RBS 2008 Annual Report Download - page 157

Download and view the complete annual report

Please find page 157 of the 2008 RBS annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 299

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299

RBS Group Annual Report and Accounts 2008156
Corporate governance continued
Internal control
The Board of directors is responsible for the Group’s system of internal
control that is designed to facilitate effective and efficient operations
and to ensure the quality of internal and external reporting and
compliance with applicable laws and regulations. In devising internal
controls, the Group has regard to the nature and extent of the risk, the
likelihood of it crystallising and the cost of controls. A system of internal
control is designed to manage, but not eliminate, the risk of failure to
achieve business objectives and can only provide reasonable, and not
absolute, assurance against the risk of material misstatement, fraud or
losses.
The Board has established a process for the identification, evaluation
and management of the significant risks faced by the Group, which
operated throughout the year ended 31 December 2008 and to 25
February 2009, the date the directors approved the Report and
Accounts. This process is regularly reviewed by the Board and meets
the requirements of the guidance ‘Internal Control: Revised Guidance
for Directors on the Combined Code’ issued by the Financial Reporting
Council in October 2005.
The effectiveness of the Group’s internal control system is reviewed
regularly by the Board and the Audit Committee. Executive management
committees or boards of directors in each of the Group’s businesses
receive regular reports on significant risks facing their business and
how they are being controlled. In addition, the Board receives monthly
risk management reports. Additional details of the Group’s approach to
risk management are given in the Risk, capital and liquidity
management section of the Business review on pages 78 to 144. The
Board received a number of reports from Group Internal Audit and
external consultants focussed on certain areas of the business that
have been particularly exposed to loss as a result of the market turmoil.
The Group Audit Committee has received confirmation that
management has taken, or is taking, the necessary action to remedy
failings or weaknesses identified in these reports and through the
operation of the Group’s framework of control.
In addition, the Group’s independent auditors present to the Audit
Committee reports that include details of any significant internal control
matters which they have identified. The system of internal controls of the
authorised institutions and other regulated entities in the Group is also
subject to regulatory oversight in the UK and overseas. Additional details
of the Group’s regulatory oversight are given in the Supervision and
Regulatory reviews and developments sections on pages 279 to 281.
Internal control over financial reporting
The Group is required to comply with Section 404 of the US Sarbanes-
Oxley Act of 2002 and assess the effectiveness of internal control over
financial reporting as of 31 December 2008.
The Group assessed the effectiveness of its internal control over
financial reporting as of 31 December 2008 based on the criteria set
forth by the Committee of Sponsoring Organizations of the Treadway
Commission in ‘Internal Control – Integrated Framework’.
Based on its assessment, management has concluded that, as of 31
December 2008, the Group’s internal control over financial reporting is
effective.
The Group’s auditors have audited the effectiveness of the Group’s
internal control over financial reporting and have given an unqualified
opinion.
Management’s report on the Group’s internal control over financial
reporting will be filed with the SEC at the same time as the Annual
Report on Form 20-F.
Disclosure controls and procedures
As required by US regulations, the effectiveness of the company’s
disclosure controls and procedures (as defined in the rules under the
US Securities Exchange Act of 1934) have been evaluated. This
evaluation has been considered and approved by the Board which has
instructed the Group Chief Executive and the Group Finance Director to
certify that, as at 31 December 2008, the company’s disclosure controls
and procedures were adequate and effective and designed to ensure
that material information relating to the company and its consolidated
subsidiaries would be made known to them by others within those
entities.
Changes in internal controls
There was no change in the company’s internal control over financial
reporting that occurred during the period covered by this report that
has materially affected, or is reasonably likely to materially affect, the
company’s internal control over financial reporting.