This information is taken from the 2023 Indivior Annual Report and Accounts.
The Committee acknowledges its duty to assist the Board to fulfill its responsibilities for the Group’s risk management and internal control systems, including the adequacy and effectiveness of the control environment, internal control over financial reporting, and the Group’s compliance with the Code.
During the year, all business areas prepared annual operating plans and budgets. These are regularly reviewed and updated as necessary. Performance against budget is monitored centrally and is discussed at Committee and Board meetings. The cash position of the Group is monitored daily by the treasury function.
Clear policy guidelines are in place for capital expenditure and investment decisions. These include budget preparation, appraisal, and review procedures and delegated authority levels.
Effective controls ensure the Group’s exposure to avoidable risk is minimized, and the Committee is cognizant of the material controls within the Group, including, among other things, that proper accounting records are maintained, financial information used within all business areas is reliable and up-to-date, and the financial reporting processes comply with relevant regulatory reporting requirements.
Internal control systems are in place in relation to the Group’s financial reporting processes for preparation of consolidated accounts. Accordingly, the Committee confirms that there is a process for identifying, evaluating, and managing the risks faced by the Group and the operational effectiveness and monitoring of related controls, all of which have been in place for the year under review and up to the date of approval of the Annual Report and Accounts. The Committee also confirms that it has regularly monitored the effectiveness of risk management and internal control.
This encompasses policies and procedures that relate to the maintenance of records, which accurately and fairly reflect transactions, provide reasonable assurance that transactions are recorded as necessary to permit the preparation of financial statements, require representatives of the Group to certify that their reported information gives a true and fair view of the state of affairs of the business and its results for the period, and review and reconcile reported data. The Senior Vice President-Group Controller regularly updates the Committee on the Group’s internal control over financial reporting.
The Committee, having regard to the above referenced controls coupled with support from Indivior Audit Services, is of the view that the Group has an effective system of internal control. The additional U.S. listing exposes the Group’s internal control environment to an enhanced audit regime in future years. The Committee is cognizant of the increasing level of detail in documenting control procedures, in particular relating to the definition and precision of certain controls, including entity level controls, management review procedures, and oversight of external specialists. The Committee will continue to monitor sufficiency of the control environment to meet regulatory requirements.
Control processes are designed to manage, rather than eliminate, the risk of assets being unprotected and guard against their unauthorized use, culminating in the failure to achieve business objectives. Internal controls provide reasonable and not total assurance against material misstatement or loss.
The Group’s Enterprise Risk Management process is designed to identify, assess, manage, report, and monitor risks and opportunities that may impact the achievement of the Group’s strategy, objectives, and future success. This includes adjusting the risk profile in line with the Group’s risk tolerances to respond to new threats and opportunities.
To fulfill its duties, the Committee reviewed:
- medium- and longer-term strategic plans, reports on key operational issues, tax, treasury, risk management, and Indivior Audit Services reports;
- presentations from the Chief Information & Innovation Officer outlining the Group’s approach to IT and cybersecurity;
- reports from Indivior Audit Services at each scheduled Committee meeting covering key audit areas and any deficiencies in the control environment covering internal financial control, operational, IT, and risk management;
- reports from management on the oversight and progress of ongoing work to ensure all aspects of financial reporting are compliant with the requirements of differing regulatory regimes; and
- the external auditor’s reports to the Committee.
Accordingly, the Committee confirms its oversight of the process for identifying, evaluating and managing risks faced by the Group and the operational effectiveness of the appropriate controls, all of which have been in place throughout the year and up to the date of approval of the 2023 Annual Report and Accounts. The Committee considered whether any matter required disclosure as a significant failing or weakness in internal control during the year; no such matters were identified.