FORM 6-K
|
MICRO FOCUS INTERNATIONAL PLC
(Exact name of registrant as specified in its charter)
|
|
Exhibit No.
|
Exhibit Description
|
99.1
|
2020
Annual Financial Report and Notice of AGM, dated 24 February
2021
|
Products
|
|||
Risk Trend:
|
No change
|
Link to strategy: Delivering innovation, SaaS and
Subscription
|
Risk Category: Marketplace
|
Principal risk description
To remain successful, the Group must ensure that its products
continue to meet the requirements of customers and investment must
be effectively balanced between growth and mature products.
Investment in research and innovation in product development is
essential to meet customer and partner requirements in order to
maximise customer value, revenues and corporate performance. The
Group has a large number of products, at differing stages of their
life cycle. The extent of investment in each product set needs to
be managed and prioritised considering the expected future
prospects and market demand.
|
|||
Potential impact
If products do not meet the requirements of customers, they will
seek alternative solutions, resulting in the loss of existing
maintenance and new revenue opportunities and the cancellation
of existing contracts. Insufficient focus on key research and
development projects may damage the longterm growth prospects of
the Group. The Group's business and reputation may be harmed by
innovation that falls behind competitors, or by errors or defects
in its products.
|
|||
How we manage it
As set out in the Chief Executive's Strategic review on pages 14 to
17, a key initiative of the Group's three-year plan is to take
a more definitive approach to delivering Subscription and
SaaS-based offerings as a key part of the strategy and
to accelerate the transition to these models where appropriate
within the Group's portfolios. The transition is being
managed over multiple financial periods with initial focus on
products where this model is the emerging or de-facto market
standard. Additionally, in FY20 the Group began to take a
differentiated approach to investment and operational
management in Security and Big Data. The priorities remain
delivering new innovation in response to rapidly changing market
opportunities, expanded cloud and cross-industry use case support
and further developing existing and new SaaS and Subscription
offerings.
As
set out on pages 18 and 19 (Our markets) the Group aligns resources
and develops propositions across four main outcomes for its
customers: Accelerate application delivery; Simplify IT
transformation; Strengthen cyber resilience; and Analyse in time to
act. To improve the interaction between product management, product
development, sales and marketing we implemented a new end-to-end
planning process. The Micro Focus Product Portfolio consists
of five product groups with more than 300 product lines, as
set out on pages 28 to 31 (Our business model), which are uniquely
positioned to help customers address digital transformation, run
and transform their business and maximise existing software
investments. Continued evolution of product strategy occurs as part
of the annual product planning process, where senior leaders from
across the business determine appropriate product sales, marketing
and investment strategies to best align to the market
opportunities. More details on the business model can be found on
pages 28 to 31.
|
Sales/Go-To-Market ("GTM") Models
|
|||
Risk Trend:
|
Increased
|
Link to strategy: Go-To-Market
|
Risk Category: Marketplace
|
Principal risk description
For
the Group to succeed in meeting sales revenue and growth targets,
it requires successful GTM models across the full Product
Portfolio, with effective strategies and plans to exploit all
routes to market, including direct and channel/ partner led sales.
In addition, the Group must focus the sales force on targeted
customer segments and ensure appropriate responses to the market
dynamics related to changes in customer buying behaviours.
Effective GTM models may be more successful if accompanied by
compelling Micro Focus brand awareness programmes. The Group is
dependent upon the effectiveness of its sales force and
distribution channels to drive licence and maintenance sales
and a reference-based selling model. This risk was increased given
the COVID-19 restrictions across various regions, from time to time
in the period.
|
|||
Potential impact
Poor
design and/or execution of GTM plans may limit the success of the
Group by targeting the wrong customers through the wrong channels
and positioning the wrong product or solution offerings,
reducing the value that customers receive from Micro
Focus.
|
|||
How we manage it
As set out in the Chief Executive's Strategic review on pages 14 to
17, a key initiative of the Group's three-year plan is to deliver
consistent, sustained improvement to revenue performance through
increases in sales productivity and the more effective
alignment of resources to opportunity. The GTM team has made
positive improvements to operationalise the recommendations set out
at the beginning of the year, including good progress in the
development of the Group's customer and partner propositions.
Across the five product categories that the Group reports
against, the Group has great depth of capability and experience to
help its customers address some of the most complex challenges they
face. To best enable the Group's customers and exploit this
capability, the Group is aligning resources and developing
compelling propositions across four customer outcomes - Accelerate
application delivery; Simplify IT transformation; Strengthen cyber
resilience; and Analyse in time to act.
As a result of the COVID-19 pandemic and the increase to 90% of our
employees working from home, Micro Focus has invested further in
additional resources to support the transition to virtual selling
and customer engagement. Sales enablement and execution has
received considerable attention and improvement measures have
focused on improving consistency of approach and simplifying the
organisational structure to support more effective and
efficient decision making, greater accountability and a
holistic approach to customer success. This has been achieved
through the further removal of unnecessary global structures and
management layers, and the introduction of a single global sales
methodology based on value-driven outcomes. Further measures are
being put in place to improve productivity and predictability.
Other organisational changes that were made to align marketing and
product teams, and to build a consistent approach to sales
enablement globally, have been operationalised and continue to
reflect the changing demands of the business.
Industry events, such as Micro Focus Universe, successfully adapted
to a virtual format given COVID-19 restrictions, help showcase the
Group's Product Portfolio and strengthen customer, partner and
industry relationships. Additionally, The Group coordinates a
programme of subject matter expert led media engagement on industry
innovation and emerging industry trends, targeted mainly around
social and web media, that serve to further increase brand
awareness.
|
Competition
|
|||
Risk Trend:
|
Increased
|
Link to strategy:
Delivering innovation, SaaS and Subscription
|
Risk Category: Marketplace
|
Principal risk description
Comprehensive
information about the markets in which Micro Focus operates is
required for the Group to assess competitive risks effectively
and to perform successfully. The Group operates in a number of
competitive markets and success in those markets depends on a
variety of factors. This risk increased in the period due to the
on-going pace and scale of change across the IT competitive
landscape.
|
|||
Potential impact
Failure to understand the competitive landscape adequately and
thereby identify where competitive threats exist may damage the
successful sales of the Group's products. If the Group is
not able to compete effectively against its competitors, it is
likely to lose customers and suffer a decrease in sales, which may
result in lost market share and weaker financial
performance.
|
|||
How we manage it
Group
product plans contain an analysis of both traditional and emerging
competitive threats and subscriptions to industry analyst
firms are leveraged to better understand market dynamics and
competitor strategies. In addition, customer surveys and customer
advisory boards are used to validate product direction - both
standalone and in the context of competitors. Micro Focus continues
to monitor and review intelligence on market threats to focus
on offering best in class service to customers. Marketing and
product teams monitor a variety of metrics (such as NPS, including
competitive benchmark) to analyse customer satisfaction relative to
industry benchmarks.
|
Employees and Culture
|
|||
Risk Trend:
|
Increased
|
Link to strategy:
Complete core systems
|
Risk Category: Infrastructure
|
Principal risk description
The recruitment and retention of highly skilled and motivated
employees at all levels of the Group is critical to the success and
future growth of the Group in all countries in which it operates.
Employees require clear business objectives and a well communicated
vision and set of values for the Group to achieve high levels of
employee engagement and a common sense of corporate purpose among
the workforce. This risk was increased given the COVID-19
restrictions across various regions, from time to time in the
period.
|
|||
Potential impact
Failure to attract, develop and retain skill sets, particularly in
sales and research & development, may hinder the Group's sales
and development plans. Weak employee engagement, organisational
alignment and inadequate incentivisation may lead to poor
performance and instability. It could also have an adverse impact
on the realisation of strategic plans.
|
|||
How we manage it
Developing
the most appropriate culture, aligned to driving productive
management behaviours focused on delivering business priorities, is
critical. During the period the Group pivoted to have more than 90%
of its employees working from home due to the COVID-19 pandemic.
Productivity tools were rolled out to enable effective home working
and employee connectedness. Training was rolled out across the
Group for both employees and managers, with a particular focus on
employee support and wellbeing. Further details of the actions
taken by the Group to support its employees are provided in Our
Impact section on pages 35 and 36.
The
Group has policies in place to help ensure that it is able to
attract and retain employees of a high calibre with the required
skills. These policies include training, career development and
long-term financial incentives. Succession plans have been
developed and are in place for key leadership positions across the
Group. In the period, the Group also took significant action to
develop its management capability both internally, by training and
promotions, and through external hires. The Group continued to
attract external hires during the period and rolled out initiatives
to ensure continued effective hiring practices and candidate
on-boarding experience in a virtual environment. Regular
communications during the period focused on keeping the workforce
updated on business objectives, progress against the strategic plan
and the Group's overall response to COVID-19. Attrition dropped in
the period.
|
IT Systems and Information
|
|||
Risk Trend:
|
Increased
|
Link to strategy:
Complete core systems
|
Risk Category: Infrastructure
|
Principal risk description
The Group's operations, as with most businesses, are dependent on
maintaining and protecting the integrity and security of the IT
systems and management of information. Following the integration of
the HPE Software business the Group continues to operate on two IT
architectures with the attendant complexity to business operations
and the control environment. As set out in the Chief Executive's
Strategic review on pages 14 to 17, work continues to transition
the Group to a simplified IT systems architecture. The
transition may be more time consuming and costly than
anticipated, given the amount of change management that is
involved. This risk was increased given the COVID-19 restrictions
across various regions, from time to time in the
period.
|
|||
Potential impact
Disruption to the IT systems could adversely affect
business and Group operations in a variety of ways, which may
result in an adverse impact on business operations, revenues,
customer relations, supplier relations, and reputational damage.
Dependency on IT providers could have an adverse impact on revenue
and compliance in the event that they cannot resume business
operations.
|
|||
How we manage it
As set out in the Chief Executive's Strategic review on
pages 14 to 17, completion of simplification programmes that
form the platform for improved operational effectiveness and
agility remain a priority for the business. Key within this is
the migration to one set of core IT systems. This is a global
programme being executed principally in the UK, USA and India in
conjunction with our Systems Integration partners. We have made
good progress against our objectives for the programme during
the period, with the first phase of employees transitioned on
13 January to the new IT infrastructure and the transition of
remaining employees to occur later in the year. Further details
regarding the IT transformation programme can be found in the Chief
Executive's Strategic review on pages 14 to 17.
During the period the Group pivoted to have more than 90% of its
employees working from home as a result of the COVID-19 pandemic.
To support the increased demands on remote IT services and respond
to other emerging IT requirements across the business, a
centralised IT incident management team was established and
continues to operate, reporting into a cross-functional operational
response team (ORT). Further detail regarding the Group's response
to COVID-19 is detailed on page 61.
To maintain the required control environment the Group relies upon
automated, semi-automated and manual controls together with a
combination of preventative and detective controls. The IT control
environment continues to be improved as part of the implementation
of controls to meet SarbanesOxley Act 2002 (SOX) compliance, as set
out on pages 90 and 91.
A vendor management process is in place and continues to be
improved, to allow for better involvement and engagement with third
party IT providers.
|
Business Strategy and Change Management
|
|||
Risk Trend:
|
Increased
|
Link to strategy: Delivering innovation, SaaS and
Subscription, Go-To-Market,
Complete core systems
|
Risk Category: Marketplace
|
Principal risk description
The Group is engaged in a number of major change projects,
including acquisitions and divestments, to shape and grow the
business by strengthening the portfolio of products and
capabilities and IT projects to standardise systems and processes.
The continued integration of the HPE Software business is complex,
with a range of integration and transformation risks. The
integration of the HPE Software business with the existing
businesses carried on by the Group may be more time consuming and
costly than anticipated.
The Group is also executing a series of operational transformation
initiatives. These projects expose the Group to significant
transformation risks. The Group's strategy may involve the
making of further acquisitions or divestments to protect or enhance
its competitive position and failure to identify, manage, complete
and integrate acquisitions, divestments and other significant
transactions successfully could have a material adverse effect on
the Group's business.
Further,
the Group is progressing with a number of initiatives stemming from
the Strategic & Operational Review carried out in the
previous financial year, which may further increase disruption
to 'business as usual' activities across the Group. This risk was
increased given the COVID-19 restrictions across various regions,
from time to time in the period.
|
|||
Potential impact
Failure to successfully analyse, execute and coordinate the
implementation and delivery of the core systems and associated
business processes with the various integration, divestment and
transformation programmes may result in the disruption of the
on-going business without delivering the anticipated strategic
and operational benefits of such transactions and/or initiatives.
In addition, this may affect the ability to execute strategic
plans for growth.
|
|||
How we manage it
As detailed in the Chief Executive's Strategic review on pages 14
to 17, the Group's three-year plan includes initiatives that are
focused around two key objectives. Firstly, evolving our business
model to ensure we continually adapt to changes in the market to
deliver value and capture growth opportunities. Secondly,
delivering operational excellence through business process and
infrastructure simplification with a relentless focus on
improving levels and consistency of execution.
The focus remains on delivering targeted, relevant
business outcomes and the simplification of business
operations to equip and enable the sales organisation,
simplify operational support and improve compliance capability. The
Group continues to execute multiple programmes to deliver on these
aims. Programme risks and interdependencies are managed carefully
including the utilisation of detailed deep dives, cross-functional
and cross-programme review sessions and a cadence of weekly and
monthly risk reviews, to ensure that execution of the various
programmes is successfully aligned to minimise disruption to
'business as usual'. Given the volume of concurrent transformation
activity being delivered across the business, the Group has put in
place governance structures to manage change for the business in a
structured manner. These governance structures continue to evolve
to meet the changing needs of the business.
As noted within the 'IT systems and information' risk on page 67,
the Group has made good progress in the IT transformation programme
to transition to one set of core IT systems. The transition of both
historical Micro Focus and HPE Software systems to the new
simplified systems architecture will build a solid base for
improved execution.
|
Legal and Regulatory Compliance
|
|||
Risk Trend:
|
Increased
|
Link to strategy:
Complete core systems
|
Risk Category:
Reputational
|
Principal risk description
The Group operates across a number of jurisdictions and two
regulated exchanges. Compliance with national and regional laws and
regulations, including those that relate to ESG matters, such as
Task Force on Climate-related Disclosure ("TCFD") requirements, is
essential to successful business operations. The Group may be
involved in legal and other proceedings from time to time, and as a
result may face damage to its reputation or legal liability. The
Group has entered into various acquisitions and disposals over
recent years and may be subject to, or have the benefit of,
certain residual representations, warranties, indemnities,
covenants or other liabilities, obligations or rights. The Group
has a variety of customer contracts in a variety of sectors,
including Government clients. This risk was increased in the period
due to the variety COVID-19 restrictions in place across regions in
which the Group operates and the heightened complexity this posed
to securing personal and/or sensitive information, particularly in
work-from-home settings.
|
|||
Potential impact
Failure to comply could result in civil or criminal sanctions
(including personal liability for directors), as well as
possible claims, legal proceedings, fines, loss of revenue
and reputational damage.
|
|||
How we manage it
The Group has in place policies and procedures to mitigate
these risks. The Group's legal and corporate compliance team,
including specialist external advisers as required, monitor and
review compliance. During the period, the operational risk and
compliance committee, which reports to the audit committee
continued to meet regularly to monitor cross-functional risk
management and compliance activity. The Group is committed to
ensuring on-going compliance with anti-bribery and corruption, data
protection and market abuse and insider dealing laws and has in
place a Code of Conduct with supporting training materials.
Mandatory Code of Conduct online training is provided annually and
during the year was completed by all employees. In addition,
virtual anti-corruption and anti-fraud training was carried out
widely across the regions in which the Group operates, with
particular focus on higher risk territories.
The Group maintains processes and policies to ensure it is
compliant with data protection requirements imposed by data
protection and privacy laws, including GDPR. Data protection and
privacy compliance is driven and monitored by the Group's legal and
corporate compliance team, supported by technical and other subject
matter experts as required. Data protection compliance is built
into the Group's corporate-wide information security management
system and is kept under review to ensure that required standards
are met. The compliance environment is also strengthened by the
implementation of SOX controls, as set out on pages 90 and
91.
|
Intellectual Property ("IP")
|
|||
Risk Trend:
|
No change
|
Link to strategy:
Complete core systems
|
Risk Category: Marketplace
|
Principal risk description
The
Group is dependent upon its IP and its rights to such IP may be
challenged or infringed by others or otherwise
prove insufficient to protect its business. The Group's
products and services depend in part on IP and technology
licensed from third parties. Third party claims of IP infringement
against the Group may disrupt its ability to sell its products and
services.
|
|||
Potential impact
This IP risk could adversely affect the ability of the Group to
compete in the market place and affect the Group's revenue and
reputation.
|
|||
How we manage it
There are procedures in place across the Group to ensure the
appropriate protection and use of the Group's brands and IP and
these are monitored by the Group's IP panel and legal IP
team.
|
Treasury
|
|||
Risk Trend:
|
No change
|
Link to strategy:
Complete core systems
|
Risk Category:
Financial
|
Principal risk description
The Group's operational and financial flexibility may
be restricted by its level of liquidity, indebtedness and
covenants. Financing costs could increase or financing could
cease to be available in the long-term. The Group may incur
materially significant costs if it breaches its covenants
under its banking arrangements.
The Group targets a net debt to Adjusted EBITDA ratio of 2.7 times
and may require additional debt funding in order to execute its
strategy. The Group is exposed to interest rate risk related to its
variable rate indebtedness, which could cause its indebtedness
service obligations to increase significantly.
The Group operates across a number of jurisdictions and so is
exposed to currency fluctuations.
|
|||
Potential impact
Insufficient
access to funding could limit the Group's ability to achieve
its desired capital structure or to complete acquisitions. An
increase in interest rates could have a significant impact on
business results.
The relative values of currencies can fluctuate and may have a
significant impact on business results.
|
|||
How we manage it
The Group has significant committed financing facilities in place
which were refinanced during the period, the earliest of which
matures in June 2024. The Group closely monitors its liquidity and
funding requirements to ensure it maintains sufficient
headroom to meet its operational requirements. During the
period, as a precautionary measure in response to the COVID-19
pandemic, the Group suspended the payment of dividends in order to
maximise available liquidity during a period of increased economic
uncertainty. The Group seeks to maintain strong relationships with
its key banking partners and lenders and to proactively monitor the
loan markets. The Group also has strong engagement with the
providers of equity capital, which represents an alternative source
of capital.
The Group holds interest rate swaps to hedge against the cash
flow risk in the LIBOR rate charged on $2,250m of
total borrowings for the period to 30 September 2022. Under
the terms of the interest rate swaps, the Group pays a fixed
rate of 1.94% and receives one month USD LIBOR.
Monitoring policies and procedures are in place to reduce the risk
of any covenant breaches under the Group's
banking arrangements. At 31 October 2020, $nil of the
Revolving Facility was drawn. As a covenant test is only
applicable when the Revolving Facility is drawn down by 35% or
more, and $nil of the Revolving Facility was drawn at 31
October 2020, no covenant test is applicable.
Currency fluctuations are monitored by the Treasury
Risk Committee on an on-going basis. Key currency exposures
are detailed on page 207. Changes in foreign exchange rates are
monitored, exposures regularly reviewed and actions taken to reduce
exposures where necessary. The Group provides extensive constant
currency reporting to enable investors to better understand the
underlying business performance.
|
Tax
|
|||
Risk Trend:
|
Decreased
|
Link to strategy:
Complete core systems
|
Risk Category:
Financial
|
Principal risk description
The
tax treatment of the Group's operations is subject to the risk of
challenge by tax authorities in all territories in which it
operates. Cross-border transactions may be challenged under tax
rules and initiatives targeting multinationals' tax
arrangements.
International
tax rules continue to develop at each of the OECD, EU and national
levels and the pace of change may increase in the short-term as a
result of the US election and the COVID-19 pandemic. Future changes
to tax laws could adversely affect the Group across the
territories in which it operates.
As a result of the HPE Software merger, the Group may be required
under the Tax Matters Agreement entered into with HPE (the "TMA")
to indemnify HPE, if actions undertaken by the Group affect
the tax treatment of the separation of the HPE Software
business from HPE.
|
|||
Potential impact
Tax liabilities in the territories in which the Group operates
could increase as a result of either challenges of existing
positions by tax authorities or future changes in tax
law. Specifically, given the substantial operations in the US
any changes in tax policy that might arise from the results of
the US election could have a significant impact on the Group.
Furthermore, if the Group is required to make
indemnification payments to HPE under the TMA, these could be
substantial.
|
|||
How we manage it
Tax laws, regulations and interpretations are kept under on-going
review by the Group and its advisors. The Group also reviews its
operations, including the structuring of intra-Group arrangements,
on a periodic basis to ensure that all relevant laws are
complied with and that risks are identified and mitigated
appropriately.
External professional advice is obtained ahead of
significant transactions or structuring activity, and to
support positions taken in financial statements and local tax
returns where there is significant uncertainty or risk of
challenge.
During
the period, a governance framework and process has been in
operation to remind relevant employees of the requirements and
guiding principles to comply with the obligations under the TMA.
The risk of actions taken by the Group impacting the tax treatment
of the HPE transaction diminish over time and is now considered to
be low.
|
Macro-Economic Environment, Pandemic and Brexit
|
|||
Risk Trend:
|
Increased
|
Link to strategy:
Go-To-Market
|
Risk Category: Marketplace
|
Principal risk description
The
Group's businesses may be subject to inherent risks arising
from the general and sector specific economic, public health
and political conditions, including as a result of any pandemics or
natural disasters, in one or more of the markets in which the Group
operates. This is heightened by the fact the Group sells and
distributes its software products globally. Exposure to political
developments in the United Kingdom, including the terms and manner
of the UK's withdrawal from the EU, could have an adverse
effect on the Group. Further deterioration of the macro
environment could result in more conservatism and longer decision
making cycles within the Group's customer base. This risk was
increased given the COVID-19 restrictions across various regions,
from time to time in the period.
|
|||
Potential impact
Adverse economic conditions could affect sales, and
other external economic or political matters, such as price
controls, could affect the business and revenues.
|
|||
How we manage it
The spread of jurisdictions allows the Group to be flexible to
adapt to changing localised market risks, including navigating the
effects of COVID-19 across different geographies.
The Group has business continuity plans and crisis management
procedures in place in the event of political events, pandemics or
natural disasters.
The Brexit Working Group (BWG) continued meeting throughout the
year and following analysis of the EU-UK Trade and Cooperation
Agreement agreed on 30 December 2020, the Group's mitigations and
preparatory activity continued, preparing the Group for the
transition. The areas reviewed for possible impacts included
people, tax, transfer pricing, commercial contracts (buy and sell),
privacy and data protection, intellectual property and regulatory
matters. The BWG is phasing workstreams back into Group functions
that will continue to work through changes. We recognise that it is
early in the implementation of new rules and regulations and the
position will continue to be monitored for any new or emerging risk
areas.
|
COVID-19
|
|||
Risk Trend:
|
New Risk
|
Link to strategy:
Go-To-Market
|
Risk Category: Marketplace
|
Principal risk description
The
Group, like all businesses, is navigating through a period of
disruption, as it has responded to the practical and macroeconomic
impacts of COVID-19. COVID-19 still presents fast moving, and in
some areas unpredictable, direct and indirect risks to the Group's
businesses. The Group may be subject to inherent risks arising from
the continuation of the on-going COVID-19 pandemic. Further
deterioration of the macro environment could result in more
conservatism and longer decision making cycles within the Group's
customer base.
|
|||
Potential impact
Adverse economic conditions arising as a result of
the continuation of the COVID-19 pandemic could affect
sales performance and business operations.
|
|||
How we manage it
The Group acted quickly at the commencement of the COVID-19
pandemic, reviewing the existing BCP structures and enhancing
governance, through the establishment of a COVID-19 Steering
Committee, to provide a strategic platform to identify and address
the emerging risks of COVID-19 across the enterprise. The status of
key COVID-19 operational risks is monitored in real time through
reporting provided daily to the COVID-19 Operational Response Team
on indicators such as rates of infection, illness and facility
occupancy levels. Further details on the Group's response and
management of COVID-19 are provided on page 61 and additional
details on how COVID-19 has impacted specific risks are
provided in the respective risks set out in this
section.
|
Cyber Security
|
|||
Risk Trend:
|
Increased
|
Link to strategy: Complete core systems
|
Risk Category: Infrastructure
|
Principal risk description
There
could be a data security breach (Micro Focus data or customer data)
involving personal, commercial or product data, either directly
from Micro Focus or a third party. This could occur as a result of
a malicious or criminal act, or an inadvertent system error. This
risk was increased in the period due to the general increased
threat of cybercrime and sudden increase of work-from-home
employees caused by COVID-19 restrictions across various regions,
from time to time in the period.
|
|||
Potential impact
Data
loss, which could harm client and customer
relationships, compliance and/or perception of the
effectiveness of the Group's products.
|
|||
How we manage it
The Group works continually to counter the risk posed by the
current and emerging cyber security threat landscape. The cyber
team manages the security of the Group's data, technology and
training programme to protect the performance, security and
availability of the Group's IT systems. Group-wide cyber policies
and processes are in place. Cyber security testing in critical
areas of the business is on-going, Group-specific
vulnerabilities are reviewed and continually managed, incident
response is in place for the Group, monitoring tools for unusual
activity are in place, a cyber security training course is
available for new hires and awareness material is available on the
intranet. The cyber team works closely with the UK National Cyber
Security Centre ("NCSC") and is part of the NCSC collaboration
portal. The threat posture, including in response to COVID-19, is
continually reviewed and managed.
|
Internal Controls over Financial Reporting
|
|||
Risk Trend:
|
No Change
|
Link to strategy:
Complete core systems
|
Risk Category:
Financial
|
Principal risk description
Internal
controls over financial reporting may not prevent or detect an
error, fraud, financial misstatement or other financial loss,
leading to a material misstatement in the Group's
financial statements.
|
|||
Potential impact
Failure to discover and address any material weaknesses or
deficiencies in the Group's internal controls over
financial reporting could result in material misstatement in
the Group's financial statements and impair the Group's
ability to comply with applicable financial reporting requirements
and related regulatory filings on a timely basis. Based on the
assessment as at 31 October 2020, management identified a material
weakness in the Group's internal controls over
financial reporting, relating to inadequate controls
surrounding existing IT applications, in particular regarding
change management and access controls. As a result of those
deficiencies, automated controls and controls over information
produced by the entity related to those applications could not be
relied upon. Please refer to the FY20 annual report on SOX
compliance as set out on pages 90 and 91. Although the Group
continues to implement measures to address and remediate this
material weakness, failure to do so, and the risk that other
deficiencies may be identified, could also result in an adverse
reaction in the financial markets due to a loss of confidence in
the reliability of the Group's financial statements and could have
a material adverse effect on the Group's business, financial
condition, results of operation and prospects.
|
|||
How we manage it
The Group has a cross-functional SOX steering group chaired by the
CFO, reporting to the audit committee to implement, review and
monitor SOX compliant internal controls and any required
remediation. Further details of the Group's SOX compliance
programme and FY20 annual report on SOX compliance are set out on
pages 90 and 91.
|
|
By:
|
/s/
Brian McArthur-Muscroft
|
|
Name:
|
Brian
McArthur-Muscroft
|
|
Title:
|
Chief
Financial Officer
|