Dear Shareholder
I am pleased to present the Audit Committee (the “Committee”) report covering the work of the Committee during FY2022. This provides an overview of the Committee’s activities in the year under review and looks forward to our expected activities in the coming year.
Year in Review
The Group’s businesses have continued to work through the challenges arising from COVID-19. The Group’s operations and financial arrangements were all impacted as a result of the pandemic and consequently, the Committee’s focus has been on ensuring our internal control processes continue to operate effectively and remain appropriate for the changing environment in which the Group operates.
A vital aspect of the Committee’s work is to provide independent scrutiny and challenge to ensure the Annual Report and financial statements provide a true and fair view of the Company’s performance, focusing on the accuracy, integrity and communication of our financial reporting. In what has been another challenging year, effective oversight of our finances, controls and risk management has never been more important.
In discharging its responsibilities in the year, the Committee reviewed the significant accounting policies, any changes to those policies, and any significant estimates and judgements applied to the financial statements. The Committee concentrated on the accounting judgements and disclosures relating to the impact of COVID-19 on the Group’s businesses, including government support and tax deferral initiatives, liquidity and the impact on financial covenants, cost control and cost saving measures. Other focus areas included going concern, recoverability of trade receivables and advances to customers, the carrying value of goodwill and intangibles, the valuation of property, plant and equipment and revenue recognition.
As is usual, the Committee considered the Group’s Principal Risk disclosures for the financial year ended 28 February 2022. These have been updated, in particular sustainability and climate change related risks, those associated with people and culture and economic and political, underlining the importance of those matters to the Group. The Committee is satisfied that the statements made by executive management on page 34 to 35 of this Annual Report in respect of the Principal Risks are appropriate based on what is currently known to management as at the date of this Report.
Following the incident affecting Matthew Clark and Bibendum IT systems in April 2021, the Committee also reviewed with the support of leading cyber security experts our information security policies and procedures and enhanced our information technology systems and controls to defend against cyber-attacks, which are becoming increasingly sophisticated.
The Committee’s work was supported by the Group’s well established risk and financial management structures, which have continued to operate effectively during the year under review. The Committee has continued to be greatly assisted by the commitment, energy and experience of the finance team in the face of a very heavy workload in 2022. This has enabled the Committee to fulfil its role in providing effective scrutiny and challenge.
There were thirteen meetings during the year and after each Committee meeting I provided an update to the Board on the key issues discussed during our meetings. I also met separately with the external audit partner and senior management on a number of occasions during the year.
More information about the Committee’s activities during the year can be found in the pages which follow.
The Year Ahead
The Committee will continue to focus on the impact of COVID-19 on the business, developments in reporting responsibilities and the security of our digital and technology estate. The Committee fulfils a key role in assisting the Board in ensuring that the integrity of the Group’s financial statements and the effectiveness of the Group’s internal financial controls and risk management systems are maintained. Through the Committee’s composition, resources and the commitment of its members, I believe that it remains well placed to meet those challenges and to discharge its duties effectively in the year ahead.
On behalf of the Board
Emer Finnan
Chair of the Audit
17 May 2022
Role and Responsibilities of the Committee
The Committee supports the Board in fulfilling its responsibilities in relation to financial reporting, monitoring the integrity of the financial statements and other announcements of financial results published by the Group; and reviewing and challenging any significant financial reporting issues, judgements and actions of management in relation to the financial statements. The Committee reviews the effectiveness of the Group’s internal controls and risk management systems and the effectiveness of the Group’s Internal Audit function. On behalf of the Board, the Committee manages the appointment and remuneration of the External Auditor and monitors its performance and independence. The Group supports an independent and confidential whistleblowing procedure and the Committee monitors the operation of this facility.
In accordance with the Code, the Board requested that the Committee advise it whether it believes the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group’s position and performance, business model and strategy.
The Committee’s Terms of Reference reflect this requirement and can be found in the Investor Centre section of the Group’s website. A copy may be obtained from the Company Secretary.
Membership and Attendance
The following non-executive Directors served on the Committee during the year:
Member | Member Since | Number of Meetings Attended | Maximum Possible Meetings |
Emer Finnan (Chair) 1 | 2 July 2014 | 12 | 13 |
Vincent Crowley | 22 March 2016 | 13 | 13 |
Jim Thompson2 | 1 March 2019 | 12 | 13 |
1. Emer Finnan was unable to attend the meeting on 23 October 2021 due to a bereavement.
2. Jim Thompson was unable to attend the meeting on 27 October 2021 due to a medical procedure.
All members of the Committee are, and were considered by the Board to be throughout the year under review, independent.
The Committee members have been selected to provide the wide range of financial and commercial expertise necessary to fulfil the Committee’s duties and responsibilities and provide effective governance. As a qualified chartered accountant, I am considered by the Board to have recent and relevant financial experience, as required by the Code. The Committee is considered by the Board as a whole to have competence relevant to the sector in which the Group operates. Details of the skills and experience of the Directors are contained in the Directors’ biographies on pages 88 and 89 of the Annual Report and Accounts.
The Committee has access to the Group’s finance team, to its Internal Audit function and to its External Auditor and can seek further professional training and advice, at the Group’s cost, as appropriate.
Meeting Frequency and Main Activities in the Year
The Committee met on five scheduled occasions during FY2022. In addition, there were eight ad hoc meetings. Emer Finnan was unable to attend one meeting due to a bereavement and Jim Thompson was unable to attend one meeting due to a medical procedure. The quorum necessary for the transaction of business by the Committee is two, each of whom must be a Non-Executive Director. Only members of the Committee have the right to attend Committee meetings, however, during the year, Stewart Gilliland, Chair, David Forde, Group Chief Executive Officer, Patrick McMahon, Group Chief Financial Officer, Vineet Bhalla, Non-Executive Director, the Head of Internal Audit together with members of the Internal Audit team, the Technology and Transformation Director, the Head of IT, the Group Data Protection Officer, the Director of Group Finance together with members of the Group Finance team, and representatives from Clifford Chance, solicitors and Ernst & Young, the External Auditor, were invited to attend meetings. The Committee also meets separately with the Head of Internal Audit and the External Auditor without management being present.
The Company Secretary and Group General Counsel is Secretary to the Committee.
Significant Judgemental Areas
The key matters reviewed and evaluated by the Committee during the year are set out below. Each of these areas received particular focus from the External Auditor, who provided detailed analysis and assessment of the matters in their report to the Committee.
Going Concern
The Committee and the Board reviewed and challenged management’s assessment of forecast cash flows for the period to 31 August 2023 including sensitivity to trading and expenditure plans, and for the potential impact of uncertainties including an evolving inflationary environment and reduced volumes, in part associated with the impact of ongoing conflict in Ukraine. The Committee also considered the Company’s financing facilities and future funding plans. Based on this, the Committee confirmed that the application of the going concern basis for the preparation of the financial statements continued to be appropriate with no material uncertainties.
The Committee received a report from EY on the work undertaken to assess going concern and specifically discussed the content of the disclosures made in the going concern statement in the Annual Report and the basis of preparation within the Statement of Accounting Policies of the financial statements on page 157.
For further information on the work undertaken by the Committee, the Board and management in relation to the going concern basis of preparation for the FY2022 financial statements, please see ‘Going Concern’ on page 44 and ‘Viability Statement’ on pages 44 to 45. The Directors’ Going Concern statement is set out on page 44.
Recoverability of Trade Receivables and Advances to Customers
The Group has a recoverability risk through exposure to on-trade receivable balances and advances to customers who may experience financial difficulties. Given the unprecedented nature of the COVID-19 outbreak, the assessment of the impact of the outbreak on the Group’s expected credit loss model required significant judgement by the Committee. In particular, the Committee considered the basis used by management in calculating the expected credit losses, whether it adequately captured the additional risks in the current environment and the level of security in respect of those loans. As a result of the review process, the Committee concluded that the expected credit loss on trade receivables and loans was prudent but appropriate and were properly reflected in the consolidated financial statements.
Carrying value of Goodwill and Intangibles
The Committee considered the carrying value of goodwill and intangible assets as at the year-end date to assess whether or not it exceeded the expected recoverable amounts for these assets. In particular, the Committee considered and challenged the valuation financial models, including sensitivity analysis, used to support the valuation and the key assumptions and judgements used by management underlying these models including consideration for COVID-19. The key assumptions used in the financial models and consequently the key focus areas for the Committee relate to future volume, net revenue and operating profit, the growth rate in perpetuity and the discount rate applied to the resulting cash flows. The Committee considered the outcome of the financial models and found the methodology to be robust, and in all instances concluded that the outcome was appropriate.
Valuation of property, plant and equipment
The Group values its land and buildings and plant, machinery and equipment at market value/depreciated replacement cost and consequently carries out an annual valuation. The Group engages external valuers to value the Group’s property, plant and machinery at a minimum every three years or as at the date of acquisition for assets acquired as part of a business combination. An external valuation was conducted at 28 February 2022 by PricewaterhouseCoopers LLP to value the land and buildings and plant, machinery and equipment at the Group’s Clonmel (Tipperary), Wellpark (Glasgow) and Portugal sites. Following a review of PwC’s valuation report, the Committee is satisfied that the adjustments posted were reasonable and that the carrying values at 28 February 2022 are appropriate.
Revenue recognition
The Committee considered the Group’s revenue recognition policy and is satisfied it is appropriate and in line with IFRS 15 Revenue from Contracts with Customers.
Following discussions with the External Auditor, and the deliberations set out above, we were satisfied that the financial statements dealt appropriately with each of the areas of significant judgement.
Other Areas of Focus
The Committee also during the year:
- approved the Internal Audit plan and agreed the External Auditor’s work plans for the Group;
- considered regular reports from the Head of Internal Audit on their findings;
- reviewed and recommended revisions to the Board to the Group Risk Register and the Principal Risks and Uncertainties;
- reviewed the information security and cyber preparedness policies and procedures in place to protect the Group against cyber-attack and the activities under way to further improve cyber security across the Group’s technology estate; and
- reviewed the External Auditor’s independence and objectivity, the effectiveness of the audit process, the re-appointment of the External Auditor and approved the External Auditor’s remuneration.
Fair, Balanced and Understandable Assessment
One of the key compliance requirements of the Group’s financial statements is for the Annual Report and Accounts to be fair, balanced and understandable. The coordination and review of Group wide contributions into the Annual Report and Accounts follows a well established and documented process, which is performed in parallel with the formal process undertaken by the External Auditor.
The Committee received a summary of the approach taken by management in the preparation of the FY2022 Annual Report and Accounts to ensure that it met the requirements of the Code. This, and our own scrutiny of the document, enabled the Committee, and then the Board, to confirm that the 2022 Annual Report and Accounts taken as a whole, was fair, balanced and understandable and provided the information necessary for shareholders to assess the Group’s position and performance, business model and strategy.
Financial Reporting Council (‘FRC’) Engagement
As part of the FRC’s thematic review of viability and going concern disclosures, and the disclosure of alternative performance measures (“APMs”), the FRC wrote to the Company, firstly by letter dated 15 September 2021, advising that they had identified the Company as having made an example of better practice disclosure in the Annual Report 2021 and one they proposed to identify on the FRC’s website. In the second letter dated 30 September 2021, the FRC advised that based on their limited scope reviews, there were no questions or queries that they wished to raise upon the Annual Report and accounts. The FRC did, however, identify a number of matters, where they believed that users of the accounts would benefit from improvements to existing disclosures. These matters have been considered when preparing the Annual Report 2022.
The FRC requested that in disclosing this engagement we note the limitations of their review, namely that it was based on their reading of the Annual Report 2021 and did not benefit from a detailed knowledge of our business or an understanding of the underlying transactions entered into. They also noted that their review provided no assurance that the report and accounts are correct in all material respects but rather that the FRC’s role is not to verify the information provided but to consider compliance with reporting requirements.
Internal Controls and Risk Management Systems
The Committee is responsible, on behalf of the Board, for reviewing the effectiveness of the Group’s internal controls and risk management systems, including financial, operational and compliance controls.
In order to keep the Committee abreast with latest developments, the Head of Internal Audit reported to each meeting on developments and emerging risks to internal control systems and on the evolution of our principal risks. The Committee reviewed the updated principal risks, their evolution during the year, and the associated risk appetites and metrics in light of business changes and performance, challenging and confirming their alignment to the achievement of the Group’s strategic objectives. This included consideration of the impact of COVID-19. On a regular and ongoing basis, the Committee considered the ongoing overall assessment of each risk, their associated metrics and management actions and mitigations in place and planned. This review was supported through consideration of risk dashboards outlining both principal risks and any escalated or emerging risks resulting in the Audit Committee regarding COVID-19 not as an individual risk but rather considering the amplifying effect on a number of other principal risks such as Health and Safety, People and Culture, Supply Chain Operations and Costs and Cyber and Information Security. Those changes to our risk profile were then approved by the Board. The Group’s principal risks and uncertainties are set out on pages 34 to 45.
In addition, the Committee reviewed reports issued by both Internal Audit and the External Auditor and held regular discussions with the Group Chief Financial Officer, the Head of Internal Audit and representatives of the External Auditor.
IT Systems and Cyber Security
Following the incident affecting Matthew Clark and Bibendum IT systems in April 2021, we have reviewed our information security and cyber preparedness policies and procedures, enhanced our Information Technology systems and controls, including the appointment of a Technology and Transformation Director and Group Head of IT. In the field of information technology and security, the Company undertakes a regular security assurance programme, testing controls, identifying weaknesses and prioritising remediation activities where necessary. This includes periodic best practice specialist security testing by a leading third party provider and regular system scanning to identify security weaknesses. Issues are assessed for risk and are comprehensively managed as part of the Company’s risk management programme. The Committee is presented with regular detailed Information Security Reports by the Technology and Transformation Director and Group Head of IT, which includes recommendations for further reinforcements, and a roadmap for further risk reduction. As a demonstration of our commitment to tackling cyber security we are currently pursuing Cyber Essentials Plus accreditation from the National Cyber Security Centre (NCSC).
We have also embarked on a set of projects whose purpose is to help the Company change systems, process or ways of working, to update and modernise the systems we use and create alignment within the Group on systems and process. The Committee is presented with regular detailed reports on progress by the Technology and Transformation Director.
Internal Audit
The Committee is responsible for monitoring and reviewing the operation and effectiveness of the Internal Audit function including its focus, work plan, activities and resources.
At the beginning of the financial year, the Committee reviewed and approved the Internal Audit plan for the year having considered the principal areas of risk in the business and the adequacy of staffing levels and expertise within the function. The Committee also reviewed those plans again during the year in light of COVID-19, which resulted in the Internal Audit function changing focus having regard to imposed working restrictions taking a risk based approach. A number of high risk audits were conducted remotely and others were deferred into FY2023 where appropriate. This was a position endorsed by the Committee in recognition of the operational challenges being experienced at the time by the business and to the businesses of our customers, which required immediate prioritisation and focus. The FY2023 audit plan has considered all existing and emerging risks and what was deferred from FY2022, incorporating both elements where appropriate.
During the year, the Committee received regular verbal and written reports from the Head of Internal Audit summarising findings from the work of Internal Audit and the responses from management to deal with the findings.
The Committee monitors progress on the implementation of any action plans arising on significant findings to ensure these are completed satisfactorily and meets with the Head of Internal Audit in the absence of management.
External Audit
It is the responsibility of the Committee to monitor the performance, objectivity and independence of Ernst and Young (‘EY’), the External Auditor. In December 2021, we met with EY to agree the audit plan for the year end, highlighting the key financial statement and audit risks, to ensure that the audit was appropriately focused. In addition, EY’s letter of engagement and independence was reviewed by the Committee in advance of the audit.
In May 2022, in advance of the finalisation of the financial statements, we received a report from EY on their key audit findings, which included the key areas of risk and significant judgements referred to above, and discussed the issues with them in order for the Committee to form a judgement on the financial statements. In addition, we considered the Letter of Representation that the External Auditor requires from the Board.
The Committee meets with the External Auditor privately at least once a year to discuss any matters they may wish to raise without management being present.
Assessment of Effectiveness of External Audit
During the year, the Committee reviewed EY’s fees for its services, its effectiveness and whether the agreed audit plan had been fulfilled and the reasons for any variation from the plan. The review included a formal evaluation process including the completion of a short questionnaire by each member of the Committee, the Group Chief Financial Officer, the Director of Group Finance and applicable senior finance executives across the business.
The Committee also considered the robustness of the FY2022 audit, the degree to which EY was able to assess key accounting and audit judgements and the content of the audit committee report issued by the External Auditor. Due to governmental advice and restrictions regarding social distancing and travel, EY’s audit teams have followed different levels of remote working in the locations where the Group operates. The Committee is satisfied that this has not impacted the effectiveness of the audit or the audit process. On the basis of the Committee’s evaluation and taking into account the views of other key internal stakeholders, the Committee concluded that both the audit and the audit process were effective.
Audit Tender
Following a tender process, the current External Auditor was first appointed for the year ended 28 February 2018. The Group’s lead audit engagement partner, Pat O’Neill has been the same since that date. The External Auditor is required to rotate the audit partner every five years and therefore the existing partner will rotate after the upcoming AGM.
There are no contractual obligations restricting the Company’s choice of External Auditor. The Committee will continue to review the auditor appointment and the need to tender the audit, ensuring the Group’s compliance with the Code and any related regulations.
The Group complied on a voluntary basis with the Statutory Audit Services for Large Companies Market Investigation (mandatory Use of Competitive Tender Processes and Audit Committee Responsibilities) Order 2014, having last carried out a competitive tender for audit services in 2017.
Non-Audit Services
The Group has a policy in place governing the provision of non-audit services by the External Auditor in order to ensure that the External Auditor’s objectivity and independence is safeguarded.
Under this policy the auditor is prohibited from providing non-audit services if the auditor:
- may, as a result, be required to audit its own firm’s work;
- would participate in activities that would normally be undertaken by management;
- would be remunerated through a “success fee” structure or have some other mutual financial interest with the Group; and
- would be acting in an advocacy role for the Group.
Other than above, the Company does not impose an automatic ban on the External Auditor providing non-audit services. However, the External Auditor is only permitted to provide non-audit services that are not, or are not perceived to be, in conflict with auditor independence and objectivity, if it has the skill, competence and integrity to carry out the work and it is considered by the Audit Committee to be the most appropriate firm to undertake such work in the best interests of the Group. The engagement of the External Auditor to provide non-audit services must be approved in advance by the Audit Committee or entered into pursuant to pre-approved policies and procedures established by the Audit Committee and approved by the Board.
The nature, extent and scope of non-audit services provided to the Group by the External Auditor and the economic importance of the Group to the External Auditor are also monitored to ensure that the External Auditor’s independence and objectivity is not impaired. The Audit Committee has adopted a policy that, except in exceptional circumstances with the prior approval of the Audit Committee, non-audit fees paid to the Group’s auditor should not exceed 100% of audit fees in any one financial year.
In FY2022, EY undertook non-audit work in relation to the Rights Issue. As part of the preparations for the Rights Issue announced in June 2021, certain non-audit assurance was required of the financial information presented in the prospectus. Management felt that EY would be best placed to undertake this work if appropriate safeguards could be put in place, and this was discussed and approved by the Committee prior to work taking place. The fees for the non-audit work were €0.4m and agreed by the Committee.
A number of measures were implemented to ensure that the objectivity of EY as auditors of the Company was safeguarded:-
- The non-audit work was led by an independent EY partner and team members not involved in the audit, and subject to review by an independent audit partner;
- The services were performed on a one-off basis, and were clearly set out in an engagement letter;
- All fees for the additional reporting accountant services were invoiced and settled in full before the audit work was finalised;
- A Quality Review Partner was involved in the audit, and was responsible for performing a further review over the performance of the audit; and
- A clearance panel including a further three independent partners was held prior to completion of the non-audit work to provide an additional level of review.
Given the one off nature of these non-audit services and given they were assurance based ensured that the objectivity of EY was safeguarded.
Confidential Reporting Programme
In line with best practice, the Group has an independent and confidential reporting programme in all of its operations whereby employees can, in confidence, report on matters where they feel a malpractice has taken or is taking place, or if health and safety standards have been or are being compromised. Additional areas that are addressed by this procedure include criminal activities, improper or unethical behaviour and risks to the environment.
The programme allows employees to raise their concerns with their line manager or, if that is inappropriate, to raise them on a confidential basis. An externally facilitated confidential helpline and confidential email facility are provided to protect the identity of employees in these circumstances. Any concerns are investigated on a confidential basis by the Human Resources Department and/or the Company Secretary and Group General Counsel and feedback is given to the person making the complaint as appropriate via the confidential email facility. An official written record is kept of each stage of the procedure and results are summarised for the Committee.
The Audit Committee is also responsible for ensuring that arrangements are in place for the proportionate independent investigation and appropriate follow up of any concerns which might be raised. The Committee receives regular reports on all whistleblowing incidents. The Board also receives a report on whistleblowing in the Company Secretary and Group General Counsel’s regular report to Board meetings. In FY2022, no incidences of concern were uncovered.
We encourage employees to report genuine issues and concerns as they arise. Those concerns are taken seriously. They are investigated where appropriate and confidentiality is respected.
Evaluation of the Committee
The evaluation of the Committee was completed as part of the 2022 internal board evaluation process. An explanation of how this process was conducted, the conclusions arising from it and the action items identified is set out on page 98. The Committee has considered this in the context of the matters that are applicable to the Committee.
This report was approved by the Board of Directors on 17 May 2022.
Emer Finnan
Chair of the Audit Committee