Audit, risk and internal control


The Company engages external auditors to audit the Group’s annual financial statements.

The Company also has an internal audit function to act as the third line of defence in ensuring the effectiveness of the Company’s system of internal controls.


The Board is responsible for the effective management of Group risk, including by:

  • Considering and approving the Group’s risk appetite;
  • Reviewing the Group’s principal risks and approving the Group’s principal risk register; and
  • Reviewing the Group’s emerging risks and approving  the Group’s emerging risk register.

Please see here for the Group’s management of risk

Internal control

The Company has a system of internal control which is based on a three lines of defence model which is comprised of a number of features as illustrated by the diagram in the next download.

Download our System of internal control 

Audit Committee

The Audit Committee is responsible for reviewing the effectiveness of external and internal audit, management of risk and the system of internal control. More information about the Audit Committee can be found on our Committees page.

Corporate Governance