Compass Group PLC Internal Controls...

Compass Group PLC Internal Controls Manual Version 2.0 October 2007

How to use this manual

This manual is organised by process and aims to cover the core internal controls and relevant to Compass Group companies as clearly as possible. It also identifies which of those core internal controls are relevant at each level of the business – Unit; Country; Operating Company and Group.

As an example each chapter is organised in a common format: Section contents indicates the sub-processes within each business process. Control objectives are defined within the Application of controls & use of manual section - A3. Control objectives are in italics text and are numbered x.x.x

Application of controls provides guidance on scope of responsibility for the application of controls at each level of the business (See section A4) Internal controls are defined within the Application of controls & use of manual section – A3. They are numbered x.x.x.x

Compass Group has made significant progress in improving corporate governance. This includes the introduction of Group Accounting Policies and Approvals Manuals, establishing a Major Risk Assessment process, introducing a Group statement of Business Principles, embedding a Group Internal Audit team and setting up the ‘Speak Up’ whistle blowing hot line across the Group.

An additional key building block, which will be of substantial benefit to the Group, is the introduction of this Internal Controls Manual, setting out the Group’s expectations of a minimum set of key controls that each and every business across the Group should operate. All relevant control objectives in each section should be addressed by Group businesses and good reasons should be given for any non- compliance.

To assist you in linking these generic internal controls minimum standards to your own particular business a Control Self Assessment (CSA) tool has been developed. You can use this to validate your degree of compliance and highlight any areas for corrective action.

I commend this Manual to you.

By its nature, it cannot cover every situation. It does, however, provide a minimum standard of internal control for each and every Compass Group business.

If you require more guidance or greater clarity, please feel free to contact any of the Contacts listed in the front of this manual.

As a Group, we are passionate about what we do. Effective internal controls strengthen our position in the market place and make us less vulnerable to potential internal weaknesses that could adversely affect deliverance of our corporate objectives and damage our reputation.

Andrew Martin Group Finance Director Oct 2007

Contacts Group Finance Director Andrew Martin Telephone number +44 (0)1932 573028 Group Financial Controller John Franke Telephone number +44 (0)1932 573013 Email address [email protected] Group Treasurer Justin Besley Telephone number +44 (0)1932 573022 Email address [email protected] Group Tax Manager David Brassington Telephone number +44 (0)1932 573014 Email address [email protected] Peter Frans European Tax and Treasury Manager Telephone number +31 20 4307 178 Email address [email protected] Group Director of Internal Audit Trevor Gelnar Telephone number +44 (0)1932 573158 Email address [email protected] Director of Risk Management – UK & Ireland Bernhard Mallette Telephone number +44 (0)121 457 5753 Email address [email protected]

mailto:[email protected]





Contents

A Application of Controls & Use of Manual

B Internal Controls

Section

1 Revenue

2 Expenditure

3 Fixed Assets

4 Financial Closing & Reporting

5 Stock

6 HR & Payroll

7 Intra-Group

8 Treasury

9 Taxation

10 General Computer Controls

11 Legal & Statutory Requirements

12 Insurance & Security

13 Safety Health and Environment

C Operations Controls

Compass Group PLC – Internal Controls Manual version 2.0 October 2007

A. Application of Controls & Use of Manual Approval Version control Approved by: Andrew Martin, Group Finance Director, October 2007, Version 2.0

Contents

A.1 Purpose of this manual 1 A.2 Scope 1 A.3 Definitions of key terms 1 A.4 Application of controls 2 A.5 Implementation guidance 4 A.6 Confidentiality 5

A.1 Purpose of this manual

Compass Group is always focusing on improving corporate governance throughout its business. The purpose of this manual is to provide Group-wide guidance on the minimum standard of internal control that should be applied across Group companies. It has been prepared with meeting the following objectives in mind:

to be a single reference source on a minimum set of key controls that should operate in all Compass Group businesses.

to enable all Compass Group businesses to implement a minimum standard of internal control in accordance with Group expectations by indicating the Control Objectives that must be addressed in all businesses where they are relevant.

A.2 Scope

This manual covers the key controls in business processes applicable to Compass Group Operating Companies as well as selected support / oversight functions. Where applicable the manual refers to other Group manuals / policies and procedures such as the Group Accounting Policies and Procedures Manual and the Group Approvals Manual to provide a more complete set of guidelines when implementing business controls.

A.3 Definitions of key terms

A.3.1 Internal control and control objectives*

Control objectives

Control Objectives are responses to business objectives. They are management directives which need to be met in order to effectively address risks to the achievement of the entity’s business objectives.

Throughout this manual the Control Objectives are highlighted in italics.

Internal control

An internal control is a “process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of business objectives”, including:

Compass Group PLC – Internal Controls Manual version 2.0, October 2007 1

A. Application of Controls & Use of manual, Page 2 of 5


• effectiveness and efficiency of operations. • preparation of reliable published financial statements. • compliance with applicable laws and regulations.

* The above definitions of internal controls and control objectives have been taken from the Committee Of Sponsoring Organisations of the Treadway Commission (COSO).

A.3.2 Compass corporate structure

Group

The Group Head Office function.

Operating Company / Country

Operating Companies are also known as sector brands. These are our client facing companies, for example, Eurest (Business and Industry), Chartwells (Education) and Medirest, (Healthcare).

A ‘Country’ will hold individual Operating Companies.

Unit

Specific location / outlet / restaurant within a contract where a Compass Group Operating Company provides (agreed with / determined by the client / partner) food and other services to its customers.

Support functions

Collection of support functions serving a variety of businesses for example financial shared services.

A.4 Application of controls

A.4.1 General

This Internal Controls Manual documents a minimum expected set of key controls within business processes and, as such, internal controls within individual sections (and subsections) may only apply to parts of a business or to single or multiple levels of a business. For example revenue is split into subsections including management of contracts, which may be managed at an Operating Company or Country level and cash controls which are more likely to sit at a Unit level.

A Unit, Operating Company / Country or Group may also all need to apply the same control – for example controls around HR – recruitment- may apply to all levels of the business.

An appropriate level of management at each business area should determine which sections of the manual, and as such which controls, apply to that particular business area.



In particular, every Finance Director, Managing Director and Operational Director has the responsibility to determine which Control Objectives are relevant to his / her business and in doing so to be able to identify, for every such Control Objective:

i. Where all the internal controls addressing that objective are performed;

ii. Who performs that control;

iii. When that control is performed; and

iv. How the performance of that control is documented or evidenced.

A.4.2 Application principles

As Compass Group as a whole has a complex organisational structure, this manual has been produced with a varied audience in mind and the requirement that it will be applied across all levels of the Group.

When considering which controls are relevant to a particular business area and how these relevant controls can be applied by a business area, consideration should be given to whether the process is one that is relevant to that business area. As an obvious illustration, for example treasury controls would not apply to the HR function.

Once the processes relevant to that business area have been determined, the sections of that process relevant to the business area should be determined by reviewing the “Application of Controls” table at the front of each process (chapter).

Once the relevant sections have been determined, the control objectives within the section should be reviewed. It is expected that each control objective will be relevant to all such business areas. Business areas that believe control objectives are not relevant to them should be prepared to justify and document their reasons for that belief.

For each control objective, the business areas should identify the set of controls that achieve that control objective. The controls listed under that control objective in the section are designed to be the most likely set of control that will meet that control objective, but are not always going to be the right set for every business area.

If any of the sets of controls determined to be required by the business area to achieve that control objective are not in place and operating, they should be implemented.

Consequently every business area will be able to demonstrate the set of controls it has in place to achieve each control objective within each relevant section of each process (chapter) that is relevant to it.

Further, to assist in the ease of application of this manual to Units, those internal controls applicable to Units occurring throughout the manual have been reproduced together in Section C of the Manual.

A.4.3 Factors to consider when applying controls



Consideration should be given to the following factors when determining the exact controls which should be applied for any particular business area:

- Local legal requirements

- Existing Group manuals / policies and procedure guidance such as the Group Accounting Policies and Procedures Manual, Group Approvals Manual.

- Business area specific applicability (for example different exact controls may be required in a vending business area versus an education business area).

- Implementation issues (for example segregation of duties may not be possible if a business does not have a sufficient number of individuals in a business). However, mitigating / other controls that meet the control objective must be implemented if a control cannot be actually implemented as designed.

- Cost versus benefit considerations. As with the previous factor mitigating / other controls that meet the control objective should be considered and implemented if a control cannot be implemented on the basis of excess cost.

These factors in the application of controls should be considered on a case by case basis.

A.4.4 Control principles

The purpose of this manual is to provide group-wide guidance on implementing a minimum level of internal controls to allow Compass Group to continually improve the level of internal control within the Group. Some of the key principles to consider when implementing controls and answering the questions “what are the objectives of the controls” and “how can we satisfy these objectives?”, are:

- Who performs the control? Is this the appropriate individual? Is this person adequately qualified / trained?

- Are duties appropriately segregated? Is one person performing all activities within a process and does this create a situation where an error may not be detected or fraud could potentially occur?

- Is there a process in place to monitor whether actions / transactions are performed or processed as expected?

- Do guidance / timetables / checklists exist to ensure required actions are completed? Is their completeness appropriately documented?

- Are controls adequate and appropriate, do they meet the controls objective and are they ‘sensible’?

- Is evidence of review and approval of controls documented, ie are reconciliations signed off by reviewer?

A.5 Implementation guidance



Each business should undertake an assessment of their ability to comply with A.4 above using the Group’s Control Self Assessment (CSA) tool.

Where enhancements are required to internal controls to meet minimum expected standards, these should be implemented as soon as possible.

If guidance on relevance, application or implementation is required, or if notification of inability to comply in the timeframe needs to be made, John Franke, Group Financial Controller should be notified.

A.6 Confidentiality

This manual is available through the Finance section of the Group’s intranet, Mercury. It has been prepared exclusively for Compass Group and should not be made available outside the Group without written permission from Group Finance, Chertsey.

B. Internal Controls

Section

1. Revenue 1.1 General

1.2 Contract initiation

1.3 Contract management and monitoring

1.4 Client and customer management

1.5 Pricing

1.6 Cash receipts (tills)

1.7 Cash receipts (vending)

1.8 Invoicing and revenue adjustments

1.9 Accounts receivable management

1.10 Revenue recognition

1.11 Client master file

2. Expenditure 2.1 General

2.2 Selection and evaluation of suppliers

2.3 Purchasing: overhead and capital expenditure

2.4 Purchasing: consumables and food expenditure

2.5 Goods received and processing accounts payable

2.6 Processing payments

2.7 Maintaining product / supplier master file

2.8 Purchasing discounts

3. Fixed Assets 3.1 General

3.2 Acquisition of fixed assets

3.3 Use & maintenance of fixed assets

3.4 Disposals

3.5 Recording of fixed assets & managing of fixed assets

register

3.6 Depreciation and amortisation

3.7 Fixed asset security

3.8 Leased assets

3.9 Intangible assets and goodwill

4. Financial Closing & Reporting

4.1 General

4.2 Defining the financial closing and reporting process

4.3 Performing the accounting period close

4.4 Consolidation

4.5 Disclosure and financial statement review and

preparation

4.6 Budgeting and forecasts

5. Stock 5.1 General

5.2 Receipt and storage of stock

5.3 Stock management

5.4 Stock valuation

6. HR & Payroll 6.1 General

6.2 Recruitment


B. Internal controls, page 2 of 3


6.3 Managing employee career development and training

6.4 Terminating employees

6.5 Managing employee information and payroll

masterfile

6.6 Managing and processing payroll

6.7 Recording time

6.8 Accounting and reporting

6.9 Travel and expenditure

6.10 Loans

6.11 Security of data

7. Intra-Group 7.1 General

7.2 Processing & capturing transactions

7.3 Reconciliation and confirmation of related balances

7.4 Reporting, consolidation & elimination

7.5 Intra-group pricing

7.6 Intra-group settlements

8. Treasury 8.1 General

8.2 Cash management

8.3 Borrowing

8.4 Investment

8.5 Derivatives

8.6 Dividends

9. Taxation 9.1 General

9.2 Business and regulatory environment

9.3 Tax reporting and compliance

10. General Computer Controls

10.1 General

10.2 Information resource strategy and planning

10.3 Application systems implementation and

maintenance

10.4 Information systems operations

10.5 Relationships with outsourced suppliers

10.6 Information security

10.7 Business continuity planning

10.8 Database implementation and support

10.9 Network Support

10.10 Systems software support

10.11 Hardware support

11. Legal & Statutory Requirements

11.1 General

11.2 Legal services

11.3 Claims and liquidation

11.4 Directors’ duties

11.5 Trading licences

11.6 Intellectual property

11.7 Contract bonds, letters of credit and parental

B. Internal controls, page 3 of 3


guarantee

12. Insurance & Security

12.1 Physical security of premises

12.2 Insurance

13. Safety Health and Environment

13.1 General

13.2 Health & safety

13.3 Food safety

13.4 Environment

Compass Group PLC – Internal Controls Manual - version 2.0 October 2007

1. Revenue Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents

Application of controls 1

1.1 General 2

1.2 Contract initiation 3

1.3 Contract management and monitoring 5

1.4 Client and customer management 6

1.5 Pricing 6

1.6 Cash receipts (tills) 7

1.7 Cash receipts (vending) 8

1.8 Invoicing & revenue adjustments 9

1.9 Accounts receivable management 10

1.10 Revenue recognition 12

1.11 Client master file 12

Application of controls

Company

level


Group Group personnel should perform controls within section 1.1 and 1.2.

Group should provide guidance on the operation of these controls.

Operating Companies / Countries

All relevant controls within sections 1.1 to 1.11 should be applied by Operating Companies / Countries. Operating Companies / Countries should provide guidance to Units on the operation of these controls.

Units Unit personnel should perform all relevant controls within sections 1.1 to 1.11.

1 Revenue, page 2 of 13

1.1 General

1.1.1

Revenue processes are clearly defined and communicated.

1.1.1.1 Documented policies and procedures / defined processes are in place for revenue functions. These include:

• Revenue recognition

• Contract initiation and management

• Bid/tendering process

• Client and customer management

• Pricing

• Cash collection and invoicing

• Till and vending cash monitoring and reporting

• Accounts receivable processing and monitoring

• Client master file maintenance

These policies and procedures / defined processes are reviewed and updated where required and at least annually and are communicated to all relevant personnel.

1.1.1.2 Roles and responsibilities within the accounts receivable, sales teams and trading units are well defined. These roles provide appropriate segregation of duties within all revenue and related functions.

1.1.2

Revenue and accounts receivable IT systems are appropriately controlled.

1.1.2.1 Revenue and accounts receivable IT systems are managed and controlled in line with ‘General Computer Controls’ section 10.

1.1.3

Revenue is properly accounted for.

1.1.3.1 Accounting for revenue is performed in line with the Group Accounting Policies and Procedures Manual. Finance management reviews accounting for revenue transactions at least annually to determine whether this has been performed appropriately.




1.2.1

Policies and procedures exist surrounding the initiation and execution of tenders / bids and contracts.

1.2.1.1 Policies and procedures are in place outlining the principles and evaluation criteria to be followed when initiating and executing tenders / bids and sales contracts. These are reviewed and updated on a regular basis by management. Any changes are appropriately communicated to all relevant staff. These authorisation procedures are in line with Group Approvals Manual.

1.2.2

Potential bids / tenders and or contracts are evaluated prior to execution.

1.2.2.1 Potential clients are evaluated by management and legal using risk management and due diligence procedures prior to the bid / tendering process and / or contract execution (where appropriate). Review procedures are performed and recorded in writing to ensure appropriate expertise and resources exist to meet business needs, conflicts of interest are not present and potential contracts are in line with strategy.

1.2.2.2 Any noted exceptions to local policy or strategy identified during preparation of bids / tenders and / or contracts are evaluated by management and legal to determine whether to proceed. Appropriate additional approval is obtained where necessary.

1.2.3

Credit worthiness is evaluated prior to bid / tender submission or contract execution and is performed in line with credit policy.

1.2.3.1 A clear policy is in place that outlines processes to be performed in relation to credit checks. Credit checks are performed and documented prior to execution of a bid / tender or a client contract in accordance with policy. Compliance with this policy is monitored by management.

1.2.4

Bid / tender documentation and sales contracts are appropriately used to define all necessary terms and conditions.

1.2.4.1 Standard client contract terms and conditions exist. A policy is in place to define the use of these standard terms and conditions, where it is acceptable to deviate from these, and what steps should be taken (including appropriate approvals) when deviating from standard terms and conditions. Management monitors compliance with this policy. Non-standard contract terms and conditions are approved by appropriate levels of management and legal, in line with local policy.



1.2.5

All terms and conditions issued to clients are accepted in writing and evidence retained.

1.2.5.1 Contracts are accepted and agreed in writing by both management and the client to demonstrate agreement with terms and conditions prior to contract execution. All documentation of acceptance and any other related bid/tender and contract information is retained in a central location.

1.2.6

Sales staff commission paid is reflective of approved contract terms and conditions.

1.2.6.1 Checks, performed by independent personnel, are in place to ensure sales staff commission is only paid subsequent to formally approved sales contracts and other necessary documentation.

1.2.7

Sales contract prices and terms are set-up within finance systems accurately and on a timely basis.

1.2.7.1 Approved sales contracts are reviewed by finance management to determine the proper accounting treatment for revenue recognition prior to system input.

1.2.7.2 Approved sales contracts are appropriately recorded within financial systems to ensure future invoices generated reflect agreed contract terms and prices, and actual to budget revenue can be monitored accurately. Data input is independently reviewed for accuracy.

1.2.8

Defined policies and procedures / processes exist for the handover and ‘mobilisation’ of contracts.

1.2.8.1 Documented policies and procedures / defined processes are in place for handover of contracts to operational management / teams for ‘mobilisation’.

These include handover of key information including copies of contracts, bid / tender documents, meeting notes information regarding special requirements and guidance on any staff to be taken on and assets to be recorded.

Notes

Process and controls mentioned in this section also apply to re-bidding for contracts.




1.3.1

All contracts are effectively managed and monitored for compliance to agreed contract terms and conditions.

1.3.1.1 A member of the operations team is assigned to each contract entered into to ensure the client is managed effectively and appropriate services provided. Contracts are also reviewed and monitored on a regular basis against performance / services actually provided. Any issues are reported to management and resolved.

1.3.1.2 Actual revenue and margins from each contract are monitored against the contract budget on a regular basis. Variances are identified, investigated and appropriate action taken if necessary.

Any sales staff commission is reviewed and appropriate action taken in line with local policy if expected revenue targets are not being met. Changes to commissions are authorised by management.

1.3.1.3 Total contract risk is reviewed by management routinely to ensure the contract base is in line with expected and sustainable margins. Contracts are discussed, reviewed by management and exited if required.

1.3.2

Existing contracts are monitored to identify contracts up for renewal or re-bid.

1.3.2.1 At the end of the initial contractual period a formal review is undertaken to identify whether the contract requires renewal / re-bid and appropriate action is taken if necessary.

1.3.2.2 Contracts that are run on a rolling basis are regularly reviewed and appropriate action taken if not financially viable to retain.

1.3.3

Renewed contract terms and conditions are appropriately reviewed and authorised.

1.3.3.1 Changes made to existing contracts are subject to the evaluation and approval processes as outlined within local policy including appropriate legal and senior management review.

1.3.3.2 Updated contracts are authorised in writing by management and the customer to demonstrate acceptance of the updated terms and conditions. All documentation of acceptance is retained.

1.3.4

The status of expired contracts is changed to closed in all relevant systems



timely.

1.3.4.1 The status of all expired contracts is changed to closed within the financial systems on a timely basis.

Notes

1.3.3.1 includes the review for appropriateness of one-off incentives to re-tender contracts currently held.


1.4.1

Customer / client service programmes are in place and satisfaction is monitored on a regular basis.

1.4.1.1 Policies and procedures / defined processes are in place to monitor client service and satisfaction. An escalation process is defined within these policies.

1.4.1.2 A customer / client service programme exists for all clients and is reviewed and updated on a regular basis. The programme is distributed to all customer service employees and client managers. Any changes to the programme or processes are communicated on a timely basis.

1.4.1.3 Customer / client satisfaction is measured and monitored on a regular basis and results communicated to relevant management and staff. Any follow up action required is performed on a timely basis.

1.4.1.4 Invoices queried by clients are followed up and discussed with clients where appropriate. Any necessary invoice or general ledger adjustments are made appropriately, if required. (See ‘Invoicing and Revenue Adjustments’ section).

1.5 Pricing

1.5.1

Sales reflect approved prices.

1.5.1.1 Sales are priced in line with contracts and defined pricing structures approved by Operating Company / Unit management. Price lists / menus are reviewed on a regular basis and any changes or amendments are appropriately authorised by management. Pricing on all invoices and transactions is independently checked by invoice periodically.

1.5.1.2 Any changes or amendments to prices are communicated to all necessary staff to ensure sales are reflective of new prices.



1.5.1.3 Any changes or amendments to prices are input into relevant systems accurately and on a timely basis.

1.5.1.4 Any price overrides at the transaction level are approved by the appropriate level of management prior to sale and recorded appropriately.

1.5.1.5 Management reviews recorded sales and gross margins and compares to budget regularly to identify any price discrepancies or unusual items. Any significant variances are investigated and resolved on a timely basis.

Notes

1.5.1.5 Target could be a simplified weekly P&L for each unit to react quickly to any deviation


1.6.1

Only authorised employees enter sales transactions. Point of Sale (POS) terminal access is appropriately restricted.

1.6.1.1 POS procedures have been developed and distributed to all trading outlets. Compliance with policies is monitored.

1.6.1.2 All POS terminals are physically protected either by employee unique ID or by lock and key.

1.6.1.3 All POS terminals are closed and emptied at least once a day.

1.6.2

In Unit sales are appropriately captured, recorded and reconciled for completeness.

1.6.2.1 All customer sales (cash and card), including any related vouchers, are recorded using a POS terminal/cash register.

1.6.2.2 Total daily takings (cash and card) are reconciled to POS terminal / register. Any variances are investigated and resolved and the reconciliation of cash is independently reviewed.

1.6.2.3 Sales recorded by Units in returns to Operating Companies / finance centres are reconciled to POS records and bank records to ensure all sales are recorded. Any variances are investigated and cleared.

1.6.2.4 Unit bank statements are reconciled to the general ledger regularly. (See Treasury Section)

1.6.2.5 Sales are reconciled to goods purchased and any reconciling items



are investigated and cleared as appropriate. Management reviews and approves reconciliations.

1.6.3

Daily cash takings are appropriately safeguarded and banked.

1.6.3.1 Appropriate safety and security measures are in place to ensure staff members are not in danger and cash is secure.

1.6.3.2 Cash is banked regularly and cash takings not banked are held securely. Only authorised employees have access to safes or other secure locations.

1.6.4

In unit sales are reported on a timely basis.

1.6.4.1 All POS transactions are reported accurately to the finance centre in line with reporting timetables.

1.6.4.2 Transactions at, before or after period end are reviewed to ensure they are recorded in the correct accounting period.

1.6.4.3 The cut-off policy for cash is applied consistently in all reporting to finance centres in accordance with Group timetables.

1.6.5

Cashless system balances are appropriately reconciled.

1.6.5.1 Reconciliations of cashless sales (individual customer cards / balances) to the overall net balance held at the unit are performed at least once a month. Variances identified are investigated and action taken if necessary.


1.7.1

Assets (both cash and stocks) within vending machines are safeguarded.

1.7.1.1 All vending machines, stock and cash are physically safeguarded through locks. Access to vending machine contents is restricted to authorised personnel.

1.7.2

Cash is received for all sales made through vending machines, cash and sales are recorded appropriately and timely.

1.7.2.1 Defined procedures exist for collecting and safely securing and banking cash from vending machines. These procedures are communicated to all relevant personnel. Management monitors compliance with these procedures.

1.7.2.2 Sales from vending machines and cash collected are recorded on a timely basis and in line with the Group Accounting Policies &



Procedures Manual.

1.7.2.3 Cash collected and banked is reconciled to vending machine ‘counter’ sales figures reported and value of stock consumed. Any variances are investigated and cleared.

1.7.2.4 Cut-off procedures are applied in line with Group Accounting Policies & Procedures.

1.7.2.5 Vending gross margins are periodically reviewed to determine whether appropriate sales / costs / cash receipts have been recorded and pricing within machines is appropriate. Any discrepancies are investigated and resolved on a timely basis.

1.8 Invoicing & revenue adjustments

1.8.1

All services provided are invoiced accurately in line with contracts and are recorded in the general ledger appropriately.

1.8.1.1 Invoices including contractually entitled discounts applied are automatically priced by the system based on approved contract terms and prices within the client master file (including management fees if relevant). Access to perform manual overrides of prices at the stage of invoice creation is restricted and any changes required to invoice amounts are authorised by management prior to issue. Sample checks of invoice prices are performed against contracts.

1.8.1.2 The calculation and application of tax amounts on invoices is automatically performed by relevant systems whose programming is regularly checked by tax professionals to ensure appropriate operation. Systems are maintained in line with ‘General Computer Controls’ section 10.

1.8.1.3 Where appropriate management fees are separately recorded on sales invoices in line with contract terms and conditions. Changes or amendments are appropriately authorised by management and the client.

1.8.1.4 The system automatically posts all invoiced amounts to the proper accounts in the general ledger.

1.8.2

All necessary invoices are issued.

1.8.2.1 Invoice generation timetables / frequency are maintained either within appropriate systems or manually. Invoices are generated based on required timetables / frequency (or adhoc for single projects) and relate to actual services provided.

All invoices are sequentially numbered by the system and accounted for on a regular basis to ensure completeness.



Any additional approved client orders or services provided outside of the client contract are recorded accurately within the general ledger and invoices raised and issued.

1.8.2.2 Invoices or elements thereof rejected by clients are reviewed by the client manager and are discussed with clients. Appropriate corrective action is taken where required and invoices are re-issued.

(See ‘Client and Customer Management’ section and Credit note section below).


1.8.3

All credit notes issued are approved, calculated accurately and are recorded within the correct accounting period.

1.8.3.1 A policy exists regarding criteria for issuing credit notes; compliance with this policy is monitored.

1.8.3.2 Credit notes are approved by authorised individuals and where appropriate, reconciled to supporting documentation or contract terms prior to issue.

1.8.3.3 Credit notes issued at, before or after period end are reviewed to ensure they are recorded in the correct accounting period.

1.8.3.4 All credit notes are sequentially numbered by the system and accounted for on a regular basis to ensure completeness.


1.9.1

Receipts from clients are applied to the correct client receivable account on a timely basis. Receipts are reviewed for appropriateness.

1.9.1.1 Receipts and remittance documents received are matched against specific client outstanding invoices. Discrepancies between payment amounts and outstanding balances are investigated and resolved in a timely manner.

1.9.1.2 Receipts that are not immediately applied to a client account are recorded (in an unapplied receipts account if applicable). The unapplied receipts account is reconciled on a monthly basis and unapplied receipts are investigated and cleared in a timely manner.

1.9.1.3 Deductions taken by clients are properly authorised. All unauthorised deductions are investigated and resolved in a timely manner.

1.9.2



Sales related accounts are regularly reconciled and analysed to ensure the general ledger captures all relevant financial information. Any reconciling items or exceptions are investigated and cleared on a timely basis.

1.9.2.1 The accounts receivable sub-ledger is reconciled to the general ledger on at least a monthly basis. Reconciling items are investigated and resolved on a timely basis. Management reviews and approves reconciliations.

1.9.2.2 Accrued and deferred revenue balances are reconciled and analysed on a routine basis to ensure appropriate accounting treatment is adhered to in line with Group Accounting Policies and Procedures Manual. Management reviews and approves reconciliations.

1.9.3

Recoverability of accounts receivable is reviewed on a regular basis and additional collection procedures applied if necessary.

1.9.3.1 Documented procedures exist and are applied to monitor and collect overdue debts (includes legal measures to be taken where necessary). This policy is communicated to all relevant personnel.

1.9.3.2 Management regularly reviews aged accounts receivable analysis, and client accounts that are regularly overdue to determine appropriate follow-up actions. Any balances requiring follow-up are identified and acted upon on a timely basis.

1.9.4

Reserves/provisions are established for doubtful/bad debts in accordance with local policy.

1.9.4.1 Accounts receivable for which collectability is deemed doubtful are provided for in line with local policy, applying guidance through Group Accounting Policies and Procedures Manual. Bad debts are written off in a timely manner following proper authorisation.

1.9.4.2 On a periodic basis, management compares the provision for doubtful accounts balance to the results of their review of the accounts receivable ageing. Adjustments to provisions for doubtful accounts are appropriately approved and recorded on a timely basis.

1.9.5

In Unit credit sales are only performed in line with defined policy.

1.9.5.1 Policies and procedures exist regarding credit sales in Units including when these can be performed and appropriate authorisation required for these sales.



1.10 Revenue recognition

1.10.1

Revenue is recognised in accordance with the Group Accounting Policies and Procedures Manual.

1.10.1.1 All revenue is recognised in line with the Group Accounting Policies and Procedures Manual. Financial Management periodically monitors compliance with these policies.

1.10.1.2 All client contracts/agreements clearly define relevant sales terms. Management monitors compliance with these sales terms.

1.10.1.3 Invoices raised and revenue recorded are reviewed at, before and after accounting period ends to ensure they are recorded within the correct period.

1.10.1.4 Management performs budget to actual and prior year reviews for sales related accounts (sales, cost of sales, accounts receivable, inventory) each period end. Any significant unusual relationships are investigated and any required corrections made in a timely manner.

1.10.1.5 Sales related taxes are calculated based on client data within the client master file.

Notes

See also section 1.10 regarding accounts receivables and provisions for bad and doubtful debts.


1.11.1

Access to the client master file is appropriately restricted and maintenance access is segregated from transaction processing.

1.11.1.1 The ability to view and modify the client master file is restricted to only necessary and authorised personnel. These personnel do not have the ability to enter sales credit notes and / or accounting transactions.

1.11.1.2 Access rights are reviewed periodically by management, and access rights withdrawn where required.

1.11.2

All changes to the client master file are valid, approved and accurately input in a timely manner.



1.11.2.1 Changes to the client master file are approved by management and documentation supporting the change exists and is retained. All changes are made accurately and on a timely basis.

1.11.2.2 Change reports for the client master file are periodically reviewed against supporting documentation to ensure changes made are appropriate.

1.11.3

The client master file is reviewed by management.

1.11.3.1 Data within the client master file is regularly reviewed by management for accuracy and appropriateness. This includes review of client credit terms and discounts to highlight any non-standard terms. Any non-standard terms identified are investigated and resolved.


2 Expenditure, page 1 of 13


2. Expenditure Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents

Application of controls 1 2.1 General 2 2.2 Selection and evaluation of suppliers 3 2.3 Purchasing: overhead and capital expenditure 5 2.4 Purchasing: consumables and food expenditure 6 2.5 Goods received and processing accounts payable 7 2.6 Processing payments 10 2.7 Maintaining product / supplier master file 12 2.8 Purchasing discounts 13

Application of controls guidance

Company level Application of controls

Group All controls are applied by Group expenditure functions, excluding 2.4 and 2.6.



All controls are applied by Operating Companies / Countries, excluding 2.4 and 2.8.

Operating Companies / Countries should provide guidance on the operation of these controls to Units.

Units Unit personnel should perform all relevant controls, excluding 2.6 to 2.8.

Expenditure, page 2 of 13


2

2.1. General

2.1.1

Expenditure processes are clearly defined and communicated. Processes cover all types of expenditure from cost of sales, to general expenses (administration, professional fees, marketing, outsourcing contracts) and capital expenditure.

2.1.1.1 Documented policies and procedures / defined processes are in place for the expenditure functions. These include:

• Supplier selection and evaluation procedures

• Purchase approval process (including approval limits)

• Recording of accounts payable

• Payment initiation and authorisation procedures

• Accounting for accruals and pre-payments

• Procedures for recognising purchasing discounts

• Credit note and adjustment authorisation procedures

These policies and procedures / processes are periodically reviewed and updated where required and are communicated to all relevant personnel.

2.1.1.2 Roles and responsibilities within the expenditure functions are well defined. These roles allow appropriate segregation of duties within the purchasing, goods receipt, accounts payable, payment authorisation and supplier management functions.

2.1.2.

Expenditure related systems are appropriately controlled.

2.1.2.1 Expenditure related systems are managed and controlled in line with ‘General Computer Controls’ section 10.

2.1.3.

Expenditure and purchasing income is appropriately accounted for.

2.1.3.1 Accounting for expenditure and purchasing income is performed in line with the Group Accounting Policies & Procedures Manual. Finance management reviews accounting for expenditure and purchasing income to determine whether this has been performed appropriately.



2

2.2. Selection and evaluation of suppliers

2.2.1

Processes for selecting all suppliers are well defined and performed in line with company policies. Suppliers are selected in accordance with defined and approved selection criteria.

2.2.1.1 Supplier selection decisions are reviewed and approved by management to determine whether the selection steps completed are appropriate and in line with applicable policies and procedures.

2.2.1.2 The purchasing function approves and performs due diligence of all new suppliers, including supplier product quality and financial stability and appropriate ethical background checks. Due diligence is consistently performed in line with documented and approved criteria. Only suppliers who meet the criteria are selected and approved.

2.2.1.3 Expenditure policies and procedures contain adequate guidelines for selection of suppliers, including tendering processes, approved suppliers and, where applicable, use of local or unauthorised suppliers. Guidelines provide direction, either financially or by reference to expenditure type, as to which type of selection process is appropriate.

2.2.1.4 Documented policies and procedures exist in relation to tendering. These include approval of contract specifications, supplier bidding processes and procedures, tender receipt and opening procedures, selection and evaluation criteria and selection approval.

Application of these procedures is monitored by appropriate purchasing management. Any deviations from procedures require specific management approval.

2.2.2

Supply / service contracts are held with all suppliers and are appropriately authorised and entered into at arms length.

2.2.2.1 Master supply / service contracts are held for all suppliers. All contracts are documented and readily available.

2.2.2.2 All supply / service contracts are reviewed and formally approved by management prior to execution and in accordance with the Group Approvals Manual. Where applicable, contracts contain standard terms and conditions and service level agreements.

Proper authorisation (signatures) is present on all contracts.



2 2.2.2.3 Any variations to existing supply / service contracts are approved

in accordance with Group Approvals Manual. This includes processes used in assessing potential liabilities related to the contract terms and conditions.

2.2.2.4 Purchasing management follows appropriate procedures to ensure that supply / service contracts are with “arms-length” entities and without apparent or actual conflicts of interest or ownership. Further reputable business practices are applied when selecting suppliers.

2.2.2.5 Supplier entertainment is declared and appropriately recorded in accordance with policies and procedures. This is reviewed by management and appropriate action taken where necessary.

2.2.3

Lists of approved products and suppliers exist and are communicated to the relevant businesses. Non-compliance with the list is appropriately monitored and investigated.

2.2.3.1 List of approved products and suppliers exist and are communicated to the relevant businesses. Only approved additions and amendments to the list are processed. Access to amend the list is restricted to authorised individuals.

Where a manual list is maintained, responsibility for communicating updates is allocated to specific individuals.

2.2.3.2 Systems are in place to monitor the use of unapproved products and suppliers. Volumes purchased are compared to those anticipated and supplier lists are regularly reviewed for unusual items. Unexpected use of unapproved products or suppliers is investigated and appropriate action taken.

2.2.3.3 Defined policies and procedures exist in relation to terminating contracts / supplier accounts. These include processes for removing suppliers from the approved supplier list, de-activating supplier accounts within the master file and appropriate reconciliation of supplier accounts to identify any outstanding receivables (e.g. rebates, credit notes).

Application of these procedures is monitored by appropriate purchasing and accounting personnel. Any deviations from procedures require specific management approval.

2.2.4

Supplier and distributor performance against contracts is monitored to ensure quality and service levels are appropriate.

2.2.4.1 Open lines of communication exist between purchasing and operations to feedback comments on supplier performance. Purchasing monitors service levels against agreements and initiates corrective action if performance does not meet expected standards.



2 2.2.4.2 Contingency plans are in place to protect the business from non-

performance by key suppliers. Where possible, for instance, purchasing has agreements with alternative suppliers for each product or service.

2.2.5

The purchasing function ensures the retention of contract documentation is in line with company policy and local statutory requirements.

2.2.5.1 A record retention policy is in place that meets appropriate statutory requirements, including retention of contracts and any other relevant documentation.

Copies of all supply / service contracts and other relevant documentation are appropriately stored in line with the level of access required and the confidentiality of the contents. The purchasing function holds copies of all relevant supply / service agreements to serve as source documents against future orders and issue resolution (i.e. payment terms, prices, discounts). Significant agreements, such as those with strategic partners, are held on a central database and maintained by central purchasing.

2.3. Purchasing: overhead and capital expenditure

2.3.1

All purchases relating to overhead and capital expenditure are valid and appropriately authorised.

2.3.1.1 Criteria for making purchases are clearly defined within the purchasing policies and procedures and communicated by management.

2.3.1.2 All capital expenditure requests are reviewed and approved prior to initiating the purchase order.

Purchase requests for overhead related expenditure are reviewed against the approved budget. Specific management approval is required for non-budgeted amounts and for amounts which exceed the budget allocation from the original authorising body.

A purchase authorisation list is maintained specifying the amounts up to which individuals are authorised to approve purchases. Purchases requiring specific approvals, such as capital items, are clearly defined. Purchases are authorised in accordance with the limits specified. These limits are consistent with the Group Approvals Manual.

2.3.1.3 Purchase orders, raised as appropriate, are reviewed and approved by management prior to mailing to the supplier.



2 2.3.1.4 Procurement cards used for overhead and personal expenses

have set limits and restricted purchase categories. Procurement cards are approved by specific individuals to ensure that card users are appropriate.

Appropriate management periodically reviews / authorises purchases made through procurement cards to ensure that purchases are valid and reasonable. Any unusual or significant items are investigated.

2.3.1.5 On at least a monthly basis (and more frequently as required), appropriate management performs a review of actual expenditure to budget and a sales margin review. Any unusual purchasing activity is investigated, and where necessary corrected, in a timely manner.

Where possible, individuals responsible for reviewing actual expenditure to budget and margin reviews are independent of the functions responsible for initiating and approving purchases. Access to raise purchase orders is periodically reviewed for appropriateness and changes made where necessary.

Notes

Control 2.3.1.2

Prior to approval Section 3 Fixed Assets should be followed for purchases of a capital nature.

2.4. Purchasing: consumables and food expenditure

2.4.1

All purchases of consumables and food stocks are valid and appropriately authorised. A record of purchases made is retained.

2.4.1.1 Criteria for making purchases are clearly defined within the purchasing policies and procedures and communicated by management. All purchase requests should be recorded on an order sheet or appropriate alternative prior to order approval.

2.4.1.2 Purchase requests are reviewed and approved by an appropriate level of management prior to initiating a purchase. Management check that all purchases are approved products and from authorised suppliers.

All purchases should be made inside budget or authorised limits where appropriate. Higher level authority is required for all purchases that exceed budget or authorised limits and for non approved products.

2.4.1.3 Additional levels of approval are required for purchases from



2 unauthorised suppliers. Approval limits are contained within purchasing policies and procedures, including specific limits for cash purchases.

2.4.1.4 Procurement cards used for consumables and food expenditure have set limits and restricted purchase categories. Procurement cards are approved by specific individuals to ensure that card users are appropriate.



Individuals responsible for reviewing actual expenditure to budget and performing margin analysis are independent of the functions responsible for initiating and approving purchases. Where segregation cannot be maintained, additional monitoring of expenditure, such as review by higher level management, is in place.

2.5. Goods received and processing accounts payable

2.5.1

All amounts posted to accounts payable represent valid goods or services received

2.5.1.1 Goods received are matched with the original order documentation raised / purchase orders (where applicable) and delivery notes to confirm that the quantity of goods ordered agree to the quantity received. Appropriate action is taken for variances identified.

Delivery notes not matched to goods received (or other appropriate supporting documentation for services received) are investigated with the supplier concerned and resolved.

2.5.1.2 Goods received and delivery documents are agreed to invoice to confirm appropriate quantities received (and ordered as per 2.5.1.1) and appropriate prices are charged on invoices. Appropriate action is taken for variances identified.



2 2.5.1.3 Unmatched invoices (for example invoices for services) require

specific management approval prior to being processed. Any unauthorised, unmatched invoices are reviewed and appropriate action taken.

2.5.1.4 Credit requests are consistently raised to reflect actual orders received when receipts do not match purchase orders; including overages, shortages and substitutions. Appropriate management monitors credit notes received against credit requests. Credit notes outstanding for long periods are investigated with the supplier.

2.5.1.5 Where applicable, invoices that cannot be matched by the system to an existing product or supplier code are placed on hold. Specific management approval is required to release these invoices.

Guidelines for the treatment of invoices on hold are contained within policies and procedures, including appropriate use of one-time product / supplier accounts and appropriate use of new product / supplier accounts. The application of these procedures and the use of one-time product / supplier accounts are monitored by appropriate management.

2.5.1.6 Access to create one-time product and supplier accounts is restricted to authorised individuals. Use of one time product or supplier accounts is restricted and appropriate authorisation is required for use of these accounts. One time product and supplier accounts are periodically reviewed for usage and any repeat usage is highlighted and appropriate action taken.

2.5.1.7 Prices included on invoices are checked (either manually or electronically) against an approved price list (or contract price) prior to authorisation.

2.5.2

Amounts posted to accounts payable are recorded in the proper accounting period.

2.5.2.1 Supplier invoices, goods received and credit notes received at, before, or after the end of the accounting period are scrutinised and / reconciled to ensure complete and consistent recording in the appropriate accounting period.

2.5.2.2 Cost centre / unit management compares actual expenditure versus budget and margins for reasonableness and to ensure that expenditure is charged to the correct cost centre / unit code. Any significant variances are investigated and appropriate action taken.

2.5.2.3 Statements received from key suppliers are reconciled periodically to the supplier accounts in the accounts payable sub-ledger. All significant differences are investigated and resolved in a timely manner.



2 2.5.2.4 The general ledger accounts payable balance is reconciled to the

accounts payable sub-ledger on a monthly basis and reviewed by appropriate management. All reconciling items are reviewed and corrected in a timely manner.

2.5.3

All credit notes and other adjustments to accounts payable are valid, approved and recorded in the appropriate period.

2.5.3.1 Management reviews and approves credit notes, adjustments and non-systematic debits (e.g., originating from sources other than a payments journal) prior to posting to accounts payable. Credit notes are matched to the credit note request, and where applicable pick-up notes, to ensure that credit received is accurate.

2.5.3.2 A periodic review of non-systematic debit balances is performed by appropriate personnel. Journals to clear debit balances require approval from appropriate management prior to posting.

2.5.4

All costs recorded in the period are properly classified in the appropriate financial statement account (i.e. Pre-payments, Accruals, Accounts Payables) based on payment date and the nature of the underlying expense.

2.5.4.1 Outstanding commitments, including goods receipt notes and unposted invoices, are reviewed at month end and accrued as appropriate.

2.5.4.2 On at least a monthly basis (and more frequently as required), reconciliations of prepaid expense and accrued expense accounts are performed and reviewed by management for accuracy.

2.5.5

Appropriate segregation of duties exists between the recording, approval and reconciliation functions related to accounts payable.

2.5.5.1 Individuals responsible for performing the physical receiving of goods do not have access to record goods received or invoices. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.5.5.2 Individuals responsible for reconciling accounts payable sub-ledgers to supplier statements are independent of the purchasing, recording, receiving and payment functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.



2 2.5.5.3 Purchase initiation, recording and approval functions are

adequately segregated from payment initiation, payment and approval functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

Notes

Adequate and appropriate justification should be provided if controls 2.5.1.1, 2.5.1.2 and 2.5.1.3 are not in place.

2.6. Processing payments

2.6.1

All payments are valid, authorised, paid to appropriate suppliers and recorded in the appropriate period.

2.6.1.1 Payment processes are well defined and performed in line with company policies. Processes include electronic and manual payment methods, unusual transactions and special payments. Management ensure processes are being performed appropriately.

2.6.1.2 The accounts payable system automatically identifies approved / matched invoices that are due for payment and creates a ‘payment run’ file. Where systems do not perform the above function invoices are manually reviewed to determine whether they are due for payment and a payment list of invoices is created.

2.6.1.3 Payments are made only against approved processed invoices.

Invoices and supporting documentation are marked appropriately and filed once payment is made to prevent reuse.

2.6.1.4 Payments are made on a timely basis and take advantage of any prompt payment discounts where beneficial.

2.6.1.5 Specific approval is required for special payments (as defined with Group Approvals Manual), unusual transactions and payments that exceed established limits, for example early payment requests.

2.6.1.6 Appropriate management reviews a listing of supplier payments prior to release. Any significant or unusual payments are reviewed against supporting documentation and for appropriate authorisation.



2 2.6.1.7 Reviews are performed and appropriate approvals obtained for

suppliers requiring pre-payments. Pre-payments are recorded against the specific suppliers concerned.

2.6.1.8 Direct debits and other standing orders are reviewed at least annually. Mandates which are no longer required are promptly cancelled and investigations into potential over-payments are performed where appropriate. Any amendments to mandates are formally approved in accordance with Group Approvals Manual.

2.6.1.9 An aged creditors listing is periodically produced and reviewed by management. Any unusual items or old outstanding items are investigated and resolved.

2.6.2

Adequate control is maintained over payment related assets.

2.6.2.1 Cheques and other methods of payment are sequentially pre-numbered; the sequence of processed items is accounted for and the spoiled cheques are voided to prevent reuse and filed for subsequent inspection.

2.6.2.2 Cash and cheque stock is held securely and is accessible only to specifically authorised personnel.

2.6.2.3 Petty cash vouchers are issued for all cash taken for purchases. Vouchers are held in the safe until receipts are received, vouchers are reconciled to the actual purchase cost and any additional payments / re-payments are made.

All cash purchases are supported by receipts. Any exceptions require specific management approval.

2.6.2.4 Authorisation levels for signing cheques and executing electronic funds transfers are documented within local policies and are specified within bank mandates.

Individuals who sign cheques and execute electronic fund transfers are authorised to do so.

Management periodically reviews returned paid cheques for unauthorised signatures, alterations, and/ or endorsements.

(See Treasury section for further payment controls).

2.6.2.5 Total approved payment balance created within applicable banking systems is agreed to any bank confirmations received and variances are discussed with the bank and appropriate actions taken where necessary.

2.6.3

Appropriate segregation of duties exists between the recording, approval and reconciliation process related to payments.

2.6.3.1 Individuals responsible for the payment creation function are independent of payment approvals.



2 2.6.3.2 Individuals responsible for the reconciliation of accounts payable

information to supplier statements are independent of the payment creation and approval functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.7. Maintaining product / supplier master file

2.7.1

All changes to product / supplier master file are valid, complete and accurately input in a timely manner. Product / supplier master file data remains accurate and access to the master files is restricted to authorised personnel.

2.7.1.1 Requests to change the product / supplier master file are documented on standard forms accompanied by appropriate supporting documentation (for example contracts, letters from suppliers requesting changes to bank details or address).

All change requests are reviewed for validity and authorised by appropriate individuals.

2.7.1.2 Changes to the product / supplier master file are reported and compared to authorised source documents to ensure that they were input accurately.

2.7.1.3 Requests to change the product / supplier master file are logged; the log is reviewed to ensure that all requested changes are processed on a timely basis.

2.7.1.4 Edit-change reports for the supplier master file are periodically reviewed and changes to the supplier master file are agreed to supporting documents. Any unusual / unsupported items are investigated and appropriate action taken. Review of edit-change reports is appropriately segregated and performed by an individual without access to the supplier master file.

2.7.1.5 The product and supplier master file are reviewed periodically by management for accuracy and appropriateness. Review of the supplier master file includes a review of payment terms to highlight supplier terms that do not conform to the expected payment terms documented within company policy.

Any duplicate or unused accounts (i.e. any accounts not used for a period specified by management) are de-activated or removed.

2.7.1.6 Management periodically reviews access reports to the product / supplier master file to ensure it is limited to authorised individuals. Access is password protected and passwords expire.



2 2.7.1.7 Adequate segregation of duties is maintained between supplier

master file maintenance and supplier selection, approval and management functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.7.1.8 Individuals responsible for supplier master file maintenance do not have access to purchasing functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.8. Purchasing discounts

2.8.1

Purchasing discounts are accounted for in line with the Group Accounting Policies Manual.

2.8.1.1 Purchasing discounts are accounted for in accordance with Group Accounting Policies and Procedures Manual. Appropriate management reviews the recording of purchasing discounts to ensure consistency with these policies and procedures.

2.8.1.2 Appropriate intra company entries are made in both party's accounts for purchasing discounts collected from a central buying function. Procedures for recording; reconciliation and elimination of balances are performed in line with the Group Accounting Policies and Procedures Manual.

2.8.1.3 Management reviews whether all expected purchase discounts are received. Any purchase discounts not received are communicated and followed up with the relevant supplier.

2.8.1.4 Management should review the movements in purchasing discounts by understanding the cause of change.


3. Fixed Assets Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents

Application of controls 1 3.1 General 2 3.2 Acquisition of fixed assets 3 3.3 Use & maintenance of fixed assets 3 3.4 Disposals 4 3.5 Recording of fixed assets & managing of fixed asset register 4 3.6 Depreciation and amortisation 5 3.7 Fixed asset security 6 3.8 Leased assets 6 3.9 Intangible assets and goodwill 7



Group All controls are applied by appropriate Group personnel.



All controls should be applied by appropriate Operating Companies / Countries.

Operating Companies / Countries should provide guidance to units on the operation of these controls.

Units Unit personnel should perform section 3.7

Fixed Assets, page 2 of 7


3

3.1 General

3.1.1

Fixed asset processes are clearly defined and communicated.

3.1.1.1 Documented policies and procedures / defined processes are in place for the management of fixed assets these include:

• Acquisitions

• Use and maintenance of assets

• Disposals

• Asset specific policies and procedures for

o Physical assets

o Investments

o Intangibles

o Goodwill

o Leases


3.1.1.2 Roles and responsibilities for managing fixed assets are well defined. These roles provide appropriate segregation of duties.

3.1.2

Fixed asset management systems are appropriately controlled.

3.1.2.1 Fixed asset management systems are managed and controlled in line with ‘General Computer Controls’ section 10.

3.1.3

Fixed assets are appropriately accounted for.

3.1.3.1 Accounting for fixed assets is in line with the Group Accounting Policies and Procedures Manual. Finance management reviews accounting for fixed assets to determine whether this has been performed appropriately.



3

3.2 Acquisition of fixed assets

3.2.1

Capital expenditure is valid and approved.

3.2.1.1 Appropriate analysis of any capital expenditure is performed including pre-acquisition due diligence and analysis of all associated costs. Legal, accounting, treasury, human resource and tax departments, as applicable to the acquisition, are involved in the due diligence process.

Capital expenditure requests are reviewed against any supporting documentation, business cases or due diligence, assessed for appropriateness and authorised in line with Group Approvals Manual.

3.2.1.2 Capital expenditure invoices are approved in line with the Group Authorities Manual. Invoices are reviewed against initial authorisation of spend and any other appropriate supporting documentation prior to approval. Accruals are only raised for items that are received but not yet invoiced.

3.2.1.3 Management compares actual spending versus approved expenditure requests for reasonableness. Any unusual items are promptly reviewed and resolved as required.

3.2.1.4 Management monitors compliance with all significant policies concerning fixed assets. All exceptions to fixed asset policies and procedures noted are raised to the appropriate level within the Operating Company / Division or Group and pursued to proper resolution.

3.2.1.5 Where applicable, work in progress balances are reconciled to appropriate supporting documentation and unusual items are properly resolved. Processes are in place to transfer assets out of work in progress on completion in a timely manner.

3.3 Use & maintenance of fixed assets

3.3.1

Records of fixed asset maintenance requirements and activities are accurately retained.

3.3.1.1 Where applicable asset maintenance schedules are prepared, updated and monitored by management. Activity per the asset maintenance schedule is reviewed against the asset maintenance



3 history regularly to determine whether required maintenance has been performed.

3.3.1.2 Where applicable asset usage and maintenance requirements are periodically reviewed and updated to determine whether these requirements have changed.

3.4 Disposals

3.4.1

Disposals are appropriately authorised.

3.4.1.1 Disposals are made following a thorough review of options, and assessment of impact on results, cash flow and Return on Capital Employed (ROCE) of the business. The outcome of this review is assessed and the disposal decision is approved by appropriate management as defined by the Group Approvals Manual. A disposal form should be completed promptly and sent to appropriate personnel in the fixed asset function.

3.4.2

Profit or loss on disposal is appropriately calculated and the disposal is appropriately recorded.

3.4.2.1 Gains and losses are calculated and accounted for in accordance with Group Accounting Policies and Procedures Manual. Calculation and accounting is independently verified prior to being recorded.

3.5 Recording of fixed assets & managing of fixed asset register

3.5.1

All fixed assets are appropriately and accurately recorded. All changes to the fixed asset register are valid.

3.5.1.1 A fixed asset register is maintained & periodically reviewed for accuracy and reasonableness by management.

3.5.1.2 Changes made to the fixed asset register are approved by management. Changes made are checked against source documentation for accuracy.

3.5.1.3 The fixed asset register is reconciled to the General Ledger on a monthly basis. Reconciling items are investigated and corrected.



3 Reconciliations are independently reviewed by management.

3.5.1.4 Individuals with access to amend the fixed asset register are independent of the purchasing functions. This access is periodically reviewed by management for appropriateness.

3.5.1.5 Fixed asset counts (from both register to asset and asset to register) are carried out periodically on significant / moveable assets and reconciled to the fixed asset register and any discrepancies are investigated and corrected.

3.5.1.6 Any unused fixed assets identified by management are reviewed on the fixed asset register and their value written down accordingly.

3.5.1.7 Ownership of fixed assets is identified when entering a site i.e. whether these belong to Compass or to the client. This is agreed in writing with the client and appropriate entries made to the general ledger and fixed asset register.

3.6 Depreciation and amortisation

3.6.1

Depreciation and amortisation charges are valid and accurate.

3.6.1.1 Depreciation and amortisation lives are periodically reviewed to determine whether they are appropriate and in line with Group Accounting Policies and Procedures Manual.

3.6.1.2 Depreciation and amortisation charges and calculation methods are periodically reviewed by management to ensure that they are reasonable and in accordance with the Group Accounting Policies and Procedures Manual. Overall charges are subject to an independently performed reconciliation monthly.

3.6.2

Depreciation and amortisation is calculated and applied on fixed assets in line with the Group Accounting Policies and Procedures Manual.

3.6.2.1 Depreciation and amortisation charges start in the correct period as defined by the Group Accounting Policies and Procedures Manual.



3 3.7 Fixed asset security

3.7.1

Fixed assets are adequately safeguarded.

3.7.1.1 Security processes exist to safeguard assets for example restricting building access to authorised individuals and physically securing mobile assets where appropriate.

Notes

Control 3.7.1.1

Appropriate security measures to safeguard assets should be put in place. These measures could include physical security such as swipe passes, locked doors, tagging assets and perimeter fences or monitoring security such as CCTV cameras or security guards. The type of security required will depend upon the type of asset.

3.8 Leased assets

3.8.1

Finance and operating leases are appropriately authorised in line with Group Approvals Manual.

3.8.1.1 New finance and operating leases are approved in accordance with Group Approvals Manual.

3.8.2

Leased assets are authorised and are appropriately accounted for.

3.8.2.1 Leases are accounted for correctly in accordance with Group Accounting Policies Manual and local accounting standards

3.8.2.2 Management reviews leases entered into to determine whether they are being accounted for appropriately.



3 3.9 Intangible assets and goodwill

3.9.1

Intangible assets are recorded at fair value.

3.9.1.2 The value of intangible assets / goodwill is calculated when purchased and management reviews these calculations to determine whether they are appropriate.

3.9.1.3 Intangible assets and goodwill are annually reviewed by management for impairment in line with Group Accounting Policies and Procedures Manual.


4. Financial Closing & Reporting Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents

Application of controls 1 4.1 General 2 4.2 Defining the financial closing and reporting process 2 4.3 Performing the accounting period close 3 4.4 Consolidation 6 4.5 Disclosure and financial statement review and preparation 7 4.6 Budgeting and forecasts 8



Group All controls are applied by appropriate Group personnel with the exception of 4.3.6.1-3.



All controls should be applied by finance functions.

Units Controls contained in 4.3.4.4

4 Financial Closing & Reporting, page 2 of 8

4.1 General

4.1.1

Financial Closing and Reporting processes are clearly defined and communicated.

4.1.1.1 Documented policies and procedures / defined processes are in place for the Financial Closing and Reporting functions.


4.1.1.2 Roles and responsibilities within finance functions are well defined. These roles provide appropriate segregation of duties within these functions.

4.1.2

The general ledger and finance systems are appropriately controlled.

4.1.2.1 The general ledger and finance systems are managed and controlled in line with ‘General Computer Controls’ section 10.

4.1.3

Financial transactions are appropriately accounted for.

4.1.3.1 Accounting for all transactions, is performed in line with the Group Accounting Policies and Procedures Manual. Finance management reviews all period-end tasks to determine whether this has been performed appropriately.

4.2 Defining the financial closing and reporting process

4.2.1

The financial closing and reporting process is well-established and appropriately documented, including internal and external deadlines; the methodology, format, and frequency of required analyses; and the content of reporting information from subsidiaries.

4.2.1.1 Accounting policies, Group procedures (financial & non-financial), templates and timetables for communicating relevant information affecting the financial closing and reporting process are sufficiently documented and these are communicated to all subsidiaries.

4.2.1.2 All policies, procedures, templates and timetables are reviewed and updated as necessary. Any changes are authorised by Group and communicated to all subsidiaries on a timely basis.



4.2.1.3 Any departure from Group Accounting Polices and Procedures Manual is communicated to Group Finance and requires specific authorisation.

4.2.1.4 Month-end closing checklists exist and are maintained and used for critical tasks to be performed during period end close. Management performs a review of completed checklists to ensure all tasks have been performed and in a timely manner.

Any updates to the checklist are approved by management and communicated to all subsidiaries in a timely manner.

4.2.2

The Chart of Accounts is reviewed and updated as necessary by appropriate personnel. Any changes made are appropriately authorised and mapped to the local chart of accounts by all subsidiaries.

4.2.2.1 Access to maintenance of the charts of accounts is restricted to authorised individuals.

Access rights are reviewed regularly by management to ensure only authorised individuals have access to make any changes.

4.2.2.2 All requests for changes to the chart of accounts are reviewed and approved by management prior to any change being made. Maintenance changes are reviewed against source documentation to ensure that they are made accurately and approved changes are communicated to all subsidiaries.

4.2.2.3 All subsidiaries’ general ledger accounts are mapped against the Group Chart of Accounts and this is captured by local management.

4.3 Performing the accounting period close

4.3.1

Accounting period close is authorised, performed appropriately and timely.

4.3.1.1 Final transactions (sub-ledger/sub-system) are received into the general ledger system prior to the accounting period close. Accounting periods are closed in line with Group Reporting Timetable unless separate arrangements have been authorised by Group Finance.

4.3.1.2 The opening and closing of posting periods is restricted to authorised individuals, access to open and close accounting periods is reviewed regularly by management and appropriate action taken where necessary. The reopening of accounting periods requires specific management and Group Finance approval.

4.3.1.3 Subsequent to period close, management performs a review of any journal entries (and supporting documentation) posted into the prior period for appropriateness and current equivalent need. Any unusual items are investigated and resolved.



4.3.1.4 Cut-off procedures are in place to ensure all relevant transactions are included within the accounts completely. Management performs a review or spot check of cut off to determine whether this is performed appropriately.

4.3.2

General ledger account balances are regularly reconciled and analysed to ensure the general ledger captures all relevant financial information. Any reconciling items or exceptions are investigated and cleared on a timely basis.

4.3.2.1 General ledger account balances populated through subsidiary ledgers are reconciled to those ledgers to ensure all appropriate transactions have been captured and erroneous or inappropriate postings have not been made. Reconciliations are performed on a regular basis and are accompanied by any necessary supporting documentation. All reconciling items identified are investigated and cleared on a timely basis.

4.3.2.2 General ledger account balances populated directly by finance or sources other than subsidiary ledgers should be analysed for appropriateness either through reconciliation or account investigation and analysis. Account analyses are performed on a regular basis in line with Group policy and are accompanied by any necessary supporting documentation. All reconciling or unexplained items are investigated, reported to management and resolved on a timely basis.

4.3.2.3 Independent management reviews all general ledger account reconciliations and account analyses performed for appropriateness and clearance of anomalous items.

4.3.2.4 All suspense accounts are identified and reviewed on a timely basis. Any items within these accounts are cleared prior to the period end close or reclassified into the appropriate account. Any uncleared balances are investigated and resolved.

4.3.3

Non routine events and transactions are valid, properly recorded and accurately processed in the appropriate accounting period.

4.3.3.1 Written policies and procedures specifying appropriate treatment for major types of non routine events and transactions exist and are communicated to all finance personnel. Appropriate application of these policies and procedures is monitored by management.

4.3.3.2 All necessary accruals, prepayments, provisions and other non routine transactions are captured and appropriately accounted for within the general ledger. All postings are accompanied by supporting documentation and appropriate justification.

4.3.3.3 Management reviews and approves all accruals, prepayments, provisions and other non-routine transactions and any supporting documentation and raises journals as appropriate to record the transactions in the general ledger.



4.3.4

Journal entries are independently reviewed, validated, authorised and properly recorded in the appropriate accounting period.

4.3.4.1 Access to post journals within the general ledger is restricted to appropriate personnel. Access rights are reviewed by management on a regular basis and appropriate action to change access rights is taken timely.

4.3.4.2 Journal entries have adequate supporting documentation and are reviewed and approved independently prior to posting.

4.3.4.3 Approved journal entries are posted and then posted entries are checked back to authorised documentation to ensure accurate posting within the general ledger and the correct accounting period.

4.3.5

Subsidiary financial information is prepared in-line with local accounting principles and Group Policy.

4.3.5.1 Required adjustments are performed by all subsidiaries to ensure they are line with local statutory requirements for accounts which require submission to local authorities as necessary. All adjustments made are reviewed and approved by management.

4.3.5.2 Required adjustments are performed by all subsidiaries to ensure Group reported numbers are in line with Group Accounting Policy and Procedures Manual prior to submission to Group. All adjustments made are reviewed and approved by management.

4.3.6

Subsidiary accounts are appropriately reviewed prior to submission to Group to ensure accounts reflect the underlying financial records accurately.

4.3.6.1 Subsidiary financial data is reviewed by management, validated against prior period history and / or budget, or any other appropriate records and approved. Any unusual account balances are investigated and documented by management timely.

4.3.6.2 For each significant non-routine event or transaction in the numbers to be submitted to Group, supporting analysis is prepared and documented in-line with Group Accounting Policies and Procedures. Supporting documentation is reviewed and approved for appropriateness.

4.3.6.3 Financial information to be submitted within Hyperion by subsidiaries is reconciled back to the trial balance prepared directly from the subsidiary general ledger. Supporting information for significant items to be included within Hyperion is reviewed and approved for reasonableness.

4.3.7

Foreign currency exchange rates used to translate reported financial balances are accurate, approved and correctly applied.



4.3.7.1 Foreign exchange rates to be used by finance are adequately documented within the Group Policy. All rates input into systems and used by subsidiaries for reporting and are checked to ensure they are consistent with rates issued by Group.

4.4 Consolidation

4.4.1

Financial information is submitted for monthly consolidation in accordance with financial closing and reporting guidelines specified by Group Policy.

4.4.1.1 Sub-entities submit all necessary financial information (including KPIs) for consolidation to Group monthly within the timeframe specified by Group Policy. Any exceptions to the timeframe are communicated to Group on a timely basis and approval appropriately sought.

4.4.1.2 All sub-entity financial data is accurately and completely captured by Group and a checklist exists to monitor the receipt of all subsidiary data and schedules expected. Any outstanding information is identified and followed up on a timely basis to ensure all data required for consolidation is present. All country submissions are checked for reasonableness in Hyperion.

4.4.1.3 Financial information and supporting information for significant amounts, exceptional items or significant judgements and estimates received from sub-entities is reviewed to ensure all data is accurate and consolidation entries are valid and complete. Any unusual items or balances identified are investigated and resolved and required adjusting journal entries are authorised by management prior to posting.

4.4.1.4 All intra-company balances are identified, reconciled, and properly eliminated (Refer to Intra-Group section of Group Accounting Policies & Procedures Manual for further details).

4.4.1.5 Monthly consolidation journal entries are compared to last period, assessed for reasonableness and agreed to supporting documentation before being approved and posted.



4.5 Preparation and review of local financial statements

4.5.1

Annual and Bi-annual financial statements prepared in accordance with local statutory requirements and are accurate and all necessary information is disclosed appropriately and reviewed.

4.5.1.1 Up-to-date disclosure checklists (or other suitable mechanisms) are used to ensure that all relevant financial information is disclosed appropriately within the financial statements in accordance with local statutory requirements.

Each entity provides local financial statements to local authorities and has those statements reviewed or audited by appropriate external professionals.

4.5.1.2 Group Finance collect all relevant information from subsidiaries for disclosure in a timely manner.

4.5.1.3 All non-financial information to be reported in the financial statements is reviewed for appropriateness against supporting documentation and approved by Group Finance.

4.5.1.4 All journal entries to establish a restructuring reserve are properly supported, reviewed, approved and recorded in the appropriate general ledger.

4.5.2

Financial Statements are prepared and submitted in compliance with local statutory requirements.

4.5.2.1 Local and Group financial statements are reconciled to general ledgers to ensure completeness. Any variances are investigated and rectified in a timely manner.

4.5.2.2 Local and Group financial statements are reviewed by management, validated against historical figures and approved. Any unusual account balances are investigated and documented by management timely.

4.5.2.3 Draft financial statements and all related disclosures are reviewed and approved by appropriate personnel prior to submission to regulatory bodies.

4.5.2.4 A check is in place to ensure Group and local financial statements are submitted in a timely manner in accordance with local country requirements and regulations.

Notes

Compass Group follows the same procedures as above for companies directly owned by Group.



4.6 Budgeting and forecasts

4.6.1

Budgets and forecasts are prepared, authorised and submitted to Group in line with Group Reporting Timetable.

4.6.1.1 Annual budgets are prepared, reviewed by management, approved, and submitted to Group within the expected timelines as outlined within Group Policy.

4.6.1.2 All subsidiary budgets are reviewed by Group and formally approved.

4.6.1.3 Any requests for changes to the budget are authorised in writing by the Group Finance Controller / Group Finance Director as appropriate.

4.6.1.4 Forecasts are prepared and are updated on a regular basis to reflect actual expectations of operational results. All changes to forecasts are reviewed by management and submitted on a quarterly basis to Group.

4.6.1.5 Actual figures are monitored against budgets and forecasts, and variances between actual and budget/forecasts are reviewed, investigated and approved. Any overspend above local applicable limits must be justified and formally approved.

4.6.1.6 Management reporting packs produced are reconciled to source financial information to ensure they are complete and accurate. Appropriate management reviews and approves management reporting packs prior to submission.

4.6.1.7 Monthly and quarterly reporting packs are completed by subsidiaries and submitted to Group in line with required deadlines. Reporting packs include commentary on actual versus budget figures including justification of any significant variances reported, cash flow statements and highlight any significant events or unusual transactions.

Group management review reporting packs submitted and take appropriate action where required, including requesting further information or justification on figures reported.



5. Stock Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents


5.1. General 2

5.2. Receipt and storage of stock 3

5.3. Stock management 4

5.4. Stock accounting and valuation 5



Group Group should provide guidance on the operation of stock controls.


All relevant controls are applied by Operating Companies / Countries.

Operating Companies / Countries should provide guidance on the operation of these controls to Units.

Units Unit personnel should perform all relevant controls.

Stock, page 2 of 6


5

5.1. General

5.1.1

Stock processes are clearly defined and communicated.

5.1.1.1 Documented policies and procedures / defined processes are in place for stock these include:

• Receipt and storage of stock

• Procedures for managing stock and minimising wastage

• Authorisation and recording of write-offs

• Accounting for stock and stock valuation


5.1.1.2 Roles and responsibilities for stock are well defined. These roles allow appropriate segregation of duties.

5.1.2.

Stock related systems are appropriately controlled.

5.1.2.1 Stock related systems are managed and controlled in line with ‘General Computer Controls’ section 10.

5.1.3.

Stock is appropriately accounted for.

5.1.3.1 Accounting for stock is performed in line with the Group Accounting Policies & Procedures Manual. Finance management reviews accounting for stock to determine whether this has been performed appropriately.

Stock, page 3 of 6


5

5.2. Receipt and storage of stock

5.2.1

Stock receipt and storage processes are well defined and performed in line with statutory requirements and company policies. Stock is stored securely and in appropriate conditions.

5.2.1.1 Documented processes and procedures exist for storage of stock, including safeguarding of stock and storage in line with statutory requirements and company policy. Application of these procedures is monitored by appropriate management. Any exceptions to procedures are identified by this review and are promptly investigated and where appropriate, corrective actions are taken.

5.2.1.2 Stock is received into and stored in physically secure locations. Receipt of stock is performed by authorised personnel.

5.2.1.3 Access to stock receiving systems is restricted to appropriate individuals. Access rights are periodically reviewed by management for appropriateness and changes to access made as required.

5.2.1.4 Stock is stored in appropriate conditioned locations in line with statutory requirements and company policy. Storage conditions are reviewed by management prior to usage and at regular intervals to ensure that they meet the specified criteria. Where applicable a review is equally applied to third party premises.

5.2.2

Goods are received against valid purchase requests. All goods received meet expected quality standards.

5.2.2.1 Receiving staff count and match goods received to purchase request records. Goods received without a corresponding purchase request record, or differences between quantity ordered and received, are queried with delivery personnel and adjustments agreed and recorded on delivery documentation.

Discrepancies are recorded on the delivery documents awaiting credit note / adjustment from the supplier.

5.2.2.2 Receiving staff inspect goods to identify damaged products and products falling below quality assurance standards. Only products passing quality inspection are used. Rejected products are adequately segregated from other products and queried with and removed by delivery personnel.

Discrepancies are agreed and recorded on delivery documentation awaiting credit note / adjustment from the supplier.

Stock, page 4 of 6


5 5.2.2.3 Where defective products are identified after delivery personnel

have departed, contact is made with the supplier. A note is recorded on the delivery document awaiting credit note / adjustment from the supplier. Unit management operates a system to ensure all adjustments and credit notes awaited must be received from the supplier before payment is made.

5.2.2.4 Records of defective products received are forwarded to the appropriate purchasing monitoring team responsible for evaluating supplier performance. Relationships with consistently poor performing suppliers are monitored and action taken where appropriate.

5.3. Stock management

5.3.1

Costs are adequately monitored.

5.3.1.1 Where appropriate, documented and approved recipes are produced for all menu offerings and are communicated to relevant staff (e.g. chefs, Unit managers).

5.3.1.2 Management reviews actual costs based on day to day activities.

5.3.1.3 On at least a monthly basis (and more frequently as required) management performs a review of actual costs to budget. Unexpected variances are investigated and appropriate action is taken.

5.3.2

Processes for managing stock are well defined and in line with company policies.

5.3.2.1 Processes are in place to review the ageing of stock. Physical stock observations are performed at regular intervals to identify old / unusable stock. Old / unusable stock is adequately segregated and disposed of / written off in accordance with 5.3.3.2.

5.3.2.2 Stock is managed on a FIFO (first in first out) basis and in accordance with applicable local rules over health and safety and food safety. Appropriate personnel monitor the use of stock to ensure that stock is managed accordingly.

5.3.3

Wastage is monitored in accordance with locally set targets. Excessive write-offs are appropriately reviewed and authorised.

5.3.3.1 Quality checks of menu offerings and other products are performed as required and in accordance with policies and procedures and local statutory requirements. Any product deficiency to standards contained in policies and procedures and

Stock, page 5 of 6


5 local statutory requirements is monitored.

5.3.3.2 Stock write-offs are authorised in line with documented local approval limits and, where applicable, Group Approvals Manual. Supporting documentation is provided for all write-offs to ensure that stock adjusted is accurate and appropriate.

5.3.3.3 Management periodically reviews the stock adjustments / write-offs to ensure that they are correctly accounted for and to identify any trends. Appropriate action is taken as required.

5.3.3.4 Stock policies and procedures contain clear guidelines for minimising wastage; including forecasting of usage and appropriate storage policies. Performance against guidelines is regularly reviewed and acted upon as required.

5.4. Stock accounting and valuation

5.4.1

Guidelines for valuation of stock are clearly defined within accounting policies and procedures and in accordance with applicable accounting standards. Valuations recorded are reviewed by management for accuracy and appropriate recording.

5.4.1.1 Accounting policies and procedures contain adequate guidelines for valuation of stock, including application of discounts and recording of costs. Application of these procedures is monitored by appropriate management. Any deviations from procedures require specific management approval.

5.4.1.2 Approved price lists are communicated to appropriate personnel across the business for the purpose of valuing stock. Management reviews values recorded for accuracy and appropriateness.

5.4.1.3 Access to post adjustments to stock (price, quantity) is restricted to authorised individuals. Appropriate management reviews and approves all adjustments prior to posting.

Access to post adjustments is periodically reviewed for appropriateness and changes to access made where appropriate.

5.4.1.4 On at least a monthly basis (and more frequently as required), physical stock counts are performed and stock figures reported as required. Any damaged or unusable stock identified during counts is appropriately segregated and reported to accounting. Any adjustments required are made to stock figures by appropriate personnel.

Where practical to do so physical stock counts are performed by persons independent of day-to-day custody or recording of stock (and without access to stock records). Stock adjustments are performed by personnel independent from those performing

Stock, page 6 of 6


5 stock counts and from those responsible for managing stock.

5.4.1.5 Periodic physical stock counts are performed for stock held by third parties. Counts are reconciled to stock records maintained by the third party with variances investigated and corrected in a timely manner. Any required adjustments are reviewed and approved by appropriate management.

5.4.2

Stock is appropriately recorded within the general ledger.

5.4.2.1 Stock sub-ledgers are reconciled to general ledgers on at least a monthly basis. Any reconciling items are investigated and cleared timely. The reconciliations are independently reviewed.

5.4.2.2 Individuals responsible for reconciling stock sub-ledgers to the general ledger are independent of the physical stock function.


6. HR & Payroll Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents


6.1 General 2

6.2 Recruitment 3

6.3 Managing employee career development and training 5

6.4 Terminating employees 6

6.5 Managing employee information and payroll master file 7

6.6 Managing and processing payroll 8

6.7 Recording time 9

6.8 Accounting and reporting 9

6.9 Travel and expenditure 10

6.10 Loans 11

6.11 Security of data 11



Group All controls are applied by Group HR and payroll functions.

Group personnel should require and periodically monitor whether all controls are applied. Group should provide guidance on the operation of these controls.


All controls should be applied by HR and payroll functions.

Operating Companies / Countries should ensure that business units perform controls 6.1.1.1, 6.2.1.1-5, 6.3.2.1, 6.3.2.4 and 6.3.2.5. Operating Companies / Countries should provide guidance on the operation of these controls.

Units Unit personnel should perform controls 6.1.1.1, 6.2.1.1-5, 6.3.2.1.

HR & Payroll, page 2 of 11

Compass Group PLC –Internal Controls Manual version 2.0 October 2007

6 6.1 General

6.1.1

HR and payroll processes are clearly defined and communicated.

6.1.1.1 Documented policies and procedures / defined processes are in place for the HR and Payroll functions these include:

• recruitment process, including use of contractors, expatriates & temporary staff and re-employment of former employees

• equal opportunities policy

• development of personnel

• termination processes

• diversity of labour policies

• dispute policies and procedures including grievances and whistleblowing

• remuneration and benefits policies and procedures

• pensions policies and procedures

These policies and procedures / processes are periodically reviewed and updated and cross-referenced to the Group Approvals Manual where required and are communicated to all relevant personnel.

6.1.1.2 Roles and responsibilities within the HR and payroll functions are well defined. These roles allow appropriate segregation of duties within the HR and payroll functions.

6.1.2.

HR and payroll systems are appropriately controlled.

6.1.2.1 HR and payroll systems are managed and controlled in line with ‘General Computer Controls’ section 10.

6.1.3.

Payroll, benefits and pensions are appropriately accounted for.

6.1.3.1 Accounting for payroll, benefits and pensions is performed in line with the Group Accounting Policies Manual. Finance management reviews accounting for payroll, benefits and pensions to determine whether this has been performed appropriately.



6 Notes

Where HR and payroll processes are sub contracted controls should be agreed and signed with the sub-contractor as part of the contract. Using sub-contractors should not compromise our position and responsibility on internal controls contained in this section.

6.2 Recruitment

6.2.1

Recruitment processes are well defined and performed in line with local statutory requirements and company policies.

Appropriate individuals are employed for roles in sensitive areas.

6.2.1.1 Documented selection criteria and processes exist for employee recruitment. HR or appropriate line management performs spot checks against these criteria to ensure the recruitment process is being performed appropriately.

6.2.1.2 Diversity hiring policies are in place and in line with statutory legislation and company requirements. Spot checks of new employees and applications rejected are performed to determine whether selection processes completed are in line with policy.

6.2.1.3 A documented list of all required checks (either by legislation or by company policy) to be performed on potential hires is retained, regularly reviewed and updated. This list is used and signed off when performing checks on new employees.

6.2.1.4 References are obtained and checked for all new employees, and where possible before an employee arrives on site.

Special clearances or appropriate additional vetting is carried out on new employees working in sensitive areas, such as with children or patients, working in high security areas such as airports, prisons and war zones or on defence contracts in line with applicable legislation and company policy. The same checks are carried out on existing employees transferring to these areas. Special vetting procedures are agreed with clients where particular security / other needs exist and are applied in all relevant cases.

Prospective employees are checked for criminal records within current legislation where appropriate.

All required legislative checks are performed prior to the individual arriving on site and performing the role. HR or appropriate line management performs a review and approval of all relevant checks to ensure they are all completed appropriately and that they are returned with a ‘positive’ result. All relevant checks are retained on employee file.



6 6.2.1.5 Standard contracts / contract templates, which have been

approved by HR and the legal function in the relevant jurisdiction, are in place for new employees, contractors and consultants. All new employees, contractors and consultants enter into contracts. Any non-standard contracts or clauses are reviewed and approved by appropriate management and the legal function.

Spot checks are performed on new employee, contractors and consultants’ files to determine whether appropriately approved and signed contracts are in place and on file.

6.2.1.6 Unsuccessful applicants should be notified in accordance with company policy.

6.2.2 All new employees are added to the payroll master file.

Additions to the payroll master file represent valid employees.

6.2.2.1 Management periodically reviews lists of current employees within its line of responsibility as held by HR and informs appropriate personnel of any necessary changes.

6.2.2.2 All new joiners, as employed by HR, are added to the payroll master file and are approved by management; such approvals are in line with existing policies and procedures. Required changes to payroll are appropriately approved. All additions and amendments to the payroll master file are entered into the file by an authorised individual and then independently agreed to approved supporting documentation to ensure they have been entered accurately and timely.

6.2.2.3 Assets provided to the employee / contractor as part of their employment are in line with company policy and signed for by the employee / contractor.

Notes

Controls 6.2.1.1, 6.2.1.2, 6.2.1.3, 6.2.1.5, 6.2.1.6

Apply also to existing employees who transfer or promoted from other positions.

Control 6.2.1.2

Diversity hiring policies also include adherence to ethical standards e.g. non employment of under age persons, below minimum wage etc.

Control 6.2.1.3

This activity requires that a document listing all checks that must be performed when hiring a new employee is maintained. This is to ensure that all relevant checks – either due to statutory requirements, checks required by company policy or specifically required by clients are listed and referred to when hiring or transferring an employee to ensure that they are all actually completed.

Control 6.2.2.3



6 This activity requires appropriate allocation of assets such as Company Car, Laptop Computer, Mobile Phone, Uniforms, and Procurement Cards etc. in line with employee grade. These need prior approval from HR and appropriate line management and are recorded in the individual’s personnel records.

Control 6.2.1.5

In addition to contracts, employees should be issued with a handbook covering company policy that applies to them e.g. Business Principles, Code of Conduct, Health Safety and Environment etc.., and where practical under local legislation be asked to sign as acknowledgement of receipt.


6.3.1

Defined employee performance review processes exist.

6.3.1.1 Defined employee performance rating criteria exist. Performance reviews and increases or decreases in salary are conducted against these criteria.

Management reviews and approves changes to salary to confirm whether they are in line with these criteria.

6.3.1.2 An annual review /appraisal process is completed and documented for all required employees and objectives and bonus criteria are set where appropriate. HR or appropriate line management monitors whether an annual review / appraisal has occurred for all required employees by collating and retaining all annual review documents. HR or appropriate line management reviews a sample of forms to determine whether they are completed appropriately.

Changes to the payroll master file are approved and forwarded for processing.

6.3.1.3 Training and development requirements are identified in the annual review / appraisal process. A plan is put in place ensure appropriate training and development is delivered.

6.3.2

Employee turnover is minimised.

6.3.2.1 Defined employee management and remuneration policies and procedures exist. These include measures to retain key employees including benchmarking remuneration, training and development.

Application of these policies is monitored by HR.

6.3.2.2 Employee turnover is monitored and analysed to determine reasons for loss of personnel. Results of employee feedback such as satisfaction surveys and exit interviews are investigated to determine whether employee management policy is being appropriately implemented.



6 6.3.2.3 Key employees are identified by HR / management with succession

plans put in place for key personnel. These succession plans are approved by operational management / functional support management and HR.


6.4.1

Removals to the payroll master file are valid

6.4.1.1 All removals from the payroll master file are approved by an appropriate level of management and forwarded for processing. Such approvals are in line with existing policies and procedures. The master file data is periodically reviewed to ensure that leavers have been removed from the payroll.

6.4.2

Appropriate leaver requirements are completed timely and in line with company policy and local statutory requirements.

6.4.2.1 A ‘leavers’ checklist is in place to ensure all required steps are completed and ‘signed off’ by management prior to an employee leaving the company.

This checklist includes:

• Performing exit interviews

• Checking of any outstanding loans prior to an employee leaving

• Removal of IT and building security access

• Any statutory or union requirements

• Checking for return of company assets that have been used as part of their employment

This checklist is periodically reviewed and updated by management.

6.4.2.2 Exit interviews are performed for all categories of leavers specified within Company Policy. This information is reviewed and collated and any issues identified are acted upon.

6.4.2.3 Payroll perform a check of any outstanding loans prior to an employee leaving, these are requested to be repaid prior to an employee leaving or are recovered from the final payroll subject to any local legal restrictions.

6.4.2.4 HR or appropriate line management informs IT and security of any leavers. All access to systems and buildings are removed, Compass identification cards are obtained by security.



6 6.4.2.5 Compliance with employee termination policies and procedures,

including compliance with statutory regulation and union requirements, is monitored by management.

6.4.2.6 HR perform a check to ensure the return of company assets used by the employee during their employment e.g. Company Car, Laptop Computer, Mobile Phone, Uniforms, Procurement Cards etc.

Notes

Control 6.4.2.1

This activity requires that a document defining all activities that must be performed when an employee leaves the company is maintained. This is to ensure that all required activities, such as removing both physical and IT access are completed, to try to mitigate the risk of an ex-employee being paid or returning to the company and performing any inappropriate actions.

Control 6.4.2.2 Where it is impractical to perform exit interviews for ALL staff, Company Policy must state which categories must be included as mandatory and those that are discretionary.

6.5 Managing employee information and payroll master file

6.5.1

Only valid changes are made to employee personnel files. Changes made to personnel files are accurate and timely.

6.5.1.1 Ability to view, add or edit employee information contained within personnel files is restricted to authorised personnel. This access is periodically reviewed by management for appropriateness.

6.5.1.2 Changes to employee payroll and personnel files are approved by an appropriate level of management; such approvals are in line with policies and procedures.

Changes are agreed back to authorised source documents to determine whether they are input accurately and timely.

6.5.2

Only valid changes are made to the payroll master file. Changes made to the payroll master file are accurate and timely.

6.5.2.1 Ability to view, input or edit employee information or payroll standing data is restricted to authorised personnel. This access is periodically reviewed by management for appropriateness.

6.5.2.2 Changes to the payroll master file are approved by an appropriate level of management; such approvals are in line with policies and



6 procedures.

Changes are agreed back to authorised source documents to determine whether they are input accurately and timely.

6.5.3

Payroll processes are appropriately segregated.

6.5.3.1 Access to payroll master data, confirming master data amendments, approval of payroll disbursements, and recording and reconciliation of payroll are completed by separate individuals. This access is periodically reviewed by management for appropriateness.

6.5.4

Only valid, accurate and timely changes are made to payroll withholding tables. Payroll withholding tables are in line with statutory requirements.

6.5.4.1 Access to payroll withholding tax tables is restricted to authorised personnel. Any changes to withholding tax tables are approved by management in line with policy.

Withholding tax tables are periodically reviewed to ensure they are accurate and comply with statutory requirements.

6.5.4.2 Access to amend payroll deduction data, such as SAYE and equivalents, is restricted to authorised personnel. All changes to payroll deductions are authorised by management. Changes are agreed back to authorised sourced documents to determine whether they are input accurately and timely.

Management periodically reviews access rights for appropriateness.

6.6 Managing and processing payroll

6.6.1

Payroll disbursements are appropriate and reflect actual employee remuneration to be received.

6.6.1.1 A clearly defined process is in place to notify payroll of starters, leavers, pay reviews, bonuses etc and for amendments to be appropriately made and controlled.

6.6.1.2 Benefits in kind are reported to HR / payroll personnel so that they are recorded and taxed in line with statutory legislation.

6.6.1.3 Payroll calculations, including salary, any bonus/commission calculations or cash benefits are approved by appropriate level of



6 management, in line with policies and procedures.

6.6.1.4 Payroll reports detailing total compensation, related income taxes, and other withholdings as well as hourly salaries and overtime worked along with previous month’s net pay for comparison are reviewed and approved by management prior to payment.

6.6.1.5 Payroll payments are appropriately approved by management and approvals are in line with local policies.

Employees sign off for any cash received as proof of payment.

6.7 Recording time

6.7.1

Payroll disbursements represent actual time charged.

6.7.1.1 Hourly salary reports and overtime reports are reviewed and approved by management based on actual attendance records, and where appropriate and practical to do so prior to payment.

Notes

Control 6.7.1.1

Where remuneration is paid by the hour or overtime is paid this time recorded should be approved by management to ensure that disbursements made are

appropriate i.e. for actual hours worked.

6.8 Accounting and reporting

6.8.1

Payroll is appropriately accounted for.

6.8.1.1 Net pay, withholding taxes, pension commitments, other deductions and any bonuses or commissions are appropriately recorded and reconciled to general ledger balances and any variances investigated and resolved.



6 6.8.1

Pension plan calculations are accurate, complete and provided for.

6.8.1.1 Pensions policies and procedures / processes are clearly defined, and documented including responsibilities (including actuarial), management of pension activities (including eligible plan participants on selection criteria) and governing of pension activities.

Policies are periodically reviewed and updated where required and communicated to all relevant personnel.

6.8.1.2 Pension deduction calculations are reviewed and approved by appropriate level of management, in line with policies and procedures.

6.8.1.3 Pension scheme payments are reviewed and approved by management and approvals are in line with local policies. Management ensures that payments made are accurate and timely.

6.8.1.4 Regular employee reports are presented to actuaries for pensions calculations. Management provides copies of plan amendments / curtailments / settlements to the actuary on a timely basis. All scheme amendments are approved in line with company policies and procedures and supported by appropriate documentation.

6.8.1.5 Management reviews the headcount information submitted to the actuary, and compares this to corresponding information in company payroll and HR systems. Any discrepancies are investigated and corrected as necessary.

6.8.1.6 Management reviews the actuarial valuation including the plan headcount information for appropriateness. Only authorised individuals are permitted to provide information to the actuary.

6.8.1.7 Accounting entries are prepared, made and reviewed based on calculations provided by the actuary.


6.9.1

Travel and expenditure are appropriately managed

6.9.1.1 A documented travel and expenditure policy exists, is periodically reviewed and updated and communicated to relevant personnel.

Travel and expenditure policy is reviewed by appropriate management / local tax function to ensure policy does not create any tax exposure that isn’t appropriately managed.



6 6.9.2

Travel and expenditure claims are approved and supported.

6.9.2.1 Travel and expenditure claims are supported by receipts in line with policy. All expense claims are reviewed and appropriately authorised.

6.9.2.2 The claim payments list is reviewed for unusual items and a sample of expense claims is checked to receipts and claim limits to determine whether they are appropriately claimed prior to payment being made.

6.10 Loans

6.10.1

Loans to employees are appropriately managed

6.10.1.1 Any loans issued to employees are in line with company policy. HR or appropriate line management spot check employee files to determine whether loans are in line with policy and that amounts are being repaid in accordance with the agreements made between the company and the individual.

6.11 Security of data

6.11.1

Data relating to employees, contractors or consultants is appropriately controlled

6.11.1.1 Any paper copy personal information held on file in respect of employees, contractors or consultants is kept in a secure place and access is only gained by HR or appropriate line management. Storage, access and retention of all data – hard copy or electronic- should be in line with local data protection legislation, such as the Data Protection Act, and company policy.

Notes

Control 6.11.1.1

Data held on electronic systems relating to employees, contractors or consultants is also subject to the identified controls in the ‘General Computer Controls’ section 10.

See also Control 6.5.1.1


7. Intra-Group Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2006

Version 2.0

Section contents

Application of controls 1 7.1 General 2 7.2 Processing & capturing transactions 2 7.3 Reconciliation and confirmation of related balances 3 7.4 Reporting, consolidation & elimination 3 7.5 Intra-group pricing 4 7.6 Intra-group settlements 4



Group All controls are applied by Group finance functions.


Operating companies/countries

All controls should be applied by finance functions.

Operating company / country personnel should provide guidance to units on the operation of these controls.

Units None

Intra-Group, page 2 of 4


7 7.1 General

7.1.1

Intra-group processes are clearly defined and communicated.

7.1.1.1 Documented policies and procedures / defined processes are in place for all intra-group transactions and accounting.

These policies and procedures / processes are periodically reviewed and updated where required and are communicated to all relevant personnel and subsidiaries.

7.1.1.2 Roles and responsibilities for managing and reporting intra-group balances are well defined. These roles provide appropriate segregation of duties.

7.1.2

The general ledger and finance systems are appropriately controlled.

7.1.2.1 The general ledger and finance systems are managed and controlled in line with ‘General Computer Controls’ section 10.

7.1.3

Intra-group transactions are appropriately accounted for, reported and disclosed.

7.1.3.1 Accounting for intra-group is in line with the Group Accounting Policies and Procedures Manual. Finance management reviews accounting for intra-group to determine whether this has been performed appropriately.

7.1.3.2 Any deviation from the Group Accounting Policies and Procedures Manual are communicated, reviewed and authorised by Group Finance.

7.2 Processing & capturing transactions

7.2.1

All intra-group transactions (sales, purchases, loans etc) are identified and accurately recorded.

7.2.1.1 Each company and division ensures all intra-group transactions are identified and recorded appropriately in the general ledger and within the correct accounting period.

7.2.1.2 Intra-group balances which are denominated in a foreign currency are translated to local currency using the budget exchange rates in Period 1-5 and Period 7-11. Actual exchange rates are used in Period 6 and 12.



7

7.3 Reconciliation and confirmation of related balances

7.3.1

All intra-group balances are identified, confirmed in writing and reconciled on a regular basis.

7.3.1.1 Each entity uses a checklist (or other suitable mechanism) to ensure all intra-group confirmations (as per Accounting Policies and Procedures Manual) necessary have been sent and received. Outstanding confirmations are followed up in a timely manner.

7.3.1.2 Each entity agrees all written intra-group confirmations to the relevant balance within their general ledger in line with the Group Accounting Policies and Procedures Manual. All supporting correspondence is retained.

7.3.1.3 Balances not confirmed are reported to Group and recorded in line with group policy.

7.3.1.4 Management reviews the confirmation checklist to ensure all balances have been confirmed.

7.3.2

All intra-group imbalances are investigated and followed up in a timely manner.

7.3.2.1 Intra-group mismatch reports are reviewed; any mismatches above tolerances are cleared timely, in line with group guidelines.

7.3.2.2 Necessary journal entries are posted within the general ledgers in the appropriate accounting entity and period and are reviewed and approved by management.

7.3.2.3 Reconciliations of all intra-group balances are reviewed and authorised by Group Finance Management.

7.4 Reporting, consolidation & elimination

7.4.1

Intra-group balances are reported to Group in a timely manner and are eliminated in consolidation in the appropriate accounting period.

7.4.1.1 All intra-group balances are reported to Group as part of the period close process in adherence with the timeframes set out within the Group Accounting Policies and Procedures Manual.

7.4.1.2 All intra-group balances reported to Group are reviewed,

http://rackv2/esswebui/detailsview.aspx?id=32b138a6-7cc5-4706-a269-fa2dd4b6f222&industryid=6b9ea0ee-dbfe-4a2b-a9a8-862753c85ed1

http://rackv2/esswebui/detailsview.aspx?id=32b138a6-7cc5-4706-a269-fa2dd4b6f222&industryid=6b9ea0ee-dbfe-4a2b-a9a8-862753c85ed1



7 matched and appropriately eliminated on consolidation in the appropriate accounting period. Any imbalances upon consolidation are investigated and resolved in a timely manner.

7.4.1.3 Group management reviews and approves all eliminating journal entries as part of the period end close process.

7.5 Intra-group pricing

7.5.1

An intra-group pricing policies and procedures exist and are reviewed and approved by management.

7.5.1.1 Intra-group pricing is reviewed by to determine whether it is consistent with intra-group pricing policies and procedures.

7.5.1.2 Group finance, treasury and tax review and update all intra-group pricing policies and procedures annually. All approved intra-group pricing policies and procedures are made available to appropriate personnel.

7.6 Intra-group settlements

7.6.1

All intra-group payables and receivables are properly settled.

7.6.1.1 Intra-group invoices are settled in line with company policies. Any disputed invoices are settled through Group Finance arbitration.


8. Treasury Approval Version control Approved by: Andrew Martin, Group Finance Director

Oct 2007 DATE Version 2.0

Section contents

Application of controls 1 8.1. General 2 8.2 Cash management 3 8.3 Borrowing 5 8.4 Investments 5 8.5 Derivatives 6 8.6 Dividends 8



Group All controls are applied by Group Treasury function.

These controls are set out in the Group Treasury Policy and Group Treasury Controls and Approvals


All relevant controls within sections 8.1 to 8.4 should be applied by Operating Companies / Countries, in accordance with Treasury Policies for Operating Companies.

Section 8.5 below does not apply to Operating Companies / Countries, as they are not permitted to enter into derivatives transactions.

Units Not applicable.

8 8 Treasury, page 2 of 8


8.1. General

8.1.1

Treasury and cash and banking processes are clearly defined and communicated

8.1.1.1 Documented and approved policies and procedures / defined processes are in place for the Treasury functions within Operating Companies / Countries in accordance with Treasury Policies for Operating Companies and include:

• Funding, credit facilities and cash management

• Leasing

• Bank accounts, mandates, and signatory levels

• Electronic Payment Systems

• Issuance of contract bonds, guarantees and letters of credit

• Foreign Exchange Transaction Risk Management

Policies and procedures are periodically reviewed and updated where required and communicated to all relevant personnel.

8.1.1.2 Roles and responsibilities within the treasury, cash handling and accounting functions are well defined. These roles allow appropriate segregation of duties within the treasury, cash handling and accounting functions.

8.1.2

Treasury systems are appropriately controlled.

8.1.2.1 Treasury systems are managed and controlled in line with ‘General Computer Controls’ section 10, and Treasury Policies for Operating Companies section 4.

8.1.3

Cash, loans, foreign exchange gains and losses, derivatives and dividends are appropriately accounted for

8.1.1.3 Accounting for cash, loans, foreign exchange gains and losses, and derivatives (where such have been entered into by Group Treasury on behalf of the Operating Company / Country in accordance with Group Approvals Manual) and dividends is performed in line with the Group Accounting Policies Manual. Treasury management reviews accounting for the above to determine whether this has been performed appropriately.

Treasury, page 3 of 8


8

8.2 Cash management

8.2.1

All bank accounts are known and recorded, including purpose / capabilities.

8.2.1.1 The Treasury function maintains a register of all bank accounts and account information, including bank name, account name and number, authorised signatories and authorisation limits. Management reviews and approves the register after a new account has been opened to ensure that any new accounts opened have been added to the register. The register is reviewed annually and unnecessary bank accounts are identified and closed. Bank reconciliations are performed for all accounts and verified against the register of bank accounts to ensure completeness of reconciliations performed and that no unauthorised bank accounts have been set up.

8.2.2

The opening of all bank accounts is properly authorised (including related signatories). All payments instructions require two signatories. Proper authorisation includes a Board of Directors resolution with Corporate seal. Evidence of authorisation is maintained.

8.2.2.1 Bank accounts are opened only with appropriate approval in line with Treasury Policies for Operating Companies. Policies include the requirement that all payment instructions be signed jointly by two authorised signatories whose responsibilities are appropriately segregated. Authorisers of new accounts review the bank mandate to ensure that the remit of the account / signatories is adequately restrictive. Changes to signatories or authority limits may only be made through a Board resolution of the Legal entity which owns the account.

8.2.3

All account to account cash movements are authorised and accurately recorded in the appropriate period.

8.2.3.1 On at least a monthly basis (and more frequently as required), all bank account balances are reconciled to bank statements. Reconciling items are investigated, reported and, where appropriate, corrected in a timely manner. Accounts may not be permitted to become overdrawn (unless fully documented facilities are in place with prior approval in accordance with the Group Approvals Manual and Treasury Policies for Operating Companies).

Reconciliations are reviewed and approved by local management.

8.2.3.2 All payment instructions are appropriately authorised and signed jointly by two authorised signatories. This includes cheques, wire transfers and signing of direct debit and standing order



8 mandates.

Documented approval limits related to cash transfers are established. Direct debit / standing order mandates are authorised according to the upper limit of the recurring payment. Mandates for unlimited payments are authorised by higher level management in accordance with Treasury Policies for Operating Companies.

8.2.3.3 Bank transfer Files are transmitted in an encrypted format; access to bank transfer files is restricted to authorised individuals; electronic payment systems must always be set up so that two or more individuals are required to initiate, authorise and to transmit to the Bank; changes to the profiles of the users of an electronic payment system may be made only by the Bank (acting upon a resolution of the board of the legal entity whose account is to be debited) or two security administrators or as otherwise permitted, and that all of the above comply with the relevant guidance in Treasury Policies for Operating Companies.

8.2.3.4 The delivery of payment instructions by fax is strictly prohibited.

8.2.4

Appropriate segregation of duties exists between recording, approving and reconciliation of cash movements.

8.2.4.1 Individuals with access to initiate cash movements, whether by electronic transfer or manual payment methods such as cheques, do not have access to authorise such movements. Access rights are periodically reviewed by management for appropriateness.

All cash movements are authorised in accordance with documented and approved authorisation limits.

8.2.4.2 Individuals responsible for the reconciliation of cash accounts (corporate and local) to bank statements are independent of the recording, initiation and authorisation functions. Relevant access rights are periodically reviewed and appropriate changes made timely.

8.2.5

Foreign exchange gains and losses are accurately recorded in the appropriate period.

Potential exposures are promptly notified to Group Treasury and hedged where appropriate in accordance with Treasury Policies for Operating Companies.

8.2.5.1 Any transaction or series of transactions or commitments through which a potential aggregate exposure arises between the functional currency and the currency of payment or receipt is appropriately reported in accordance with Group Accounting Policies Manual and approved in accordance with Group Approvals Manual.



8 8.2.5.2 Exchange differences arising on the recording of foreign currency

account balances are recorded in line with Group Accounting Policies Manual and Group Approvals Manual.

8.2.5.3 Exchange differences are periodically reviewed by local management for reasonableness and to ensure that gains and losses are recorded in accordance with company policies and procedures.

8.3 Borrowing

8.3.1

All debt & related interest expense amounts are accurately recorded in the appropriate period.

All recorded debt amounts represent valid liabilities of the Company.

All debt is appropriately authorised.

8.3.1.1 All borrowing transactions are reviewed and authorised in accordance with Group Approvals Manual and Treasury Policies for Operating Companies, including any finance and operating lease commitments, issuance of bonds and guarantees and letters of credit, and intra group financing.

Evidence of approval is properly maintained.

8.3.1.2 On a periodic basis, all general ledger debt and related interest expense accounts are reconciled to third party statements. Reconciliations are performed by an individual independent of the recording function and are reviewed by Treasury management. Any differences between statements and amounts recorded are investigated in a timely manner. Access rights periodically reviewed and changes made where appropriate.

8.3.1.3 All debt, including premiums, discounts and front-end fees, is appropriately recorded in accordance with Group Accounting Policies and Procedures Manual. Treasury management reviews recorded debt and associated charges for appropriate treatment.

8.3.1.4 Foreign subsidiary borrowing activity is reviewed by treasury management on a monthly basis for authorisation & reasonableness. Any unauthorised borrowings are investigated and corrected in a timely manner.

8.4 Investments

Investments can include cash deposits, equity investments and loans to



8 subsidiaries.

8.4.1

Investments are made in accordance with Group Approval Manual and Treasury Policies for Operating Companies.

8.4.1.1 Processes for investing cash are well defined and performed in line with company policies. All investments are initiated and approved in accordance with Group Approvals Manual and Treasury Policies for Operating Companies.

8.4.2

All investments and related interest income amounts are accurately recorded in the appropriate period.

All investment amounts recorded represent valid assets of the Company.

8.4.2.1 On a periodic basis, general ledger investment accounts are reconciled to third-party statements or documents of title (e.g., share certificates).

Reconciliations are reviewed by Treasury management. Any differences between statements and amounts recorded are investigated in a timely manner.

8.4.2.2 The cash balance position is reviewed / confirmed daily by appropriate personnel, and suspense items are resolved each day by treasury personnel independent of the function executing cash related transactions.

8.4.2.3 Management reviews investment transactions for compliance with policies and procedures.

8.4.2.4 On a periodic basis, Treasury management reviews the valuation of its investments to identify fair value adjustments and records such adjustments as appropriate in accordance with Group Accounting Policies and Procedures Manual.

8.4.3

Appropriate segregation of duties exists between the recording, approval and reconciliation functions for investments.

8.4.3.1 Individuals independent of the recording and approval functions properly reconcile investment and related general ledger accounts to source documentation. Access rights are periodically reviewed and timely changes made where appropriate.

8.4.3.2 Individuals entering and confirming investment transactions are appropriately segregated

8.5 Derivatives



8 A derivative contract is a financial instrument that derives its value from the price or rate of some underlying item including equities, bonds, commodities, interest rates and exchange rates.

Derivative financial instruments include futures, options, forward contracts, interest rate and currency swaps, forward interest rate agreements, commitments to purchase shares or bonds, note issuance facilities and letters of credit.

Operating Companies / Countries, Units are not permitted to enter into any type of derivatives contract without express permission in accordance with the Group Approvals Manual. The following therefore applies only to Group Treasury.

8.5.1

All derivatives and other treasury transactions are accurately recorded to the general ledger in the appropriate accounting period.

All derivatives recorded represent valid Group assets or liabilities.

All derivative contracts are properly authorised in accordance with Group Treasury Policy and Group Treasury Controls and Authority limits.

8.5.1.1 Documented policies exist in relation to derivatives. These include instructions as to which derivatives can be used and when, how and why derivatives transactions should be entered into.

Application of these policies is monitored by appropriate treasury management. Any deviations from policies require specific Group Board approval.

8.5.1.2 Appropriate documented procedures exist for the execution of derivatives transactions.

This guidance includes identification, deal execution, authorisation, confirmation, valuation, settlement, accounting and record keeping.

8.5.1.3 Transactions are approved in accordance with the levels specified within the Group Approvals Manual, Group Treasury Policy and Group Treasury Controls and Approvals. Authority to enter into transactions, including financial limits, is assigned to specific individuals with appropriate expertise.

Approval of trades is appropriately segregated from the calculation and execution functions.

8.5.1.4 All derivatives are valued and accounted for in accordance with the Group Accounting Policies and Procedures Manual. Compliance with these procedures is appropriately monitored.

8.5.1.5 On a periodic basis, all general ledger derivative accounts are reconciled to external records (e.g., counter-party statements,



8 broker records and bank statements) and approved contracts.

Reconciling items, including non-receipt of counter-party confirmations, are investigated and resolved in a timely manner.

8.5.1.6 Treasury management periodically reviews all outstanding derivative contracts for reasonableness and to identify any potential fair value adjustments. Any such adjustments are recorded as appropriate (mark to market).

8.5.1.6 Derivative transactions must be entered and captured in a treasury management system at the time of execution, identifying Approved Financial Counterparty, type of instrument, buy/sell, quantity, price, counterparty, and time stamp.

8.5.2

Appropriate segregation of duties exists within derivative- related Treasury functions.

8.5.2.1 Confirmation of trades / transactions executed by Group Treasury is performed daily by an individual independent of the deal execution function. Where differences arise appropriate action is taken as required.

8.5.2.2 Processes are in place to ensure the identification, deal execution, authorisation, confirmation, valuation, settlement, accounting and record keeping are performed by appropriate individuals and appropriately segregated. These functions are separate to the payment functions.

For segregation of payment functions see ‘Cash Management’ section above.

8.5.2.3 Individuals independent of the recording function properly reconcile derivative related general ledger accounts to source documentation. Access rights are periodically reviewed by management and any required changes made on a timely basis.

8.5.3

Hedges for investments in subsidiaries and significant intercompany balances are valid and appropriately authorised.

8.5.3.1 Appropriate guidance exists regarding hedges for investments in subsidiaries and significant intercompany balances, including the decision to hedge and the appropriate steps required to be taken. Appropriate authorisation is required in line with Group Approvals Manual, Group Treasury Policy and Group Treasury Controls and Approvals to approve decisions to hedge.

8.5.3.2 Authority to approve and execute hedges is clearly defined. Only authorised individuals perform these functions.

8.6 Dividends



8 8.6.1

All dividends declared are properly authorised.

All dividend payments are accurately recorded in the general ledger in the appropriate period.

8.6.1.1 Dividends to Group companies are reviewed and approved by the tax function in line with Group Accounting Policies and Procedures Manual.

8.6.1.2 Dividends declared but unpaid are properly recorded as dividends payable at each month end. Management periodically reviews the balance sheet account to ensure that the balance is accurate and that dividends have been recorded in accordance with Group Accounting Policies and Procedures Manual.

8.6.1.3 Dividend calculations are authorised by the Board of Directors. Dividend payments are approved in accordance with Group Approvals Manual.


9. Tax Approval Version control Approved by: Andrew Martin, Group Finance Director,

DATE October 2007

Version 2.0

Section contents

Application of controls 1 9.1. General 2 9.2. Business and regulatory environment 3 9.3. Tax reporting and compliance 4



Group All relevant controls are applied by Group tax functions.



All controls should be applied by Operating Companies / Countries.

Units Not applicable.

Tax, page 2 of 7


9

9.1. General

9.1.1

Tax processes are clearly defined and communicated.

9.1.1.1 Documented policies and procedures / defined processes are in place for the Tax functions these include:

• Accounting for all applicable tax liabilities including

o Corporation tax

o Indirect taxes

o Deferred taxes

o Overseas taxes

o Tax provisions and contingencies

• Tax compliance, including year end reporting, payment of taxes and audits

• Tax planning

• Record keeping

• Intercompany transactions, including transfer pricing

• Changes in structure / operating environment

• Process for exceptions / unusual items


9.1.1.2 Roles and responsibilities within the tax, finance, treasury and legal functions are well defined. These roles allow for appropriate segregation of duties.

9.1.2.

Tax systems are appropriately controlled.

9.1.2.1 Tax software and spreadsheets are managed and controlled in line with ‘General Computer Controls’ section 10.

9.1.3.

Tax provisions and charges are appropriately accounted for.

9.1.3.1 Accounting for tax provisions and charges is performed in line with the Group Accounting Policies Manual. Tax management reviews accounting for all tax provisions and charges to determine whether this has been performed appropriately.

Tax, page 3 of 7


9

9.2. Business and regulatory environment

9.2.1

The tax function addresses the tax impact of changes in the operating environment.

9.2.1.1 The tax function has procedures in place, such as holding timely, periodic update meetings with appropriate management, to remain aware of changes in business models, products and activities.

The tax function evaluates the tax impact of any changes and applies this to tax reporting.

9.2.1.2 Group tax has clearly defined and documented reporting requirements that are communicated to Operating Company and Country tax functions.

The timeliness, content and format of information received by Group tax is reviewed against these requirements.

9.2.1.3 Group tax approval is required prior to initiating changes to corporate structure. This includes acquisitions, dispositions and restructurings, changes to the legal and financial structure through issue or repayment of shares and inter-company debt (or change to the terms of such instruments), and any transfer of shares or inter-company debt.

9.2.1.4 Significant intra-group transactions are reviewed and approved by Group tax in accordance with Group Approvals Manual.

9.2.2

The tax function monitors and addresses changes in the tax regulatory environment

9.2.2.1 A documented policy is in place to ensure that local and group tax functions remain adequately abreast of changes in relevant statutory and administrative requirements, judicial requirements and best practices in the company’s tax jurisdictions, including nomination of a dedicated individual to monitor and report such changes and periodic updates with external expert advisors. Compliance with this policy is appropriately monitored.

9.2.3

Tax planning is performed on a timely basis.

9.2.3.1 Periodic tax planning and general tax update meetings are held among the members of the tax department and with external tax advisors to discuss the status of and due dates for all ongoing tax work.

Tax, page 4 of 7


9 9.2.3.2 Tax management monitors implementation of tax planning to

ensure this is implemented as expected. Documentation of variances between planned and implemented actions is maintained and appropriate action taken as required.

9.2.3.3 Group tax meets with senior financial management on a regular basis to understand management’s approach to taking conservative versus aggressive tax positions, managing the effective tax rate, and formulating estimates for tax purposes.

9.2.3.4 A tax strategy is in place and is reviewed and approved in line with company policies and procedures. This strategy is communicated to local and Group functions as appropriate, Implementation of the strategy is monitored by senior management.

9.2.4

Transfer prices are optimised within the Group and are reviewed annually. Any price changes or adjusting journal entries are properly reviewed, approved and recorded.

9.2.4.1 A clear policy exists for setting transfer pricing principles between purchasing and units and, where applicable, between Countries. The policy is consistent with guidance from Group Tax and complies with local legislation.

9.2.4.2 Transfer prices are reviewed annually and any transfer price requests are properly documented, approved and accurately recorded into the appropriate systems.

9.2.4.3 Company profit margins are reviewed annually to ensure that margins are in line with guidelines established during the transfer price setting process.

9.3. Tax reporting and compliance

9.3.1

General ledger postings for all tax-related accounts are authorised and approved by appropriate tax personnel before posting and are periodically reviewed.

9.3.1.1 Tax calculations are properly maintained and documented. Appropriate tax or finance personnel review tax calculations and authorise the accounting function to book all the necessary tax journals to the general ledger.

9.3.1.2 The tax accounts are reconciled by appropriate tax personnel on a periodic basis.

Reconciliations are reviewed by tax management to ensure that entries are recorded in accordance with company policies and

Tax, page 5 of 7


9 procedures.

9.3.1.3 Deferred tax balances are reconciled to the book and tax basis differences of all significant assets and liabilities in line with policies and procedures.

9.3.2.

The tax function performs timely reconciliations to assess the reasonableness of tax compliance computations.

9.3.2.1 The tax function compares the current year corporation tax provision to the prior year provision and effective tax rates to statutory tax rates. Any material variances are investigated in a timely manner.

The tax provision reconciliation is reviewed by management prior to finalising the period-end journal entries.

9.3.3

Balances in tax accounts are appropriately adjusted for return versus accrual analysis. All adjustments are processed timely.

9.3.3.1 A reconciliation of the current tax payable / accruals account to tax liabilities on tax returns is performed and reviewed periodically. A reconciliation between the tax return and tax accounting records is performed as part of the tax return preparation process.

Any necessary journal entries are prepared, approved and posted timely to ensure tax account balances are properly stated.

9.3.4

Tax disclosure notes are prepared and approved by appropriate personnel.

9.3.4.1 A clear policy is in place which outlines the process for preparing and approving tax disclosure notes for the financial statements. Disclosure notes are prepared by appropriately trained staff and reviewed and approved prior to inclusion in the financial statements. Compliance with this policy is monitored by management.

9.3.5

Returns are reviewed and approved by appropriate company personnel before submission.

Returns are submitted in a timely manner.

9.3.5.1 Returns for each type of tax filing are reviewed and signed by appropriate tax personnel in line with local and Group policies and procedures.

9.3.5.2 Tax personnel maintain a tax return compliance calendar that reflects all filing requirements and due dates for every jurisdiction in which tax returns are made. The information included in the calendar is continuously updated by appropriate tax personnel.

Tax, page 6 of 7


9 Appropriate management perform reviews to determine whether all information relating to global tax returns / filing positions and tax audits is collected timely.

9.3.5.3 Proof of tax return filings, submissions, payments and responses to information requests is maintained in accordance with local statutory requirements.

9.3.5.4 The tax function verifies the integrity and completeness of tax compliance work and ensures adequate support, including external advice, is developed and retained regarding positions taken on tax returns. This is performed by personnel independent of the preparer.

9.3.6

All tax payments are authorised and approved by appropriate personnel before submission.

The tax function submits payments and refund claims in a timely manner

9.3.6.1 All tax payments are appropriately approved in accordance with Group Approvals Manual.

9.3.6.2 Refund claims are closely monitored by appropriate tax / finance personnel, and appropriate action is taken if delays are encountered.

9.3.7

Appropriate individuals are employed in tax functions.

9.3.7.1 Group Tax provides guidance to Operating Company and Country tax functions on the hiring of employees in tax-related roles. Guidance includes experience and qualification requirements.

9.3.8

The tax function ensures the retention of electronic and hard copy tax source data in line with company policy and local tax legislation.

9.3.8.1 A record retention policy is in place that meets the requirements of all tax jurisdictions, including retention of tax returns, supporting documents and source data. The tax function maintains support (hard and electronic) for all open tax years in compliance with the policy.

A process exists whereby the IT department notifies the tax function of plans to archive or destroy financial data prior to archival or destruction.

9.3.9

Interaction with local tax authorities is only performed by appropriately authorised personnel.

9.3.9.1 Group tax has clearly defined and documented guidelines for performing local tax audits. Guidelines are communicated to Operating Company and Country tax functions.

Tax, page 7 of 7


9 9.3.9.2 Appropriate staff (i.e. appropriately senior and trained staff) are

identified and approved by management to perform any required negotiations, provide information and agree settlements with local tax authorities.

Management communicates to all members of the tax function that only these identified members of staff should interact with tax authorities.


10. General Computer Controls (GCCs) Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents


10.1 General 2

10.2 Information resource strategy and planning 2

10.3 Application systems implementation and maintenance 3

10.4 Information systems operations 5

10.5 Relationships with outsourced suppliers 5

10.6 Information security 6

10.7 Business continuity planning 8

10.8 Database implementation and support 9

10.9 Network support 9

10.10 Systems software support 11

10.11 Hardware support 12





Operating companies / Countries

All relevant controls should be applied by appropriate operating company / country personnel.

Units N/A

Notes

‘Key’ applications and computer environments should be identified for each business cycle. General Computer Controls should be applied to these key applications and environments.

General Computer Controls, page 2 of 13


10

10.1 General

10.1.1

IT policies and procedures are clearly defined and communicated.

10.1.1.1 Documented policies and procedures / defined processes are in place for IT functions these include:

• definition of appropriate use of IT resources, including use of the internet and electronic mail;

• clarification of users’ responsibilities in regard to IT security, storage of sensitive information,

• clarification users’ responsibility to report an weakness in information security;

• statement of penalties for non-compliance with the policy;

• managing access to IT networks and applications;

• security of IT applications, networks and firewalls;

• managing outsourced providers;


10.2 Information resource strategy and planning

10.2.1

Information systems strategies, plans, and budgets are consistent with the entity’s business and strategic goals.

10.2.1.1 A documented IT strategy is in place to cover all major IT systems, taking account of current and known future business needs. The strategy is approved by senior management· The IT budget is reviewed, approved and incorporated in the overall business budget.

10.2.2

The computer processing environments are adequately staffed with appropriately skilled and experienced personnel.

10.2.2.1 All systems in use are supported, either internally or by contract with external suppliers with appropriately experienced staff. The business can support its decision to outsource IT (See Section 10.3 on managing outsourced relationships) where relevant.



10 10.2.3.

Personnel within the computer processing environments receive appropriate training.

10.2.3.1 Formal or on-the-job training is provided to all personnel within the computer processing environments based on regular performance assessments and is monitored by management.

10.3 Application systems implementation and maintenance

10.3.1

New application systems are acquired or developed in accordance with IT Policies and Procedures.

10.3.1.1 A formal methodology or process is used to guide the acquisition, development or maintenance of hardware, application systems, network and communication software and systems software.

10.3.1.2 Management has established formal policies to ensure that before changes are made to application systems, data structures, network and communication software, and systems software and hardware or the environment in which they operate, all affected parties are contacted and the timing of such modifications is coordinated with them to ensure minimum impact on other processing activities.

10.3.1.3 A business case is prepared for the development of new application systems.

This will involve a full risk analysis including:

• Business environment;

• Documentation of processes;

• Culture of businesses;

• Recent acquisitions

A detailed specification is prepared including all needs identified by the users· Best practice is sought from other Group businesses, in particular transfer of similar systems.

This business case should be approved by an appropriate level of management, to ensure it is consistent with corporate strategy.

10.3.2

New application systems are appropriately implemented and function in accordance with IT Policies and Procedures.

10.3.2.1 Project manager and sponsor are identified before planning for implementation begins.

10.3.2.2 Project plan is completed prior to implementation. This includes:

• Responsibilities;



10 • Training required;

• Resources;

• Hardware required;

• Budgeted project cost

• Expected project time line.

Authorisation is required by the CEO and CFO, before any implementation is undertaken. Such Authorisation involving cost should be in accordance with Group Approvals Manual.

10.3.2.3 Testing of new application systems takes place off-line, especially testing of interfaces with other systems, and is scheduled in order to minimise disruption to the business·

Test plans should include the following, as appropriate;

• System and unit testing;

• Interface testing;

• Parallel testing;

• Capacity testing; and

• User acceptance testing.

10.3.2.4 Access to the test and production environment is appropriately restricted. Access rights are periodically reviewed by management and appropriate changes made timely.

10.3.3

When new application systems are implemented, existing data that is converted to the new system is complete, accurate, and valid. Clearly defined processes are in place for application change or upgrade.

10.3.3.1 Management approves the results of the conversion of data (e.g., balancing and reconciliation activities) from the old application system or data structure to the new application system or data structure and monitors that the conversion is performed in accordance with established conversion policies and procedures.

10.3.3.2 Management retains prior versions of application systems and/or data to allow for recovery of the environment in the event of processing problems.

10.3.4

Application system changes are subject to formal requests and authorisation processes and implemented in a timely robust controlled manner.

10.3.4.1 Post implementation system changes receive a full specification, are documented, and are tested before being launched in a ‘live’ environment

10.3.4.2 User and other requests for modifications to application systems including upgrades and fixes released by suppliers are approved by management and implemented if consistent with information systems’ plans and management’s intentions.



10 10.4 Information systems operations

10.4.1

Data is retained in accordance with company policy to enable retrieval when needed.

10.4.1.1 Management and users plan and schedule backup and retention of data; and erasure and release of media when retention is no longer required. Management periodically reviews retention and release records.

10.4.1.2 All back-up media is stored in a secured, environmentally controlled location.

10.4.2

Computer processing environment service levels meet or exceed pre-determined agreement.

10.4.2.1 Management monitors information system service levels and initiates corrective action if performance does not meet expected service levels.

10.4.4

Users receive appropriate support to ensure that application systems function as intended.

10.4.4.1 Users receive appropriate support. The information systems organisation includes a help desk function that acts on user queries regarding systems. Problems are recorded in a centralised problem log. Help desk personnel monitor the log to ensure a timely resolution of all such user queries.

10.4.4.2 Management monitors problem log to identify and eliminate the root causes of recurring problems.

10.4.5

Data transfer between systems is complete and accurate

10.4.5.1 Documented procedures are in place to monitor and verify the completeness and accuracy of the transfer of data between systems.

10.4.5.2 Management review operation of these procedures on a periodic basis.

10.5 Relationships with outsourced suppliers



10 10.5.1

The selection of outsourced suppliers is in accordance with IT Policies and Procedures.

10.5.1.1 Appropriate due diligence is performed, and a business case drawn up prior to the decisions to outsource being made. The business can support its decision to outsource IT. Any decision to outsource IT supply, and any support, is review and approved by an appropriate level of management. Major outsourcing decisions are also signed off by the Group IT governance function Any cost consideration should be in accordance with the Group Approvals Manual.

10.5.1.2 Formal selection criteria are developed to control the outsourced supplier selection process. Management monitors compliance with these criteria.

10.5.1.3 In order to optimise terms, Purchasing is involved in negotiation with the selected supplier.

10.5.2

Outsourced suppliers’ service levels meet or exceed pre-determined agreement.

10.5.2.1 Service levels are defined and agreed with outsourced supplier. These are incorporated into contracts entered into with outsourced suppliers. Management monitors outsourced supplier performance against these service levels and takes action as appropriate.

10.5.2.2 Outsourced suppliers are formally managed and monitored as part of the service level review process.

10.6 Information security

10.6.1

Logical security tools and techniques are implemented, configured and administered to enable restriction of access to programs, data, networks and other information resources.

10.6.1.1 Security policies and procedures have been established to provide overall direction for and implementation of information security including references to the data protection act.

10.6.1.2 Review of user profiles is performed regularly with the applicable area of the business, and unnecessary access is removed. The IT security administrator is informed of any changes in position.

10.6.1.3 Systems require that passwords are updated by users on a regular basis. All system passwords are alphanumeric, and required to be



10 of a specified length.

10.6.1.4 Systems require that each user must change his or her password at least once every three months

10.6.1.5 After a defined period of inactivity, including no background processing or executing, individual production system user sessions must either time-out or initiate screen lockout using password-protected screen savers.

10.6.1.6 User IDs for staff, consultants and vendors must be disabled after a maximum 90 days of inactivity and deleted after 100 days of inactivity.

10.6.1.7 User IDs associated with a password must be disabled after a maximum of five consecutive, invalid sign-on or failed login attempts. The User ID should not be reset until after the cause of disabling has been addressed.

10.6.1.8 System admin access is only granted to appropriate officers. This access is periodically reviewed, approved and changed as required.

10.6.1.9 Standard Firewall configurations are documented, and only approved members of staff can change them. Firewall configuration parameters should be checked by an independent person on a monthly basis. Changes to firewall configuration should be governed by change control procedures.

10.6.1.10 IT is informed of all company joiners leavers and movements between departments, only appropriate action is taken to amend user access rights.

10.6.2

Physical access restrictions are implemented and administered to ensure that only authorised individuals have the ability to access or use information resources.

10.6.2.1 Physical controls are in place over computer rooms and servers. Management approval is required before access is granted.

10.6.2.2 IT assets of significant value are tagged to ensure their traceability, and prevent misappropriation.

10.6.3

The entity’s programs, data, and other information resources are protected from viruses.

10.6.3.1 Anti virus software is loaded on all computers and on any computer that is allowed to connect to the entity's network. Such software is configured to scan for viruses whenever downloading data or programs, opening a data file or executing a program. Compliance with this policy is monitored.

10.6.3.2 Virus scan results are reviewed regularly and appropriate actions are taken to resolve issues identified.

10.6.3.3 Virus-infected computers are removed from the network until they



10 are verified as virus-free by an appropriate member of IT personnel.

10.6.3.4 Guidance is issued to personnel detailing practical measures to avoid the infection of IT resources by viruses.

10.6.4

Software is only loaded on the entity’s computer systems and/or used in accordance with licensing agreements and IT Policies and Procedures.

10.6.4.1 An inventory is maintained of installed software held, along with licences for all software used. Software loaded on all computers is periodically compared to an inventory of licensed software. If unlicensed software is found, licenses are obtained or software removed.

10.7 Business continuity planning

10.7.1

In the event of a disaster, essential business processes and information systems can be recovered timely.

10.7.1.1 An enterprise-wide business continuity plan has been prepared for systems, people, workplace and business processes and has been approved by management, based on a business impact assessment. The plan is regularly tested and updated to reflect the results of such tests.

10.7.1.2 Back-ups are taken regularly and protected off-site in an environmentally secured location.· Disaster recover plans are documented and are periodically tested and updated.

10.7.1.3 On-going readability of backup and retained data is tested periodically through restoration or other methods.

10.7.1.4 Change control processes should explicitly consider the impact of changes on disaster recovery and business continuity planning.



10 10.8 Database implementation and support

10.8.1

The data structure, as defined in the database management system (or its equivalent) is appropriately implemented and functions in accordance with IT policy and procedures

10.8.1.1 All systems are fully documented, documentation for databases and database management systems is available, and used when installing and maintaining databases.

New data structures and modifications to data structures are tested. Test plans should include the following, as appropriate;






10.8.2

All necessary modifications to the existing data structure are implemented timely.

10.8.2.1 User and other requests for modifications to data structures including upgrades and fixes released by suppliers are approved by management and implemented if consistent with information systems’ plans and management’s intentions.

10.8.3

Modifications to the existing data structure are appropriately implemented and the modified data structure functions in accordance with IT Policies and Procedures.

10.8.3.1 Modifications to data structures are tested in accordance with test plans that include, as appropriate, interface testing, parallel testing, capacity testing, and user acceptance testing.

10.9 Network support

10.9.1

Formal network strategy is in place and signed off by IT and Business Management

10.9.1.1 Management approves acquisition of network and communications software and systems in order to ensure that such purchases and developments are consistent with the organisation’s system plans and strategies.



10 10.9.2

Formal network change control policy and procedures are in place.

10.9.2.1 New network and communication software and modifications to network and communication software are tested in accordance with test plans that include, as appropriate, system and unit testing, interface testing, parallel testing, capacity testing, and user acceptance testing.

10.9.3

Network and communication software is maintainable and supportable.

10.9.3.1 Formal agreement(s) to obtain application or technical support from outside contractors and/or software suppliers are in place to ensure availability of such support. Management monitors compliance with these agreements, and takes appropriate action as required.

10.9.4

All necessary modifications to existing network and communications software are implemented timely.

10.9.4.1 User and other requests for modifications to network infrastructure and communications software including upgrades and fixes released by suppliers are approved by management and implemented if consistent with information systems’ plans and management’s intentions.

10.9.4.2 Access required to make modifications to existing network and communications software is appropriately restricted.

10.9.5

Modifications to existing network and communications software are appropriately implemented and modified network and communications software function in accordance with IT Policies and Procedures.

10.9.5.1 Modifications to network and communication software are tested. Test plans should include the following, as appropriate;






10.9.5.2 Network traffic is regularly monitored in accordance with IT Policies and Procedures, appropriate action is taken if required.



10 10.10 Systems software support

10.10.1

New systems software acquired and version control maintenance is in accordance with IT Policies and Procedures.

10.10.1.1 Management approves acquisition of computer system software in order to ensure that such purchases and developments are consistent with the organisation’s system plans and strategies.

10.10.2

New systems software is appropriately implemented and functions in accordance with IT Policies and Procedures.

10.10.2.1 New systems software and modifications to systems software are tested in accordance with test plans that include, as appropriate,



• Parallel testing capacity testing; and


10.10.3

Systems software is maintainable and supportable.

10.10.3.1 The entity has formal agreement(s) to obtain application or technical support from outside contractors and/or software suppliers to ensure availability of such support. Management monitors compliance with these agreements, and takes appropriate action.

10.10.3.2 Current documentation for systems software is available and used when installing and/or maintaining the software.

10.10.4

All necessary modifications to existing systems software are implemented timely

10.10.4.1 User and other requests for modifications to systems software including upgrades and fixes released by suppliers are approved by management and implemented if consistent with information systems’ plans and management’s intentions.

10.10.4.2 Access required to make modifications to existing systems software is appropriately restricted.

10.10.5

Modifications to existing systems software are appropriately implemented and modified systems software functions in accordance with IT Policies and Procedures.

10.10.5.1 New systems software and modifications to systems software are tested. Test plans should include the following, as appropriate;



10 • System and unit testing;





10.10.5.2 Formal change control process in place for modifications to system software.

10.11 Hardware support

10.11.1

Hardware acquisition process is in place in accordance with IT Policies and Procedures.

10.11.1.1 A documented strategy exists for IT Hardware acquisitions

Management approves acquisition of IT hardware in order to ensure that such purchases and developments are consistent with the organisation’s system plans and strategies.

10.11.1.2 A full inventory of IT assets is held, and updated to reflect all disposals and acquisitions. (See fixed assets section)

10.11.1.3 Formal hardware architecture is in place and monitored by management. Full documentation of systems exists existence of up to date documentation is periodically tested.

10.11.2

New computer hardware is appropriately implemented and functions consistent in accordance with IT Policies and Procedures.

10.11.2.1 New hardware and modifications to hardware are tested. Test plans should include the following, as appropriate;

• system and unit testing;

• interface testing;

• parallel testing;

• capacity testing; and


10.11.3

IT Hardware is maintainable and supportable

10.11.3.1 The entity has formal agreement(s) to obtain technical or application support from outside contractors and/or software vendors to ensure availability of such support. Management monitors compliance with these agreements.



10 10.11.4

Necessary modifications and/or additions to computer hardware are implemented timely.

10.11.4.1 Management reviews systems performance reports and monitors that adequate action is taken upon identification of inefficient performance, and formulate and implement solutions.


11. Legal and Statutory Approval Version control Approved by: Andrew Martin, Group Finance Director,

DATE October 2007

Version 2.0

Section contents

Application of controls 1 11.1 General 2 11.2 Legal services 2 11.3 Claims and litigation 3 11.4 Directors’ duties 3 11.5 Trading licenses 4 11.6 Intellectual property 4 11.7 Contract bonds, letters of credit and parental guarantee 5





Operating companies / countries


Units N/A

notes

Additional applicable controls relating to legal and statutory obligations are contained within individual business cycles.

Legal and Statutory, page 2 of 5


11 11.1 General

11.1.1

Legal processes are clearly defined and communicated

11.1.1.1 Documented policies and procedures are in place for the legal functions. These include:

• Entering into contractual arrangements – including global contracts with suppliers or customers

• Provision of legal services

• Monitoring and recording of claims and litigation

• Directors’ duties

• Trading licences

• Intellectual property (trademarks, patents etc)


11.1.1.2 Roles and responsibilities within the legal functions are well defined.

11.1.2

Systems for capturing legal data are appropriately controlled.

11.1.2.1 Systems for capturing data related to trademarks, patents, trade names and logos and trading licences are managed and controlled in line with the ‘General Computer Controls’ section 10.

11.2 Legal services

11.2.1

Processes for providing legal guidance are well defined and performed in line with company policies and procedures.

11.2.1.1 Policies and procedures defining situations / processes requiring legal guidance are documented and communicated across the business.

11.2.1.2 The legal function adequately monitors changes in legislation / government regulation and communicates changes to relevant management across the business. Responsibility for implementing changes in legislation / government is allocated to appropriate management. The legal function monitors the implementation of any significant changes.



11

11.3 Claims and litigation

11.3.1

Relevant accounting information for legal claims is accurately reported to appropriate departments.

11.3.1.1 Appropriate legal personnel supervise the recording and handling of claims and litigation.

11.3.1.2 Processes are in place to ensure that relevant accounting information for claims is communicated to appropriate individuals and is accurately recorded.

11.3.2

Contingent liabilities or disclosures are recorded in accordance with company policies and procedures and applicable accounting standards.

11.3.2.1 Appropriate management periodically monitors and evaluates individual legal cases (including health and safety cases) to identify any contingent liabilities or disclosures to be recorded in the financial statements.

11.3.3

Legal fees paid represent services received and are recorded in the appropriate period.

11.3.3.1 Legal invoices for services received are authorised and approved by appropriate management in line with Group Approvals Manual.

11.3.3.2 Actual legal expenditures are compared to expectations; appropriate management reviews and approves significant variances. All commitments are properly reflected in the financial statements.

11.4 Directors’ duties

11.4.1

Directors and other officers of the company are aware of and understand the fiduciary duties applicable to their role.

11.4.1.1 Legal provides regular update bulletins to directors setting out the legal and fiduciary duties incumbent on their roles.

11.4.1.2 On appointment, directors are required to complete a return to acknowledge the fiduciary duties incumbent on their role.

11.4.2



11 Appropriate insurance cover is available to directors and officers.

11.4.2.1 Group D&O insurance policy is in place. Compliance with this policy is monitored by management.

11.5 Trading licenses

11.5.1

All proper trading licenses required to trade are held, and are current.

11.5.1.1 Management reviews trading activities, and consults with legal as required, in order to comply with all specific trading license requirements; liquor licences, planning consents, registered offices.

11.6 Intellectual property

11.6.1

Policies and procedures surrounding intellectual property are clearly defined and communicated.

11.6.1.1 Documented policies and procedures are in place for the Group surrounding trademarks & brands including the business strategy for use of intellectual property, contract and reporting requirements.

These policies and procedures are periodically reviewed and updated where required and are communicated to all relevant personnel.

11.6.2

All company held intellectual property (Patents, Trademarks, Trade names and logos) are protected

11.6.2.1 Management should consult with legal as required to ensure that all intellectual property relating to the Compass brand benefit from appropriate legal protection.

11.6.3

Policies and procedures surrounding intellectual property are clearly defined and communicated.

11.6.3.1 Documented policies and procedures are in place for the Group surrounding trademarks & brands including the business strategy for use of intellectual property, contract and reporting requirements.

These policies and procedures are periodically reviewed and updated



11 where required and are communicated to all relevant personnel.

11.6.4

Brand information systems are appropriately controlled.

11.6.4.1 Brand information systems are managed and controlled in line with ‘General Computer Controls’ section 10.

11.6.5

Brand information is appropriately identified, captured and reported.

11.6.5.1 Brand owners are identified and appropriate contracts are in place (internal and external) these contracts are reviewed by management and legal. Terms and conditions within all contracts are monitored regularly to ensure compliance. Any exceptions are dealt with on a timely basis.

11.6.5.2 All intellectual property (trademarks and brands) information collected is reviewed by Group management and reported by Group and brand owners as required on a timely basis.

11.7 Contract bonds, letters of credit and parental guarantee

11.7.1

Processes around contract bonds, letters of credit and parental guarantees are clearly defined.

11.7.1.1 Policies and procedures are defined for situations when bonds, letters of credit and parental guarantees should be applied. Specific approvals are required in line with Group Approvals Manual.

Management monitors compliance with policies.


12. Insurance and Security Approval Version control Approved by: Andrew Martin, Group Finance Director

DATE October 2007

Version 2.0

Section contents


12.1 Physical security of premises 2

12.2 Insurance 3







Units N/A

Note:

Additional appropriate controls surrounding insurance and security are contained within individual business cycles.

Insurance and Security, page 2 of 3


12 12.1 Physical security of premises

12.1.1

Company assets and employees are safeguarded

12.1.1.1 Where appropriate physical access to Compass sites is regulated. Consideration should be given to employing CCTV, swipe access, on-door security staff and photo identification.

12.1.2

Sensitive information is held securely.

12.1.2.1 All sensitive information is kept securely within buildings. A clear desk policy should be implemented, and appropriately communicated to personnel. Physical copies of sensitive information are kept locked and access is restricted to appropriate personnel.

12.1.2.2 Provision is made for the secure disposal of sensitive documents. Consideration should be given to the use of document shredders, lockable secure disposal bins.

12.1.2.3 Appropriate references and background checks are performed on any personnel (e.g. cleaning staff) granted out of hours access to areas where sensitive documents are retained. Where such services are provided by a third party contractor, the engagement of the contractor should be conditional on the performance of these checks. (Ref HR & Payroll section).

12.1.2.4 Consideration is given to risk of information access from outside building – optical, listening, bluetooth, wireless networks.

12.1.2.5 Policies and procedures exist to address the risk of unauthorised access to company information. Compliance with these policies and procedures is monitored.

Notes

See section 3 on security of fixed assets and section 10 on IT security.

Insurance and Security, page 3 of 3


12 12.2 Insurance

12.2.1

Adequate insurance cover protects the entity’s assets and other potential claims.

12.2.1.1 Insurance coverage and requirements are periodically reviewed. Changes to insurance coverage are made in line with the entity needs identified, subject to appropriate cover being available and at an agreed premium. All changes to coverage are approved by management.

12.2.1.2 The entity carries adequate insurance cover in respect of claims brought against it by its employees or third parties.

12.2.1.3 Management carries out regular reviews of the entity’s working practices and work places to mitigate and/or prevent such claims.

12.2.1.4 Management performs regular review of the entity’s compliance with the terms and conditions of insurance policies.

12.2.2

Insurance claims are properly recorded based on the amount for which recovery is probable.

12.2.2.1 Finance management obtains details of accounts receivable from insurance claims and ensures that the amount considered probable of recovery is properly recorded in accordance with Group Accounting Policies and Procedures.


13. Safety Health and Environment Approval Version control Approved by: Andrew Martin, Group Finance Director DATE

October 2007 Version 2.0

Section contents


13.1 General 2

13.2 Health & safety 3

13.3 Food safety 4

13.4 Environment 5




Group should provide guidance to divisions on the operation of these controls.

Divisions All controls are applied by divisions.

Divisions should provide guidance on the operation of these controls to operating companies / countries.

Operating companies / Countries

All controls should be applied by appropriate operating company personnel.

Operating companies / company personnel should provide guidance Units on the operation of these controls.

Units Unit personnel should perform controls.

Safety Health and Environment, page 2 of 6


13

13.1 General

13.1.1

Health & Safety, Food Safety and Environmental policies and procedures are clearly defined and communicated.

13.1.1.1 Documented policies and procedures are in place for the business to operate within to ensure local legislative requirements are being adhered to, including:

• Health and safety

• Food safety

• Environment

These policies and procedures are periodically reviewed and updated where required and are communicated to all relevant personnel.

13.1.1.2 A process exists to monitor, interpret and implement changes in health and safety, food safety and environmental legislation. These changes in legislation are incorporated into existing policies and procedures and communicated to appropriate personnel timely. This will normally be through a Health and Safety Committee. Minutes of meetings are maintained and made available to all staff.

13.1.1.3 Roles and responsibilities are clearly defined within the appropriate support function to ensure that the operating businesses are aware of, and kept up to date with, the current legislative requirements.

13.1.1.4 Roles and responsibilities are clearly defined by all levels of management to ensure that policies and procedures are applied.

13.1.1.5 Training is provided over required health and safety, food standards and environmental policies, procedures and legislation. Completion of training by required personnel is monitored and followed up as appropriate. This includes training for new employees, required training for employees moving between functions and training based on any changes in legislation. Records kept are reviewed by management for gaps.

13.1.1.6 Compliance with health and safety, food standards and environmental procedures are incorporated into the all management level personnel’s performance objectives. Suitable action is taken where required standards are not met, including disciplinary action where appropriate.



13 13.1.2.

Health & Safety, Food Safety and Environmental information systems are appropriately controlled.

13.1.2.1 Health & Safety, Food Safety and Environmental information systems are managed and controlled in line with ‘General Computer Controls’ section 10.

13.1.3.

Health & Safety, Food Safety and Environmental compliance checks are carried out and reports produced by management as evidence of compliance.

13.1.3.1 Health & Safety, Food Safety and Environmental compliance checking processes are in place to ensure that Policies & Procedures are being adhered to. Follow-up reports are produced where weaknesses have been highlighted.

Notes

Control 13.1.1.1

Group Safety Health and Environment Forum (SHEF) advise Group on SHE Policy and continuously update in line with best practice and current legislation. SHEF advise Group on how policy should be effectively applied

13.2 Health & safety

13.2.1

Heath & safety policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.2.1.1 Initial work place Health and Safety assessments are carried out by management prior to operating in new business. These include assessments for the Health Safety and Welfare of our people. Sign off required by Compass and Client (where appropriate).

13.2.1.2

Ongoing assessment of risk is performed by qualified staff in conjunction with the client (where appropriate) to establish continuous Health & Safety improvement programmes.

13.2.1.3 Suitable welfare facilities are provided for all employees. Management periodically review these facilities in line with Health and Safety Policy.

13.2.1.4 All employees are expected to fully comply with Health and Safety Policy.

All employees are provided with training commensurate with



13 their duties and based on best practice and in line with Health and Safety Policy. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Health and Safety Policy.

Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.2.1.5 Staff are not required to undertake duties that they are not competent to perform.

13.2.1.6 Employees can either communicate their concerns through their employee representatives or use the “speak up” service or on any matter, which they think affects their or their co-workers’ health, safety, welfare or well-being. Staff are positively encouraged to communicate their concerns. Employee concerns are reviewed by the Health & Safety committee and appropriate action taken.

13.2.1.7 Regular reviews, independent audits and management visits are carried out to ensure Health & Safety standard are maintained or improved. Performance is reported and recorded.

13.2.1.8 The business records all accidents and incidents and reports these internally and externally in accordance with Health and Safety policy. Management reviews are regularly undertaken to ensure all accidents and incidents are investigated properly. The outputs of such investigations are shared in a “Lessons Learnt” format.

13.3 Food safety

13.3.1

Food safety policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.3.1.1 All employees are expected to fully comply with Food Safety Policy.

All employees are provided with training commensurate with their duties and based on best practice and in line with Food Safety Policy. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Food Safety Policy. Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.3.1.2 All employees can communicate their concerns relating to food safety through their employee representatives or use the “speak



13 up” service. Staff are positively encouraged to communicate their concerns. Employee concerns are reviewed and appropriate action taken..

13.3.1.3 A programme of independent food safety audits is carried out to monitor compliance with Food Safety Policy. All allegations regarding food safety are thoroughly investigated and logged in accordance with Food Safety Policy. Management carry out spot checks to ensure audits are carried out in line with Food Safety Policy

13.3.1.4 Defined policies and procedures are in place to establish authenticity and upward/downward traceability to enable that food emergencies and recalls can be expedited as effectively as possible.

13.3.1.5 Defined polices and procedures exist for the inspecting of food vendors for quality and safety, against defined criteria, before approval is made. Performance of inspection and results are documented and any issues reported to management. Occasional checks of vendors are performed and reviewed to ensure that standards are maintained.

13.4 Environment

13.4.1

Environmental policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.4.1.1 Management support and apply recommendations contained in the environmental management documents in respect of:

• Pollution Prevention

• Waste Management

• Energy Efficiency

• Recycling and the use of recycled material

13.4.1.2 All employees are expected to fully comply with Environmental Policies and Procedures.

All employees are provided with training commensurate with their duties and based on best practice and in line with Environmental Policies and Procedures. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Environmental Policies and Procedures. Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.4.1.3 Where appropriate suppliers are made aware of and expected to



13 comply with our Environmental Policies and Procedures.

13.4.1.4 All employees are provided with arrangements for them and their representatives to communicate and raise concerns about the environment. Such arrangements will include appropriate reporting procedures and a system to log all incidents.

13.4.1.5 A programme of independent environmental audits is carried out to monitor compliance of Environment Policy. Management carry out spot checks to ensure audits are carried out in line with Environment Policy.

13.4.1.6 A record of all environmental incidents is maintained, and reviewed by management.

Operations Controls, page 1 of 28


C C. Operations controls Approval Version Control Approved by: Andrew Martin, Group Finance Director,

DATE October 2007

Version 2.0

Overview

These controls have been extracted from the main contents section of the Internal Controls Manual for use by Units and Operating Companies / Countries.

Operations personnel covers Unit Management, Operational Management & HR Management

Section contents

Section

1. Revenue

2. Expenditure

4. Period Close

5. Stock

6. HR & Payroll

13. Health & Safety

Application of controls C. General 1.2 Contract initiation 1.3 Contract management and monitoring 1.4 Client and customer management 1.5 Pricing 1.6 Cash receipts (tills) 1.7 Cash receipts (vending) 1.8 Invoicing & revenue adjustments 1.9 Accounts receivable management 1.11 Client master file 2.4 Purchasing: consumables and food expenditure 2.5 Goods received and processing accounts payable 4.3 Cut-off procedures 5.2 Receipt and storage of stock 5.3 Stock management 5.4 Stock valuation 6.2 Recruitment 6.3 Managing employee career development and training 6.4 Terminating employees 6.6 Managing and processing Payroll 6.7 Recording time 6.9 Travel and expenditure 6.10 Loans 13.2 Health & Safety 13.3 Food Safety 13.4 Environment



C Application of controls


Group N/A


All relevant controls are applied by operating companies / countries.

Operating companies / countries should provide guidance on the operation of these controls to Units.

Units Unit personnel should perform all relevant controls.



C

C. General

C.1.1

Operational processes are defined and communicated.

C.1.1.1 Documented policies and procedures / defined processes are in place for operations that include:

• Contract and client management

• Turnover management

• Expenditure management

• Stock management

• Financial reporting

• Human resource management

• Health and safety management


C.1.1.2 Roles and responsibilities within operations are well defined. These roles allow appropriate segregation of duties.

C.1.2.

Systems that support operations are appropriately controlled.

C.1.2.1 Operations related systems are managed and controlled in line with ‘General Computer Controls’ section 10.



C

1. Revenue


1.2.8

Defined policies and procedures / processes exist for the handover and ‘mobilisation’ of contracts.

1.2.8.1 Documented policies and procedures / defined processes are in place for handover of contracts to operational management / teams for ‘mobilisation’.

These include handover of key information including copies of contracts, bid / tender documents, meeting notes information regarding special requirements and guidance on any staff to be taken on and assets to be recorded.


1.3.1

All contracts are effectively managed and monitored for compliance to agreed contract terms and conditions.

1.3.1.1 A member of the operations team is assigned to each contract entered into to ensure the client is managed effectively and appropriate services provided. Contracts are also reviewed and monitored on a regular basis against performance / services actually provided. Any issues are reported to management and resolved.

1.3.1.2 Actual revenue and margins from each contract are monitored against the contract budget on a regular basis. Variances are identified, investigated and appropriate action taken if necessary.

Any sales staff commission is reviewed and appropriate action taken in line with local policy if expected revenue targets are not being met. Changes to commissions are authorised by management.

1.3.1.3 Total contract risk is reviewed by management routinely to ensure the contract base is in line with expected and sustainable margins. Contracts are discussed, reviewed by management and exited if required.

1.3.2

Existing contracts are monitored to identify contracts up for renewal or re-bid.

1.3.2.1 At the end of the initial contractual period a formal review is



C undertaken to identify whether the contract requires renewal / re-bid and appropriate action is taken if necessary.

1.3.2.2 Contracts that are run on a rolling basis are regularly reviewed and appropriate action taken if not financially viable to retain.

1.3.3

Renewed contract terms and conditions are appropriately reviewed and authorised.

1.3.3.1 Changes made to existing contracts are subject to the evaluation and approval processes as outlined within local policy including appropriate legal and senior management review.

1.3.3.2 Updated contracts are authorised in writing by management and the customer to demonstrate acceptance of the updated terms and conditions. All documentation of acceptance is retained.

1.3.4

The status of expired contracts is changed to closed in all relevant systems timely.

1.3.4.1 The status of all expired contracts is changed to closed within the financial systems on a timely basis.


1.4.1

Customer / client service programmes are in place and satisfaction is monitored on a regular basis.

1.4.1.1 Policies and procedures / defined processes are in place to monitor client service and satisfaction. An escalation process is defined within these policies.

1.4.1.2 A customer / client service programme exists for all clients and is reviewed and updated on a regular basis. The programme is distributed to all customer service employees and client managers. Any changes to the programme or processes are communicated on a timely basis.

1.4.1.3 Customer / client satisfaction is measured and monitored on a regular basis and results communicated to relevant management and staff. Any follow up action required is performed on a timely basis.

1.4.1.4 Invoices queried by clients are followed up and discussed with clients where appropriate. Any necessary invoice or general ledger adjustments are made appropriately, if required. (See ‘Invoicing and Revenue Adjustments’ section).

1.5 Pricing



C 1.5.1

Sales reflect approved prices.

1.5.1.1 Sales are priced in line with contracts and defined pricing structures approved by Operating Company / Unit management. Price lists / menus are reviewed on a regular basis and any changes or amendments are appropriately authorised by management. Pricing on all invoices and transactions is independently checked by invoice periodically.

1.5.1.2 Any changes or amendments to prices are communicated to all necessary staff to ensure sales are reflective of new prices.

1.5.1.3 Any changes or amendments to prices are input into relevant systems accurately and on a timely basis.

1.5.1.4 Any price overrides at the transaction level are approved by the appropriate level of management prior to sale and recorded appropriately.

1.5.1.5 Management reviews recorded sales and gross margins and compares to budget regularly to identify any price discrepancies or unusual items. Any significant variances are investigated and resolved on a timely basis.

Notes

1.5.1.5 Target could be a simplified weekly P&L for each unit to react quickly to any deviation


1.6.1

Only authorised employees enter sales transactions. Point of Sale (POS) terminal access is appropriately restricted.

1.6.1.1 POS procedures have been developed and distributed to all trading outlets. Compliance with policies is monitored.

1.6.1.2 All POS terminals are physically protected either by employee unique ID or by lock and key.

1.6.1.3 All POS terminals are closed and emptied at least once a day.

1.6.2

In Unit sales are appropriately captured, recorded and reconciled for completeness.

1.6.2.1 All customer sales (cash and card), including any related vouchers, are recorded using a POS terminal/cash register.

1.6.2.2 Total daily takings (cash and card) are reconciled to POS terminal / register. Any variances are investigated and resolved and the



C reconciliation of cash is independently reviewed.

1.6.2.3 Sales recorded by Units in returns to Operating Companies / finance centres are reconciled to POS records and bank records to ensure all sales are recorded. Any variances are investigated and cleared.

1.6.2.4 Unit bank statements are reconciled to the general ledger regularly. (See Treasury Section)

1.6.2.5 Sales are reconciled to goods purchased and any reconciling items are investigated and cleared as appropriate. Management reviews and approves reconciliations.

1.6.3

Daily cash takings are appropriately safeguarded and banked.

1.6.3.1 Appropriate safety and security measures are in place to ensure staff members are not in danger and cash is secure.

1.6.3.2 Cash is banked regularly and cash takings not banked are held securely. Only authorised employees have access to safes or other secure locations.

1.6.4

In unit sales are reported on a timely basis.

1.6.4.1 All POS transactions are reported accurately to the finance centre in line with reporting timetables.


1.6.4.3 The cut-off policy for cash is applied consistently in all reporting to finance centres in accordance with Group timetables.

1.6.5

Cashless system balances are appropriately reconciled.

1.6.5.1 Reconciliations of cashless sales (individual customer cards / balances) to the overall net balance held at the unit are performed at least once a month. Variances identified are investigated and action taken if necessary.


1.7.1

Assets (both cash and stocks) within vending machines are safeguarded.

1.7.1.1 All vending machines, stock and cash are physically safeguarded through locks. Access to vending machine contents is restricted to authorised personnel.

1.7.2



C Cash is received for all sales made through vending machines, cash and sales are recorded appropriately and timely.

1.7.2.1 Defined procedures exist for collecting and safely securing and banking cash from vending machines. These procedures are communicated to all relevant personnel. Management monitors compliance with these procedures.

1.7.2.2 Sales from vending machines and cash collected are recorded on a timely basis and in line with the Group Accounting Policies & Procedures Manual.

1.7.2.3 Cash collected and banked is reconciled to vending machine ‘counter’ sales figures reported and value of stock consumed. Any variances are investigated and cleared.

1.7.2.4 Cut-off procedures are applied in line with Group Accounting Policies & Procedures.

1.7.2.5 Vending gross margins are periodically reviewed to determine whether appropriate sales / costs / cash receipts have been recorded and pricing within machines is appropriate. Any discrepancies are investigated and resolved on a timely basis.

1.8 Invoicing & revenue adjustments

1.8.1

All services provided are invoiced accurately in line with contracts and are recorded in the general ledger appropriately.

1.8.1.1 Invoices including contractually entitled discounts applied are automatically priced by the system based on approved contract terms and prices within the client master file (including management fees if relevant). Access to perform manual overrides of prices at the stage of invoice creation is restricted and any changes required to invoice amounts are authorised by management prior to issue. Sample checks of invoice prices are performed against contracts.

1.8.1.2 The calculation and application of tax amounts on invoices is automatically performed by relevant systems whose programming is regularly checked by tax professionals to ensure appropriate operation. Systems are maintained in line with ‘General Computer Controls’ section 10.

1.8.1.3 Where appropriate management fees are separately recorded on sales invoices in line with contract terms and conditions. Changes or amendments are appropriately authorised by management and the client.

1.8.1.4 The system automatically posts all invoiced amounts to the proper



C accounts in the general ledger.

1.8.2

All necessary invoices are issued.

1.8.2.1 Invoice generation timetables / frequency are maintained either within appropriate systems or manually. Invoices are generated based on required timetables / frequency (or adhoc for single projects) and relate to actual services provided.

All invoices are sequentially numbered by the system and accounted for on a regular basis to ensure completeness.

Any additional approved client orders or services provided outside of the client contract are recorded accurately within the general ledger and invoices raised and issued.

1.8.2.2 Invoices or elements thereof rejected by clients are reviewed by the client manager and are discussed with clients. Appropriate corrective action is taken where required and invoices are re-issued.

(See ‘Client and Customer Management’ section and Credit note section below).


1.8.3

All credit notes issued are approved, calculated accurately and are recorded within the correct accounting period.

1.8.3.1 A policy exists regarding criteria for issuing credit notes; compliance with this policy is monitored.

1.8.3.2 Credit notes are approved by authorised individuals and where appropriate, reconciled to supporting documentation or contract terms prior to issue.

1.8.3.3 Credit notes issued at, before or after period end are reviewed to ensure they are recorded in the correct accounting period.

1.8.3.4 All credit notes are sequentially numbered by the system and accounted for on a regular basis to ensure completeness.


1.9.1

Receipts from clients are applied to the correct client receivable account on a timely basis. Receipts are reviewed for appropriateness.

1.9.1.1 Receipts and remittance documents received are matched against specific client outstanding invoices. Discrepancies between payment amounts and outstanding balances are investigated and



C resolved in a timely manner.

1.9.1.2 Receipts that are not immediately applied to a client account are recorded (in an unapplied receipts account if applicable). The unapplied receipts account is reconciled on a monthly basis and unapplied receipts are investigated and cleared in a timely manner.

1.9.1.3 Deductions taken by clients are properly authorised. All unauthorised deductions are investigated and resolved in a timely manner.

1.9.2

Sales related accounts are regularly reconciled and analysed to ensure the general ledger captures all relevant financial information. Any reconciling items or exceptions are investigated and cleared on a timely basis.

1.9.2.1 The accounts receivable sub-ledger is reconciled to the general ledger on at least a monthly basis. Reconciling items are investigated and resolved on a timely basis. Management reviews and approves reconciliations.

1.9.2.2 Accrued and deferred revenue balances are reconciled and analysed on a routine basis to ensure appropriate accounting treatment is adhered to in line with Group Accounting Policies and Procedures Manual. Management reviews and approves reconciliations.

1.9.3

Recoverability of accounts receivable is reviewed on a regular basis and additional collection procedures applied if necessary.

1.9.3.1 Documented procedures exist and are applied to monitor and collect overdue debts (includes legal measures to be taken where necessary). This policy is communicated to all relevant personnel.

1.9.3.2 Management regularly reviews aged accounts receivable analysis, and client accounts that are regularly overdue to determine appropriate follow-up actions. Any balances requiring follow-up are identified and acted upon on a timely basis.

1.9.4

Reserves/provisions are established for doubtful/bad debts in accordance with local policy.

1.9.4.1 Accounts receivable for which collectability is deemed doubtful are provided for in line with local policy, applying guidance through Group Accounting Policies and Procedures Manual. Bad debts are written off in a timely manner following proper authorisation.

1.9.4.2 On a periodic basis, management compares the provision for doubtful accounts balance to the results of their review of the accounts receivable ageing. Adjustments to provisions for doubtful accounts are appropriately approved and recorded on a timely basis.



C 1.9.5

In Unit credit sales are only performed in line with defined policy.

1.9.5.1 Policies and procedures exist regarding credit sales in Units including when these can be performed and appropriate authorisation required for these sales.


1.11.1

Access to the client master file is appropriately restricted and maintenance access is segregated from transaction processing.

1.11.1.1 The ability to view and modify the client master file is restricted to only necessary and authorised personnel. These personnel do not have the ability to enter sales credit notes and / or accounting transactions.

1.11.1.2 Access rights are reviewed periodically by management, and access rights withdrawn where required.

1.11.2

All changes to the client master file are valid, approved and accurately input in a timely manner.

1.11.2.1 Changes to the client master file are approved by management and documentation supporting the change exists and is retained. All changes are made accurately and on a timely basis.

1.11.2.2 Change reports for the client master file are periodically reviewed against supporting documentation to ensure changes made are appropriate.

1.11.3

The client master file is reviewed by management.

1.11.3.1 Data within the client master file is regularly reviewed by management for accuracy and appropriateness. This includes review of client credit terms and discounts to highlight any non-standard terms. Any non-standard terms identified are investigated and resolved.

2. Expenditure

2.4 Purchasing: consumables and food expenditure

2.4.1

All purchases of consumables and food stocks are valid and appropriately



C authorised. A record of purchases made is retained.

2.4.1.1 Criteria for making purchases are clearly defined within the purchasing policies and procedures and communicated by management. All purchase requests should be recorded on an order sheet or appropriate alternative prior to order approval.

2.4.1.2 Purchase requests are reviewed and approved by an appropriate level of management prior to initiating a purchase. Management check that all purchases are approved products and from authorised suppliers.

All purchases should be made inside budget or authorised limits where appropriate. Higher level authority is required for all purchases that exceed budget or authorised limits and for non approved products.

2.4.1.3 Additional levels of approval are required for purchases from unauthorised suppliers. Approval limits are contained within purchasing policies and procedures, including specific limits for cash purchases.

2.4.1.4 Procurement cards used for consumables and food expenditure have set limits and restricted purchase categories. Procurement cards are approved by specific individuals to ensure that card users are appropriate.



Individuals responsible for reviewing actual expenditure to budget and performing margin analysis are independent of the functions responsible for initiating and approving purchases. Where segregation cannot be maintained, additional monitoring of expenditure, such as review by higher level management, is in place.

2.5 Goods received and processing accounts payable

2.5.1

All amounts posted to accounts payable represent valid goods or services received



C 2.5.1.1 Goods received are matched with the original order

documentation raised / purchase orders (where applicable) and delivery notes to confirm that the quantity of goods ordered agree to the quantity received. Appropriate action is taken for variances identified.

Delivery notes not matched to goods received (or other appropriate supporting documentation for services received) are investigated with the supplier concerned and resolved.

2.5.1.2 Goods received and delivery documents are agreed to invoice to confirm appropriate quantities received (and ordered as per 2.5.1.1) and appropriate prices are charged on invoices. Appropriate action is taken for variances identified.

2.5.1.3 Unmatched invoices (for example invoices for services) require specific management approval prior to being processed. Any unauthorised, unmatched invoices are reviewed and appropriate action taken.

2.5.1.4 Credit requests are consistently raised to reflect actual orders received when receipts do not match purchase orders; including overages, shortages and substitutions. Appropriate management monitors credit notes received against credit requests. Credit notes outstanding for long periods are investigated with the supplier.

2.5.1.5 Where applicable, invoices that cannot be matched by the system to an existing product or supplier code are placed on hold. Specific management approval is required to release these invoices.

Guidelines for the treatment of invoices on hold are contained within policies and procedures, including appropriate use of one-time product / supplier accounts and appropriate use of new product / supplier accounts. The application of these procedures and the use of one-time product / supplier accounts are monitored by appropriate management.

2.5.1.6 Access to create one-time product and supplier accounts is restricted to authorised individuals. Use of one time product or supplier accounts is restricted and appropriate authorisation is required for use of these accounts. One time product and supplier accounts are periodically reviewed for usage and any repeat usage is highlighted and appropriate action taken.

2.5.1.7 Prices included on invoices are checked (either manually or electronically) against an approved price list (or contract price) prior to authorisation.

2.5.2

Amounts posted to accounts payable are recorded in the proper accounting period.



C 2.5.2.1 Supplier invoices, goods received and credit notes received at,

before, or after the end of the accounting period are scrutinised and / reconciled to ensure complete and consistent recording in the appropriate accounting period.

2.5.2.2 Cost centre / unit management compares actual expenditure versus budget and margins for reasonableness and to ensure that expenditure is charged to the correct cost centre / unit code. Any significant variances are investigated and appropriate action taken.

2.5.2.3 Statements received from key suppliers are reconciled periodically to the supplier accounts in the accounts payable sub-ledger. All significant differences are investigated and resolved in a timely manner.

2.5.2.4 The general ledger accounts payable balance is reconciled to the accounts payable sub-ledger on a monthly basis and reviewed by appropriate management. All reconciling items are reviewed and corrected in a timely manner.

2.5.3

All credit notes and other adjustments to accounts payable are valid, approved and recorded in the appropriate period.

2.5.3.1 Management reviews and approves credit notes, adjustments and non-systematic debits (e.g., originating from sources other than a payments journal) prior to posting to accounts payable. Credit notes are matched to the credit note request, and where applicable pick-up notes, to ensure that credit received is accurate.

2.5.3.2 A periodic review of non-systematic debit balances is performed by appropriate personnel. Journals to clear debit balances require approval from appropriate management prior to posting.

2.5.4

All costs recorded in the period are properly classified in the appropriate financial statement account (i.e. Pre-payments, Accruals, Accounts Payables) based on payment date and the nature of the underlying expense.

2.5.4.1 Outstanding commitments, including goods receipt notes and unposted invoices, are reviewed at month end and accrued as appropriate.

2.5.4.2 On at least a monthly basis (and more frequently as required), reconciliations of prepaid expense and accrued expense accounts are performed and reviewed by management for accuracy.

2.5.5

Appropriate segregation of duties exists between the recording, approval and reconciliation functions related to accounts payable.



C 2.5.5.1 Individuals responsible for performing the physical receiving of

goods do not have access to record goods received or invoices. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.5.5.2 Individuals responsible for reconciling accounts payable sub-ledgers to supplier statements are independent of the purchasing, recording, receiving and payment functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

2.5.5.3 Purchase initiation, recording and approval functions are adequately segregated from payment initiation, payment and approval functions. A periodic review of user access rights is performed for appropriateness, and any necessary changes to access rights are performed on a timely basis.

4. Period Close

4.3 Cut-off procedures

4.3.1

Accounting period close is authorised, performed appropriately and timely.

4.3.1.4 Cut-off procedures are in place to ensure all transactions are included within the accounts completely. Management performs a review or spot check of cut off to determine whether this is performed appropriately.

5. Stock

5.2 Receipt and storage of stock

5.2.1

Stock receipt and storage processes are well defined and performed in line with statutory requirements and company policies. Stock is stored securely and in appropriate conditions.

5.2.1.1 Documented processes and procedures exist for storage of stock, including safeguarding of stock and storage in line with statutory requirements and company policy. Application of these procedures is monitored by appropriate management. Any exceptions to procedures are identified by this review and are promptly investigated and where appropriate, corrective actions are taken.



C 5.2.1.2 Stock is received into and stored in physically secure locations.

Receipt of stock is performed by authorised personnel.

5.2.1.3 Access to stock receiving systems is restricted to appropriate individuals. Access rights are periodically reviewed by management for appropriateness and changes to access made as required.

5.2.1.4 Stock is stored in appropriate conditioned locations in line with statutory requirements and company policy. Storage conditions are reviewed by management prior to usage and at regular intervals to ensure that they meet the specified criteria. Where applicable a review is equally applied to third party premises.

5.2.2

Goods are received against valid purchase requests. All goods received meet expected quality standards.

5.2.2.1 Receiving staff count and match goods received to purchase request records. Goods received without a corresponding purchase request record, or differences between quantity ordered and received, are queried with delivery personnel and adjustments agreed and recorded on delivery documentation.

Discrepancies are recorded on the delivery documents awaiting credit note / adjustment from the supplier.

5.2.2.2 Receiving staff inspect goods to identify damaged products and products falling below quality assurance standards. Only products passing quality inspection are used. Rejected products are adequately segregated from other products and queried with and removed by delivery personnel.

Discrepancies are agreed and recorded on delivery documentation awaiting credit note / adjustment from the supplier.

5.2.2.3 Where defective products are identified after delivery personnel have departed, contact is made with the supplier. A note is recorded on the delivery document awaiting credit note / adjustment from the supplier. Unit management operates a system to ensure all adjustments and credit notes awaited must be received from the supplier before payment is made.

5.2.2.4 Records of defective products received are forwarded to the appropriate purchasing monitoring team responsible for evaluating supplier performance. Relationships with consistently poor performing suppliers are monitored and action taken where appropriate.

5.3 Stock management



C 5.3.1

Costs are adequately monitored.

5.3.1.1 Where appropriate, documented and approved recipes are produced for all menu offerings and are communicated to relevant staff (e.g. chefs, Unit managers).

5.3.1.2 Management reviews actual costs based on day to day activities.

5.3.1.3 On at least a monthly basis (and more frequently as required) management performs a review of actual costs to budget. Unexpected variances are investigated and appropriate action is taken.

5.3.2

Processes for managing stock are well defined and in line with company policies.

5.3.2.1 Processes are in place to review the ageing of stock. Physical stock observations are performed at regular intervals to identify old / unusable stock. Old / unusable stock is adequately segregated and disposed of / written off in accordance with 5.3.3.2.

5.3.2.2 Stock is managed on a FIFO (first in first out) basis and in accordance with applicable local rules over health and safety and food safety. Appropriate personnel monitor the use of stock to ensure that stock is managed accordingly.

5.3.3

Wastage is monitored in accordance with locally set targets. Excessive write-offs are appropriately reviewed and authorised.

5.3.3.1 Quality checks of menu offerings and other products are performed as required and in accordance with policies and procedures and local statutory requirements. Any product deficiency to standards contained in policies and procedures and local statutory requirements is monitored.

5.3.3.2 Stock write-offs are authorised in line with documented local approval limits and, where applicable, Group Approvals Manual. Supporting documentation is provided for all write-offs to ensure that stock adjusted is accurate and appropriate.

5.3.3.3 Management periodically reviews the stock adjustments / write-offs to ensure that they are correctly accounted for and to identify any trends. Appropriate action is taken as required.

5.3.3.4 Stock policies and procedures contain clear guidelines for minimising wastage; including forecasting of usage and appropriate storage policies. Performance against guidelines is regularly reviewed and acted upon as required.

5.4 Stock valuation



C

5.4.1

Guidelines for valuation of stock are clearly defined within accounting policies and procedures and in accordance with applicable accounting standards. Valuations recorded are reviewed by management for accuracy and appropriate recording.

5.4.1.1 Accounting policies and procedures contain adequate guidelines for valuation of stock, including application of discounts and recording of costs. Application of these procedures is monitored by appropriate management. Any deviations from procedures require specific management approval.

5.4.1.2 Approved price lists are communicated to appropriate personnel across the business for the purpose of valuing stock. Management reviews values recorded for accuracy and appropriateness.

5.4.1.3 Access to post adjustments to stock (price, quantity) is restricted to authorised individuals. Appropriate management reviews and approves all adjustments prior to posting.

Access to post adjustments is periodically reviewed for appropriateness and changes to access made where appropriate.

5.4.1.4 On at least a monthly basis (and more frequently as required), physical stock counts are performed and stock figures reported as required. Any damaged or unusable stock identified during counts is appropriately segregated and reported to accounting. Any adjustments required are made to stock figures by appropriate personnel.

Where practical to do so physical stock counts are performed by persons independent of day-to-day custody or recording of stock (and without access to stock records). Stock adjustments are performed by personnel independent from those performing stock counts and from those responsible for managing stock.

5.4.1.5 Periodic physical stock counts are performed for stock held by third parties. Counts are reconciled to stock records maintained by the third party with variances investigated and corrected in a timely manner. Any required adjustments are reviewed and approved by appropriate management.

6. HR & Payroll

6.2 Recruitment



C 6.2.1

Recruitment processes are well defined and performed in line with local statutory requirements and company policies.

Appropriate individuals are employed for roles in sensitive areas.

6.2.1.1 Documented selection criteria and processes exist for employee recruitment. HR or appropriate line management performs spot checks against these criteria to ensure the recruitment process is being performed appropriately.

6.2.1.2 Diversity hiring policies are in place and in line with statutory legislation and company requirements. Spot checks of new employees and applications rejected are performed to determine whether selection processes completed are in line with policy.

6.2.1.3 A documented list of all required checks (either by legislation or by company policy) to be performed on potential hires is retained, regularly reviewed and updated. This list is used and signed off when performing checks on new employees.

6.2.1.4 References are obtained and checked for all new employees, and where possible before an employee arrives on site.

Special clearances or appropriate additional vetting is carried out on new employees working in sensitive areas, such as with children or patients, working in high security areas such as airports, prisons and war zones or on defence contracts in line with applicable legislation and company policy. The same checks are carried out on existing employees transferring to these areas. Special vetting procedures are agreed with clients where particular security / other needs exist and are applied in all relevant cases.

Prospective employees are checked for criminal records within current legislation where appropriate.

All required legislative checks are performed prior to the individual arriving on site and performing the role. HR or appropriate line management performs a review and approval of all relevant checks to ensure they are all completed appropriately and that they are returned with a ‘positive’ result. All relevant checks are retained on employee file.

6.2.1.5 Standard contracts / contract templates, which have been approved by HR and the legal function in the relevant jurisdiction, are in place for new employees, contractors and consultants. All new employees, contractors and consultants enter into contracts. Any non-standard contracts or clauses are reviewed and approved by appropriate management and the legal function.

Spot checks are performed on new employee, contractors and consultants’ files to determine whether appropriately approved and signed contracts are in place and on file.



C 6.2.1.6 Unsuccessful applicants should be notified in accordance with

company policy.

6.2.2 All new employees are added to the payroll master file.

Additions to the payroll master file represent valid employees.

6.2.2.1 Management periodically reviews lists of current employees within its line of responsibility as held by HR and informs appropriate personnel of any necessary changes.

6.2.2.2 All new joiners, as employed by HR, are added to the payroll master file and are approved by management; such approvals are in line with existing policies and procedures. Required changes to payroll are appropriately approved. All additions and amendments to the payroll master file are entered into the file by an authorised individual and then independently agreed to approved supporting documentation to ensure they have been entered accurately and timely.

6.2.2.3 Assets provided to the employee / contractor as part of their employment are in line with company policy and signed for by the employee / contractor.

Notes

Controls 6.2.1.1, 6.2.1.2, 6.2.1.3, 6.2.1.5, 6.2.1.6

Apply also to existing employees who transfer or promoted from other positions.

Control 6.2.1.2

Diversity hiring policies also include adherence to ethical standards i.e. non employment of under age persons, below minimum wage etc.

Control 6.2.1.3

This activity requires that a document listing all checks that must be performed when hiring a new employee is maintained. This is to ensure that all relevant checks – either due to statutory requirements, checks required by company policy or clients are listed and referred to when hiring or transferring an employee to ensure that they are all actually completed.

Control 6.2.2.3

This activity requires appropriate allocation of assets such as Company Car, Laptop Computer, Mobile Phone, Uniforms, and Procurement Cards etc inline with employee grade. These need prior approval from HR and appropriate line management

Control 6.2.1.5



C In addition to contracts, employees should be issued with a handbook covering company policy that applies to them e.g. Business Principles, Code of Conduct, Health Safety and Environment etc..


6.3.1

Defined employee performance review processes exist.

6.3.1.1 Defined employee performance rating criteria exist. Performance reviews and increases or decreases in salary are conducted against these criteria.

Management reviews and approves changes to salary to confirm whether they are in line with these criteria.

6.3.1.2 An annual review /appraisal process is completed and documented for all required employees and objectives and bonus criteria are set where appropriate. HR or appropriate line management monitors whether an annual review / appraisal has occurred for all required employees by collating and retaining all annual review documents. HR or appropriate line management reviews a sample of forms to determine whether they are completed appropriately.

Changes to the payroll master file are approved and forwarded for processing.

6.3.1.3 Training and development requirements are identified in the annual review / appraisal process. A plan is put in place ensure appropriate training and development is delivered.

6.3.2

Employee turnover is minimised.

6.3.2.1 Defined employee management and remuneration policies and procedures exist. These include measures to retain key employees including benchmarking remuneration, training and development.

Application of these policies is monitored by HR.

6.3.2.2 Employee turnover is monitored and analysed to determine reasons for loss of personnel. Results of employee feedback such as satisfaction surveys and exit interviews are investigated to determine whether employee management policy is being appropriately implemented.

6.3.2.3 Key employees are identified by HR / management with succession plans put in place for key personnel. These succession plans are approved by operational management / functional support management and HR.



C


6.4.1

Removals to the payroll master file are valid

6.4.1.1 All removals from the payroll master file are approved by an appropriate level of management and forwarded for processing. Such approvals are in line with existing policies and procedures. The master file data is periodically reviewed to ensure that leavers have been removed from the payroll.

6.4.2

Appropriate leaver requirements are completed timely and in line with company policy and local statutory requirements.

6.4.2.1 A ‘leavers’ checklist is in place to ensure all required steps are completed and ‘signed off’ by management prior to an employee leaving the company.

This checklist includes:

• Performing exit interviews

• Checking of any outstanding loans prior to an employee leaving

• Removal of IT and building security access

• Any statutory or union requirements

• Checking for return of company assets that have been used as part of their employment

This checklist is periodically reviewed and updated by management.

6.4.2.2 Exit interviews are performed for all categories of leavers specified within Company Policy. This information is reviewed and collated and any issues identified are acted upon.

6.4.2.3 Payroll perform a check of any outstanding loans prior to an employee leaving, these are requested to be repaid prior to an employee leaving or are recovered from the final payroll subject to any local legal restrictions.

6.4.2.4 HR or appropriate line management informs IT and security of any leavers. All access to systems and buildings are removed, Compass identification cards are obtained by security.

6.4.2.5 Compliance with employee termination policies and procedures, including compliance with statutory regulation and union requirements, is monitored by management.



C 6.4.2.6 HR perform a check to ensure the return of company assets used

by the employee during their employment e.g. Company Car, Laptop Computer, Mobile Phone, Uniforms, Procurement Cards etc.

Notes

Control 6.4.2.1

This activity requires that a document defining all activities that must be performed when an employee leaves the company is maintained. This is to ensure that all required activities, such as removing both physical and IT access are completed, to try to mitigate the risk of an ex-employee returning to the company and performing any inappropriate actions.

Control 6.4.2.2 Where it is impractical to perform exit interviews for ALL staff, Company Policy must state which categories must be included as mandatory and those that are discretionary.

6.6 Managing and processing Payroll

6.6.1

Payroll disbursements are appropriate and reflect actual employee remuneration to be received.

6.6.1.1 A clearly defined process is in place to notify payroll of starters, leavers, pay reviews, bonuses etc and for amendments to be appropriately made and controlled.

6.6.1.2 Benefits in kind are reported to HR / payroll personnel so that they are recorded and taxed in line with statutory legislation.

6.6.1.3 Payroll calculations, including salary, any bonus/commission calculations or cash benefits are approved by appropriate level of management, in line with policies and procedures.

6.6.1.4 Payroll reports detailing total compensation, related income taxes, and other withholdings as well as hourly salaries and overtime worked along with previous month’s net pay for comparison are reviewed and approved by management prior to payment.

6.6.1.5 Payroll payments are appropriately approved by management and approvals are in line with local policies.

Employees sign off for any cash received as proof of payment.

6.7 Recording time



C

6.7.1

Payroll disbursements represent actual time charged.

6.7.1.1 Hourly salary reports and overtime reports are reviewed and approved by management based on actual attendance records, and where appropriate and practical to do so prior to payment.

Notes

Control 6.7.1.1

Where remuneration is paid by the hour or overtime is paid this time recorded should be approved by management to ensure that disbursements made are appropriate i.e. for actual hours worked.


6.9.1

Travel and expenditure are appropriately managed

6.9.1.1 A documented travel and expenditure policy exists, is periodically reviewed and updated and communicated to relevant personnel.

Travel and expenditure policy is reviewed by appropriate management / local tax function to ensure policy does not create any tax exposure that isn’t appropriately managed.

6.9.2

Travel and expenditure claims are approved and supported.

6.9.2.1 Travel and expenditure claims are supported by receipts in line with policy. All expense claims are reviewed and appropriately authorised.

6.9.2.2 The claim payments list is reviewed for unusual items and a sample of expense claims is checked to receipts and claim limits to determine whether they are appropriately claimed prior to payment being made.

6.10 Loans



C 6.11.1

Data relating to employees, contractors or consultants is appropriately controlled

6.11.1.1 Any paper copy personal information held on file in respect of employees, contractors or consultants is kept in a secure place and access is only gained by HR or appropriate line management. Storage, access and retention of all data – hard copy or electronic- should be in line with local data protection legislation, such as the Data Protection Act, and company policy.

13. Safety Health and Environment

13.2 Health & Safety

13.2.1

Heath & safety policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.2.1.1 Initial work place Health and Safety assessments are carried out by management prior to operating in new business. These include assessments for the Health Safety and Welfare of our people. Sign off required by Compass and Client (where appropriate).

13.2.1.2

Ongoing assessment of risk is performed by qualified staff in conjunction with the client (where appropriate) to establish continuous Health & Safety improvement programmes.

13.2.1.3 Suitable welfare facilities are provided for all employees. Management periodically review these facilities in line with Health and Safety Policy.

13.2.1.4 All employees are expected to fully comply with Health and Safety Policy.

All employees are provided with training commensurate with their duties and based on best practice and in line with Health and Safety Policy. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Health and Safety Policy.

Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.2.1.5 Staff are not required to undertake duties that they are not competent to perform.



C 13.2.1.6 Employees can either communicate their concerns through their

employee representatives or use the “speak up” service or on any matter, which they think affects their or their co-workers’ health, safety, welfare or well-being. Staff are positively encouraged to communicate their concerns. Employee concerns are reviewed by the Health & Safety committee and appropriate action taken.

13.2.1.7 Regular reviews, independent audits and management visits are carried out to ensure Health & Safety standard are maintained or improved. Performance is reported and recorded.

13.2.1.8 The business records all accidents and incidents and reports these internally and externally in accordance with Health and Safety policy. Management reviews are regularly undertaken to ensure all accidents and incidents are investigated properly. The outputs of such investigations are shared in a “Lessons Learnt” format.

13.3 Food Safety

13.3.1

Food safety policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.3.1.1 All employees are expected to fully comply with Food Safety Policy.

All employees are provided with training commensurate with their duties and based on best practice and in line with Food Safety Policy. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Food Safety Policy. Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.3.1.2 All employees can communicate their concerns relating to food safety through their employee representatives or use the “speak up” service. Staff are positively encouraged to communicate their concerns. Employee concerns are reviewed and appropriate action taken..

13.3.1.3 A programme of independent food safety audits is carried out to monitor compliance with Food Safety Policy. All allegations regarding food safety are thoroughly investigated and logged in accordance with Food Safety Policy. Management carry out spot checks to ensure audits are carried out in line with Food Safety Policy



C 13.3.1.4 Defined policies and procedures are in place to establish

authenticity and upward/downward traceability to enable that food emergencies and recalls can be expedited as effectively as possible.

13.3.1.5 Defined polices and procedures exist for the inspecting of food vendors for quality and safety, against defined criteria, before approval is made. Performance of inspection and results are documented and any issues reported to management. Occasional checks of vendors are performed and reviewed to ensure that standards are maintained.

13.4 Environment

13.4.1

Environmental policies and procedures have been defined in line with local statutory requirements and company policies which incorporate best practice. These policies and procedures are implemented and this implementation is monitored to ensure compliance.

13.4.1.1 Management support and apply recommendations contained in the environmental management documents in respect of:

• Pollution Prevention

• Waste Management

• Energy Efficiency

• Recycling and the use of recycled material

13.4.1.2 All employees are expected to fully comply with Environmental Policies and Procedures.

All employees are provided with training commensurate with their duties and based on best practice and in line with Environmental Policies and Procedures. Management provides such training in a timely manner. Employees sign their records to confirm awareness of and compliance with Environmental Policies and Procedures. Management monitors all training records on a regular basis to acknowledge employee attendance at training.

13.4.1.3 Where appropriate suppliers are made aware of and expected to comply with our Environmental Policies and Procedures.

13.4.1.4 All employees are provided with arrangements for them and their representatives to communicate and raise concerns about the environment. Such arrangements will include appropriate reporting procedures and a system to log all incidents.

13.4.1.5 A programme of independent environmental audits is carried out to monitor compliance of Environment Policy. Management carry out spot checks to ensure audits are carried out in line with Environment Policy.



C 13.4.1.6 A record of all environmental incidents is maintained, and

reviewed by management.

Compass Group PLC Internal Controls...

Documents

Transcript of Compass Group PLC Internal Controls...