Audit Committee

Audit Committee

Role of the Audit Committee: The Audit Committee is primarily responsible for:

  • monitoring the integrity of the financial statements of the Company and the financial reporting process;
  • monitoring the effectiveness of the Company's internal financial controls and its internal control and risk management systems;
  • reviewing the audit plans of the external auditors and for monitoring the conduct of the audit;
  • reviewing the effectiveness, independence and objectivity of the auditors and monitoring the Company's policy on the engagement of the auditors to supply non-audit services;
  • monitoring the need for an internal audit function; and
  • making recommendations to the Board for a resolution to be put to shareholders of the Company in relation to the appointment and remuneration of the external auditors.

The Audit Committee's full terms of reference, which set out the above responsibilities, are available on the Corporate website (www.ocadogroup.com/corporate-responsibility/corporate-governance.aspx).

The following section describes the work of the Audit Committee in discharging these responsibilities.

Composition of the Audit Committee: The Audit Committee is chaired by Ruth Anderson, and its other members are David Grigson, David Young and Robert Gorrie. As required by the 2010 Code, Ruth Anderson and David Grigson are considered by the Board to have competence in accounting and/or auditing and recent and relevant financial experience. The biography of each member of the Audit Committee is listed here.

The composition of the Audit Committee did not change during the period. The Audit Committee's make-up will change effective on 1 June 2012 when new Non-Executive Director, Alex Mahon joins the Board and becomes a member of the Audit Committee.

Independence: The 2010 Code requires a board to establish an audit committee of at least three independent non-executive directors. From the perspective of the 2010 Code only two of the four members of the Audit Committee (Ruth Anderson and David Grigson) are independent. Therefore the Company does not comply with the 2010 Code in this respect. When Alex Mahon joins the Audit Committee and David Young retires from the Board three of the four members of the Audit Committee will meet the 2010 Code definition of an independent non-executive director.

Meetings and attendance: The Audit Committee held five meetings during the period to coincide with the Company's reporting timetable. Attendance at the meetings is shown earlier in the Statement of corporate governance. The Chief Financial Officer, Andrew Bracey, and senior members of the finance department, company secretariat and the auditors regularly attended the Audit Committee meetings during the period.

The Audit Committee met with the auditors during the period to discuss their remit and any issues arising from the audit, without management being present. The Audit Committee also met with the Group's finance executives without the auditors present.

The external auditors had meetings with the chairman of the Audit Committee without the Company's finance executives present.

Principal activities of the Audit Committee

The Audit Committee undertook a number of principal activities during the period as described below.

Financial statements and reporting: The Audit Committee reviewed the Group's financial statements including, prior to the period end, a review of the significant financial reporting issues, estimates and judgements. The Board and the Audit Committee have reviewed the narrative reporting for this annual report and accounts, as well as the half year report and accounts. In addition, the Board reviewed prior to publication the various interim management statements and trading statements made by the Company.

The Audit Committee and the full Board reviewed the basis for preparing the Group consolidated financial statements on a going concern basis including in particular the assumptions underlying the going concern statement and the associated risk factor disclosures. The Audit Committee's review included consideration of the reports produced by the Company in connection with the audit work.

Internal controls and risk management: The Audit Committee received regular reports from management on the Company's risk management plans and processes. The Company's internal control and risk management systems are described in more detail below.

The Audit Committee also received and considered reports during the period on the work undertaken by the auditors, PricewaterhouseCoopers LLP, in reviewing and auditing the Group's control environment and reviewing the financial reporting procedures, which the Audit Committee took into account in assessing the quality and effectiveness of the Group's systems of internal control.

Internal audit: The Group does not have a dedicated internal audit function. The Audit Committee considered the need for an internal audit function, as required by the 2010 Code (provision C.3.5) and concluded that, given the Group's current stage of development and existing monitoring and internal control measures, it was not necessary. The Audit Committee was satisfied that management had given sufficient assurances that other monitoring processes (including internal reviews of the Group's operations undertaken periodically by senior finance staff) were being applied and would be developed using the existing expertise of the finance department to help ensure that the Group's system of internal control was functioning as intended. The Board accepted the Audit Committee's recommendation to not establish an internal audit function. The need for an internal audit function will be monitored by the Audit Committee and subject to an annual review in 2012.

Whistle blowing and fraud: The Audit Committee receives an update at each of its meetings from management on whether there have been any frauds or improprieties including those raised through the Company's whistle blowing procedures. The Company's whistle blowing procedure, which allows the Company's employees to report concerns anonymously, is set out in the employee handbook. No instances brought to the attention of the Audit Committee during the period were viewed as material in the context of the Group. However, as a result of such reporting, measures were considered by the Audit Committee and taken by the Company to improve certain internal controls, including physical security procedures at some of its sites.

Bribery Act: In July 2011, the Bribery Act 2010 came into force. Consequently the Board approved an anti-bribery policy which sets out the Company's approach to dealing with bribery and corruption and provides guidance for employees on when gifts and hospitality given or received during the course of employment are acceptable or prohibited. The Audit Committee receives a report at each of its meetings concerning the gifts and hospitality register (which was established during the period) and any issues of non-compliance with the anti-bribery policy. The Audit Committee will continue to monitor compliance with the policy and the Company's procedures for the prevention of bribery and will review the effectiveness of the policy in due course. The Audit Committee's terms of reference were amended to reflect this expanded remit.

Review of responsibilities: The Audit Committee has reviewed its own performance and terms of reference to ensure it is operating effectively and has recommended any changes to the terms of reference it considers necessary to the Board for approval. As a result, amendments to the Audit Committee's terms of reference were made and approved by the Board.

External auditors

The Audit Committee's work during the period included oversight of the engagement of the external auditors, PricewaterhouseCoopers LLP.

Auditors' independence: The 2010 Code requires that the Board establish formal arrangements for maintaining an appropriate relationship with its auditors and to explain how the auditors objectivity and independence is maintained. During the period, the Audit Committee developed and implemented the Company's policy which restricts the engagement of its auditors in relation to non-audit services to help ensure that the provision of non-audit services by the Company's auditors does not have an impact on their independence and objectivity. The policy applies the guidance set out in the Guidance on Audit Committees issued by the Financial Reporting Council in December 2010.

The majority of the non-audit work undertaken by the Company's auditors, PricewaterhouseCoopers LLP, during the period was: (i) the review of the Company's half-year accounts; and (ii) tax and accounting advice provided in relation to the Company's establishment of a subsidiary entity in Poland and associated work. Given the auditors' knowledge in these areas and the relatively small engagement fees concerned it was concluded that it was in the interests of the Company to utilise the services of the auditors (rather than another third party provider) for the non-audit work. The total of non-audit fees and audit fees paid to PricewaterhouseCoopers LLP during the period is set out in the Note 2.1.3 to the consolidated financial statements.

PricewaterhouseCoopers LLP also follows its own ethical guidelines and the Auditing Practices Board's Ethical Standard 5 – Non-Audit Services Provided to Audited Entities, and continually reviews its audit team to ensure its independence is not compromised.

The Audit Committee is satisfied that, notwithstanding the Company's auditors, PricewaterhouseCoopers LLP had provided non-audit services to the Group during the period, the quantum of such non-audit fees relative to the audit fees together with the other measures taken by the Company and the auditors to safeguard independence, mean that PricewaterhouseCoopers LLP's independence from the Group was not compromised in the circumstances.

Auditors' re-appointment and remuneration: In relation to considering the re-appointment and remuneration of the auditors, PricewaterhouseCoopers LLP, the Audit Committee, in line with the Company's policy on auditors re-appointment:

  • reviewed the proposed terms of engagement and the proposed audit fees for the previous audit;
  • evaluated the effectiveness and performance of the PricewaterhouseCoopers LLP audit team on the previous audit (as noted above); and
  • made certain assessments about auditors independence (noted above), and received assurances from PricewaterhouseCoopers LLP regarding their ongoing independence.

The Audit Committee was also satisfied as to the adequacy of the previous audit plan and that the level of audit fees payable in respect of the audit services provided was appropriate and that an effective audit could be conducted for such a fee.

On the basis of this review of the previous audit, the Audit Committee recommended to the Board the re-appointment of PricewaterhouseCoopers LLP as auditors to the Company and that the remuneration and terms of engagement of PricewaterhouseCoopers LLP as auditors to the Company be approved (as required by the 2010 Code). The Board accepted these recommendations and proposals will be put to the shareholders at the AGM on 23 May 2012 that PricewaterhouseCoopers LLP be re-appointed as auditors of the Company and that the Directors be authorised to determine the level of the auditors' remuneration. The existing authority for the Directors (including the Audit Committee) to determine the current remuneration of the auditors is derived from the shareholder approval granted at the Company's annual general meeting in 2011.

The Audit Committee discussed during the period, the requirements of the APB Ethical Standards for Auditors for the rotation of audit partners. The Audit Committee has monitored the auditors' compliance with this requirement, as set out in the Company's auditors appointment policy (which reflects the guidance laid out in the Guidance on Audit Committees published by the Financial Reporting Council (in December 2010)) and confirms that the policy has been complied with. As a result, the audit partner will rotate after the date of this annual report.

Internal control

Overview: The Board has oversight of the system of internal controls for the Group and for reviewing the effectiveness of such a system. Certain of these responsibilities have been delegated to the Audit Committee, which reports to the Board. Management is responsible for implementing and maintaining the necessary internal control systems and processes.

Review: The Audit Committee has, in the period, reviewed the effectiveness of the Company's system of internal controls, including financial, operational and compliance controls and risk management systems. As noted above, its review had included consideration of reports prepared during the period by the Company's auditors. Neither the Audit Committee's nor the Board's deliberations concerning internal control have included a detailed consideration of the 'Turnbull Guidance' (Internal Control: Revised Guidance for Directors on the Combined Code (October 2005) issued by the Financial Reporting Council), for reviewing the effectiveness of internal control. There is an ongoing process for identifying, evaluating and managing the risks faced by the Group and the operational effectiveness of the related controls. A system of internal controls has been in place during the period, up to the date of approval of this annual report. The Audit Committee is satisfied that the controls in place are appropriate. However, it is mindful that the internal control system is designed to manage rather than eliminate risk in order to achieve the Group's strategy and business objectives and so can only provide reasonable and not absolute assurance against loss.

IT controls: Since its Admission in July 2010, the Company has continued to make improvements to the Group's system of internal controls to address issues raised in the full year external assessments, including upgrades to the financial systems and strengthening of the finance team. An important area of internal control for the Group is information technology ("IT") controls and governance. The Audit Committee discussed during the period, placing additional attention on formalising IT governance structures to respond to the changes in the Group's risk environment which result from the growth and increasing complexity of both the IT function and the Group. In addition, the Audit Committee determined that further work is needed to refine the risk management and control processes used by the Group in undertaking IT system upgrades, given the large number of IT changes made to the Group's systems during the period, several of which resulted in significant albeit very short-term disruption to the Group's operations during the period. The Group's Director of Technology will report at future Audit Committee meetings on the progress made to formalise the Group's IT governance structures.

Main features of system: The following lists the main features of the Group's internal control and risk management systems including those relating to the financial reporting process and process for preparing the Group's consolidated accounts:

  • an organisational structure with clear segregation of duties, control and authority;
  • comprehensive management information systems for providing management with financial and operational performance measurement indicators each week. This information is summarised monthly and reviewed by the Board;
  • formal budgeting and re-forecasting processes. Variances from budget and forecasts are monitored and any significant differences are explained to the Board by management at each Board meeting;
  • a capital approval policy that controls the Group's capital expenditure that restricts what can be undertaken without Executive Director or Board approval;
  • monitoring the progress of major projects, including the CFC2 project, by management and the Executive Directors and by the Board;
  • a review of key accounting policies by the Audit Committee each period;
  • monitoring by the Audit Committee of the integrity of the financial statements and the financial reporting process (discussed above);
  • monitoring by the Audit Committee of the effectiveness of the Company's internal financial controls;
  • a risk committee, which will report to the Audit Committee, that will seek to implement risk control processes and embed risk analysis as part of normal business decision-making (discussed below);
  • a review of reports on any whistle blowing, fraudulent activity or bribery by employees by the Audit Committee each period;
  • an IT security committee that monitors the Group's IT security measures;
  • a treasury policy overseen by the treasury committee that manages financial risk including liquidity and controls the Group's cash and deposits, investments, foreign exchange and interest rates (outlined in more detail below); and
  • other control measures outlined elsewhere in this Audit Committee report and in the principal risks and uncertainties section.

Treasury: The Group's treasury committee reports periodically to the Audit Committee on its activities. These reports cover various matters set out in the Group's treasury policy concerning the Group's cash and deposits, investments, foreign exchange and applicable interest rates. During the period, the treasury committee monitored the Group's working capital, existing treasury deposits and reinvestment options for certain bank deposits and oversaw the hedging of the Group's exposure to movements in interest rates and currency in relation to CFC2.

The treasury policy and treasury committee, headed by the Director of Finance and Risk, forms part of the Group's measures for financial risk management. The treasury committee's objectives are to minimise the risks associated with treasury management, to ensure sufficient liquidity to meet the Group's long and short term requirements, to minimise financing costs and to maximise investment returns, as well as ensuring compliance with relevant regulatory and legal obligations. The Group's policies and strategies for managing financial risk to the extent material to assess the financial performance or position of the Group, are discussed in Note 4.5 to the consolidated financial statements and in the principal risks and uncertainties description as set out on page 21.

After the period end, the treasury committee undertook a review of the treasury policy which it does from time-to-time and made recommendations to the Audit Committee which were considered and discussed by the Audit Committee.

Risk management

The Board accepts that risk is an inherent part of the business. The Group's risk management system is designed to identify key risks and provide assurance that these risks are fully understood and managed within the context of the Company seeking to achieve its strategic objectives.

As noted above, the Board must maintain and have oversight of the Company's risk management and internal control system. The 2010 Code provides that the Board should, at least annually, conduct a review of the effectiveness of Ocado's risk management systems, while the Disclosure and Transparency Rules require that the Audit Committee must monitor the effectiveness of Ocado's risk management systems.

Risk committee: Management is responsible for implementing and maintaining the necessary risk management and internal control systems and processes. To help management undertake this role, following review and discussion by the Audit Committee during the period, the Company established a risk committee. The risk committee is not a Board committee but rather is comprised of members of senior management and the Head of Risk Management and is chaired by an Executive Director, the Legal and Business Affairs Director. It will report to the Audit Committee and the Board on its responsibilities in order to help them fulfil their duties and responsibilities. The risk committee had its first two meetings after the period end.

The duties of the risk committee are set out in its terms of reference and include monitoring the Company's overall risk assessment processes that inform the Board's decision making and developing, implementing, testing and reviewing internal control mechanisms and disaster recovery planning for the Group.

The intention is that, in conjunction with the Company's Head of Risk Management, the risk committee will continue to develop and refine the Group's risk register, which is a comprehensive register of all risks known to management that affect the business of the Group.

The risk register will be reviewed by the risk committee as a whole with the aim of identifying the key operational risks for the Group and developing a coordinated cross-departmental approach to improving control measures for the most significant business risks.

During the period the Board and the Audit Committee received reports from management concerning risk management. The Audit Committee reviewed the risk register, focusing on the process for compiling the risk register at an operational level including the mitigating controls and risk ratings applied.

In the context of reviewing the annual budget the Board considered the key operational risks to the Group achieving its budget targets for the forthcoming period. In addition the Board discussed from time-to-time during the period some of the significant external risks impacting the business, as set out in the principal risks and uncertainties section of this annual report.

The Audit Committee received a report at most of its meetings during the period concerning the steps being taken by management to implement a more formal and comprehensive risk management system for the Group. As part of its discussions, the Audit Committee (though not the full Board, as required by the 2010 Code (provision C.2.1)) considered, during the period, the effectiveness of the Group's existing risk management framework and the recommendations made by management for evolving that framework. As a result of such review, one of the key outcomes was the establishment of the risk committee, as noted above.

Ruth Anderson
Chairman of the Audit Committee