Corporate Governance
Risk Control Committees
The Audit Committee is supported by divisional Risk Control Committees (‘RCCs’), which act under delegated authority from the Audit Committee, under detailed terms of reference. Each divisional RCC reviews, on behalf of the Audit Committee, the adequacy of that division’s system of internal control and risk management, the significant risks facing that business and how they are investigated and the techniques used to identify, assess and manage those risks particular to the business of the division. The RCCs also review divisional input to Group financial reports. At each of its meetings the Audit Committee reviews the minutes and work of the RCCs.
The membership of the RCCs is shown in the table on the previous page. Each RCC is chaired by a Non-executive Director and comprises a minimum of one Non-executive Director, an ‘independent’ executive from another division and additional members drawn from outside the Group who are chosen for the relevance of their skills.
The Group provides an induction programme for new RCC members including meetings with key personnel in the relevant divisions. On an ongoing basis, meetings are arranged with the Chairman, Chief Executive, Group Finance Director, Audit Committee Chairman, Group Risk Director, Head of Group Internal Audit and the external auditors.
Group Internal Audit
Group Internal Audit supports the Audit Committee, divisional RCCs and senior executives by reviewing independently and objectively the effectiveness of the controls and risk environment. The Audit Committee reviews and approves the annual Internal Audit Plan (and achievements against it), the Internal Audit Charter, the results of audits and other significant findings, the adequacy of management’s response and the timeliness of resolution of recommendations and the adequacy of staff numbers, qualifications and experience. It seeks to ensure that the activities of the Group Internal Audit function are co-ordinated with the external auditors. The Audit Committee also approves the appointment, or removal, of the Head of Group Internal Audit.
Case Study – Auditing Internal Audit
During the year the Audit Committee arranged for an independent review of the Group Internal Audit function. The review was conducted by PricewaterhouseCoopers and identified key strengths as well as certain areas for development. For example, the value of rotating colleagues into and out of the Group Internal Audit function was highlighted. The recommendations of the review, along with a resultant action plan, were presented to the Audit Committee, which concluded that the Group has a strong, independent and effective Group Internal Audit function.External auditors
KPMG Audit Plc have served as external auditors since the formation of HBOS in 2001. A full audit tender exercise was completed as recently as 2006. Between audit tenders, an assessment of the external auditors is undertaken.
Auditor independence and remuneration
Both the Board and the external auditors have safeguards in place to protect the independence and objectivity of the external auditors. The Audit Committee has a comprehensive policy to regulate the use of auditors for non-audit services. This policy sets out the nature of work the external auditors may not undertake, which includes work which will ultimately be subject to external audit, internal audit services and secondments to senior management positions in the Group that involve decision-making. It also includes the Group’s policy on hiring former external audit staff. For those services that are deemed appropriate for the auditors to carry out, the policy sets out the approval process that must be followed for each type of assignment. The Chairman of the Audit Committee must be consulted regarding potential instructions in respect of defined non-audit services with a value above defined limits and such services must be subject to a competitive tender process.
Each year the Audit Committee establishes a limit on the fees that can be paid to the external auditors in respect of nonaudit services and monitors quarterly the amounts paid to the auditors in this regard. The external auditors also report regularly to the Committee on the actions that they have taken to comply with professional and regulatory requirements and current best practice in order to maintain their independence. This includes the rotation of key members of the audit team. Total auditor remuneration analysed between audit and other services is shown in Note 7 to the Financial Statements on page 171.