Accountability/Internal Controls
The Directors are responsible for the Company’s systems of internal control and for taking reasonable steps to safeguard the assets of the Company and to prevent and detect reporting irregularities. For the year ended 31 December 2006, the Directors have reviewed the effectiveness of these systems, which are designed to provide reasonable, although not absolute, assurance against material avoidable loss or misstatement of financial information. These systems are also designed to manage rather than eliminate the risk of failure to achieve these objectives. Regular reports regarding internal controls are also made to the Board directly and/or through the Audit Committee.
During December 2006 and January 2007, a review of the effectiveness of the Company’s internal controls and risk management systems was conducted under the direction of the Audit Committee and the Board pursuant to the Turnbull Report and related guidance. It included a review of the documentation of internal control systems, including the extent to which those controls are risk-based and are embedded in the organisation. The results of this review were presented to the Audit Committee in February 2007 and the Board in March 2007.
The Company has an ongoing process for identifying, evaluating and managing significant risks (the risk management programme) and this has been in place throughout 2006 and up to the date of this report. The Board receives periodic reports from the Chief Risk Officer and/or the Audit Committee on the risk management programme.
The Chief Executives of each of the Company’s underwriting platforms are responsible for directing the risk management programme within their operations. The Chief Risk Officer, the Group Risk Committee and the Group Executive Committee review and monitor the identification and assessment of significant risks and the relevant control and monitoring procedures. In addition, they monitor the Company’s significant risks on an ongoing basis. Action is taken where the need for further risk mitigation is identified.
During 2006, the Internal Audit team was strengthened to further enhance the assurance provided over the Company’s system of internal controls. Internal audits are conducted on an ongoing basis as part of a risk-based plan approved and monitored by the Audit Committee.