Notice of Annual General Meeting

RNS Number : 4812Z
NCC Group PLC
18 September 2020
 

NCC Group plc

(the "Company" or the "Group")

 

Notice of Annual General Meeting 2020

 

The Company confirms that its Notice of Annual General Meeting 2020 ("AGM Notice") and its Annual Report and Accounts for the year ending 31 May 2020 ("Annual Report") have been posted or otherwise been made available to shareholders and published on the Investor Relations section of its website (www.nccgroup.com/investor-relations). The Annual General Meeting will be held at 10.30 am on Tuesday 20 October 2020 at the Company's Head Office, XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ.

 

Copies of the Annual Report and the AGM Notice have been submitted to the National Storage Mechanism and will shortly be available for inspection at www.morningstar.co.uk/uk/NSM .

 

A condensed set of the Company's financial statements and extracts were included in the Company's preliminary results for the year ended 31 May 2020 released on 3 September 2020 (the "Preliminary Announcement"). The information included within the Preliminary Announcement together with the information set out below, which is extracted from the Annual Report, constitute the material required by Disclosure Guidance and Transparency Rule 6.3.5 to be communicated to the media in full unedited text through a Regulatory Information Service. This announcement and the Preliminary Announcement are not a substitute for reading the full Annual Report. Page numbers and cross-references in the extracted information below refer to page numbers and cross-references in the Annual Report. To view the Preliminary Announcement, please visit the Investor Relations section of the Company's website at www.nccgroup.com/investor-relations 

 

 

Directors' responsibilities statement

 

The following statement is extracted from page 96 of the Annual Report and is repeated here for the purposes of Disclosure Guidance and Transparency Rule 6.3.5.  This statement relates solely to the Annual Report and is not connected to the extracted information set out in this announcement or the Preliminary Announcement:

 

"The Directors are responsible for preparing the Annual Report and Accounts and the Group and Parent Company Financial Statements in accordance with applicable law and regulations.

 

Company law requires the Directors to prepare Group and Parent Company Financial Statements for each financial year. Under that law they are required to prepare both the Group Financial Statements in accordance with International Financial Reporting Standards as adopted by the European Union (IFRSs as adopted by the EU) and applicable law and have elected to prepare the Parent Company Financial Statements on the same basis.

 

Under company law the Directors must not approve the Financial Statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Parent Company and of their profit or loss for that period. In preparing each of the Group and Parent Company Financial Statements, the Directors are required to:

 

· Select suitable accounting policies and then apply them consistently

 

· Make judgments and estimates that are reasonable, relevant and reliable

 

· State whether they have been prepared in accordance with IFRSs as adopted by the EU

 

· Assess the Group and Parent Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern

 

· Use the going concern basis of accounting unless they either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so

 

The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the Parent Company and enable them to ensure that its Financial Statements comply with the Companies Act 2006. They are responsible for such internal control as they determine is necessary to enable the preparation of Financial Statements that are free from material misstatement, whether due to fraud or error, and have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.

 

Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration Report and Corporate Governance Statement that comply with that law and those regulations.

 

The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company's website. Legislation in the UK governing the preparation and dissemination of Financial Statements may differ from legislation in other jurisdictions.

 

Responsibility statement of the Directors in respect of the annual financial report

 

We confirm that to the best of our knowledge:

 

· The Financial Statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and the undertakings included in the consolidation taken as a whole

 

· The Strategic Report includes a fair review of the development and performance of the business and the position of the issuer and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face

 

We consider the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's position and performance, business model and strategy."

 

Principal risks and uncertainties

 

The principal risks and uncertainties relating to the Company are set out on pages 30 to 36 of the Annual Report from which the following is extracted in full and unedited text :

 

 

"Risk management

 

Risk is an inherent part of doing business and risk management is a fundamental part of good corporate governance. A successful risk management process balances risk and reward and is underpinned by sound judgment of their impact and likelihood. The Board has overall responsibility for ensuring that NCC Group has an effective risk management framework, which is aligned to our business objectives.

 

The Board has established a Risk Management Policy, which has established protocols, including:

 

· Roles and responsibilities for the risk management framework

 

· Risk scoring framework

 

· A definition of risk appetite

 

The integrated approach to risk management diagram on page 31 summarises the Group's overall approach to risk management, which is supported by a web-based tool - the Integrated Risk Management System (IRMS). The tool is designed to follow the risk management model described in the next section and records both strategic and operational risk registers and tracks risk mitigation action plans, helping embed ownership of risks and treatment actions while also providing access to live management information, which is used at both a Board and operational management level.

 

NCC Group's approach to risk management

 

NCC Group adopts both a "top down" and "bottom up" approach to risk, to manage risk exposure across the Group to enable the effective pursuit of strategic objectives. The approach is summarised in the diagram on page 31.

 

The approach is one of collaboration, which supports our comprehensive approach to risk identification, from the "top down" and "bottom up". The Group believes that this is the most efficient and effective way to identify its business risks.

 

Top down - strategic risk management

 

The Board, Audit Committee and Cyber Committee review risks on an ongoing basis and are supported by the Executive Committee and subject matter specialists (including Assurance, Software Resilience (Escrow), Information Security, Data Protection and Health and Safety). The Board gives consideration to the Group's strategic objectives and any barriers to their achievement.

 

Bottom up - operational risk management

 

The Board and Executive Committee engage with colleagues at every level of the Group in recognition of the importance of their expertise, contribution and views. In relation to matters of wrongdoing, or risks not being recognised and adequately managed, the Group has a robust and effective whistleblowing procedure, which is supported by the Safecall reporting line.

 

Risk management model

 

The Board has overall responsibility for ensuring that NCC Group adopts an effective risk management model, which is aligned to our objectives and promotes good risk management practice. We have therefore adopted the model described in this section and summarised in the diagram above.

 

The Board, Audit Committee, Cyber Committee and Executive Committee review risks on an ongoing basis throughout the year. The appropriateness and relevance of the risks and issues tracking system - IRMS - are monitored by the global governance team to ensure that it continues to be updated, meet the needs of the Group and remain in line with good risk management practice. In addition, there is a robust process in place for monitoring and reporting the implementation of agreed actions.

 

We are satisfied that the risk management policy, framework and model currently in place are sufficient to manage risk across the Group.

 

The key areas of identifying, assessing, addressing and monitoring risks are explained in more detail below:

 

Identify

 

Risks exist within all areas of our business and it is important for us to identify and understand the degree to which their impact and likelihood of occurrence will affect the delivery of our key objectives. This is achieved through day-to-day working practices and incorporates risks in both the internal and external environment. Examples of identification include horizon scanning for legislative and market changes, operational and delivery reviews (such as SGT), procedures in relation to projects and change and independent systems audits.

 

All identified risks are initially assessed for their "inherent" risk (risk with no controls in place), using a scoring mechanism that accounts for the likelihood of an event occurring and the impact that it may have on the Group. The scoring mechanism adopted takes account of high impact, low likelihood events and these risks are managed in a timely manner.

 

In addition to ongoing risk identification, an annual exercise is undertaken to review the Group's strategic risk universe by the Board. This exercise is reliant on the "top down", "bottom up" approach discussed earlier.

 

Assess

 

Following the identification of the Group's inherent risks exposure, a comprehensive assessment of the effectiveness of current mitigating controls is undertaken. This exercise takes account of the design of the current control environment and the application of these controls prior to assessing the Group's current exposure to risk - mitigated risk score. The Board uses a number of sources of information to support the scoring of risk and these include, but are not limited to:

 

· Management updates

 

· Action tracking and reporting

 

· Control environment policies and procedures

 

· Independent audit activity

 

· Project monitoring reports

 

Address

 

An assessment of whether additional actions are required to reduce our risk exposure is undertaken, with actions falling into one of four categories:

 

· Treat - develop an action plan (applying responsibility, deadlines and prioritisation) that may include the implementation of additional controls, or increase the requirement for additional assurance over the adequacy and effectiveness of the existing controls

 

· Transfer - use a third party specialist to undertake the activity, thus mitigating the risk

 

· Tolerate - determine the risk is within appetite

 

· Terminate - exit the activity

 

Output from the evaluation of strategic risks has resulted in milestone plans owned by senior business leaders, or has been used in the development of the Group's Transformation Programme.

 

Monitor

 

Ongoing monitoring of risks and related actions is key to the implementation of our risk management model and, therefore, NCC Group is committed to making enterprise-wide risk management part of business as usual. Examples of ongoing monitoring of business risks include, but are not limited to:

 

· Annual review of the external audit strategy and plan by the Audit Committee and Chief Financial Officer to ensure inclusion of key financial risks

 

· Annual review of the annual internal audit plan to validate that it incorporates key areas of business risk

 

· A review of internal audit reports issued during the period, including a summary of progress against previously raised management actions

 

· Annual review of the strategic risk register by the Board to ensure that it includes risks arising in year

 

Internal control

 

While risk management identifies threats to the Group achieving its strategic objectives, internal controls are designed to provide assurance that these objectives are being achieved, such as the effectiveness and efficiency of operations and delivery, accurate and reliable financial reporting, and compliance with applicable laws and regulation.

 

NCC Group has established a robust internal control framework which is made up of a number of components:

 

Control environment

 

The control environment has primarily been established taking account of the Group's values (working together; being brilliantly creative; and embracing difference), and its Code of Ethics, which sets the foundations for the expected behaviours, values and competencies for all colleagues across the Group. The Board, Executive Committee and its extended leadership team lead by example and strive to maintain effective control environments, while also maintaining integrity and transparency.

 

Risk assessments

 

Risk assessments are conducted at both a strategic and operational level of the Group and support the Group in understanding the risks that it faces and the controls in place to mitigate them. Importantly, they provide a mechanism to identify operational improvements and are vital in our transformational programmes.

 

Policies and procedures

 

Established policies communicate expected behaviours and these are supported through procedures and guidelines defining required processes and controls. This in turn supports the business to adopt efficient and effective control environments.

 

Information and communication

 

Access to accurate and timely data is key in supporting our colleagues to make decisions and to be well informed in order to conduct, manage and control their areas of responsibility. During the year, the Group has focused on its data systems - successfully implementing Workday HR and currently rolling out the Workday Finance system.

 

Activity monitoring

 

Financial minimum controls have been established during the current financial year for local finance teams. The financial minimum controls were self-assessed at the year end and will be audited by the internal audit function from FY21. The financial minimum controls framework was established in consultation with the Chief Financial Officer, the Group Financial Controller and the local Finance Directors and has taken account of the implementation of Workday Finance.

 

Financial accounting and reporting follow generally accepted accounting practices.

 

Group review and approval procedures exist in relation to major areas of risk and require Executive Committee/Board approval, including mergers and acquisitions, major contracts, capital expenditure, litigation, treasury management and taxation policies.

 

Compliance with all legislation, current and new, is closely monitored.

 

Risk and control reporting structure

 

During the current financial year, NCC Group has focused on establishing the "three lines of defence", to provide a robust internal controls structure that will support the Board, Audit Committee, Cyber Committee, Executive Committee and extended leadership team with accurate and reliable information in relation to the systems of internal control. This has resulted in the recruitment of a Director of Global Governance, who was on-boarded in January 2020.

 

The Group has three lines of defence:

 

· First line - Group policies and procedures

 

·     Second line - Global Governance function, incorporating Health and Safety; Information Security; Data Protection; Compliance & Standards; and Corporate Legal

 

· Third line - independent challenge and assessment, including ISO certification; and internal and external audit

 

Principal risks and uncertainties  

 

The Group continues to operate in a particularly dynamic and evolving marketplace. The current strategic risk register has been developed to reflect those factors and includes those risks that would threaten its business model, future performance, solvency or liquidity. Detailed descriptions of the current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls are set out below:

 

Risk Areas

Potential Impact

Mitigation

 

Business strategy

 

A comprehensive business strategy is essential to the continued success of the Group as we strive to maximise shareholder value.

A poor strategy or ineffective execution of a strategy could have a material negative impact on the Group's financial performance and value. It would potentially weaken the Group compared to its competitors and risk the Group's established position in the marketplace.

(Highimpact, risk exposure unchanged from 2019)

 

Members of the Board have significant experience in evolving business strategies. The Board is significantly engaged in both setting and reviewing strategy and held a dedicated strategy session in March 2020.

Management of strategic change

 

As the Group adapts and executes its strategy there are a number of complex projects and initiatives that not only need to be delivered but also require understanding and support from all colleagues.

Poor change management could lead to ineffective implementation of projects that then cost more to deliver, take longer to deliver and result in fewer benefits being realised (or all three). Poor delivery of change could ultimately impair business performance.

(Low impact, risk exposure unchanged from 2019)

 

The Group has established a Strategic Change Management capability and this includes access to programme management professionals and the deployment of associated change management processes, for example the operation of senior change oversight committees.

Global pandemic - Covid-19

 

NCC Group has a number of features which give the Group a greater resilience in the face of a global pandemic. Failure to prepare for this may cause disruption and uncertainty to our business, as well as risk the health and safety of our people. Any disruption or uncertainty could have an adverse effect on our business, financial results and operations.

The potential impact of a pandemic for the Group could be:

 

· The inability to operate due to local restrictions impacting our customers

 

· The potential inability to deliver work if required onsite

 

· Risk of colleagues being exposed due to travel/onsite work requirements

 

· Colleagues being unable to work due to illness or being restricted due to shielding/quarantine either for themselves or people they live with

 

· Lower demand due to many of our customers experiencing uncertainty, financial pressures or logistical challenges effecting the Group's revenue, profitability and cash generation

(High impact, risk exposure increased from 2019)

 

We established a global response team and mobilised our whole workforce to remote working ahead of local lockdown/shelter-in-place orders. Local task forces were established and processes were in place to protect colleagues and customers from risk of infection. Local office track and trace measures were put in place with 24 hour reporting to support global operations.

 

We also enabled more than 95 per cent of our services to be delivered remotely with a dedicated global marketing campaign to support customers around their specific Covid-19 challenges. Existing services were modified to provide customers short-term solutions to lockdown issues.

 

For further information in relation to the Group's specific Covid-19 response, please see pages 8 and 9 of the Strategic Report.

Availability of critical information systems

 

The Group is heavily reliant on continued and uninterrupted access to its IT systems. As well as environmental and physical threats, the Group is a natural target for individuals who may seek to disrupt the Group's commercial activities.

If the Group's critical systems failed, this could affect our ability to provide services to our customers.

(Medium impact, risk exposure decreased from 2019)

 

The Group continues to make significant investment in its IT infrastructure to ensure it continues to support the growth of the organisation. This has been particularly pertinent, during home working, as part of Covid-19.

 

The Group has controls in place in order to reduce the risk of actual loss of critical systems; this has included a review of single points of failure and these have been mitigated. Further, controls are operated to ensure the availability of backup media in the event of prolonged loss of systems.

 

Initiating to standardise and simplify while increasing resilience continues to be implemented. Additional focus is being periodically given to proving the recoverability of systems and data.

Attracting and retaining appropriate colleagues' capacity and capability

 

The Group would be adversely impacted if it were unable to attract and retain the right calibre of skilled colleagues. Some roles within the Group operate in highly technical and extremely specialised areas in which there are shortages of skilled people.

Loss of key colleagues or significant colleague turnover could result in a lack of necessary expertise or continuity to execute the Group's strategy.

 

An inability to attract and retain sufficient high-calibre colleagues could become a barrier to the continued success and growth of NCC Group.

(Medium impact, risk exposure decreased from 2019)

 

Colleagues are offered a rewarding career structure and attractive salary and benefits packages, which can include participation in share schemes.

 

Comprehensive communications with our colleagues are ongoing and include all-hands calls, The Wire, and Group and local communications.

 

Linked to the development of our people, the Group continues to review our values, has launched personal performance management processes in 2020 and has aligned development programmes.

Cyber risk (including data protection)

 

As a provider of security services, the Group is a high profile target and could therefore be subject to attacks specifically designed to disrupt the Group's business and harm the Group's reputation.

 

There could also be implications relating to our GDPR control obligations. Such events could adversely affect the market's perception of the Group as well as causing business disruption.

Failure to maintain control over customer, colleague, commercial and/or operational data could lead to a range of impacts, including reputational damage. The misuse of personal data, for example without the customer's consent, or retaining for longer than is necessary, may also result in reputational harm, regulatory investigations and potential fines.

(Low impact, risk exposure unchanged from 2019)

 

The Board operates a Cyber Committee chaired by the Chair of the Board.

 

Security testing is regularly carried out on the Group's infrastructure and there are extensive response plans, which were reviewed during the year, in the event of a major security incident.

 

Comprehensive plans are in place and being delivered associated with discharging our GDPR obligations. Progress is monitored by the Cyber Committee. Colleagues also receive regular security training and updates.

Quality of Management Information Systems (MIS) and internal business processes

 

We need to ensure that trusted and relevant MIS are available on a day-to-day basis to inform management decisions and drive performance.

Suboptimal business decision making and performance as key financial performance data is not available or trusted.

(High impact, risk exposure decreased from 2019)

 

The Group finance function has developed a forward-facing Finance Functional Strategy. Enhancements were identified covering system and process standardisation. A comprehensive milestone plan is in place and progress is tracked and reported to the Audit Committee.

 

Standardised business process control standards are in place across all parts of the Group. As the new financial year progresses, control self-assessment techniques will be implemented along with an aligned programme of internal audits.

Quality and security management systems

 

We aspire to attain and retain key internationally recognised standards. These form an important component for many of our customers.

The risk of the Group failing to retain a core standard, e.g. 9001, 27001 or PCI, with a consequential loss of key customer accounts or ability to operate.

(Low impact, risk exposure unchanged from 2019)

 

We operate a comprehensive programme to ensure the retention of our core standards. This includes a portfolio of aligned policies and cascading business processes. A programme of internal audit provides assurance over the design and application of these policies and procedures. External assessors provide a further layer of review and challenge, confirming during the year the retention of our Quality and Security standards.

Brexit

 

Failure to prepare for the UK's departure from the EU may cause disruption to, and create uncertainty around, our business. Any disruption or uncertainty could have an adverse effect on our business, financial results and operations.

Uncertainty around the UK's departure from the EU continues as a result of the political deadlock. The risks associated with Brexit are the possibility of a "no-deal" scenario and also the potential for an abrupt departure from the EU.

(Medium impact, risk exposure unchanged from 2019)

 

Similar to any UK company, we list Brexit as a significant risk due to the uncertainty surrounding the final form Brexit will actually take and when it will happen.

 

We continue to plan for Brexit internally and the Brexit Steering Group meets regularly.

 

As our operations around the world include business entities based in Continental Europe, we believe NCC Group is structurally resilient to any disruption caused by Brexit. The main risks to our business from Brexit are:

 

· Any reduction in demand from an economic slowdown

 

· Real or perceived differences in data protection standards, which impact our global ways of working

 

Extraordinary risk during the year

 

During the year, the global pandemic of Covid-19 occurred and while this had an impact on financial performance, it also provided opportunities. The Group mobilised its Executive Support Team and its business continuity plan in January 2020 and this enabled a number of planned initiatives to be brought forward to support a Group-wide response to remote working and delivery.

 

We have also successfully negotiated with our clients where appropriate to work remotely, which has minimised disruption to service delivery."

 

 

 

LEI - 213800DJCGZRB6523934

Classification - Annual Report and Financial Statements and Notice of AGM.

 

 

Enquiries:

 

 

NCC Group plc

Adam Palser - CEO

Tim Kowalski - CFO

Jonathan Williams, Deputy Company Secretary

 

0161 209 5200

0161 209 5200

0161 209 5374

 

 

 

This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact rns@lseg.com or visit www.rns.com.

RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our Privacy Policy.
 
END
 
 
NOABSGDCUBBDGGI

Companies

NCC Group (NCC)
UK 100