"Our report provides insight on our role, which is to oversee the Company's financial reporting, assurance framework and internal controls."
Audit Committee Chairman
As Chairman of the Audit Committee, I am pleased to present the report of the Audit Committee for the 53 weeks ended 3 December 2017.
Our report provides insight on our role, which is to oversee the Company's financial reporting, assurance framework and internal controls.
We considered the significant accounting matters and issues in relation to the financial statements and in this report we explain why the issues were considered significant, which provides context for understanding the Group's accounting policies and financial statements for the period.
It is over three years since the Internal Audit function was established and so the Audit Committee thought it timely to commission an independent third party review of the effectiveness of Internal Audit. This report outlines the key findings from that review.
Deloitte became the Group's external auditor during the period, following shareholder approval of their appointment in May 2017. This report outlines the steps taken by the business to help with a smooth transition from outgoing auditors, PricewaterhouseCoopers.
I will be available at the AGM to answer any questions about our work.
Audit Committee Chairman
6 February 2018
Membership and meetings
The membership and appointment dates of the Audit Committee members, together with details of each member's meeting attendance, are set out below.
Audit Committee member since 9 March 2010
Number of meetings: 5
Number attended: 5
Relevant sector experience: Retail
Audit Committee member since 1 March 2016
Number of meetings: 5
Number attended: 4*
Relevant sector experience: Retail, Technology
* Andrew Harrison did not attend an ad hoc Audit Committee meeting due to family illness.
Alex Mahon was a member of the Audit Committee until she retired from the Board on 13 December 2017. She attended all the Committee meetings in the year.
As required under the terms of reference, the Audit Committee members are independent Non-Executive Directors and the Audit Committee has held a minimum of three meetings a year. Alex Mahon was a member of the Committee until she retired from the Board on 13 December 2017. The timing of meetings coincide with key intervals in the reporting and audit cycle for the Group. The Chairman of the Audit Committee reports at each Board meeting on the business conducted at the previous Audit Committee meeting, any recommendations made by the Audit Committee and the discharge of its responsibilities as set out in this report.
At least one member of the Audit Committee (Ruth Anderson) is considered by the Board to have competence in accounting and all members have recent and relevant financial experience. Ruth Anderson is a chartered accountant with the Institute of Chartered Accountants in England and Wales. In line with the UK Corporate Governance Code, the Audit Committee as a whole has competence relevant to the sectors in which the Company operates, notably the retail and technology sectors. Details of each Audit Committee member's relevant sector experience can be found in the diagram above. The biography of each member of the Audit Committee is set out in the Board of Directors section.
Regular attendees at the Audit Committee meetings include the Chief Financial Officer, the Group General Counsel and Company Secretary, the Finance and Risk Director, the Head of Internal Audit and the external auditor. Other attendees who attend as required include the Chief Executive Officer, the Chairman, a number of senior members of the finance department, other members of senior management and operational teams and other advisers to the Company. The Deputy Company Secretary is the secretary to the Audit Committee.
Key Areas of Focus for the Audit Committee
The responsibilities of the Audit Committee are set out in its terms of reference. The Audit Committee has an annual work plan, developed from its terms of reference, with standing items that the Audit Committee considers at each meeting, in addition to areas of risk identified for detailed review and any matters that arise during the year. The main matters that the Audit Committee considered during the year are described below.
Financial Statements and Reporting: The Audit Committee monitored the financial reporting processes for the Group, which included reviewing reports from, and discussing these with, the external auditor. As part of the year end reporting process the Audit Committee reviewed this Annual Report, a management report on accounting estimates and judgements, the external auditor's reports on internal controls, accounting and reporting matters, and management representation letters concerning accounting and reporting matters.
Monitoring the integrity of the financial statements of the Company, the financial reporting process and reviewing the significant accounting issues are key roles of the Audit Committee. The Board ensures this Annual Report, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Company's position, performance, business model and strategy and the Audit Committee plays an important role in assisting the Board in reaching those conclusions. For information concerning the process followed by the Company in preparing this Annual Report see the Statement of Corporate Governance. The Audit Committee also monitors the financial reporting processes for the Group's half year report, which is a similar role to the one it carries out for full year reporting.
New accounting standards: The Audit Committee undertook a review of the impact of the new international accounting standards on the Group's financial statements for forthcoming years, relating to the accounting for revenue (IFRS 15), for leases (IFRS 16) and for financial instruments (IFRS 9). Of these standards, although not applying to the period, only IFRS 16 is expected to have a material impact on the Group's financial results and financial position for future periods (when adopted), including requiring the Group to bring large operating lease commitments onto the balance sheet and the impact on the Group's EBITDAA, depreciation, debt and operating profit (as well as other measures). Given its significance, management prepared a quantitative analysis of the estimated impact of IFRS 16. The Audit Committee reviewed the management report and the explanatory notes as well as some of the key management judgements. The Audit Committee sought to ensure that the most significant changes were clearly explained in this Annual Report. The Audit Committee: (1) discussed the systems and processes used by the Group to capture the required lease data information and to monitor lease terms; (2) reviewed the process used to identify all of the Group's revenue streams and the revenue recognition assessment used to recognise revenue from new Ocado Solutions contracts; and (3) reviewed the disclosure contained in this Annual Report regarding the anticipated impact of the standards on the Group's financial results and position (see Note 1.2 to the consolidated financial statements).
Accounting judgements and key sources of estimation uncertainty: The Audit Committee has assessed whether suitable accounting policies have been adopted and whether management has made appropriate judgements and estimates.
The Audit Committee reviewed and discussed reports from management on accounting policies and accounting issues and estimates in relation to this Annual Report and sought to assess the reasonableness of the assumptions and judgements underlying the accounting issues.
The table below summarises those significant issues which received particular focus from the Audit Committee in relation to the financial statements for the period and how these issues were addressed. The issues of useful economic lives of assets and of revenue recognition for new Ocado Solutions contracts were identified as new significant issues for the period.
|Area||Issue and Nature of Judgement or Estimate||Factors and Reasons Considered and Conclusion||Impact on Financial Information and Disclosure in Financial Statements|
|Cost of Sales — Supplier income (including commercial income, promotional allowances and volume rebates)||Commercial income continues to be an area of focus as the quantum of income recorded is significant to the results of the period. Some parts of commercial income require management to apply estimates to ascertain the amounts and timings of income to be recognised where it relates to supplier transactions that span the period end. The amounts due from suppliers in relation to promotional activity and volume related sales targets are material.||The Audit Committee assessed management estimates of supplier income and concluded these were appropriate. For each income stream the Audit Committee considered the analysis of historical supplier income and management reports on internal control for income streams.||The amount of £87.1 million is recognised as supplier income.|
See Notes 2.1 and 3.8 to the consolidated financial statements.
|Revenue Recognition||Management judgement is required for recognition of revenue due to the evolving nature of the business and new services that are being provided. The accounting for new Ocado Solutions contracts with a range of deliverables and fees is complex. They require management judgement, including with regards to the timing of recognition and classification of income under the accounting standard.|
The Audit Committee reviewed the appropriateness of management's proposed accounting treatment of existing and new revenue streams including in light of the expected impact of IFRS 15.
The Audit Committee considered the appropriate accounting policies for certain new contracts and taking into account the views of the external auditor.
|The accounting treatment is included in the Consolidated Income Statement. See Note 2.1 to the consolidated financial statements.|
— Capitalisation of Internal Development Time and Costs
|The capitalisation of internal development costs is material and involves management judgements as to whether the costs incurred meet the criteria in accounting standards for capitalisation, including the technical feasibility of the project and the likelihood of the project delivering sufficient future economic benefits, and the risk of impairment when new technology supersedes previously capitalised projects.||Details of material technology projects which are being capitalised along with the rationale for capitalisation were presented to and reviewed by the Audit Committee. The criteria for identification of projects which may be treated as intangible assets and the process to capture the costs of these technology projects were discussed by the Audit Committee. The Audit Committee also discussed the need for any impairment of the existing carrying values of capitalised software and systems recognised as a result of the development of new software and systems.||The amount of £47.2 million of internal development costs has been capitalised within intangible non-current assets, as set out in Note 3.1 to the consolidated financial statements.|
|Useful economic lives of assets||The useful economic lives and residual value of the Group’s assets involves management estimates. The appropriateness of the estimated lives were reviewed.||The Audit Committee reviewed the reports from management that explained the justifications for increasing the economic lives of some of the Group’s assets and the resulting impact on the Group’s depreciation charge and profitability including management's estimates based on longer historical experience with the use of assets.||As a result, the depreciation cost was reduced by £1.9 million in 2017 and is expected to decrease further on an annual basis in relation to the revised assets. See Note 3.2 to the consolidated financial statements.|
|Recognition of Deferred Tax Asset||The estimates used to support the future business profitability and recognised deferred tax asset require management estimate.||The basis of management estimates of future taxable profits of the Group and the process used to calculate the deferred tax asset recognised were reviewed by the Audit Committee. The Audit Committee assessed the reasonableness of the assumptions underlying the Group's future profits forecasts.||The amount of £14.3 million was recognised in the Consolidated Balance Sheet for the period. Details of the deferred tax asset are set out in Note 2.8 to the consolidated financial statements.|
The table above is not a complete list of all the Group’s accounting issues, estimates and policies, but highlights the most significant ones for the period in the opinion of the Audit Committee. Accounting for share-based payments and exceptional itemsA are recurring issues, but did not require a significant estimate or judgement during the period, unlike some previous periods.
The accounting treatment of all significant issues and judgements was subject to review by the external auditor. For a discussion of the areas of particular audit focus by the external auditor, refer to the Independent Auditor's Report. The Audit Committee considers that the Company has adopted appropriate accounting policies and made appropriate estimates and judgements.
Segmental Reporting: As with previous years, the Audit Committee considered the Group's approach to segmental reporting. Given the recent Ocado Solutions transactions, the Board started to review performance of the Group by segment and considered it appropriate to adopt segmental reporting for the Group for year end. This Annual Report reports the Group's two segments, retail and solutions, for the first time. The Audit Committee considered the accounting impact of IFRS 8 ("Operating Segments") and the external reporting disclosures for the Group.
Going Concern and Viability Assessments: The Audit Committee and the Board reviewed the Group's going concern and viability statements and the assessment reports prepared by management in support of such statements. The Audit Committee gave careful consideration to the period of assessment used for the viability statement. It took into account a wide range of factors (as set out in the Group's going concern and viability statements) and concluded the time period of three years remained appropriate. The external auditor reviewed management's assessment and discussed this review with the Audit Committee.
Tax Review: The Audit Committee also considered the Group's tax policy, and concluded that management's low risk approach to tax management remained appropriate. The Board reviewed and approved the Group's tax strategy statement, published for the first time during the period.
Risk Review: The Board has ultimate responsibility for effective management of risk for the Group including determining its risk appetite, identifying key strategic and emerging risks, and reviewing the risk management framework. The Audit Committee, in supporting the Board to assess the effectiveness of risk management and internal control processes, relies on a number of different sources to carry out its work including an assessment report provided by management, Internal Audit assurance reports and the assurance provided by the external auditor and other third parties in specific risk areas. No significant failings or weaknesses were identified in the Group's risk management and internal control system for the period. At the end of the period, the Audit Committee approved management's proposal to create a new position, Chief Compliance Officer, to head up a new function called Governance, Risk and Compliance. The new function has assumed responsibility for supporting the Group's risk management processes, such responsibility having been performed previously by Internal Audit (previously called Internal Audit & Risk) and to help grow the Group's risk management framework. The new function will help bring focus on the Group's risk controls and processes and actions needed to implement them, particularly as the business grows.
The Board discussed and reviewed the Group's risk appetite when reviewing the principal risks and the strategy for the Group. Regular review of the risk appetite ensures that the Company's risk exposure remains appropriate and acceptable in enabling the Group to achieve its strategic objectives. The Audit Committee also reviews risk appetite and principal risks when considering the effectiveness of the risk management system. Every year the Audit Committee focuses on particular risk areas identified in the Group risk register. During the period, management reported on the progress of the Group's business continuity and disaster recovery plans, the Group's information security controls and assurance framework, the programme for complying with the new General Data Protection Regulation and the control environment for the new Ocado Solutions business. During the period, PricewaterhouseCoopers LLP performed a high level cyber security audit covering the Group's controls to govern, detect, protect and respond to cyber security incidents. The Audit Committee considered the high level findings of the review and management's responses. The Audit Committee expects to monitor the next phases of the review in 2018, including the development of a security roadmap for expanding the Group's information security arrangements to cater for the growth of the business. The Audit Committee will continue to receive reports on these areas in future years. Further details of the risk review and the Group's risk management and internal control systems, including financial controls, are set out in the How We Manage Our Risks section.
Internal Audit: Part of the assurance provided to the Audit Committee when reviewing the effectiveness of the Group's systems of internal control comes from Internal Audit. The Audit Committee reviewed the Internal Audit plan in January 2017 and considered it appropriate to the Group having regard to the principal risks of the business.
The Internal Audit plan, which is risk based, set out a number of activities for the period and the 2018 financial year, including assurance programmes for key strategic projects such as the new CFCs and the Ocado Solutions technology and control and data integrity models for key projects such as the General Data Protection Regulation control environment and the Ocado Solutions business. The programme also includes operational audits for key operational risk areas such as site security, health and safety and food and product safety. The Audit Committee reviews the planned internal audit activities, and its resourcing and prioritisation. Internal Audit reports to each Audit Committee meeting. Management actions are tracked and the status of these actions is reported alongside progress against the Internal Audit plan. These reports enable the Audit Committee to monitor progress, and to discuss key findings and the plans to address them.
The Audit Committee is satisfied that the Internal Audit plan provides appropriate assurance on the controls in place to manage the principal risks facing the Group.
As well as reporting at each Audit Committee meeting on the results of their work, Internal Audit reports on any cases of whistleblowing, fraud and bribery.
Internal Audit effectiveness review: The Audit Committee is responsible for reviewing the effectiveness of the Internal Audit function each year. This year an independent review of the effectiveness of Internal Audit was facilitated externally by Grant Thornton UK LLP. The review followed two years in which an internally facilitated review had been conducted by the Company Secretary. Grant Thornton's detailed review of Internal Audit focused on remit and future direction. The review was based on interviews with a broad range of stakeholders and members of the Internal Audit function.
The review concluded with a final report and feedback session with the Chairman and Head of Internal Audit and a discussion at the Audit Committee meeting. Management presented a proposed response to the recommendations made in the report, which the Audit Committee discussed. Among the recommendations to be addressed by Internal Audit were that a detailed assurance map be presented to the Audit Committee, illustrating all assurance work across the Group and detailed reasoning for work included in the internal audit plan and better reporting of the resource allocation made by the Internal Audit team to different work activities. Internal Audit expects that the balance of its roles will change in future years to reflect the ongoing shift in the business from retail only to retail and technology. This will mean an increase in the amount of assurance work done with respect to the retail business, while its advisory role will continue with regards to the nascent Ocado Solutions business. Assurance work on the Ocado Solutions business is expected to take place as its control environment matures. Feedback from the stakeholders was consistent in acknowledging the usefulness of the work of Internal Audit and the value it is delivering for the Group. The Audit Committee was satisfied that Internal Audit remains effective. The Internal Audit team will grow slightly and is sufficiently resourced and has adequate levels of experience and expertise.
Annual Review: In addition to its annual performance evaluation, discussed in the Statement of Corporate Governance, the Audit Committee carried out a review of its terms of reference. The review resulted in changes to the terms of reference to reflect the new guidance. The Committee's terms of reference can be found on ocadogroup.com.
Deloitte was appointed by the shareholders as the Group's statutory auditor in May 2017, following a formal tender process (as described in the 2016 annual report). Mark Lee-Amies is the lead audit partner. The tender process was completed in late 2016 which allowed for a smooth handover process from the Group's outgoing external auditor, PricewaterhouseCoopers. The Audit Committee monitored this transition process.
Deloitte were given an induction process to help build on their understanding of the business. These induction activities included: a planning meeting with management in early 2017; Deloitte observing the Audit Committee meetings in January and April 2017; and half year transition planning meetings. In addition, Deloitte's role as principal accountant on the Group's debt issue (noted below) in respect of the 2017 period aided their understanding of the business.
Assessing the Effectiveness of the External Audit Process and the External Auditor
The Audit Committee places great importance on ensuring that there are high standards of quality and effectiveness in the external audit. Given Deloitte transitioned into the external auditor role in this period, the Audit Committee assessment covers a shorter review period than usual although the assessment still includes most of the half year review work and the year end audit. The Audit Committee reviewed and approved the annual audit plan to ensure that it is consistent with the scope of the audit engagement. In reviewing the audit plan, the Audit Committee discussed the significant and elevated risk areas identified by Deloitte most likely to give rise to a material financial reporting error or those that are perceived to be of higher risk and requiring additional audit emphasis (including those set out in the Independent Auditor's Report). The Audit Committee also considered the audit scope and materiality threshold. The Audit Committee met with Deloitte at various stages during the period, including without management present, to discuss their remit and any issues arising from the work of the auditor.
At the end of the period, the Audit Committee reviewed the performance of Deloitte based on a questionnaire that contained various criteria for judging their effectiveness and on feedback from management. The criteria for assessing the effectiveness of the audit included the robustness of the audit, the quality of the audit delivery and the quality of the people and service. The questionnaire was completed by members of the Audit Committee, the Chief Financial Officer and members of the finance department and senior members of management and operations teams. The results of the questionnaire were reviewed by the Audit Committee. The Audit Committee also met with management, including without Deloitte present, to hear their views on the effectiveness of the external auditor.
The Audit Committee also reviewed the findings from the Financial Reporting Council's Deloitte Audit Quality Inspection report (dated June 2017). The Audit Committee fully discussed with Deloitte the content of the report including the assessment of the quality of audits reviewed, Deloitte's response to the report and actions taken by it, including changes to the firm's audit methodology generally and taken into account in the audit plan for the period.
The Audit Committee concluded that Deloitte had transitioned well into the role and their performance was effective.
Independence and Objectivity: The Audit Committee considered the safeguards in place to protect the external auditor's independence. Deloitte reported to the Audit Committee that it had considered its independence in relation to the audit and confirmed to the Audit Committee that it complies with UK regulatory and professional requirements and that its objectivity is not compromised. The Audit Committee took this into account when considering the external auditors' independence and concluded that Deloitte remained independent and objective in relation to the audit.
Non-Audit Work Carried Out by the External Auditor: To help protect auditor objectivity and independence, the provision of any non-audit services provided by the external auditor requires prior approval, as set out in the table below. These thresholds are unchanged.
|Approval Thresholds for Non-Audit Work||Approver|
|Over £10,000 and up to £30,000 per engagement||Chief Financial Officer|
|Over £30,000 and up to £100,000 per engagement||Chief Financial Officer and Audit Committee Chairman|
|Greater than £100,000 per engagement, or if the value of non-audit fees to audit fees reaches a ratio of 1:2 as a result of a new engagement, regardless of value||Audit Committee|
An additional protection is provided by way of a non-audit services fee cap. The Audit Committee (or the Company) may not approve an engagement of the external auditor if annual non-audit services fees would exceed 70% of the average audit fees (not including fees for audit-related services) charged in the previous three years. Certain types of non-audit service are of sufficiently low risk as not to require the prior approval of the Audit Committee, such as "audit-related services" including the review of interim financial information. "Prohibited services" are those that have the potential to conflict directly with the auditors' role, such as the preparation of the Company's financial statements.
Non-Audit Work Undertaken During the Period: The total of non-audit fees, audit fees and audit-related services fees paid to the external auditors during the period is set out in Note 2.5 to the consolidated financial statements. The non-audit services fees of £310,000 paid to Deloitte during the period related to: (1) services in relation to the Ocado debt issue in June 2017; (2) audit-related assurance services for an interim review; (3) IT cyber penetration testing work carried out prior to appointment as external auditor; and (4) intellectual property legal support work carried our prior to appointment as external auditor. Non-audit fees of £20,600 were paid to Deloitte for remuneration advice to the Remuneration Committee (for more information see the Description of the Remuneration Report). With the exception of services in relation to the debt issue, all non-audit work engagements were approved by the Chief Financial Officer as the fees concerned were within the approval thresholds set under the policy.
The non-audit services fees of £155,000 (2016: £50,000) paid to retiring external auditors, PricewaterhouseCoopers related to services in relation to the Ocado debt issue and a controls programme assessment. The appointments of Deloitte and PricewaterhouseCoopers in relation to the debt issue work were approved by the Board.
The Audit Committee received a regular report from management regarding the extent of non-audit services performed by the external auditor. Deloitte provided a report to the Audit Committee on the specific safeguards put in place for each piece of non-audit work confirming that it was satisfied that neither the extent of the non-audit services provided nor the size of the fees (being 84.1% of the audit fees) charged had any impact on its independence as statutory auditor. Notwithstanding that the level of non-audit fees was very high in relation to the external audit fees, it was concluded that appropriate safeguards were in place to prevent a compromise of auditor independence. In the case of the debt issuance review work, this was conducted by an independent specialist team and was a natural extension of the half year auditor review work, making the auditor most suited to providing the service. In addition in the case of Deloitte, some of its non-audit services were provided to the business prior to its appointment as external auditor. The Audit Committee was satisfied this was the case and so concluded that the auditor's independence from the Group was not compromised.
Audit Fees: The Audit Committee was satisfied that the level of audit fees payable in respect of the audit services provided (excluding audit-related services) (being £345,000 (2016: £322,000)) was appropriate and that an effective audit could be conducted for such a fee. The existing authority for the Audit Committee to determine the current remuneration of the external auditors is derived from the shareholder approval granted at the Company's annual general meeting in 2017. At the annual general meeting in 2017, 98.37% of votes cast by shareholders were in favour of granting the Directors this authority.
Statement of Compliance with the Competition and Markets Authority (CMA) Order
The Company confirms that it has complied with The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Processes and Audit Committee Responsibilities) Order 2014 (Article 7.1), published by the CMA on 26 September 2014, including with respect to the Audit Committee's responsibilities for agreeing the audit scope and fees and authorising non-audit services.
See Alternative Performance Measures