WPP operates a system of internal control, which is maintained and reviewed in accordance with the Combined Code and the guidance in the Turnbull Report as well as Rules 13a-14 and 15 of the Securities Exchange Act 1934. In the opinion of the Board, the Company has complied throughout the year with the Turnbull Report and has also complied with the relevant provisions of the Securities Exchange Act 1934.
The Board (which receives advice from the Audit Committee) has overall responsibility for the system of internal control and risk management in the Group and has reviewed the effectiveness of the system during the year. In the context of the scope and complexity of this system, the Board can only give reasonable, not absolute, assurance against material misstatement or loss. The system of controls is designed to manage, but may not eliminate, the risks of failure to achieve WPP's objectives. For certain joint ventures and associates, WPP operates controls over the inclusion of their financial data but places reliance upon the systems of internal control operating within our partners' infrastructure and the obligations upon partners' boards relating to the effectiveness of their own systems.
The principal elements of internal control are described below.
The quality and competence of our people, their integrity, ethics and behaviour are all vital to the maintenance of the Group's system of internal control.
The Code of Business Conduct (which is regularly reviewed by the Audit Committee and the Board) sets out the principal obligations of all employees. Directors and senior executives throughout the Group are required each year to sign this Code. The WPP Policy Book (which also is regularly updated) includes the Code of Business Conduct and human resource practices as well as guidance on practices in many operational areas. Breaches or alleged breaches of this Code of Conduct are investigated by the director of internal audit and the Group chief counsel.
Furthermore, the Group has an independently operated helpline, Right to Speak, for the reporting of issues that employees feel unable to raise locally. A number of issues have been raised during 2007 through this helpline, all of which have been investigated and reported to the Audit Committee.
Risk monitoring of all of the Group's operations throughout the world is given the highest priority by the Group chief executive, the Group finance director, the chairman of the Audit Committee and the Board, as it is essential to the creation and protection of share owner value and the development of the careers of our people. The Board realises that WPP is a service company and its ongoing prosperity depends on being able to continue to provide a quality service to its existing and potential clients in a creative, efficient and economic way.
At each Board meeting, the Group chief executive presents a Brand Check review of each of the business' operations, including a monitor of risk, providing feedback on the business risks and details of any change in the risk profile since the last Board meeting.
The Brand Check covers such issues as:
- political instability in an important market;
- the possibility of the loss or win of major business (eg as a result of a change of senior management at a major client);
- loss of a key executive of the Group;
- introduction of new legislation in an important market;
- corporate responsibility; and
- changes in accounting or corporate governance practice.
Each operating group undertakes monthly and quarterly procedures and day-to-day management activities to review their operations and business risks. These are formally communicated to the Group chief executive, other executive directors and senior executives in quarterly review meetings and, in turn, to the Board.
The Board is firmly of the opinion that the monitoring of risk is strongly embedded in the culture of the Company and of the operating companies, in a manner which the Board considers goes beyond the Turnbull recommendations and the requirements of Rules 13a-14 and 15 of the Securities Exchange Act 1934.
Control activities and monitoring
Policies and procedures for all operating companies are set out and communicated in the WPP Policy Book, internal control bulletins and accounting guidelines. The application of these policies and procedures is monitored within the individual businesses and by the Company's director of internal audit and the Group chief counsel.
Operating companies are required to maintain and update documentation of their internal controls and processes. This documentation incorporates an analysis of business risks, detailed control activities and monitoring, together with controls over security of data and the provision of timely and reliable information to management. IT and financial controls are also included.
The internal audit department carried out reviews and testing of the documentation and the relevant controls for a majority of the Group during 2007, the results of which were reported to the Audit Committee.
Each operating company annually updates a three-year strategic plan which incorporates financial objectives. These are reviewed by the parent company's management and are agreed with the chief executive of the relevant operating company.
The Group operates a rigorous procedure for the development of operating company budgets which build up the Group's budget. During the final quarter of each financial year, operating companies prepare detailed budgets for the following year for review by the parent company. The Group's budget is reviewed by the Board before being adopted formally. Operating company results are reported monthly and are reviewed locally, regionally and globally by the business groups and by Group management on a consolidated basis and ultimately by the Board. The results are compared to budget and the previous year, with full-year forecasts prepared and updated quarterly throughout the year. The Company reports to share owners four times a year.
At each year-end, all operating companies supply their full-year financial results with such additional information as is appropriate. This information is consolidated to allow the Group to present the necessary disclosures for International Financial Reporting Standards (IFRS) including International Accounting Standards (IAS).
The Disclosure Committee gives further assurance that publicly-released information, including this Annual Report, is free from material omission or misstatement.