Vodafone 2016 Annual Report Download - page 53

Download and view the complete annual report

Please find page 53 of the 2016 Vodafone annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 208

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208

Effectiveness of the external audit process
The Committee reviewed the quality of the external audit throughout
the year and considered the performance of PricewaterhouseCoopers
LLP, taking into account the Committee’s own assessment, the results
of a detailed survey of senior nance personnel across the Group
focusing on a range of factors we considered relevant to audit quality,
feedback from PricewaterhouseCoopers LLP on their performance
against their own performance objectives and the rm-wide audit
quality inspection report issued by the FRC in May 2015.
Based on this review, the Committee concluded that there had been
appropriate focus and challenge on the primary areas of audit focus
and PricewaterhouseCoopers LLP had applied robust challenge and
scepticism throughout the audit.
Independence and objectivity
In its assessment of the independence of the auditor and in accordance
with the US Public Company Accounting Oversight Board’s standard
on independence, the Committee receives details of any relationships
between the Company and PricewaterhouseCoopers LLP that may
have a bearing on their independence and receives conrmation that
they are independent of the Company within the meaning of the
securities laws administered by the US Securities and Exchange
Commission (‘SEC’).
As one of the ways in which it seeks to protect the independence
and objectivity of the external auditor, the Committee has a policy
governing the engagement of the external auditor to provide non-audit
services. This precludes PricewaterhouseCoopers LLP from providing
certain services such as valuation work or the provision of accounting
services and also sets a presumption that PricewaterhouseCoopers LLP
should only be engaged for non-audit services where there is no legal
or practical alternative supplier.
For certain specic permitted services, the Committee has pre-
approved that PricewaterhouseCoopers LLP can be engaged
by management, subject to the policies set out above, and subject
to a £50,000 fee limit for individual engagements, a £500,000 total fee
limit for services where there is no legal alternative and a £500,000
total fee limit for services where there is no practical alternative supplier.
For all other services or those permitted services that exceed these
specied fee limits, I, as Chairman, or in my absence another Committee
member, can pre-approve permitted services.
Following the publication by the Competition and Markets Authority
of its nal order in relation to the responsibilities of the audit committee,
the Board approved amendments to the Committee’s terms of reference
during the 2016 nancial year such that only the Committee can
negotiate and approve the statutory audit fee, the scope of the
statutory audit and approval of the appointment of the lead audit
engagement partner.
In addition, the Committee assessed the impact of further expected
UK regulation restricting non-audit services that auditors can provide,
including a cap on the amount of non-audit fees that can be billed and
a list of prohibited services. Consequently, the Group’s policy on non-
audit fees will be amended to reect these additional restrictions during
the nancial year ending 31 March 2017 for implementation in the
nancial year ending 31 March 2018.
For the 2016 nancial year, the Committee considered the ongoing
fee proposal included as part of the audit tender, negotiated audit
scope changes for the 2016 nancial year and, following the receipt
of formal assurance that their fees were appropriate for the scope of the
work required, agreed a charge from PricewaterhouseCoopers LLP
and related member rms of £12 million for statutory audit services.
In addition to the statutory audit fee, PricewaterhouseCoopers LLP
and related member rms charged the Group £1 million for audit-
related and other assurance services primarily in connection with local
regulatory lings where we were legally required to appoint them
by virtue of their position as statutory auditor. Further details of the fees
paid, for audit and non-audit services to both PricewaterhouseCoopers
LLP for the 2016 and 2015 nancial years and to Deloitte LLP for
the 2014 nancial year, can be found in note 3 to the consolidated
nancial statements.
Internal control and risk management
The Committee has the primary responsibility for the oversight of the
Group’s system of internal control, including the risk management
framework and the work of the internal audit function.
Assessment of Group’s system of internal control, including
risk management framework
The Group’s risk assessment process and the way in which signicant
business risks are managed is a key area of focus for the Committee.
Our activity here was driven primarily by the Group’s assessment of its
principal risks and uncertainties, as set out on pages 23 to 28.
This year, the Committee performed a detailed review of the
Company’s new risk management framework document which
is designed to: clarify roles and responsibilities for risk management
and oversight, set out a consistent end-to-end process for managing
risk across the business, provide the Board with a clear line of sight over
the principal risks, and provide an overview of how the principal risks
are being managed. Our review included reports from the Group Risk
and Compliance Director on the Group’s risk evaluation process as well
as a review of changes to signicant risks identied at both operating
entity and Group levels.
The Committee also maintains a programme of in-depth reviews into
specic nancial, operational and regulatory areas of the business.
These reviews are critical to the role of the Committee, as they allow
us to meet key business leaders responsible for these areas and provide
independent challenge to their activities. During the 2016 nancial year,
the areas reviewed included:
a the integration of KDG into Vodafone Germany and the transition
to Vodafone compliance standards;
a changes to the Group’s Enterprise operations to improve service and
delivery to customers;
a the risk and control framework associated with implementation
of a new billing system in the Netherlands;
a the Group’s cyber security strategy, covering network, IT and retail
systems; and
a the Group’s network resilience policy and the ability to recover from
a signicant fault or challenge to normal operations.
The Group has in place an internal control environment to protect
the business from the material risks which have been identied.
Management is responsible for establishing and maintaining adequate
internal controls over nancial reporting and we have responsibility for
ensuring the effectiveness of these controls.
Overview Strategy review Performance Governance Financials Additional information
Vodafone Group Plc
Annual Report 2016
51