Internal control
The Directors have responsibility for the system of internal control that covers all aspects of the business. In recognition of that responsibility, the Directors set policies and seek regular assurance that the system of internal control is operating effectively. Strategic, commercial, operational and financial areas are all within the scope of these activities which also include identifying, evaluating and managing the related risks.
The Directors acknowledge their responsibility for the system of internal control. However, the Directors are aware that such a system cannot totally eliminate risks and thus there can never be an absolute assurance against the Group failing to achieve its objectives or a material loss arising.
The key elements of the system may be described as the control environment, and this is represented by the following:
- The key business objectives are clearly specified at all levels within the Group;
- "Purpose and Values", a framework for our strategic intent, and "Our Business Principles", a set of guidelines on legal compliance and ethical behaviour, are distributed throughout the Group;
- The organisation structure is set out with full details of reporting lines and accountabilities and appropriate limits of authority for different processes;
- Procedures to ensure compliance with external regulations;
- The network of disclosure review committees which exists throughout the Group (described below);
- Procedures to learn from control failures and to drive continuous improvement in control effectiveness;
- A wide range of corporate policies deal, amongst other things, with control issues for corporate governance, management accounting, financial reporting, project appraisal, environment, health and safety, information technology, and risk management generally;
- Individual business units operate on the basis of multi-year contracts with monthly reports on performance and regular dialogues with Group senior management on progress;
- On an annual basis the CEC, Audit Committee and then the Board consider and agree the major risks facing the business and these risks are used to focus and prioritise risk management, control and compliance activities across the organization. The key risks facing the Group are summarised in the Description of Business;
- Various internal assurance departments, including Group Audit, carry out regular reviews of the effectiveness of risk management, control and compliance processes and report their findings to the business unit involved as well as to Group management and the Audit Committee; and
- The Audit Committee approves plans for control selfassessment activities by business units and regions as well as the annual Group Audit activity plan. The Committee also deals with significant issues raised by internal assurance departments or the external auditor.
The management of all forms of business risk continues to be an important part of ensuring that we continue to create and protect value for our shareowners. The processes involved call for the identification of specific risks that could affect the business, the assessment of those risks in terms of their potential impact and the likelihood of those risks materialising. Decisions are then taken as to the most appropriate method of managing them. These may include regular monitoring, investment of additional resources, transfer to third parties via insurance or hedging agreements and contingency planning. For insurance, there is a comprehensive global programme which utilises an internal captive structure for lower level risks and the external market only for cover on major losses. Hedging activities relate to financial and commodity risks and these are managed by the Group Treasury and Procurement departments with external cover for the net Group exposures.
All business units are required to regularly review their principal business risks and related strategies (i.e. the chosen management methods). The internal assurance departments and other Group functions report on any further business risks evident at a regional, global or corporate level. Regional and global status reports assessing the extent to which all major risks have been effectively mitigated are prepared every six months and are reviewed by the Audit Committee. A structure of central Group and regional risk and compliance committees came into operation from January 2007.
The Group also established in 2002 a network of disclosure review committees (DRC) throughout the organisation. The Group DRC, chaired by the Chief Legal Officer and comprising senior executives at and below Board level, reviews financial and trading statements and releases, and the verification process which underpins these. Meetings are attended by the Group's external auditors, and UK and US legal advisors. It ensures that such statements and releases are accurate and complete and comply with all relevant legislation and regulation. Each region and function is required to have its own DRC reporting to the Group DRC to ensure that interim and full year financial reporting is accurate and that all matters which may be material to the Group as a whole have been reported to the Board. The Group DRC reports its findings to the Audit Committee and through that Committee to the Board.
At the year end, the Group's only significant associate is Camelot, which is managed in line with its shareholder agreement.
The Group is subject to the requirements of the US Sarbanes- Oxley Act as a result of the listing of its American Depository Receipts (ADRs) on the New York Stock Exchange. Throughout 2006, progress has been made on the evaluation of controls and their enhancement where necessary to comply with section 404 of that Act. Testing of these controls will be completed prior to the filing of the Company's Form 20-F with the US SEC in early April, and a report on compliance with this legislation will be made in that document.
On 20 February 2006, Cadbury Schweppes plc acquired a majority holding of Cadbury Nigeria, a listed entity in which the Group previously had been a minority investor and which it had treated as an associate for accounting purposes. Subsequently significant mis-statements of Cadbury Nigeria's balance sheet and profit and loss account were identified. Following an investigation, management ascertained that these irregularities dated back over a number of years and comprised inappropriate recognition of revenue, overvaluation of assets (including working capital balances and fixed assets) and the undervaluation of liabilities. These accounting mis-statements have been corrected in the consolidated financial statements of Cadbury Schweppes plc in 2006. The adjustment has been recorded within the associate line as the irregularities occurred in the period in which Cadbury Nigeria was treated as an associate. Consequently the Group has recognised a non- Underlying charge of £23 million reflecting its share of the adjustments. Both the former CEO and CFO of Cadbury Nigeria have now left the business. The CEO has been replaced with a former Cadbury Schweppes General Manager who has extensive operational experience in Africa and the CFO with an experienced Cadbury Schweppes Finance Director.
The Group is performing a full review of the financial processes, systems and people capabilities in place at Cadbury Nigeria and anticipates further changes will be made in 2007. Our Group Internal Audit will also separately perform full audit reviews of the business in 2007.
Other than in relation to Nigeria, the Board's review of the system of internal control has not identified any failings or weaknesses which it has determined to be significant, and therefore no remedial actions are necessary. Accordingly, the Directors confirm that in compliance with principle C.2 of the Combined Code, the system of internal control for the year ended 31 December 2006 and the period up to 9 March 2007 has been reviewed in line with the criteria set out in the Turnbull guidance currently applicable.
Sir John Sunderland
Chairman
9 March 2007