Risk management and internal control
Robust risk management and internal control provides competitive advantage and enhances productivity.
The first level of the control environment is the business operations which perform day-to-day risk management activity.
Front line business operations
e.g. branches, distribution centres
- Business operations have most ownership of risks and controls through implementation of sound working practices.
There is the greatest ownership of risk and control in this level of the internal control structure.
Each company's management team is responsible for risk management and internal control within its own business and for ensuring compliance with the Group's policies and procedures.
Risk directors in each of our key regions ensure local management complies with the Group's risk management policies and programme.
The Group's risk management programme forms a core part of the company's overall framework for managing risks and maintaining internal control.
Oversight functions in the Company, such as Finance, HR and Risk Management set direction, ensure compliance with policy and monitor performance.
e.g. Group Risk Management, the 'ACE' internal controls team, Finance, Health & Safety, HR, IT, Legal, Tax and Treasury
- Management and financial control
- Policy and procedure setting
- Acting at Group and Operating Company level
Group Risk Management
Our comprehensive risk management programme is designed to ensure that significant and emerging risks are identified, assessed and managed effectively. More about Group risk management.
Advanced Control Environment ("ACE") team
Our internal financial control testing process aims to establish an efficient and effective control environment over financial reporting. It defines financial processes and their associated control objectives, which operating companies address with controls.
Other Corporate Functions
Our corporate oversight functions – including Health & Safety, HR, IT, Legal, Tax, Treasury and Finance – establish policies, procedures and other activities that mitigate a wide range of risks, including employee retention, financial control, bribery and corruption and business continuity risks.
Internal and external audit are the third level of control, offering independent challenge to the levels of assurance provided by business operations and oversight functions.
Internal audit, external audit and other independent assurance providers
- Provide independent challenge and assurance
Group internal audit
Fully independent of our day-to-day operations, our internal audit assesses the quality of our risk management and internal control and helps to promote and further develop effective risk management within the businesses.
PwC are Wolseley's external auditors and give assurance that the financial statements are free from material misstatement.
Other assurance providers
From time to time, we commission external organisations to provide assurance over aspects of our operations.
Board, Executive Committee and Audit Committee
The Board manages risk through its strategic planning and performance monitoring processes. These include regular reports from the Audit Committee on the status of risk management and internal control; and annual reviews of strategic plans and objectives prior to approval of company budgets and strategies.
Control is exercised at Group and business unit level through monthly performance monitoring against budgets, forecasts and cash targets, and by regular visits to Group companies by the Group Chief Executive, Chief Financial Officer and Managing Directors of our main geographical regions.
The Board has formal procedures in place for approving investment, acquisition and disposal projects, with designated levels of authority, supported by post-investment review processes for major acquisitions or disposals and capital expenditure.
The Board takes social, environmental and ethical matters into account when reviewing risks faced by the Group. The Board is conscious of the effect that such matters may have on the short and long-term value of the company.