REG - NCC Group PLC - Notice of AGM 2019 and Notice of Trading Update
NCC Group plc
(the "Company" or the "Group")
Notice of Annual General Meeting 2019
and
Notice of Trading Update
The Company confirms that its Notice of Annual General Meeting 2019 ("AGM Notice") and its Annual Report and Accounts for the year ending 31 May 2019 ("Annual Report") have been posted or otherwise been made available to shareholders and published on the Investor Relations section of its website (www.nccgroup.trust/uk/investor-relations/). The Annual General Meeting will be held at 9.30 am on Wednesday 25 September 2019 at the Company's Head Office, XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester, M3 3AQ.
Copies of the Annual Report and the AGM Notice have been submitted to the National Storage Mechanism and will shortly be available for inspection at www.morningstar.co.uk/uk/NSM.
The Company will provide a trading update at 7.00am on Wednesday 25 September 2019 ahead of its Annual General Meeting on the same day.
A condensed set of the Company's financial statements and extracts were included in the Company's preliminary results for the year ended 31 May 2019 released on 25 July 2019 (the "Preliminary Announcement"). The information included within the Preliminary Announcement together with the information set out below, which is extracted from the Annual Report, constitute the material required by Disclosure Guidance and Transparency Rule 6.3.5 to be communicated to the media in full unedited text through a Regulatory Information Service. This announcement and the Preliminary Announcement are not a substitute for reading the full Annual Report. Page numbers and cross-references in the extracted information below refer to page numbers and cross-references in the Annual Report. To view the Preliminary Announcement, please visit the Investor Relations section of the Company's website at www.nccgroup.trust/uk/investor-relations/.
Directors' Responsibility Statement
The following statement is extracted from page 95 of the Annual Report and is repeated here for the purposes of Disclosure Guidance and Transparency Rule 6.3.5. This statement relates solely to the Annual Report and is not connected to the extracted information set out in this announcement or the Preliminary Announcement:
"The Directors are responsible for preparing the Annual Report and Accounts and the Group and parent Company Financial Statements in accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and parent Company Financial Statements for each financial year. Under that law they are required to prepare the Group
Financial Statements in accordance with International Financial Reporting Standards as adopted by the European Union (IFRSs as adopted by the EU) and applicable law and have elected to prepare the parent Company Financial Statements on the same basis.
Under company law the Directors must not approve the Financial Statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and parent Company and of their profit or loss for that period. In preparing each of the Group and parent Company Financial Statements, the Directors are required to:
• select suitable accounting policies and then apply them consistently;
• make judgments and estimates that are reasonable, relevant and reliable;
• state whether they have been prepared in accordance with IFRSs as adopted by the EU;
• assess the Group and parent Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern; and
• use the going concern basis of accounting unless they either intend to liquidate the Group or the parent Company or to cease operations, or have no realistic alternative but to do so.
The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the parent Company and enable them to ensure that its Financial Statements comply with the Companies Act 2006. They are responsible for such internal control as they determine is necessary to enable the preparation of Financial Statements that are free from material misstatement, whether due to fraud or error, and have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration Report and Corporate Governance Statement that complies with that law and those regulations.
The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company's website. Legislation in the UK governing the preparation and dissemination of Financial Statements may differ from legislation in other jurisdictions.
Responsibility statement of the Directors in respect of the annual financial report
Each of the Directors whose names and functions are set out on pages 48 to 49 of the Annual Report confirms that, to the best of their knowledge:
• the Financial Statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or
loss of the Company and the undertakings included in the consolidation taken as a whole; and
• the Directors' report includes a fair review of the development and performance of the business and the position of the issuer and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face.
We consider the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's
position and performance, business model and strategy.
Principal risks and uncertainties
The principal risks and uncertainties relating to the Company are set out on pages 32 to 37 of the Annual Report from which the following is extracted in full and unedited text:
"Relaunch of Risk Management
During the previous year we appointed a risk management subject matter expert, the Director of Risk and Assurance. Following this appointment, the Board commissioned an evaluation of our existing risk management framework. The review led to the implementation of a range of enhancements to build on the established platform.
The Group has continued to develop and implement a Risk Management Policy, against which we are monitoring enterprise-wide risk management.
This policy sets out protocols covering roles and responsibilities for the risk framework and the definition of risk appetite as set by the Board. A web-based tool, the Integrated Risk Management System (IRMS), has been deployed to record risk registers and to track risk mitigation action plans, helping embed ownership of risks and treatment actions while also providing access to live management information.
Risks are evaluated at a number of levels of the organisation, commencing with those which link to the Group achieving its strategic objectives. These risks are presented under our principal risks and uncertainties.
Risks are identified primarily by the management team through the use of a structured risk framework. Non‑Executive reviews are carried out by two Board Committees: the Cyber Security Committee for IT centric risks and the Audit Committee for all other risk types. The Chief Information Security Office (CISO) reports to the Cyber Committee and the Director of Risk and Assurance reports to the Audit Committee.
While distinct from the established CISO role, the Director of Risk and Assurance works closely with the CISO to facilitate risk oversight across the full range of risk types.
Risk management processes and controls
The Board monitors the ongoing process by which relevant material risks are identified, evaluated and managed via the two subcommittees noted above. On a quarterly basis, the subcommittees review the detailed risk registers that have been prepared and updated across the business along with the status of action plans that are in place to treat risks, which are considered to be excessive.
Evaluation and treatment of risk
Risks are evaluated using a simple but robust model, which forms part of the Risk Management Policy. The model, which is capable of application across multiple risk types, is sufficiently sensitive to record risks that have the potential to impact Viability Reporting obligations.
Risks are evaluated without considering the operation of any existing controls. This is done to
form a view of inherent risk.
The impact of existing mitigating controls are then considered along with their effectiveness to determine the extent of residual risk. The assessments are made using a combination of impact and likelihood criteria to arrive at a total risk score. Residual risk is then considered against the Group Risk Appetite, which is a judgmental scoring matrix created by the Board to identify risks as being within or outside acceptable parameters for the Group.
Output from the evaluation of strategic risks has been used to help shape the Group's Transformation Programme. Where risks are assessed as being outside of appetite, treatment actions are agreed including owners, priorities and due dates, either within the Transformation governance structures or milestone plans owned by senior business leaders. The IRMS is used to track these actions, with data mining capabilities to produce reports to the Cyber Security and Audit Committees.
The Group uses a simple Risk Heat Map to record an up-to-date view of residual risk. Viability risks are principal risks that the Directors consider are so extreme that they could jeopardise the business viability if they crystallise.
Principal risks and uncertainties
The Group continues to operate in a particularly dynamic and evolving marketplace. The very latest strategic risk register has been developed to reflect those factors.
The Directors have carried out a robust assessment of the principal risks facing the Group including those that would threaten its business model, future performance, solvency or liquidity. Detailed descriptions of the current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls are set out below. The tables also highlight whether the risk is assessed as increasing or decreasing with a similar assessment for the position last year. This includes identifying new principal risks and uncertainties.
Risk Areas
Potential Impact
Mitigation
Business Strategy
A comprehensive business strategy
is essential to the continued success
of the Group as we strive to maximise
shareholder value.
A poor strategy or ineffective execution
of a strategy could have a material
negative impact on the Group's financial
performance and value. It would
potentially weaken the Group compared
to its competitors and risk the Group's
established position in the marketplace.
(Medium impact, risk exposure decreased from 2018)
Members of the Board have significant experience in evolving
business strategies. The Board is significantly engaged in both
setting and reviewing strategy and held a dedicated strategy
session in March 2019.
Management of strategic change
As the Group adapts and executes its
strategy there are a number of complex
projects and initiatives that not only need to
be delivered but also require understanding
and support from all colleagues.
Poor change management could lead to ineffective implementation of projects that then cost more to deliver, take longer to deliver and result in fewer benefits
being realised (or all three). Poor delivery
of change could ultimately impair
business performance.
(Medium impact, risk exposure decreased from 2018)
The Group has established a Strategic Change Management
capability and this includes access to Programme Management
professionals and the deployment of associated change
management processes, for example the operation of senior
change oversight committees.
Availability of critical information systems
The Group is heavily reliant on continued
and uninterrupted access to its IT systems.
As well as environmental and physical
threats, the Group is a natural target for
individuals who may seek to disrupt the
Group's commercial activities.
If the Group's critical systems failed, this
could affect the Group's ability to provide
services to our customers
(Medium impact, risk exposure decreased from 2018)
The Group continues to make significant investment in its IT
infrastructure to ensure it continues to support the growth of
the organisation.
The Group has controls in place in order to reduce the risk of
actual loss of critical systems. Further, controls are operated to
ensure the availability of backup media in the event of prolonged
loss of systems.
Initiating to standardise and simplify while increasing resilience,
continues to be implemented. Additional focus is being periodically
given to proving the recoverability of systems and data.
Attracting and retaining appropriate colleagues capacity and capability
The Group would be adversely impacted if
it were unable to attract and retain the right
calibre of skilled colleagues.
Some roles within the Group operate in
highly technical and extremely specialised
areas in which there are shortages of
skilled people.
Loss of key colleagues or significant
colleagues turnover could result in a lack of
necessary expertise or continuity to execute
the Group's strategy.
An inability to attract and retain sufficient high-calibre colleagues could become a barrier to the continued success and
growth of NCC Group.
(Medium impact, risk exposure increased from 2018)
Colleagues are offered a rewarding career structure and attractive
salary and benefits packages, which can include participation in share schemes.
Linked to the development of our people, the Group continues to
review our values, personal performance management processes
and aligned development programmes.
Cyber risk (including GDPR)
As a provider of security services, the
Group is a high profile target and could
therefore be subject to attacks specifically
designed to disrupt the Group's business
and harm the Group's reputation.
There could also be implications relating
to our GDPR control obligations. Such
events could adversely affect the market's
perception of the Group as well as causing
business disruption.
Failure to maintain control over customer,
colleague, commercial and/or operational
data could lead to a range of impacts,
including reputational damage. The misuse
of personal data, for example without
the customer's consent, or retaining for
longer than is necessary, may also result in
reputational harm, regulatory investigations
and potential fines.
(Medium impact, risk exposure unchanged from 2018)
The Board operates a Cyber Security Committee chaired by the
Chairman of the Board. The CISO reports to each meeting, in line
with the Group Risk Management Policy.
Security testing is regularly carried out on the Group's infrastructure and there are extensive response plans, which were reviewed during the year, in the event of a major security incident.
Comprehensive plans are in place and being delivered associated
with discharging our GDPR obligations. Progress is monitored by
the Cyber Security Committee.
Colleagues also receive regular security training and updates.
Quality of Management Information Systems (MIS) and internal business processes
We need to ensure that trusted and
relevant MIS are available on a day-to-day
basis to inform management decisions and
drive performance.
Suboptimal business decision-making and
performance as key financial performance
data is not available or trusted.
(Medium impact, risk exposure unchanged from 2018)
The Group finance function has developed a forward-facing Finance Functional Strategy. Enhancements were identified covering system and process standardisation. A comprehensive milestone plan is in place and progress is tracked and reported to each Audit Committee.
Standardised business process control standards were recently
issued across all parts of the Group. As the new financial year progresses, control self-assessment techniques will be implemented along with an aligned programme of Internal Audits.
Quality and Security Management Systems
We aspire to attain and retain key internationally recognised standards, which form an important component for many of
our customers.
The risk of the Group failing to retain a
core standard, e.g. 9001, 27001 or PCI,
with a consequential loss of key customer
accounts or ability to operate.
(Low impact, risk exposure decreased from 2018)
We operate a comprehensive programme to ensure the retention
of our core standards. This includes a portfolio of aligned policies
and cascading business processes. A programme of internal audit provides assurance over the design and application of these policies and procedures. External assessors provide a further layer of review and challenge, confirming during the year the retention of our Quality and Security standards.
Brexit
Failure to prepare for the UK's departure
from the EU may cause disruption to, and
create uncertainty around, our business.
Any disruption or uncertainty could have an adverse effect on our business, financial
results and operations.
Uncertainty around the UK's departure from
the EU continues as a result of the political
deadlock. The risks associated with Brexit
are the possibility of a 'no-deal' scenario
and also the potential for an abrupt departure from the EU.
(Medium impact, risk exposure increasing from 2018)
Similar to any UK company, we list Brexit as a significant risk due
to the uncertainty surrounding the final form Brexit will actually
take and when it will happen.
We continue to plan for Brexit internally and the Brexit Steering
Group meets regularly.
As our operations around the world include business entities based in continental Europe we believe NCC Group is structurally resilient to any disruption caused by Brexit. The main risks to our business from Brexit are:
• Any reduction in demand from an economic slowdown; and
• Real or perceived differences in data protection standards, which impact our global ways of working.
Other risks
Furthermore, as the Group's international footprint expands, there is an inherent risk of adverse foreign exchange movements affecting profitability. At present this risk is limited due to the relatively low level of inter-territorial trading but it will increase in future. Inability to refinance the Group's core banking facilities could call into doubt the Group's longer term viability. We have recently achieved a new five-year refinancing facility, which is more flexible and suited to our future needs. Equally, if those facilities lacked the appropriate flexibility and structure, this could inhibit delivery of the Group's strategy.
The Group's current banking facilities cover all of the expected needs of the Group for the period of such facilities and are sufficiently flexible to allow the Group to function effectively. The Group has a Tax and Treasury Manager. Part of their role is to support the CFO in developing a Treasury strategy and overseeing its implementation.
Impact of Brexit on the Group
There is continuing uncertainty around the likely impact of Brexit on businesses. This uncertainty is likely to continue until at least 31 October 2019, which is the current deadline for the UK's departure from the EU.
We continue to plan for Brexit and we have a Brexit Steering Group that meets regularly. As our operations around the world include business entities based in continental Europe we believe NCC Group is structurally resilient to any disruption caused by Brexit. The main risks to our business from Brexit are:
• Any reduction in demand from an economic slowdown; and
• Real or perceived differences in data protection standards, which impact our global ways of working."
LEI - 213800DJCGZRB6523934
Classification - Annual Report and Financial Statements and Notice of AGM.
Enquiries:
NCC Group plc
Adam Palser - CEO
Tim Kowalski - CFO
Jonathan Williams, Deputy Company Secretary
0161 209 5200
0161 209 5200
0161 209 5374
This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact rns@lseg.com or visit www.rns.com.ENDMSCPBMFTMBTTBLL
Recent news on NCC
See all newsREG - NCC Group PLC - Appointment of Joint Broker
AnnouncementREG - NCC Group PLC - Director/PDMR Shareholding
AnnouncementREG - NCC Group PLC - Director/PDMR Shareholding
AnnouncementREG - NCC Group PLC - Holding(s) in Company
AnnouncementREG - NCC Group PLC - Holding(s) in Company
Announcement