This website uses cookies to help us improve your experience when you visit our website. By continuing to use this website, you consent to our
use of these cookies. To find out more about the cookies we use and how to manage them please see our Privacy and cookies policy.

Close cookie information
 

Risk management and internal control

Robust risk management and internal control provides competitive advantage and enhances productivity.

 

First level

The first level of the control environment is the business operations which perform day-to-day risk management activity.

Front line business operations
e.g. branches, distribution centres

  • Business operations have most ownership of risks and controls through implementation of sound working practices.

There is the greatest ownership of risk and control in this level of the internal control structure.

Each company's management team is responsible for risk management and internal control within its own business and for ensuring compliance with the Group's policies and procedures.

Risk directors in each of our key regions ensure local management complies with the Group's risk management policies and programme.

Second level

The Group's risk management programme forms a core part of the company's overall framework for managing risks and maintaining internal control.

Oversight functions in the Company, such as Finance, HR and Risk Management set direction, ensure compliance with policy and monitor performance.

Oversight functions
e.g. Group Risk Management, the 'ACE' internal controls team, Finance, Health & Safety, HR, IT, Legal, Tax and Treasury

  • Management and financial control
  • Policy and procedure setting
  • Acting at Group and Operating Company level

Group Risk Management

Our comprehensive risk management programme is designed to ensure that significant and emerging risks are identified, assessed and managed effectively. More about Group risk management.

Advanced Control Environment ("ACE") team

Our internal financial control testing process aims to establish an efficient and effective control environment over financial reporting. It defines financial processes and their associated control objectives, which operating companies address with controls.

Other Corporate Functions

Our corporate oversight functions – including Health & Safety, HR, IT, Legal, Tax, Treasury and Finance – establish policies, procedures and other activities that mitigate a wide range of risks, including employee retention, financial control, bribery and corruption and business continuity risks.

Third level

Internal and external audit are the third level of control, offering independent challenge to the levels of assurance provided by business operations and oversight functions.

Independent assurance
Internal audit, external audit and other independent assurance providers

  • Provide independent challenge and assurance

Group internal audit

Fully independent of our day-to-day operations, our internal audit assesses the quality of our risk management and internal control and helps to promote and further develop effective risk management within the businesses.

External audit

PwC are Wolseley's external auditors and give assurance that the financial statements are free from material misstatement.

Other assurance providers

From time to time, we commission external organisations to provide assurance over aspects of our operations.

Fourth level

Board, Executive Committee and Audit Committee

The Board manages risk through its strategic planning and performance monitoring processes. These include regular reports from the Audit Committee on the status of risk management and internal control; and annual reviews of strategic plans and objectives prior to approval of company budgets and strategies.

Control is exercised at Group and business unit level through monthly performance monitoring against budgets, forecasts and cash targets, and by regular visits to Group companies by the Group Chief Executive, Chief Financial Officer and Managing Directors of our main geographical regions.

The Board has formal procedures in place for approving investment, acquisition and disposal projects, with designated levels of authority, supported by post-investment review processes for major acquisitions or disposals and capital expenditure.

The Board takes social, environmental and ethical matters into account when reviewing risks faced by the Group. The Board is conscious of the effect that such matters may have on the short and long-term value of the company.