Annual Financial Report

Serco Group plc 2008 Annual Review and Accounts In compliance with paragraph 9.6.1 of the Listing Rules, Serco Group plc (the "Company") has today submitted to the UK Listing Authority two copies of each of the documents listed below: (a) Annual Review and Accounts 2008; (b) Annual Review and Summary Financial Statement 2008 (c) Notice of the 2009 Annual General Meeting (including the proposed amendments to the Company's articles of association for the purpose of DTR 6.1.2); and (d) Proxy form for the 2009 Annual General Meeting. Copies of the above documents will be available for inspection at the UK Listing Authority's Document Viewing Facility which is situated at: Financial Services Authority 25 The North Colonnade Canary Wharf London E14 5HS The documents are being sent to shareholders today. The Annual Review and Accounts 2008, the Annual Review and Summary Financial Statement 2008, Notice of the 2009 Annual General Meeting and the proposed revised articles of association may be viewed and downloaded on the Company's website at www.serco.com. In compliance with paragraph 6.3.5 of the Disclosure and Transparency Rules (DTR), a responsibility statement, a description of the principal risks and uncertainties and details of related party transactions are set out below in full unedited text. A condensed set of financial statements was included in the Company's 2008 final results announcement issued on 27 February 2009. References below to Financial Statements and the Directors' Report refer to those items in the Annual Review and Accounts 2008. For further information please contact Serco: T +44 (0) 1256 745 900 Charles King, Head of Investor Relations Dominic Cheetham, Director of Corporate Communications Directors' responsibilities Kevin Beeston - Chairman Christopher Hyman - Chief Executive Andrew Jenner - Finance Director Leonard Broese van Groenou - Non Executive Director Tom Corcoran - Non Executive Director Margaret, Baroness Ford of Cunninghame - Senior Independent Director David Richardson - Non Executive Director We confirm to the best of our knowledge: 1. the Financial Statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation taken as a whole; and 2. the management report, which is incorporated into the Directors' Report, includes a fair review of the development and performance of the business and the position of the Company and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties they face. Principal risks and uncertainties The Group has a well-established and embedded system of internal control, including financial, operational and compliance controls and risk management designed to safeguard shareholders' investments and the Group's assets and reputation. Whilst the Board has overall responsibility for the Group's system of internal control and for reviewing its effectiveness, it is the role of management to implement the policies on risk and control. The Group's risk management process identifies the key risks facing each business and the Group as a whole and reports to the Board on how those risks are being managed. These processes are reviewed regularly by the Board and conform to the requirements of the Combined Code. Such a system, however, can only be designed to mitigate, rather than eliminate, the risk of failure to achieve business objectives, and can only provide reasonable, and not absolute assurance, against misstatement or loss. The Board confirms that this process has been in place for the year under review and up to the date of approval of the Annual Review and Accounts. The Serco Management System (SMS) is the framework within which business divisions, operating companies and contracts implement processes and procedures that are appropriate to the business being undertaken. Divisional chief executives and business unit managers have the responsibility and authority to implement and monitor the system within their businesses. The SMS incorporates: the Group's vision and strategy; the core values and business principles that define the corporate behaviour of the organisation; the operating structure and roles and responsibilities of the principal elements of the organisation; and its core processes. Policy statements and standards As part of the SMS, the Board has authorised a set of policy statements, which are supported by standards, guidance and training material. An ethical standard defines the following principles that apply to all our business activities: - We will comply with the laws of the country in which business is being transacted - We will respect the rights of the individual - We will respect the traditions and culture of communities and protect the environment within which we operate - We will undertake our business activities in accordance with the highest standards of professionalism, integrity and honesty. These broad principles are further interpreted in respect of individual and corporate behaviours. A separate corporate responsibility standard defines the corporate responsibility programme that is implemented throughout the Group. The Group's risk management standard defines the processes required in the organisation to manage and mitigate threats to our business objectives. The risk management process is described in a risk management manual and a set of guidance notes covering specific aspects appropriate to particular business activities. An internally developed and supported risk database tool supports the risk management process at all levels of the business and is used to create the risk, opportunity, assumption and issue registers that support the decision-making processes. Risk registers are maintained at a contract, business unit, divisional and Group level and are reviewed at least quarterly and more frequently as required. During 2008, the risk management process has been incorporated into an over-arching resilience management framework that incorporates risk, security, business continuity and crisis management. The resilience management framework is supported by a set of top-level requirements, more detailed process descriptions and guidance and tools to support the implementation of the framework across the Group. The risk registers identify the key risks, the probability of those risks occurring, their potential impact on the business and the actions being taken to reduce and mitigate the risks. Guidance on the risk appetite of the Group has been issued which defines the appetite/tolerance levels both for individual risks and for projects or business units where multiple risks are present. Principal risks The Group risk register identifies the principal risks facing the business, including those that are managed directly at a Group level. The process specifically identifies the business objectives and the interests not only of shareholders but also of other stakeholders that are likely, directly or indirectly, to influence the performance of the business and its value. These include, but are not limited to, shareholders, customers, suppliers, staff, trade unions, government, regulators, banks and insurers. The interests of the wider community in areas such as social, environmental and ethical impact are recognised in the Group's corporate responsibility programme. The Group risk register is updated at least quarterly, reviewed six-monthly by the Risk Oversight Group and discussed at quarterly Board meetings. Active risks are ranked by importance and grouped under the following six headings: - Strategic - covering threats to the long-term deliverability of the Group's strategy. Principal risks include loss of competitive position and risks associated with acquisitions - Financial/Commercial - covering threats to the short- to medium-term performance. Principal risks include financial market instability, the loss of key contracts, failure to meet financial business plans, pension fund liabilities and delays or cost over-runs in major transition programmes - Compliance - covering compliance with all relevant legislation and regulations. Principal risks include legal action resulting from compliance failures, loss or compromise of personal data and unethical behaviour by Directors or members of staff - Safety and Security - covering threats to the safety of staff, sub-contractors, members of the public and the environment and the security of the Group's assets and staff. Risks include the responsibility for a major accident or incident where public safety is concerned, environmental pollution, assaults on staff in the course of their duties, loss of sensitive information and crime, fraud and terrorism - Operational - covering threats to the continuity of business operations. Principal risks include the failure of information systems, loss of key infrastructure and the recruitment and retention of key staff - Management - covering possible internal failures of managers or management systems. Principal risks include failures of internal controls and management systems. For the Group, the most significant risks relate to the strategy and safety areas. Social, environmental and ethical issues, while recognised within a number of the Group's risks, do not represent significant threats to the Group's strategy at present. Reputational and emerging risks are kept under active review and the Board informed of changes. Emerging risks cover longer-term risks that could represent a threat to the Group's activities but which are not yet sufficiently defined to be included as active risks. Examples of these risks include influenza pandemic, climate change and changes in key markets. In quantifying and ranking risks, Serco uses a risk scoring system based on assessments of probability and impact. The guidance provided in internal documents requires the assessment to address the impact on business objectives as well as wider stakeholder interests. As Serco operates in a number of business sectors such as aviation, rail and nuclear, where public safety is involved, societal concerns such as public safety and environmental damage are specifically identified in the assessment criteria. The criteria are generally subjective rather than financially based since it is difficult to quantify the financial impact of a major incident involving loss of life. Serco's approach to the reporting of risks that have social, environmental or ethical implications is summarised below. It is based on the assessment of three factors: - Significance of the risk to the achievement of Serco's business objectives - Significance of the risk to wider society - Ability of Serco to influence or control the risk. Risks that could have a significant impact on Serco's business objectives are strategically important and are reported externally. Where this impact is combined with a high significance to society and Serco has a direct responsibility for the management of the risk, additional performance indicators are also included in external reporting. Examples of such risks include public safety, environmental protection and data protection. Risk mitigation Each risk in the Group register is assigned an owner at Board or senior management level and specific risk reduction and risk mitigation actions are identified. The Board may ask for additional information in respect of risk reduction or mitigation actions or request that an audit is undertaken to provide additional assurance. Risk management techniques used include appropriate systems, staff, internal controls, public and media relations and business continuity planning. These techniques are designed with clarity of accountability and responsibility and with certain formal policies covering areas such as compliance, safety and environmental protection. Serco's business units build and maintain an understanding of their operational risk profiles and are expected to fully understand the likelihood and potential impact of any operational incidents, at the same time making appropriate and informed decisions that balance the risks against the potential returns and opportunities. While operational risk can never be eliminated, the Group endeavours to minimise the impact by ensuring that appropriate infrastructure, controls, systems, staff and processes are in place. Some of the key management and control techniques are set out below: - The principles of clear delegation of authority and segregation of duties are fully reflected in the Group's operating processes - Comprehensive business review processes ensure that our services and products meet customer expectations, performance criteria, operational effectiveness, regulatory requirements, investment returns, cash flow requirements and profitability - An Investment Committee meets on a monthly basis to consider new or developing projects against a defined set of criteria - There is a formal review and approval process for all proposals and business acquisitions including delegated authority for sign-off based on the financial value and capital requirement of the transaction and the assessed risk of the project - Sound project management and change implementation disciplines are applied to all major development projects including new contract transitions, acquisitions, new technology applications, change programmes and other major initiatives - The commitment and capability of staff is critical for the effective management of operational risk. Ongoing training and career development constantly improves the skills of our employees. Selective recruitment, succession planning and other human resource policies and practices are in place to ensure that staff skills are aligned with the current and future needs of the organisation - Safety management systems in the Group's aviation, rail, defence, nuclear and marine businesses have been addressed by the appointment of safety specialists for each area who report directly to the Board and maintain and further develop the very high standards expected in these industries - The Group's approach to health, safety and environmental protection is described in the Directors' Report. Qualified and experienced staff in each business unit provide advice and support on health, safety and environmental issues and undertake regular audits - The Chief Information Officer is responsible for ensuring that systems and processes are in place to ensure the confidentiality, integrity and availability of sensitive information and the associated information systems that support the Group's business activities - An Ethics Committee, comprising the Executive Team, has been established with responsibility for the review of ethical issues that may arise from the Group's current and possible future activities - The Company Secretary manages the confidential reporting service, to which staff can report illegal, dangerous, dishonest or unethical activities - A programme of internal audits confirms the extent to which key controls are applied across the Group. Audit priorities are established on the basis of risk assessments, regulatory requirements and business imperatives - The operational risk framework tracks key indicators. These include analysis of business performance and variances from plan, customer satisfaction and retention data, staff turnover and satisfaction levels, occupational health and safety incidents, and error and exception reporting. The Group maintains insurance policies to provide for losses arising from circumstances such as damage or destruction of physical assets, theft, legal liability for third party loss and professional advice. The adequacy of the insurance cover is reviewed at regular intervals. Corporate Assurance Group The Corporate Assurance Group (CAG) oversees and reviews internal controls and risk policies, procedures and management frameworks and develops guidance, training material and management training to ensure the business needs are met. The Board recognises its responsibilities to shareholders and the wider community where social, environmental and ethical issues are very important. CAG is responsible for developing and overseeing the corporate responsibility activities within the Group. Every quarter, CAG reports formally to the Board, providing analyses of the health, safety and environmental performance of the Group against targets and advises the Board on policy and future activities to enhance best practice. A separate resilience report covering risk, security, business continuity and crisis management is also submitted to the Board on a quarterly basis. CAG works closely with the internal audit function to provide an appropriate level of business assurance to the Board. CAG sponsors five specialist groups: - A Health, Safety and Environment Oversight Group, chaired by the Director, Health, Safety and Environment, and comprising senior assurance representatives from across the Group. During the year, this group met four times to review health, safety and environmental policy and procedures, and to review the performance of the operating divisions against safety and environmental targets - A Risk Oversight Group, chaired by the Risk Director, comprising operational and assurance representatives from across the Group, which met twice during the year to review the Group risk register and key risk controls. This group provides additional assurance in relation to the system of internal control and risk management and enhances the Board's ability to discharge its responsibilities in relation to internal control - An Aviation Safety Oversight Group, chaired by an independent aviation safety professional and comprising the aviation safety representatives from across the Group, which met once during the year. This group has been responsible for the implementation of the aviation safety management system across the Group and for transferring best practice between Serco's aviation operating companies - A Transportation Safety Oversight Group, chaired by the Integrated Transport Non-Executive Director with Special Interest in Safety and comprising the rail and road safety representatives from across the Group, oversees the safety management systems within Serco's rail and road businesses in the United Kingdom, Middle East and Australia - A Corporate Responsibility Steering Group, chaired by the Assurance Director, provides direction on projects that address the social and environmental issues affecting our staff and the communities within which we work. Internal audit During the first half of 2008, Grant Thornton continued to provide an outsourced internal audit function within the Group, in addition to that provided by internal peer review and CAG. On 1 July 2008, KPMG LLP took over responsibility for the outsourced internal audit programme with a revised scope of work. At the same time, a Head of Internal Audit was appointed with responsibility for coordinating the work carried out by KPMG and the audit programme carried out within the operating divisions. The risk-based audit programme has been designed to address the internal control and risk management processes and the recommendations of the Combined Code. The outsourced internal auditors reported to the Audit Committee twice during the year. There were no material weaknesses identified as a result of the audits undertaken and corrective action has been taken where deficiencies were found. As a result of recommendations made by KPMG, the internal audit processes and reporting activities have been strengthened and more closely integrated with the risk management process. Joint ventures In addition to contracts held in Serco's name, the Group has material investments in a number of joint ventures. Where investments are not wholly owned by Serco, the Group can influence, but not control, management practices. Serco representatives within these companies ensure that the processes and procedures for identifying and managing risk are appropriate for the business and that internal controls exist and are regularly monitored. Employees from the Group's joint ventures participate in the Health, Safety and Environment Oversight Group, the Risk Oversight Group and the Transportation Safety Oversight Group. Review of internal controls The Board confirms that the actions it considers necessary have been taken to remedy such failings and weaknesses which it has determined to be significant from its review of the internal controls. The Board also confirms that it has not been advised of material weaknesses in that part of the internal control system that relates to financial reporting. Corporate responsibility Corporate responsibility is about living the values and principles that govern the way we operate and behave. Our approach reflects the importance corporate responsibility has to those with whom we come into contact. It is also good business practice, which we believe will ultimately help us deliver better returns to shareholders. The responsibilities of CAG, which reports directly to the Board, include developing and overseeing our corporate responsibility activities. Our corporate responsibility model encompasses four elements: - Safety - recognising our legal responsibility for the safety of our staff, sub-contractors and the general public for whom we have a duty of care - People - addressing our legal and moral responsibility for our employees - Community - addressing our social responsibility for the communities within which we operate - Environment - recognising our legal and moral responsibility to protect the environment from damage as a direct result of our operations and to promote activities to protect and sustain the wider environment. A summary of our performance in 2008 and targets and objectives for 2009 can be found in the 2008 Corporate Responsibility Review and at www.serco.com. 36. Related party transactions Transactions between the Company and its wholly owned subsidiaries, which are related parties, have been eliminated on consolidation and are not disclosed in this note. Transactions between the Group and its joint venture undertakings are disclosed below, with the relevant proportion being eliminated on consolidation. Transactions between the Company and its subsidiaries and joint ventures are disclosed in the Company's separate financial statements. Trading transactions During the year, Group companies entered into the following material transactions with joint ventures: 2008 2007 £m £m Royalties and management fees receivable 1.4 1.2 Dividends receivable 37.2 36.9 38.6 38.1 The following receivable balances relating to joint ventures were included in the consolidated balance sheet: 2008 2007 £m £m Current Loans 1.2 1.7 2008 2007 £m £m Non-current Loans 0.7 0.6 Joint venture receivable and loan amounts outstanding have arisen from transactions undertaken during the general course of trading, are unsecured, and will be settled in cash. No guarantee has been given or received. No provisions are required for doubtful debts in respect of the amounts owed by the joint ventures. Remuneration of key management personnel The Directors of Serco Group plc had no material transactions with the Group during the year other than service contracts and directors' liability insurance. The remuneration of the key management personnel of the Group, is set out below in aggregate for each of the categories specified in IAS 24 `Related Party Disclosures': 2008 2007 £m £m Short-term employee benefits 3.6 3.8 Termination arrangements 0.7 - Post-employment benefits 0.4 0.7 Share-based payment expense 1.9 1.9 6.6 6.4 The key management personnel comprise the Executive Directors, Non-Executive Directors and key members of the Global Management Board.