Skip to main content [Access key C]Jump to the top navigation [Access key T]Jump to the local navigation [Access key L]Jump to the search [Access key S]Jump to the sitemap [Access key M]Jump to the homepage [Access key H]
Standard Life plc - Annual Report and Accounts 2007
Home The Group
at a Glance		 Business
Review		 Corporate
Responsibility		 Governance
Information		 Financial
Statements

Internal risk management and control

Following a review of the risk management framework during the year the Group strengthened its Internal Risk and Control Framework (IRCF) to establish an Enterprise Risk Management Framework (ERMF). The framework provides the basis for ensuring that risks inherent in the design and execution of the Group's strategy - and in its day-to-day operations - are managed in line with the expectations of the Group's stakeholders on an ongoing basis. This framework is designed to manage, rather than eliminate, risk and can only provide reasonable, not absolute, assurance against material misstatement or loss.

The Group seeks to derive a competitive advantage from its framework and places risk management at the centre of its corporate agenda. Overall responsibility for approving, establishing and maintaining the framework rests with the Board, with authorities clearly delegated to the executive Directors and the Board committees. The Board Charter states the Board's responsibility is 'to establish and maintain a framework of internal controls that enables the financial and non-financial risks of the Group to be assessed and managed' and the matters reserved for the Group Board include 'the approval of the Group Risk Management Policy, and the Group's financial and non-financial risk policies, and review of their implementation'.

The Directors have overall responsibility for the Group's system of internal control and the ongoing review of its effectiveness. In addition, the effectiveness of internal controls is reviewed regularly by Group Internal Audit and Group Compliance, which report their findings to the Audit, Risk and Compliance Committee.

In accordance with the Code, and the further guidance in the Turnbull Report, the Board has reviewed the effectiveness of the system of internal control. The review incorporated an evaluation of the Group's framework and an assessment of any significant internal control issues that were raised during the year in relation to financial, operational and compliance risk controls. Where any significant control weaknesses were identified during the year, necessary actions have been taken, or plans are being developed and monitored, to remedy them. The system was in place throughout the year and up to the date of approval of the Annual Report and Accounts.

The key features of the Group's ERMF include:

  • Defined governance structures based on a 'three lines of defence' model
  • Defined terms of reference for the Board, each of its Committees and senior executive committees at Group and principal subsidiary level
  • A suite of policies detailing minimum standards for risk and control against key financial, operational and governance related activities across the Group
  • Group defined methodologies for the identification and assessment of risk
  • A quarterly control self assessment process, where management assess whether the controls for which they are responsible have operated as defined and the population of controls is complete
  • Regular risk reporting to the Board to give a basis to assess performance in relation to the Group's objectives.

The Group Chief Executive and the Group's senior management are responsible for the implementation of the framework and for ensuring that it is operating effectively across the Group.