- Overall responsibility
- Policies for management of material business risk
- Risk Management Committees
- Internal audit
- External audit
- Financial statements disclosure committee
- CEO and CFO certification of financial reports
- Company Books of Account
- Management's annual report on internal control over financial reporting
- Limitations of control systems
The Board has established the Audit Committee to oversee the adequacy and effectiveness of the Company’s accounting and financial policies and controls. The Audit Committee provides advice and assistance to the Board in fulfilling its responsibilities and, amongst other matters:
- overseeing the Company’s financial reporting process and reports on the results of its activities to the Board;
- reviewing with management and the external auditor the Company’s annual and quarterly financial statements and reports to shareholders; discussing earnings releases as well as information and earnings guidance provided to analysts;
- reviewing and assessing the Company’s risk management strategy, policies and procedures and the adequacy of the Company’s, policies, processes and frameworks for managing risk;
- exercising general oversight of the appointment and provision of all external audit services to the Company, the remuneration paid to the external auditor, and the performance of the Company’s internal audit function;
- reviewing the adequacy and effectiveness of the Company’s internal compliance and control procedures;
- reviewing the Company’s compliance with legal and regulatory requirements; and
- establishing procedures for complaints regarding accounting, internal accounting controls and auditing matters, including any complaints from whistle-blowers.
The Audit Committee meets at least quarterly in a separate executive session with the external auditor and internal auditor, respectively. The Chairman of the Audit Committee reports to the full Board following each Audit committee meeting. As part of such report, the Chairman of the Audit Committee will inform the Board of any general issues that arise with respect to the quality or integrity of the Company’s financial statements, the Company’s compliance with legal or regulatory requirements, the Company’s risk management framework, the performance and independence of the external auditor, or the performance of the internal audit function.
The current members of the Audit Committee are Brian Anderson (Chairman), David Harrison, Andrea Gisle Joosen, Alison Littley and Anne Lloyd, all of whom are independent non-executive directors. All members of the Audit Committee are financially literate and have sufficient business, industry and financial expertise to act effectively as members of the Audit Committee. In addition, in accordance with the SEC rules, the Nominating and Governance Committee and the Board have determined that Mr Anderson, Mr Harrison and Ms Lloyd qualify as “audit committee financial experts". The skills, qualifications, experience and relevant expertise for each member are summarised in the Board biography section of this website.
The Company believes that sound risk management policies, procedures and controls produce a system of risk oversight, risk management and internal control that is fundamental to good corporate governance and compliance and creation of shareholder value. The objective of the Company’s risk management policies, procedures and controls is to ensure that:
- the Company’s principal strategic, operational and financial risks are identified and assessed;
- the Company’s risk appetite for each risk is considered;
- effective systems are in place to monitor and manage risks; and
- reporting systems, internal controls and arrangements for monitoring compliance with laws and regulations are adequate.
Risk management does not involve avoiding all risks. The Company’s risk management policies seek to strike a balance between ensuring that the Company continues to generate financial returns while simultaneously managing risks appropriately by setting appropriate strategies, objectives, controls and tolerance levels.
Management has put in place a number of key policies, processes and independent controls to provide assurance as to the integrity of the Company’s systems of internal control and risk management. In addition to the measures described elsewhere in this website, the more significant policies, processes or controls adopted by the Company for oversight and management of material business risks are:
- engagement with members of the Risk Management Committees at least quarterly to assess the key strategic, operations, reporting and compliance risks facing the Company, the level of risk and the processes implemented to manage each of these key risks over the upcoming twelve months;
- quarterly reporting to executive management, the Audit Committee, and annual reporting to the Board, of the Risk Management Committees’ assessment regarding the key strategic, operations, reporting and compliance risks facing the Company;
- a program for the Audit Committee to review in detail each year the Company’s general risk tolerance and all items identified by the Risk Management Committees as high focus risks;
- quarterly meetings of the Financial Statements Disclosure Committee to review all quarterly and annual financial statements and results;
- an internal audit department with a direct reporting line to the Chairman of the Audit Committee;
- regular monitoring of the liquidity and status of the Company’s finance facilities;
- maintaining an appropriate global insurance program;
- maintaining policies and procedures in relation to treasury operations, including the use of financial derivatives and issuing procedures requiring significant capital and recurring expenditure approvals; and
- implementing and maintaining training programs in relation to legal and regulatory compliance issues such as trade practices/antitrust, insider trading, foreign corrupt practices and anti-bribery, employment law matters, trade secrecy and intellectual property protection.
A summary of policies, processes and controls that address key aspects of our corporate governance is available in the Library section of this website.
The Company maintains a management level risk committee that focuses on operation-related risks and corporate-related risks (the “Risk Management Committee”). The Risk Management Committee comprises a cross-functional group of employees who review and monitor the risks facing the Company from the perspective of their area of responsibility. The Risk Management Committee is coordinated by Internal Audit and the General Counsel. The Vice President of Internal Audit and the General Counsel also provide quarterly reports to the Audit Committee on key risks and the procedures in place for mitigating them.
The Vice President of Internal Audit heads the internal audit department. It is the role of the internal audit department to provide assurance, independent of management, that the Company’s internal processes, controls and procedures are operating to provide an effective financial reporting and risk management framework. The Internal Audit Charter sets out the independence of the internal audit department, its scope of work, responsibilities and audit plan. The internal audit department’s work plan is approved annually by the Audit Committee. The Vice President of Internal Audit reports to the Chairman of the Audit Committee and meets quarterly with the Audit Committee in executive sessions.
Ernst & Young LLP has served as the Company’s external auditors since fiscal year 2009. The external auditor reviews each quarterly and half-year consolidated financial statements and audits the full year consolidated financial statements. The external auditor attends each meeting of the Audit Committee, including an executive session where members of the Audit Committee are present. The Audit Committee has approved policies to ensure that all non-audit services performed by the external auditor, including the amount of fees payable for those services, receive prior approval. The Audit Committee also reviews the remuneration paid to the external auditor and makes recommendations to the Board regarding the maximum compensation to be paid to the external auditor and concerning their reappointment as external auditor. The lead audit engagement partner is required to rotate every five years.
The Audit Committee reviews and approves management representations made to the external auditor as part of the audit of the full year results.
Representatives of Ernst & Young LLP are present at each AGM to make a statement if they desire to do so and are available to respond to appropriate questions from shareholders.
The Financial Statements Disclosure Committee is a management committee comprised of senior finance, accounting, compliance, legal, tax, treasury and investor relations executives in the Company, which meets with the CEO, CFO and General Counsel prior to the Board’s consideration of any quarterly or annual results. The Financial Statements Disclosure Committee is a forum for the CEO, CFO and General Counsel to discuss, and, on the basis of those discussions, report to the Audit Committee, about a range of risk management procedures, policies and controls, covering the draft results materials, business unit financial performance and the current status of legal, tax, treasury, accounting, compliance, internal audit, complaints and disclosure control matters.
Under SEC rules and the Company’s internal control arrangements, our CEO and CFO provide certain certifications with respect to our full year financial statements, disclosure controls and procedures and internal controls over financial reporting. These certifications are more comprehensive and detailed than those required under the Australian Corporations Act and are considered appropriate given that the Company’s financial reports are prepared in accordance with US GAAP.
The Board in turn receives quarterly assurance from the Financial Statements Disclosure Committee relating to the Company’s disclosure controls and procedures and internal controls over financial reporting. This assurance is supported by written quarterly and annual sub-certifications from the general managers and Finance Directors of each business unit and the Corporate Controller, with annual certifications from the relevant general manager on the Senior Management team.
The Company is responsible for ensuring that it keeps adequate accounting records. The measures taken by the directors to secure compliance with the Company’s obligation to keep adequate accounting records are the use of appropriate systems and procedures and employment of competent persons. We have appointed a Chief Financial Officer who makes regular reports to the Board and ensures compliance with the requirements of Chapter 2 of Part 6 of the Irish Companies Act 2014.
The Company also has a Global Controller, who works closely with the Chief Financial Officer and makes regular reports to our Audit Committee. The accounting records of the Company are kept at its registered office in Ireland.
Evaluation of Disclosure Controls and Procedures
We carried out an evaluation, under the supervision and with the participation of management, including our Chief Executive Officer and Chief Financial Officer, of the effectiveness of the design and operation of our disclosure controls and procedures (as defined in Rule 13a-15(e) under the Exchange Act) as of the end of the period covered by the 2019 Annual Report on Form 20-F. In designing and evaluating our disclosure controls and procedures, our management recognises that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives and are subject to certain limitations, including the exercise of judgment by individuals, the difficulty in identifying unlikely future events, and the difficulty in eliminating misconduct completely.
Based upon that evaluation, our Chief Executive Officer and Chief Financial Officer have concluded that, our disclosure controls and procedures were effective at a reasonable assurance level as of 31 March 2019, to ensure the information required to be disclosed in the reports that we file or submit under the Exchange Act were recorded, processed, summarised and reported within the time periods specified in the rules and forms of the SEC and that such information was accumulated and communicated to our management, including our Chief Executive Officer and Chief Financial Officer, to allow for timely decisions regarding required disclosures.
Management’s Report on Internal Control over Financial Reporting
Management is responsible for establishing and maintaining adequate internal control over financial reporting as defined in Rule 13a-15(f) of the Exchange Act. Because of its inherent limitations, internal control over financial reporting may not prevent or detect all misstatements.
Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
We assessed the effectiveness of our internal control over financial reporting as of 31 March 2019. In making this assessment, we used the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission in Internal Control — Integrated Framework (2013).
Based on our assessment using those criteria, we concluded that our internal control over financial reporting was effective as of 31 March 2019.
The effectiveness of our internal control over financial reporting as of 31 March 2019 has been audited by Ernst & Young LLP, an independent registered public accounting firm, as stated in their report.
Changes in Internal Control over Financial Reporting
There were no changes in our internal controls over financial reporting that occurred during the period covered by the 2019 Annual Report on Form 20-F that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
Due to the inherent limitations in all control systems and the fact that there are resource constraints in the design of any control system, management does not expect that the Company’s internal risk management and control systems will prevent or detect all error and all fraud. No matter how well it is designed and operated, no evaluation of controls can provide absolute assurance that misstatements due to error or fraud will not occur or that all control issues and instances of fraud, if any, within the Company have been detected.
The inherent limitations in all control systems include the realities that judgments in decision making can be faulty and that breakdowns can occur because of simple error or mistake. Controls can also be circumvented by the individual acts of some persons, by collusion of two or more people, or by management override of the controls. The design of any system of controls is based in part on certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Projections of any evaluation of controls’ effectiveness to future periods are subject to risks. Over time, controls may become inadequate because of changes in conditions or deterioration in the degree of compliance with policies or procedures.