The Board as a whole takes responsibility for management of risk throughout the business.

We believe that risk is best managed by a combination of the following:

  • Formal risk management processes as described in this report
  • The Board and senior management leading by example
  • Alignment through promoting colleague shareholding in Dunelm
  • Embedding our culture and values

Given the size of our Board and the relative lack of complexity in our business, we do not have a separate Board Risk Committee; our Audit and Risk Committee oversees the risk management process as part of its activities.

Risk management framework

The Board confirms that:

  • There is an ongoing process for identifying, evaluating and managing the principal risks faced by the Group;
  • The systems have been in place for the year under review and up to the date of approval of the annual report and financial statements;
  • They are regularly reviewed by the Board; and
  • The systems accord with the guidance to Audit Committees issued by the Financial Reporting Council dated April 2016.

The table below sets out how responsibility for risk management is allocated and how that responsibility is discharged:

BoardAudit and Risk CommitteeExecutive BoardCompany
Collective responsibility for managing riskOversees risk management processReviews principal risks

Members have responsibility for managing risk within their area of accountability
Ensures that the above process is adhered to
  • Formal review of principal risks twice annually – one of which is in connection with consideration of the viability statement (see further below)
  • Risk topics reviewed in depth through regular timetabled presentations or papers
  • Monitors KPIs through Board reports
  • Assesses the coverage and adequacy of independent assurance
  • Ensures Executive Directors have line responsibility for managing specific risks
  • Receives report on risk management process twice annually
  • Conducts formal reviews of principal risks twice annually – one of which is in connection with consideration of the viability statement (see further below)
  • Allocates resources for independent assurance reviews of selected risks
  • Selects and proposes topics for 'key risk' reviews by the Board
  • Conducts formal reviews of principal risks twice annually
  • Reviews risk topics through regular timetabled presentations or papers
  • Monitors KPIs through Executive Board reports
  • Delegates line responsibility for managing risk within their area of accountability to individual Executive Board members and reviews these formally twice a year
  • Conducts individual risk reviews with Executives
  • Maintains the risk register
  • Presents the outcome of the risk review to the Executive Board, the Audit and Risk Committee and the Group Board twice a year
  • Ensures that principal risk topics are scheduled for regular review by the Executive Board and the Group Board

Internal control and internal audit

The Board is responsible for the Group's system of internal control and for reviewing its effectiveness. The table below summarises the Group's system:

BoardAudit and Risk
Internal Audit
Audit Team
  • Collective responsibility for internal control
  • Formal list of matters reserved for decision by the Board
  • Control framework setting out responsibilities
  • Approval of key policies and procedures
  • Monitors performance
  • Oversees effectiveness of internal control process
  • Receives reports from external auditor
  • Approves independent assurance programme
  • Receives reports generated through the internal audit programme
  • Responsible for operating within the control framework
  • Reviews and monitors compliance with policies and procedures
  • Recommends changes to controls/policies where needed
  • Monitors performance
  • Provides assurance to the Audit and Risk Committee through independent reviews of agreed risk areas
  • Reviews compliance with certain key internal procedures in stores and at other locations

The Audit and Risk Committee has oversight of the system of internal controls and of the internal audit programme and receives the report of the external auditor following the annual statutory audit. For further details please see the Audit and Risk Committee report.

It should be noted that internal control systems such as this are designed to manage rather than eliminate the risk of failure to achieve business objectives and can provide only reasonable, and not absolute, assurance against material loss or accounting misstatement.

Although no significant control weaknesses have been identified as a result of the review, the Board agreed that the Audit and Risk Committee would continue to look at how it obtains assurance regarding the adequacy and operation of internal controls and to identify whether any further independent assurance is needed. Further progress was made in the year and we will continue to review this in conjunction with the development of our internal audit function.

Process for preparing consolidated financial statements

The Group has established internal control and risk management systems in relation to the process for preparing consolidated financial statements. The key features of these systems are:

  • Management regularly monitors and considers developments in accounting regulations and best practice in finance reporting and, where appropriate, reflects developments in the consolidated financial statements. The external auditor also keeps the Audit and Risk Committee appraised of these developments
  • The Audit and Risk Committee and the Board review the draft consolidated financial statements. The Audit and Risk Committee receives reports from management and the external auditor on significant judgements, changes in accounting policies, changes in accounting estimates and other pertinent matters relating to the consolidated financial statements
  • The full year financial statements are subject to external audit and the half year financial statements are reviewed by the external auditor