NCC Group plc
(the "Company" or the "Group")
Notice of Annual General Meeting 2017
and
Notice of Trading Update
The Company confirms that its Notice of Annual General Meeting 2017 ("AGM Notice") and its Annual Report and Accounts for the year ending 31 May 2017 ("Annual Report") have been posted or otherwise been made available to shareholders and published on the Investor Relations section of its website (www.nccgroup.trust/uk/about-us/investor-relations/). The Annual General Meeting will be held at 9.00am on Thursday 21 September 2017 at the offices of DLA Piper UK LLP, 1 London Wall, London EC2Y 5EA.
Copies of the Annual Report and the AGM Notice have been submitted to the National Storage Mechanism and will shortly be available for inspection at www.morningstar.co.uk/uk/NSM.
The Company will provide a trading update at 7.00am on Thursday 21 September 2017 ahead of its Annual General Meeting on the same day.
A condensed set of the Company's financial statements and extracts were included in the Company's preliminary results for the year ended 31 May 2017 released on 18 July 2017 (the "Preliminary Announcement"). The information included within the Preliminary Announcement together with the information set out below, which is extracted from the Annual Report, constitute the material required by Disclosure Guidance and Transparency Rule 6.3.5 to be communicated to the media in full unedited text through a Regulatory Information Service. This announcement and the Preliminary Announcement are not a substitute for reading the full Annual Report. Page numbers and cross-references in the extracted information below refer to page numbers and cross-references in the Annual Report. To view the Preliminary Announcement, please visit the Investor Relations section of the Company's website at www.nccgroup.trust/uk/about-us/investor-relations/.
Further to the statement made in the Company's preliminary results announcement in respect of an administrative non-compliance issue which has been identified with respect to distributable reserves and the payment of historical dividends, the Company expects to shortly post a separate circular and notice of general meeting in respect of this matter.
Directors' Responsibility Statement
The following statement is extracted from page 112 of the Annual Report and is repeated here for the purposes of Disclosure Guidance and Transparency Rule 6.3.5. This statement relates solely to the Annual Report and is not connected to the extracted information set out in this announcement or the Preliminary Announcement:
"The directors are responsible for preparing the Annual Report and the Group and Parent Company financial statements in accordance with applicable law and regulations.
Company law requires the directors to prepare Group and Parent Company financial statements for each financial year. Under that law they are required to prepare the Group financial statements in accordance with IFRSs as adopted by the EU and applicable law and have elected to prepare the parent company financial statements on the same basis.
Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Parent Company and of their profit or loss for that period. In preparing each of the Group and Parent Company financial statements, the Directors are required to:
· select suitable accounting policies and then apply them consistently;
· make judgements and estimates that are reasonable and prudent;
· state whether they have been prepared in accordance with IFRSs as adopted by the EU; and
· prepare the financial statements on the going concern basis unless it is inappropriate to presume that the Group and the parent company will continue in business.
The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the Parent Company and enable them to ensure that its financial statements comply with the Companies Act 2006. They have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration Report and Corporate Governance Statement that complies with that law and those regulations.
We confirm that to the best of our knowledge:
· the financial statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation taken as a whole; and
· the Strategic Report/Directors' Report include a fair review of the development and performance of the business and the position of the issuer and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face.
We consider the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's position and performance, business model and strategy."
Principal risks and uncertainties
The principal risks and uncertainties relating to the Company are set out on pages 48 to 53 of the Annual Report from which the following is extracted in full and unedited text:
"Governance
Overall responsibility for the risk framework and definition of risk appetite rests with the Board, who through regular review of risks, ensure that risk exposure is matched with an ability to
achieve the Group's strategic objectives. Risks are identified primarily by the management team and by using a structured risk framework, with non-executive review being carried out by the Board.
Risk management processes and controls
The Board, with input from the Audit Committee, monitors the ongoing process by which critical risks to the business are identified, evaluated and managed. On a biannual basis, the Board reviews the detailed risk register that has been prepared and updated within the business by the Operations Board which has responsibility for day-to-day risk management within the business.
The CEO chairs the Operations Board and the other members include senior business unit and functional heads. The business has put in place:
(i) Ongoing procedures to identify, evaluate and manage principal risks;
(ii) Procedures to monitor the control systems in place to reduce these risks to an acceptable level;
(iii) A biannual detailed Group-wide risk review; and
(iv) A process to consider progress made against significant business risks at monthly operational Board meetings.
In addition, during 2016, the Board formed a specialist Cyber Security Committee to evaluate the specific risks associated with its cyber risk environment. We expect to evolve our risk management processes and controls further in the new financial year in order to embed further risk management processes within the business. This will include the development of online risk and action tracking systems.
We plan to carry this out in parallel with the creation of a new Internal Audit and Assurance function, reflecting the growing complexity of our business.
Evaluation of risk
The design and ongoing effectiveness of the key controls over the Group's principal risks are documented using an "assurance map". This includes an assessment of the net impact of each risk and the likelihood of its occurrence once mitigating controls are taken into account. The key controls over the Group's identified principal risks are reviewed twice a year by management, the Audit Committee and the Board.
However, the Group's risk management programme can only provide reasonable, not absolute, assurance that principal risks are managed to an acceptable level.
Ranking of the Group's risks is conducted by combining the economic, operational or environmental impact of risks and the likelihood that they may occur. Those risks that are considered to pose the greatest threat to the Group and score the highest are identified as "principal risks". The operations of the Group, and the implementation of its objectives and strategy, are subject to a number of principal risks and uncertainties. Where more than one of the risks to occur together, the overall impact on the Group would be greater.
Risk register
The Group maintains a risk register, which:
(i) Sets out the Group's risk appetite;
(ii) Identifies the key risks faced by the Group and assesses their likelihood and impact; and
(iii) Identifies the processes and controls in place to mitigate these risks.
The Group Risk Register is the primary reporting vehicle used by the Operations Board in performing its risk management duties. It is reviewed in depth by the Operations Board on a biannual basis. The Risk Register is then reviewed by the Board. Day-to-day risks faced by the Group are mitigated by management processes and procedures embedded in the Group's Quality System.
Principal risks and uncertainties
The Group operates in a particularly dynamic and evolving market-place. As new events occur or the business transitions into new activities or phases of its development, the risk register is updated accordingly.
For example, reflecting the changing nature of the business, during 2016-17, we had to complete the integration of two new and sizeable acquisitions into our risk management processes.
As a result of these acquisitions, the Group now has a larger proportion of its revenue coming from hardware or other product sales and also from key strategic customers, with the consequence of there being less predictable sales cycles and, in some cases, larger but less frequent sales.
During the year, we saw a slowing in purchase activity by a key strategic customer in the Netherlands. We also incurred customer losses while professionalising the contracts management activities in one of the businesses we recently acquired, as well as having to bear increased costs.
Furthermore, as a result of these recent large acquisitions, the scale and complexity of the Group increased and enhanced controls and processes needed to be put in place. In order to address this, the Board authorised the creation of the roles of Director of Risk and Assurance, and a Group Tax and Treasury Manager. The former is in the process of being recruited while the latter post has been very recently filled.
The Directors have carried out a robust assessment of the principal risks facing the Group including those that would threaten its business model, future performance, solvency or liquidity. Detailed descriptions of the current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls are set out below. The tables also highlight whether the risk is assessed as increasing or decreasing with a similar assessment for the position last year. This includes identifying new principal risks and uncertainties.
Risk Areas |
Potential Impact |
Mitigation
|
Strategy
As the Group and its operating environment change, so too must its strategy if it is to continue to succeed and generate increasing shareholder value. The Group is in the process of changing and developing a new strategy that will need to take root.
|
A poor strategy or ineffective execution of a strategy would have a material negative impact on the Group's financial performance and value. It would potentially weaken the Group compared to its competitors and risk the Group's established position in the marketplace. |
(High impact, risk exposure increased from 2016)
Members of the Board have significant experience in evolving business strategies. This experience has been complemented by the use of external consultants who have participated in the recent Strategic Review. |
Management of change
As the Group adapts and changes its strategy there are a number of complex projects and initiatives that not only need to be delivered but also require understanding and support from all staff.
|
Poor change management could lead to ineffective implementation of projects that then cost more to deliver, take longer to deliver, and result in fewer benefits being realised (or all three). |
(Medium impact, risk exposure increased from 2016)
The Board has been enhanced during the last six months by the appointment of an Executive Chairman and Interim CEO, both of whom have extensive experience of implementing change on organisations. Through regular engagement with all levels of staff the Group will ensure that the Group's vision and strategy is shared with and understood by all staff. |
Information Technology
The Group is heavily reliant on continued and uninterrupted access to its IT systems. The Group is a natural target for individuals who may seek to disrupt the Group's commercial activities. |
If the Group's systems failed, this could affect the Group's ability to provide services to our customers. If a system failure was the result of a successful external cyber attack, this could result in the loss of sensitive data and compromise the Group's reputation as a leader in the field of cyber security. Failing to successfully implement new IT systems could similarly cause business disruption.
|
(High impact, risk exposure unchanged from 2016)
The Group has made significant investment in its IT infrastructure to ensure it continues to support the growth of the organisation. The Group has appropriate controls in place in order to mitigate the risk of systems failure and data loss, including systems back-up procedures and disaster recovery plans. The Group also deploys appropriate malware protection, network security controls and encryption of mobile devices. The Group is currently reviewing high priority systems changes to ensure that projects are well managed and deliver the required targeted benefits in an appropriate timeframe.
|
Recruitment and retention of key personnel
The Group would be adversely impacted if it were unable to attract and retain the right calibre of skilled staff. Some roles within the Group operate in highly technical and extremely specialised areas in which there are shortages of skilled people.
|
Loss of key managers could result in a lack of necessary expertise or continuity to execute the Group's strategy. An inability to attract and retain sufficient high-calibre employees could become a barrier to the continued success and growth of NCC Group. |
(Medium impact, risk exposure unchanged from 2016)
Key personnel are tied in through rewarding career structures and attractive salary packages, which can include participation in share schemes. Succession plans are being finalised for key members of the management team where they are not already in place. The Group is reviewing our assessment and development processes to ensure that our employees can enjoy opportunities for further career training and development. |
Conduct and reputational risk
Damage can result to our reputation or business by a combination of unanticipated events or by the acts of a single employee. |
Conduct risk can arise from a number of areas such as failing to meet customer expectations on project delivery, testing assignments or source code handling or from employees who could maliciously disrupt the business and steal customer information. All such instances could result in damage to reputation, loss of repeat business and potentially lead to litigation and/or claims against NCC Group.
|
(Low impact, risk exposure unchanged from 2016)
NCC Group operates a system of policies and procedures which are regularly audited as part of the Quality System. These, combined with management oversight, the risk management process, project reviews and customer feedback, mitigate the risk to successful service and project delivery. All staff are trained regularly and backups are taken wherever possible before testing assignments begin. Employees are vetted before joining and robust controls and processes are in place to manage employees such as accounting controls, IT monitoring large downloads of data and controls on client site operations. |
Cyber risk
This is the risk that is faced by many of our customers, that external agents will successfully access and harm NCC Group data and operating systems, inspired by either the pursuit of financial gain or malice. |
As a provider of security services, the Group is a high profile target and could therefore be targeted by attacks specifically designed to disrupt the Group's business and harm the Group's reputation. If such an attack was successful, it could adversely affect the market's perception of the Group as well as causing business disruption. |
(Low impact, risk exposure decreased from 2016)
The Board has constituted a Cyber Security Committee chaired by the Senior Non- Executive Director. Security testing is regularly carried out on the Group's infrastructure and there are extensive measures in place to assist in identifying and dealing with security incidents. The Group has a dedicated Information Security Management Forum which meets regularly to discuss security risks to the Group. Employees also receive regular security training and updates.
|
|
|
|
Acquisition and disposals
Acquisitions and disposals can be costly to complete and complex to deliver the targeted benefits. Risks range from deal execution (including price negotiations, due diligence, and contracting) to transition and integration into (or separation from) NCC Group.
|
Well-executed acquisitions and disposals with an appropriate purchase price can create significant value. Poorly executed acquisitions and disposals or those with excessive purchase prices can destroy shareholder value. |
(High impact, risk exposure unchanged from 2016)
As part of its medium-term strategy, the Board remains committed to making value enhancing acquisitions. The need to establish a robust and scalable Target Operating Model for the Group, including integrated ways of working, processes and systems, means that the Group is less likely to make any material acquisitions for the next year or two while that TOM is put in place. Furthermore, the significant write down in the carrying values of goodwill following the acquisition of Accumuli and Fox-IT has led the Board to commence a review of our acquisition process and disciplines to identify areas for improvement and ways in which to reduce the risk of future impairments on any new acquisitions. This includes developing a more robust post acquisition integration process to deliver targeted benefits.
|
Competition and failure to respond to market trends
Barriers to market entry are relatively low in some of our lower value service offerings. Equally, in such a dynamic and fast evolving technology space, products or services can be rendered obsolete by new technologies or platforms.
|
A major change in the technology landscape could lead to a decline in an individual service line's revenue stream. One example of a recent change that needs a response is the move to more cloud-based applications and data storage. |
(Medium impact, risk exposure unchanged from 2016)
The Group employs a number of industry leading experts and thought leaders in our marketplace. This puts us at the forefront of change and allows us early insight into emerging trends. This in turn allows us to anticipate or pre-empt a number of potential risks. Group-wide technology and technical forums are used to disseminate and share market intelligence and trends, as well as to formulate responses, on a regular basis. |
Failure to protect intellectual property
A number of the Group's service offerings depend on intellectual property rights that need to be registered, maintained and protected in various jurisdictions. Examples include trademarks, patents and valuable know-how.
|
If such rights are not sufficiently protected, the Group could potentially no longer be able to offer a particular service in some or all countries. |
(Low impact, risk increased from 2016)
Patents are applied for where appropriate and intellectual property is only disclosed under a licence agreement or confidentiality agreement. The Group also takes steps to differentiate its IP as far as possible to lower the risk of any potential infringement claims. |
Liquidity, foreign exchange and banking facilities
The Group requires access to adequate banking facilities to fund its daily operations, capital investments and potential acquisitions. Furthermore, as the Group's international footprint expands, there is an inherent risk of adverse foreign exchange movements affecting profitability.
|
Inability to refinance the Group's core banking facilities could call into doubt the Group's longer term viability. Equally, if those facilities lacked the appropriate flexibility and structure, this could inhibit delivery of the Group's strategy. The absence of any currency hedging in 2016-17 resulted in an exchange loss of £3.7m. |
(Medium impact, risk unchanged from 2016)
The Group's current banking facilities cover all of its expected needs of the Group for the period of such facilities and are sufficiently flexible to allow the Group to function effectively. The Group has recently appointed a Tax and Treasury Manager for the first time. Part of their role is to support the CFO in developing a Treasury strategy and overseeing its implementation. The Board is currently reviewing a new Foreign Exchange hedging strategy that is primarily based on net cash flow hedging. |
Impact of Brexit on the Group
The Group currently has relatively little inter-territorial trade from the UK into Europe and vice versa. While Brexit has already had an impact on exchange rates which the Group has leveraged, there is inevitably some uncertainty around the likely impact of Brexit on businesses. The Group does not believe that Brexit will have a significant impact on its operations as currently structured. UK cyber regulation is likely to stay closely attuned to evolving regulation in Europe, such as GDPR where implementation will proceed in both Europe and the UK as envisaged."
Enquiries:
|
|
NCC Group plcChris Stone - Executive Chairman Brian Tenner - Interim CEO Jenna Hincks, Acting Company Secretary |
0161 209 5200 0161 209 5200 0161 209 5261 |
|
|