Compliance management
Our enterprise-wide compliance management process is established and continues to raise visibility over key obligations. The process provides assurance to the Executive Directors and senior management on the effectiveness of control frameworks to manage key internal and external obligations, and also highlights instances of significant non-compliance with those obligations. External obligations are driven primarily by key legal and regulatory requirements whereas internal obligations focus more on compliance with National Grid’s own corporate policies and procedures. A network of compliance coordinators and champions exists within the businesses and Corporate Centre functions to enable the top-down/bottom-up alignment of Executive Directors’ obligations to be established and reported.
Furthermore, experts for each key obligation interface with relevant business contacts to ensure the quality of information reported upwards is validated. The compliance management process is consistent with, and complementary to, our risk management process and essentially provides, among other things, a more detailed breakdown of the risk of non-compliance with laws, regulations or standards of service as well as corporate policies and procedures.
Twice a year, the Executive, Risk & Responsibility and Audit Committees receive a report setting out the key obligations across National Grid and any significant non-compliance with those obligations, together with compliance opinions and action plans to improve controls where necessary. As with the risk management process, the Audit Committee also reviews the compliance management process at least once a year and reports on this to the Board. The compliance management process also contributes toward the entity level testing that is performed under the Sarbanes-Oxley Act, as well as some of our other internal assurance activities. The compliance management process was also subject to a detailed review by internal audit during the year; the outcome was satisfactory.