Summary of principal activities

  • Reviews of the following:
    • Tax strategy
    • Annual financial statements for FY17 and interim results for FY18
    • Internal controls and the process for the identification and mitigation of principal risks
    • The plan to address the requirement to report on Payment Practices and to address the new corporate offence of facilitating tax evasion
  • External Auditor
    • Annual reviews of policy on use of auditors for non audit work
    • Policy on rotation of external auditor revised
    • Review of findings from the FRC Audit Quality Review team's review of the FY17 audit which required "limited improvements" in three areas
    • Since the year end, approval of the full year annual financial statements for FY18, and approval of the new statutory audit partner for the FY19 audit onwards
  • Annual review of the business controls framework and committee terms of reference completed
  • Internal Audit/Compliance
    • Further progress made in plan to develop a more formal internal audit function, including appointment of a Group Assurance Manager
    • Internal Audit reviews of payment controls, supplier compliance with stock routines, offshore consolidation warehouses, colleague discounts, and processes in place with our major supplier of made-to-measure blinds
    • Further improvements made to provide assurance in respect of risk controls and mitigations, and to align to internal audit activity
    • Oversight of plan to secure compliance with the General Data Protection Regulation (GDPR)

 

This report provides details of the role of the Audit and Risk Committee and the work it has undertaken during the year and at its meeting in September 2018 when this annual report and financial statements were approved.

Principal duties

The principal duties of the Committee are to:

  • Oversee the integrity of the group's financial statements and public announcements relating to financial performance
  • Hold the relationship with the external auditor and oversee the external audit process
  • Establish formal and transparent arrangements for considering how they should apply the corporate reporting, risk management and internal control principles
  • Oversee the internal audit process
  • Monitor the effectiveness of financial controls and the process for identifying and managing risk throughout the group
  • Monitor the financial reporting process and submit recommendations
  • Monitor the statutory audit of the annual report and financial statements
  • Review and monitor the external auditor's independence and the provision of additional services

The full terms of reference for the Committee can be found on the Group's website, www.dunelm.com. These terms were last reviewed by the Committee in June 2018.

The Committee has approved a policy which allows employees to raise legitimate concerns in confidence without fear of discrimination, including access to an independent whistleblowing helpline. A copy of our policy is available on our corporate website https://corporate.dunelm.com. During the year, the Committee received reports detailing the calls made to the helpline.

Committee membership

The following Directors served on the Committee during the year:

NameFrom:To:
Liz Doherty (Chair)1 May 2013To date
William Reeve1 July 2015To date
Peter Ruis10 Sept 2015To date
Rachel Osborne1 April 201828 August 2018
Simon Emeny25 June 200721 Nov 2017

The Company Secretary acts as secretary to the Committee.

The Chief Executive Officer, Chief Financial Officer and the Chairman of the Board usually attend meetings by invitation, along with a representative from the external auditor. Other Directors attend by invitation as required.

The Board considers that I have recent and relevant financial experience to chair the Committee, by virtue of my professional qualification and my previous executive roles, including as Chief Financial Officer of Reckitt Benckiser Group plc. Members of the Committee can also demonstrate a breadth of experience across the retail and consumer goods sector through their current and previous roles – please see the Directors' biographies for full details.

Committee activities in 2017/18

Four meetings were held in the year and members' attendance was as shown in the table below.

NameMeetings attended
Liz Doherty4/4
Simon Emeny2/2
William Reeve4/4
Peter Ruis4/4
Rachel Osborne1/1

The Committee also met in September 2018.

The activities of the Committee included:

Routine items

  • Approval of the full year results issued in September 2017 and the half year results issued in February 2018
  • Review of the process for identifying and managing risk and a full review of the principal risks and how they are managed in September 2017, and a mid year review in February 2018
  • Verification of the independence of the auditor and approval of the scope of the audit plan and the audit fee
  • Review of fraud and Bribery Act controls and cyber security, which are standing agenda items for each meeting
  • Receipt of internal audit reports (see below)
  • Approval of the annual Audit and Risk Committee report
  • Review of whether the FY17 and FY18 annual reports are 'fair, balanced and understandable'
  • Annual review of business control framework and committee terms of reference
  • Formal review of auditor performance
  • Formal review of Committee effectiveness

Specific topics

  • Approval of Tax Strategy
  • Consideration of the plans to address the requirements of the General Data Protection Regulation and the duty to report on Payment Practices
  • Internal audit reviews of payment controls risk, supplier compliance with stock routines, offshore consolidation warehouses, colleague discounts, and processes in place with our major supplier of made-to-measure blinds

Committee effectiveness

At its meeting in June 2018, the Committee carried out a review of its own effectiveness, using a checklist prepared by one of the major accounting firms. The conclusion was that the Committee is functioning well, broadly in accordance with regulatory and "best practice" requirements, and provides appropriate assurance to the Board.

Significant areas of judgement

Within its terms of reference, the Committee monitors the integrity of the annual and interim reports, including a review of the significant financial reporting issues and judgements contained in them.

At its meetings in September 2017 and 2018, the Committee reviewed a comprehensive paper prepared by the Chief Financial Officer, which analysed the Group's results for the financial year; highlighted matters arising in the preparation of the Group financial statements; and provided information to support the Directors' viability and going concern statements. The Committee also considered a paper prepared by the external auditor, which included significant reporting and accounting matters.

The major accounting issues discussed by the Committee in September 2018 in relation to the FY18 Annual Report and Accounts were as follows:

Provisions for inventory

The Committee considered the approach taken by management and assessed available evidence. Particular attention was given to reviewing the provision for obsolete, slow-moving or discontinued inventories including the utilisation of provisions reported in prior periods. The Committee concluded that the values recorded in the financial statements are appropriate.

Exceptional items

The Committee considered the requirement to identify, measure and disclose exceptional items, and concluded that the approach taken and the values reported in the financial statements are appropriate.

Fair, balanced and understandable

At the request of the Board, the Committee also considered whether the annual report and financial statements as a whole are "fair, balanced and understandable". Factors taken into account included:

  • Does the narrative of the Business Review and Financial Review fairly reflect the performance of the Group over the period reported on
  • Are the narrative sections consistent with each other, and with the financial statements
  • Is the connection between strategy and remuneration clearly described
  • Can readers easily identify key events that happened during the year
  • Committee members received the draft annual report in advance and had the opportunity to make comments in advance of the formal meeting at which the report was tabled for approval

Following its review, the Committee confirmed to the Board that in its view the FY18 annual report was fair, balanced and understandable.

External auditor

The report and financial statements were audited by PricewaterhouseCoopers LLP, following that firm's appointment as statutory auditor in January 2014. Mark Smith has been the audit partner since the firm's appointment. The audit partner for the FY19 audit onwards will be Mark Skedgel.

PricewaterhouseCoopers LLP attended the Committee meetings in September and October 2017, February, June and September 2018. The Committee also met privately with them during the September meetings, and as Chair of the Committee I had dialogue with the audit partner on a number of occasions.

Audit effectiveness

It is the responsibility of the Audit and Risk Committee to assess the effectiveness of the external audit process.

The Chief Financial Officer and his team presented their review of the FY17 audit in February 2018. This covered a number of aspects including:

  • The quality of reports provided to the Committee and the Board and the quality of advice given
  • The level of understanding demonstrated by the audit team of the Group's businesses and the retail sector
  • The objectivity of the external auditor's views on the controls around the Group and the robustness of challenge and findings on areas which required management judgement
  • The findings from the FRC's annual inspection of auditors published in May 2017

The conclusion was that the audit had been effective and that no significant issues had been highlighted; this was endorsed by the Committee.

The FY17 audit was also reviewed by the Financial Reporting Council's Audit Quality Review team as part of their routine sampling activity. Their assessment was that "limited improvements" were required in three specific areas. A summary of their recommendations and the actions that PricewaterhouseCoopers have agreed to take as a result were discussed by the Committee in June, and we agreed that none of the findings were significant.

Auditor appointment for FY18

It is the Committee's responsibility to make recommendations to the Board in relation to the appointment, reappointment and removal of the external auditor, and to agree the audit fee.

In February 2018, the external auditor presented their strategy for the 2017/18 audit to the Committee. The Committee reviewed and agreed with the external auditor's assessment of risk. The Committee also reviewed and agreed the audit approach and the approach to assessing materiality for the Group.

The fee proposed by PricewaterhouseCoopers LLP for the statutory audit of the Group and Company financial statements and the audit of Group subsidiaries pursuant to legislation was £120,000.

Taking into account the review of the FY17 audit and the proposed plan and fee, the Committee agreed that PricewaterhouseCoopers LLP be reappointed as auditor for the FY18 audit for the fee proposed. Resolutions to reappoint PricewaterhouseCoopers LLP as auditor and to authorise the Directors to agree their remuneration will be put to shareholders at the AGM.

Use of auditors for non-audit work

The Committee is aware that the use of audit firms for non-audit work is a sensitive issue for investors and corporate governance analysts, as it could potentially give rise to a conflict of interest.

Following the issue of the EU Audit Directive in June 2016, we reviewed our policy on the use of auditors for non-audit work in September 2016. The full policy is available on our website, www.dunelm.com, but in summary from FY17:

  • Fees for non-audit services provided by the statutory auditor in any year may not exceed 70% of the average fees for the Group statutory audit in the three previous years
  • The auditor is prohibited from providing certain non-audit services, including: almost all tax work; internal audit; corporate finance; involvement in management activities, including working capital and cash management and the provision of financial information
  • The external auditor may not be engaged to provide any non-audit services without the agreement of the Audit and Risk Committee Chair

During the period we paid PricewaterhouseCoopers LLP £135,000, of which £15,000 was for their review of the interim financial statements (considered to be a non-audit service). No other non-audit services were provided by the external auditor. Fees paid to PricewaterhouseCoopers LLP for audit work were £120,000.

Auditor rotation

In June 2018 we updated our Auditor Rotation policy to bring it into line with the current EU Audit Directive. This means that we will tender the audit at least every 10 years (previously 5); we will change auditor at least every 20 years (no change); and we will invite at least one firm outside the 'Big Four' to participate (no change). The latest date for the next tender will therefore be for the 23/24 audit. A competitive tender is in the best interests of shareholders.

In accordance with relevant ethical standards, the PricewaterhouseCoopers LLP audit partner (Mark Smith) will rotate after the FY18 audit, and the new partner Mark Skedgel will be responsible for the FY19 audit onwards.

I can confirm that the Company has complied with The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Tender Processes and Audit Committee Responsibilities) Order 2014 during the financial year.

Risk management

The Committee is responsible for assessing the scope and effectiveness of the systems established by management to identify, assess, manage and monitor financial and non-financial risks, and to consider the level of assurance.

The Committee carried out a formal risk review in September 2017 and February 2018. During the year, at the Committee's request, further work has been conducted by management to assign KPIs to all of the principal risks, to measure the impact of each risk, so as to better understand the mitigating actions necessary and how effective they are, and to align the Internal Audit programme more closely with the Risk Register. Further work on this is planned in FY19.

The Committee also asked for the register to include details of the assurance activities which assess the strength of mitigating factors in respect of principal risks.

Internal control framework

In 2015 the Committee adopted a formal internal control framework, covering the following areas: business ethics including anti-bribery controls; accountabilities; people management, including succession planning; development and alignment of incentives; risk management processes; internal financial control; crisis management; monitoring and reporting. Details of internal and external assurance are included. The framework and the controls in place are reviewed annually, the last review was in June 2018; no significant control weaknesses have been identified.

Viability statement and risk management

In September 2018, the Committee reviewed the viability statement given by the Board in this report and the process in place to support the assurance given and confirmed that it is appropriate and in compliance with regulatory requirements. This review took into account the principal risks facing the Group and the process by which they are managed by the Board and management.

Internal audit/external assurance

The Committee initiated a formalised programme in 2013 with activities conducted either by an internal team that is independent of the area under review, or by an external party, decided on a case-by-case basis. In either case, the review is conducted on behalf of the Committee and reports back to them.

In June 2017 the Committee adopted a plan to develop a more formal internal audit function by the end of the 2019 financial year, reflecting the increased complexity of the business. Following a review of the internal audit function's quality and expertise, at the beginning of the financial year a Group Assurance Manager with a financial accounting background was appointed. Her role is to conduct internal assurance activity which would previously have been outsourced, and to bring a more strategic approach to the department's activity.

At the Committee's suggestion, the Executive Board was involved in making recommendations for future topics to be addressed, in conjunction with the risk review process.

Reviews completed in the year are set out below:

Reviewed by
Payment controlsInternal Audit
Supplier compliance with stock routinesInternal Audit
Offshore consolidation warehousesInternal Audit
Colleague discountsInternal Audit
Blinds supplier complianceInternal Audit

Reports were discussed by the Committee and the Board and a remediation plan agreed by management to improve controls.

In addition, the Committee monitored progress against actions agreed following the reports received in the 2016–17 financial year from internal audit /external assurance providers and noted that these had been completed.

Cyber security and data protection/GDPR

Information security remains one of the most important risk areas and it is a standing Committee agenda item, as well as being one of the Board's principal risks, as outlined in the 'Risks and Uncertainties' section of this annual report. The coming into force of the General Data Protection Regulation in May 2018 has raised the profile and importance of managing personal data safely and lawfully, and has increased the severity of the consequences of a personal data breach. The Committee had oversight of the plan in place to secure compliance, and data protection is now considered alongside cyber security in general at every meeting.

The Committee noted that continued progress has been made over the year to strengthen controls over cyber and data security. A number of practices and systems considered "high risk" have been closed as part of the GDPR implementation plan, and training has been rolled out across the business to increase awareness. A risk treatment plan is in place to make further improvements during FY19. In addition, legacy Worldstores systems will be fully integrated during the coming financial year, which will further enhance security and integrity.

Approved by the Board on 12 September 2018.

Liz Doherty

Chair of the Audit and Risk Committee