group in the year ending 31 March 2021 and, as such, our year ended 31 March 2018 will be the first year of the initial three-year rolling period over which the annual statutory audit fee will be measured for this purpose. The committee revised the non-audit services policy incorporating the 70 per cent fee cap as described above with effect from 1 April 2017. Furthermore, a limit of £10,000 is applied for individual items that the CFO can approve, with individual items in excess of £10,000 requiring the approval of the committee.
Fees for non-audit services are shown in the bar chart below (2019: £65,000) and represent 15 per cent of the total audit fees. Non-audit services fees (2018: £80,000; 2017: £201,000) in 2017 were considerably higher reflecting the inclusion of fees paid to Makinson Cowell, a subsidiary of KPMG, which provided investor relations services to the group until 31 March 2017. Investor relations services are regarded as a prohibited service under the Regulation. Fees paid to KPMG also include the cost of the UUW regulatory assurance work they undertake which is separate to the regulatory audit. While this work could be performed by a different firm, the information is in fact more granular breakdowns of data that form part of the statutory audit, and by KPMG undertaking the work it reduces duplication and saves considerable cost.
Work undertaken by KPMG in auditing management's methodology and processes in the implementation of the new international financial reporting standards and related disclosures and judgements is included in the statutory audit fee.
Taking into account our findings in relation to the effectiveness of the audit process and in relation to the independence of KPMG, the committee was satisfied that KPMG continue to be independent, and free from any conflicting interest with the group.
Statutory audit – group and company
Statutory audit – subsidiaries
Regulatory audit services provided by the statutory auditor
Other non-audit services
External auditor reappointment
We last undertook a formal tender process for statutory audit services in 2011. KPMG commenced their appointment as auditor and presented their first report to shareholders for the year ended 31 March 2012. The lead audit partner must change every five years. Bill Meredith, who has considerable audit experience of other FTSE 100 utility companies, is in his third year in the role. The 2018/19 year-end audit has been KPMG's eighth consecutive year in office as statutory auditor. As previously reported, the most recent audit tender review was undertaken in September 2015, when it was concluded that the committee would next undertake a competitive tender for statutory audit services for the year ended 31 March 2022, most probably during 2020. This was felt to be an appropriate point in the regulatory cycle, due to the benefits of having an experienced audit team in place in the run-up to the 2019 price determination for the regulatory period commencing on 1 April 2020. United Utilities has complied fully with the provisions of The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Tender Processes and Audit Committee Responsibilities) Order 2014 for the year ended 31 March 2019.
As a result, the committee recommended to the board that KPMG be proposed for reappointment at the forthcoming AGM in July 2019. There are no contractual obligations that restrict the committee's choice of external auditor; the recommendation is free from third-party influence and no auditor liability agreement has been entered into.
Significant issues considered by the committee in relation to the financial statements and how these were addressed
In relation to the group's financial statements, the committee reviewed the following principal areas of judgement (as noted in the accounting policies where applicable):
Capitalisation of fixed assets
Fixed assets (see note 10) represent a subjective area, particularly in relation to costs permitted for capitalisation and depreciation policy.
- In considering the work performed by KPMG during the year in this area, the committee assessed the reasonableness of the group's capitalisation policy and the basis on which expenditure is determined to relate to the enhancement or maintenance of assets. These were both deemed to be appropriate; and
- The committee also reviewed the recovery of the capital overhead rate which management has applied during the year and which the committee had approved in the year ended 31 March 2015 for the five year regulatory period ending 31 March 2020. The committee concluded that the rate still remained appropriate.
Revenue recognition and allowance for doubtful receivables
Due to the nature of the group's business, the extent to which revenue is recognised and doubtful customer debts are provided against is an area of considerable judgement and estimation.
- The committee reviewed the current levels of doubtful debt and credit note provisioning (see note 15 for more detail). The committee challenged management over the appropriateness of the overall levels of provisioning following these reviews and were satisfied that the resulting net debtor balance was appropriate.
The group's defined benefit retirement schemes are an area of considerable judgement, the performance and position of which is sensitive to the assumptions made. In addition, during the current year the impact of the equalisation of Guaranteed Minimum Pension (GMP) payments between males and females was reflected in the financial statements as a significant one-off past service cost recognised in the income statement.
- The committee sought from management an understanding as to the factors which led to the increase in the IAS 19 net retirement benefit surplus during the period and noted that the scheme specific funding basis had not been impacted by this volatility. Management presented an explanatory note (see note A5) in order to communicate most effectively what is a complex area for the benefit of the group's stakeholders. The committee was satisfied with the explanations provided by management and following a review of the explanatory note approved its inclusion in the financial statements;
- The committee reviewed the methodology and assumptions used in calculating the defined benefit scheme surplus (see note A5 for more details). The group employs the services of an external actuary to perform these calculations and determine the appropriate assumptions to make. KPMG presented a report showing how the assumptions applied compared to their client base. After considering the above, the committee concluded that the approach taken and assumptions made – including changes to the basis on which mortality assumptions are set – were appropriate and fairly balanced in determining the net retirement benefit surplus; and
- The committee also reviewed the methodology used in calculating the impact of GMP equalisation reflected in the financial statements, which was performed by the group's external actuary. Having considered this together with the audit work KPMG performed in relation to this significant past service cost, the committee concluded that the approach taken was appropriate and in accordance with the relevant legal requirements.
Provisions and contingencies
The group makes provisions for contractual and legal claims which, by their nature, are subjective and require management to arrive at a best estimate as to the probable outcomes and costs associated with each individual case.
- The committee received regular updates on new and existing claims being made against the group and the extent to which these have been provided for (see note 20 for details). The committee focused their attention on the more significant items and discussed the judgements made by management in arriving at appropriate provisions in relation to these matters.
- Having assessed management's provisioning methodology and rationale, and having challenged the views taken by management where necessary, the committee concluded that the provisions management had made were appropriate. The committee reached this conclusion based on the facts behind each provision, taking account of any relevant legal advice that may have been received as well as the past experience of management in making such provisions and assurance provided by KPMG who cover these as part of their audit.
Carrying value of loans to and investments in the Water Plus joint venture
The group has interests relating to its Water Plus joint ventures in the form of investments (see note 12) and loans receivable (see note A6), the recoverability of which are considered with reference to the estimated future cash flows of the joint ventures. Management tests whether any impairment exists in relation to the equity investments and loans receivable if adverse changes in conditions associated with the joint venture suggest that this is appropriate. The committee scrutinised the impairment assessments performed by the management of Water Plus which the group considers when making its own assessment (see note 12). This involved reviewing the valuations that underpin the carrying values of these amounts and challenging the methodology and assumptions used. In reviewing these assumptions the committee met with the Water Plus executive team in order to understand the business plan underpinning the Water Plus valuation and consider whether it was appropriate for management to base its impairment assessment on this. Following robust discussion on this issue, the committee confirmed that it was satisfied that the carrying values of these interests at the reporting date were recoverable.
Derivative financial instruments
The group has a significant value of swap instruments, the valuation of which is based upon models which require certain judgements and assumptions to be made (see note A4). Management performs periodic checks to ensure that the model-derived valuations agree back to third-party valuations and KPMG check a sample against their own valuation models. It was confirmed to the committee that such testing had been undertaken during the year and there were no significant issues identified.
The committee considered the tax risks that the group faces and the key judgements made by management underpinning the provisions for potential tax liabilities and deferred tax assets. In addition, the committee took account of KPMG's assessment of these provisions. Based upon the above, the committee was satisfied with the judgements made by management.
Underlying profit adjustment
During the year the committee considered and challenged management's treatment of items as adjustments to underlying profit measures and satisfied itself that those items being reported as adjustments met the requirements of the group's policy (see Our performance in 2018/19). In doing this the committee specifically scrutinised and satisfied itself over the appropriateness of management's decision to include costs associated with the dry weather event experienced during the year as an adjusting item when calculating underlying profit measures.
Going concern and long-term viability
The committee challenged and scrutinised management's detailed assessment of the group's long-term viability and its ability to continue as a going concern. In doing this the committee took into account the risks facing the business, including those associated with the possibility that the UK could leave the European Union without a Brexit deal, and its ability to withstand a number of severe but reasonable scenarios. Having considered management's assessment the committee approved the Long-term viability statement set out in the Corporate governance report, including the increase in the period over which the assessment is given from five years to seven years and recommended it to the board for approval.
In reading the above significant issues considered by the committee, shareholders might also wish to examine the auditor's report and their assessment of risks of material misstatement in the Independent auditor's report.
Read more about Our business model
Read more about the Principal risks and uncertainties
Read more online at unitedutilities.com/corporate/about-us/our-future-plans/
The main features of the group's internal controls and risk management systems are summarised below:
The internal audit function is a key element of the group's corporate governance framework. Its role is to provide independent and objective assurance, advice and insight on governance, risk management and internal control to the audit committee, the board and to senior management. It supports the organisation's vision and objectives by evaluating and assessing the effectiveness of risk management systems, business policies and processes, systems and key internal controls. In addition to reviewing the effectiveness of these areas and reporting on aspects of the group's compliance with them, internal audit makes recommendations to address any key issues and improve processes and, as such, provides an indication of the behaviours being exhibited by employees in the areas under review. Once any recommendations are agreed with management, the internal audit monitors their implementation and reports to the committee on progress made at every meeting.
A five-year strategic audit planning approach is applied. This facilitates an efficient deployment of internal audit resource in providing assurance coverage over time across the whole business, as well as greater variation in the nature, depth and breadth of audit activities. This strategic approach supports the annual audit plan, which is then endorsed by management, and which the committee also approves. The plan focuses the team's work on those areas of greatest risk to the business. Building on the strategic planning approach, the development of the plan considers risk assessments, issues raised by management, areas of business and regulatory change, prior audit findings and the cyclical review programme. The purpose, scope and authority of internal audit is defined within its charter which is approved annually by the audit committee.
The in-house team is expanded as and when required with additional resource and skills sourced from external providers – primarily PwC at present. The committee keeps the relationship with PwC under review to ensure the independence of the internal audit function is maintained and there is a documented process to manage possible conflicts of interest with the co-sourced resource. Ensuring that PwC remain independent in the course of its work is crucial to the integrity of its work.
The internal audit function also liaises with the statutory auditor, discussing relevant aspects of their respective activities which ultimately supports the assurance provided to the audit committee and board. During the year, the committee reviewed the current operating model, in particular the balance of in-house versus co-sourced resource, and concluded that, while minor improvements were identified, the current approach was satisfactory.
Assessing the effectiveness of the internal audit function
The effectiveness of the internal audit function's work is continually monitored using a variety of inputs including the ongoing audit reports received, the audit committee's interaction with the head of audit and risk, an annual review of the department's internal quality assurance report, a quarterly summary dashboard providing a snapshot of the progress against the internal audit plan tabled at each committee meeting as well as any other periodic quality reporting requested.
An annual stakeholder survey in the form of a feedback questionnaire is circulated to committee members, senior management and other managers who have regular contact with the internal audit function, including representatives from the external auditor KPMG and the co-source audit provider PwC. The responses were anonymous to encourage open and honest feedback, and were consistently favourable, as were previous surveys.
Periodically, the quality and effectiveness of the internal audit function is also assessed externally, with the most recent review being undertaken early 2019. Taking all these elements into account, the committee concluded that the internal audit function was an effective provider of assurance over the organisation's risks and controls and appropriate resources were available as required.
Internal audit, led by the head of audit and risk, covers the group's principal activities and reports to the committee and functionally to the CFO. The head of audit and risk attends all scheduled meetings of the audit committee, and has the opportunity to raise any matters with the members of the committee at these meetings without the presence of management. He is also in regular contact with the chair of the committee outside of the committee meetings.
Risk management systems
The committee receives updates and reports from the head of audit and risk on key activities relating to the company's risk management systems and processes at every meeting. These are then reported to the board, as appropriate. The group designs its risk management activities in order to manage rather than eliminate the risk of failure to achieve its strategic objectives.
The CFO has executive responsibility for risk management and is supported in this role by the head of audit and risk and the corporate risk manager and his team. The group audit and risk board (GARB) is a sub-committee of the executive team. The GARB meets quarterly and reviews the governance processes and the effectiveness and performance of these processes along with the identification of emerging trends and themes within and across the business. The work of the GARB then feeds into the information and assurance processes of the audit committee and into the board's assessment of risk exposures and the strategies to manage these risks.
Supplementing the more detailed ongoing risk management activities within each business area, the biannual business unit risk assessment process (BURA) seeks to identify how well risk management is embedded across the different teams in the business. The BURA involves a high level review of the effectiveness of the controls that each business unit has in place to mitigate risks relating to activities in their business area, while also identifying new and emerging risks and generally to facilitate improvements in the way risks are managed. The outcome of the BURA process is communicated to the executive team and the board. This then forms the basis of the determination of the most significant risks that the company faces which are then reviewed by the board. The group utilises risk management software to underpin the company's risk management process. The maturity of the risk management framework and its application across the business is assessed on an annual basis against a defined maturity model. This assessment provides an objective appraisal of the degree of maturity in how the risk management system is being applied and the quality of each risk in terms of quantification and management. The results of the maturity assessment are reported to the GARB, and actions agreed with business units.
An external assessment of the risk management process last took place in 2015/16.
The committee reviews the group's internal control systems and receives updates on the findings of internal audit's investigations at every meeting, prior to reporting any significant matters to the board. Internal control systems are part of our 'business as usual' activities and are documented in the company's internal control manual which covers financial, operational and compliance controls and processes. Internal control systems are the responsibility of the CFO, with the support of the GARB, the financial control team and the internal audit team, although the head of audit and risk and his team are directly accountable to the audit committee.
Confirmation that the controls and processes are being adhered to throughout the business is the responsibility of managers, but is continually tested by the work of the internal audit team as part of its annual plan of work which the committee approves each year as well as aspects being tested by other internal assurance providers. Compliance with the internal control system is monitored annually by the completion of a self-assessment checklist by senior managers in consultation with their teams. The results are then reviewed and audited on a sample basis by the internal audit team and reported to the committee.
Whistleblowing, anti-fraud and anti-bribery
For the year ended 31 March 2019 the audit committee was responsible for reviewing the group's arrangements for individuals to raise concerns and the arrangements for investigation of such matters; and for the company's procedures for detecting fraud; and the systems and controls for preventing other inappropriate behaviour. The group's whistleblowing policy supports the culture within the group where genuine concerns may be reported and investigated without reprisals for whistleblowers. From 1 April 2019, the committee no longer has the responsibility for overseeing the group's whistleblowing arrangements, and the board has assumed this responsibility, reflecting the 2018 Code.
The company operates an independently provided confidential reporting telephone helpline and web portal for employees to raise matters of concern in relation to fraud, dishonesty, corruption, theft, security and bribery. Furthermore, employees are encouraged to raise any matters relating to health and safety and any activities of the business which have caused or may cause damage to the environment, such as pollution or other contamination. Alternatively, any matters of concern can also be raised with their manager, their human resources business partner or another senior manager. Employees can remain anonymous if they wish. All concerns are investigated fully, whether they are raised with a manager, or via the confidential helpline/web portal.
In the first instance of an incident being reported, a summary of the allegations is passed to the fraud and whistleblowing committee (consisting of the company secretary, customer services and people director, commercial director and head of internal audit and risk) to decide on the appropriate course of action and investigation and by whom.
During the year, the audit committee was kept fully appraised in regular updates on the progress and findings of investigations of cases of whistleblowing and alleged fraud and any remedial actions taken. A number of employees have been selected and received specialist training in order to conduct investigations of cases of whistleblowing and alleged fraud.
The company has an anti-bribery policy to prevent bribery being committed on its behalf, which all employees must follow, and processes in place to monitor compliance with the policy. As part of the anti-bribery programme, employees are also required to comply with the group's hospitality policy. The hospitality policy permits employees to accept proportionate and reasonable hospitality for legitimate business purposes only. Our employees and representatives of our suppliers must also comply with the group's sustainable supply chain charter which explains that we will not tolerate corruption, bribery and anti-competitive actions and we expect our suppliers to comply with applicable laws and regulations, and in particular never to offer or accept any undue payment or other consideration, directly or indirectly, for the purposes of inducing any person or entity to act contrary to their prescribed duties.
As part of the internal control self-assessment checklist (part of the group's internal control processes), senior managers in consultation with their teams are required to confirm, among other things, that they have complied with the group's anti-bribery and hospitality policies. The anti-bribery programme is monitored and reviewed biannually by the committee.
The anti-bribery policy is available on the company's website at unitedutilities.com/corporate/about-us/governance
The sustainable supply chain charter is available at unitedutilities.com/corporate/responsibility/stakeholders/suppliers