41061 Unite AR22 HI-RES WEB-READY - Flipbook - Page 125
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
OTHER INFORMATION
The Audit & Risk Committee considered the work of the
Executive through the year and has approved both the
Group’s Risk Management Framework, and the Group’s
assessment of its principal risks and uncertainties, as set
out on pages 79–87.
Overall, the conclusion of all audits was that there were
no significant issues and controls were well designed, but
noted there were some areas of improvement to be made
to maximise controls and operational efficiency, which
management is in the process of implementing.
Through these reviews, the Audit & Risk Committee
considered the risk management procedures within the
business and was satisfied that the key Group risks were
being appropriately managed.
External audit
The risk assessment flags the importance of the internal
control framework to manage risk and this forms a separate
area of review for the Audit & Risk Committee.
The Board also formally reviewed the Group’s principal risks
at two meetings during the year.
Internal controls
Led by the Group’s risk assessment process, we reviewed
the process by which the Group evaluated its control
environment. The Board has delegated responsibility to
Management for establishing effective risk management
and maintaining adequate internal controls, although the
board retain oversight responsibility. Internal controls
are designed to provide reasonable assurance regarding
(among other things) the reliability of financial reporting
and the preparation of the financial statements for external
reporting purposes. A comprehensive strategic planning,
budgeting and forecasting process is in place. Monthly
financial information and performance insight is reported
to the Board.
Internal audit
The Group used the internal Group Risk & Assurance team
for internal audit services through the year. The team
embedded third line of defence audits in our operations,
developing a framework of Operational Compliance Audits
for our rental properties. The property audits are designed
with a focus on safety and, where there are gaps identified,
action plans are developed and monitored. The results are
shared with our Customer Leadership Team to enable the
sharing of best practice and drive improvements across all
of our operations where themes are identified. In addition
to this, the team completed three other pieces of internal
audit work. The first was over compliance with UK Data
Protection regulations and the efficient operation of the
data protection team; the second was over the use and
management of video and voice recording equipment
in our rental properties (CCTV, Bodyworn Cameras
and SoloProtect (personal voice recording equipment
that is used when lone working)); the third was on the
management of asbestos in our student properties.
The effectiveness of the external audit process is facilitated
by appropriate audit risk identification at the start of the
audit cycle which we receive from Deloitte in a detailed
audit plan, identifying its assessment of these key risks.
For the 2022 financial year, the significant risks identified
were in relation to valuation of properties, classification
of joint ventures and management override. These focus
areas were discussed at the Audit & Risk Committee and
it was agreed that they should be the principal areas of
focus as they represent the areas with the greatest level of
judgement and materially impact the overall performance
of the Group. These risks are tracked through the year
and we challenged the work done by the auditor to test
management’s assumptions and estimates around
these areas.
We assess the effectiveness of the audit process in
addressing these matters through the reporting we receive
from Deloitte at both the half-year and year-end and
also reports from management on how these risks are
being addressed.
For the 2022 financial year, the Audit & Risk Committee
was satisfied that there had been appropriate focus and
challenge on the primary areas of audit risk and assessed
the quality of the audit process to be good. We hold private
meetings with the external auditor at each Audit & Risk
Committee meeting to provide additional opportunity
for open dialogue and feedback from the Audit & Risk
Committee and the auditor without management being
present. Matters typically discussed include:
•
The auditor’s assessment of business and financial
statement risks and management activity thereof.
•
The transparency and openness of interactions with
management, confirmation that there has been no
restriction in scope placed on them by management and
the independence of its audit.
•
How it has exercised professional scepticism.
I also meet with the external lead audit partner outside the
formal Audit & Risk Committee process.
123
