ESB Internal Controls
Internal controls are designed to ensure that we get the right things done, for the right reasons, the right way, and at the right time.
They are designed to provide reasonable assurance that risks are appropriately managed and objectives achieved. This is done through a form of policies, procedures, operational guidelines, instructions, information systems and monitoring and reporting processes.
Who is responsible for ESB’s System of Internal Control?
The ESB Board has overall responsibility for the Group’s system of internal controls and for monitoring its effectiveness. To ensure that the internal controls are in compliance with legislation and regulations, the Board has established an organisational structure with clear operating and reporting procedures, lines of responsibility, authorisation limits, segregation of duties and delegated authority.
The Board has overall responsibility for the Group's system of internal control and for monitoring its effectiveness. The system of internal control is designed to provide reasonable but not absolute assurance against the risk of material misstatement or loss. In order to discharge that responsibility in a manner which ensures compliance with legislation and regulations, the Board has established an organisational structure with clear operating and reporting procedures, lines of responsibility, authorisation limits, segregation of duties and delegated authority. The Board has reviewed the effectiveness of the Group's system of internal control covering financial, operational and compliance controls and risk management systems.
ESB Internal Control Framework
Our framework includes the following;
- A code of ethics that requires all Board members and employees to maintain the highest ethical standards in conducting business.
- Clearly defined organisational structure, with defined authority limits and reporting mechanisms to higher levels of management and to the Board which support the maintenance of a strong control environment.
- A corporate governance framework which includes risk analysis, financial control review and formal annual governance compliance statements by the management of business lines.
- A comprehensive set of policies and procedures relating to operational and financial controls.
- Large capital projects require the approval of the Board, and are closely monitored on an ongoing basis by the Finance and Business Performance Committee. They can also be subject to post completion audits.
- Comprehensive budgeting systems with an annual budget approved by the Board.
- A comprehensive system of financial reporting.
- Cumulative actual results and key performance indicators are reported against budget and considered by the Board on a monthly basis. Any significant changes and / or material adverse variances are questioned by the Board, and remedial action taken where appropriate.
- A confidential helpline service to provide staff with a confidential, and if required, anonymous means to report fraud or ethical concerns.
Internal Control Monitoring
These controls are reviewed systematically by Group Internal Audit. In these reviews, emphasis is focused on areas of greater risk. The Board, supported by the Audit and Risk Committee, reviews the effectiveness of the system of internal control. The process used by the Board and the Audit and Risk Committee to review the effectiveness of the system of internal control includes:
- A designated risk management function in ESB.
- Review and consideration of the half-yearly risk review process and regular risk management updates.
- Independent advice on the adequacy of the current risk management process in operation in ESB.
- Review and consideration of certifications from management of satisfactory and effective operation of systems of internal control, both financial and operational.
- A review of the programme of Group Internal Audit and consideration of their findings and reports.
- Group Internal Audit also report regularly on the status of issues raised previously from their own reports and reports from the external auditor.
- A review of reports of the external auditor, KPMG, which contain details of any significant control issues identified, arising from its work as auditor.
Effective risk management is critical to the achievement of ESB’s strategic objectives and the long term sustainable growth of its business. The rapid changes taking place in ESB makes it all the more important to continuously reassess risks and have clear strategies to manage them. The Board has overall responsibility for the Group’s approach to risk.
Specifically the Board is responsible for:
- Ensuring that an adequate process is designed to identify the principal risks and uncertainties is in place.
- Embedding an appropriate risk culture throughout the Group.
- Oversight of the risk management and crisis management processes.
- Assessment of the likely effectiveness of management’s mitigation measures and controls.
The Board is aware that it must lead by example in shaping and supporting the Group values which underpin the approach to risk. The Board also wants to ensure that sufficient risk management skills and capabilities are available in the business and that the knowledge and experience of all the staff in ESB who understand the risks associated with operations are utilised.
Risk appetite may also vary over time and the Board has explicitly considered the level of this appetite and any deviation from its stated appetite for risk that the Group is prepared to accept in respect of specific risks