Internal control

The Board is responsible for the Group’s system of internal control and for reviewing its effectiveness. Such a system is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable and not absolute assurance against material misstatement or loss. The Board has applied Principle C.2 of the Code by establishing a continuous process for identifying, evaluating and managing the Group’s significant risks, including risks arising out of Bodycote’s corporate and social engagement. The Board continuously and regularly reviews the process, which has been in place from the start of 2000 to the date of approval of this report and which is in accordance with Internal Control: Guidance for Directors on the Combined Code published in September 1999 and with revised guidance on internal control published October 2005. The Board’s monitoring covers all controls, including financial, operational and compliance controls and risk management systems. It is based principally on reviewing reports from management and from internal audit to consider whether any significant weaknesses are promptly remedied and indicate a need for more extensive monitoring. The Audit Committee assists the Board in discharging these review responsibilities.

The Group prepares a comprehensive annual budget which is closely monitored and updated quarterly. The Group’s authority matrix clearly sets out authority limits for those with delegated responsibility and specifies what can only be decided with central approval.

The Internal Audit department monitors the Group’s internal financial control system and its reviews are conducted on the basis of plans approved by the Audit Committee, to which Internal Audit reports are submitted on a regular basis.

Each Division provides assurance on specified financial and non-financial controls and these are reported twice-yearly to the Audit Committee.

During 2011, in compliance with provision C.2.1, management performed a specific assessment for the purpose of this annual report. Management’s assessment, which has been reviewed by the Audit Committee and the Board, included a review of all Group and operational risks (by means of workshops and interviews) and the risks identified (both before and after mitigating actions) were assessed using conventional impact and likelihood scoring, and further assessment, monitoring and review work was scheduled for 2012. The Group’s risk management framework is progressively being embedded throughout the Group. No significant previously unidentified risks were uncovered as part of this process, and the necessary actions have been or are being taken to remedy any significant failings or weaknesses identified as part of the reviews.