Mobile Navigation

Internal Control and Risk Management

The Board, with assistance from the Audit & Risk Committee, is responsible for reviewing and overseeing the effectiveness of Petra’s system of internal control and risk management processes, with other Board Committees providing an additional level of review and oversight.

Petra’s system of internal control can only provide reasonable and not absolute assurance against material misstatement or loss, as it is designed to manage rather than eliminate those risks that may affect the Company in achieving its business objectives. The UK Corporate Governance Code 2018 requires that the effectiveness of the system of internal control be reviewed by the Directors, at least annually, including financial, operational and risk management.  The adequacy and effectiveness of the Group’s internal control procedures and risk management systems are regularly reviewed by the Audit & Risk Committee through regular reports from the Group’s Internal Audit and Risk, Assurance & Compliance functions and through consideration of the external auditors’ Audit and Risk Committee reports and face-to-face discussions between the Audit Partner and the Audit & Risk Committee members, as well as, on occasion, ad hoc reports from external consultants.

Petra’s Risk, Assurance & Compliance function reviews, analyses and reports on risk on a continuous basis, including monitoring any emerging risks, and consolidates key risks and reports on these on a quarterly basis to the Executive Committee, which is responsible for risk management processes and systems, and drives a culture of individual risk owner and employee accountability in implementing these.  The Risk, Assurance & Compliance function also provides regular risk reports to the Audit & Risk Committee to enable that committee to review the effectiveness of Petra’s risk management processes.

Petra deploys the five lines of defense model to ensure better risk governance. A diagram that summarises how this model works is set out below. Risk governance refers to the actions, processes, and hierarchy by which authority is exercised and decisions are taken and implemented. Petra’s risk governance applies the principles of good governance to the identification, assessment, management and communication of risks.

For a more detailed description of Petra’s principal risks in FY 2022, including an outline of the description and the impact of each principal risk, an outline of mitigating actions taken and an outline of how such risks have developed and been managed in FY 2022, please click on the link below which is taken from pages 101 to 111 of Petra’s FY 2022 Annual Report:

Download the Group’s Principal Risks FY 2022

Download the Group’s ICT Overview