An internal control system encompasses the policies, processes, tasks, behaviours and other aspects of an organisation that, taken together:
• Facilitate effective and efficient operations by enabling the organisation to respond to risks;
• Help ensure the quality of internal and external reporting;
• Help ensure compliance with applicable laws, regulations and internal policies.
The Board has overall responsibility for the systems of internal control and for monitoring the effectiveness of internal controls. Management is responsible for the identification and evaluation of significant risks together with the design and operation of suitable internal control systems. These systems are designed to provide reasonable but not absolute assurance against material misstatement or loss.
In order to discharge that responsibility in a manner which ensures compliance with legislation and regulations, the Board has established an organisational structure with clear operating and reporting procedures, secured the services of appropriately qualified personnel, designed suitable lines of responsibility, put in place appropriate authorisation limits, made arrangements in respect of segregation of duties and delegated the necessary authority for decision making.
The system of internal control includes the following:
• Clearly defined organisational structure, with defined authority limits and reporting mechanisms to higher levels of management and to the Board;
• Comprehensive budgeting systems with an annual budget which is subject to approval by the Board;
• Comprehensive system of financial reporting. Cumulative monthly actual results are reported against budget and considered by the Board on a monthly basis. The Board questions significant changes or adverse variances and remedial action is taken where appropriate;
• Comprehensive set of policies and procedures relating to operational and financial controls, including capital expenditure. Large capital projects require the approval of the Board, and are closely monitored on an ongoing basis by the Investment and Infrastructure Committee of the Board;
• Comprehensive set of management information and performance indicators which are produced quarterly using a series of interrelated balanced scorecards. This enables progress against longer-term objectives and annual budgets to be monitored, trends evaluated and variances acted upon;
• Risk management process which enables identification and assessment of risks that could impact the achievement of agreed business objectives and ensures that appropriate mitigating measures and controls are put in place. The process is led by an Executive Group Risk Management Committee chaired by the Chief Executive with regular reports to the Risk Committee;
• Code of ethics that requires all employees to maintain the highest ethical standards in conducting business;
• Comprehensive anti-fraud programme which includes an anti-fraud policy, employee training and communication and a fraud response plan;
• Responsibility by management at all levels for internal control over their respective business functions;
• Corporate governance framework, which includes risk analysis and financial control review. This is monitored by Internal Audit and Risk, which report to the Audit and Finance Committee and the Risk Committee on an ongoing basis;
• Internal Audit and Risk conducts a systematic review of internal financial controls. In these reviews, emphasis is focused on areas of greater risk as identified by risk analysis.
Ervia has a robust framework in place to review the adequacy and monitor the effectiveness of internal controls covering financial, operational, compliance controls and risk management. The Board is satisfied that the system of internal control in place is appropriate for the business.
In respect of Irish Water, the key control procedures as set out above, including the operation of the Local Authority protocols under the Service Level Agreements which manage the interaction processes between Irish Water and Local Authorities, are continuing to evolve and develop as Irish Water progresses through its establishment phase. Irish Water faces significant challenges in building a completely new water utility, implementing the required systems, processes and procedures necessary to ensure robust internal financial controls while applying Ervia’s policies and internal control framework. In this regard, Irish Water currently depends to a significant degree on the controls operated by Local Authorities on its behalf.
A comprehensive internal audit programme was carried out during 2014, and while some issues were noted, these have been, or are being, responded to in an appropriate and timely manner with necessary compensating controls identified in addition to action being taken. Irish Water’s control environment requirements have resulted in the need for additional procedures in certain areas, some of which are still in the process of being implemented. However, no issues involving material loss, contingencies or uncertainties were noted by the company during 2014 requiring disclosure in the 2014 financial statements or in the auditor’s report on the 2014 financial statements under the requirements of the Code of Practice.
The Board has reviewed the effectiveness of the systems of internal control up to the date of approval of the financial statements. A detailed review was performed by the Audit and Finance Committee, which reported its findings back to the Board. The process used to review the effectiveness of the system of internal control includes:
• Review and consideration of the programme of Internal Audit and consideration of its reports and findings;
• Review of regular reporting from Internal Audit on the status of the internal control environment, and the status of issues raised previously from their own reports;
• Close liaison with the Risk Committee which reviews Risk Management Activity Reports from the Executive Group Risk Management Committee on risks, controls and implementation status of action plans;
• Review and consideration of the report by the Chief Executive on the effectiveness of the operation of the systems of internal control, both financial and operational;
• Review of reports from the External Auditors which contain details of any material internal financial control issues identified by them in their work as auditors.