Independence and objectivity
The Committee has a policy governing the engagement of the
external auditor to provide non-audit services. This precludes EY
from providing certain services. The policy is reviewed annually
and was last updated in 2021 (the Committee having agreed in
both 2022 and 2023 after review that no changes were required).
The latest version can be found on the Company’s website at:
www.softcat.com/about-us/investor-centre/governance.
Allnon-audit services provided by the external auditor are reported
to the Committee and a record is kept so that the total costs
regarding non-audit work during a financial year are monitored.
For certain specific permitted services, the Committee has
pre-approved that EY can be engaged by management, subject
to the policy set out above, and subject to a total of 10% of the
current external audit fee on an annual basis.
For all other services or those permitted services that exceed
these specified fee limits, I, as Committee Chair, or in my absence
another Committee member, can pre-approve permitted services.
The Committee also received confirmation from EY that there are
no relationships between the Company and EY that may have a
bearing on its independence.
In respect of the audit of the 2023 financial statements, the
Committee considered a fee proposal from EY and the Committee
reviewed the quantum and rationale relating to increased costs
for EY to undertake required audits. Audit fees had increased from
the previous year, reflecting the ongoing growth of the Company
and higher costs incurred by EY to perform their work. Following
the receipt of formal assurance that its fees were appropriate for
the scope of the work required, the Committee agreed a charge
from EY of £733,000 for statutory audit services in respect of the
Company’s annual financial statements.
The Committee also agreed a fee of £42,000 in respect of EY’s review
of the 2023 half-year results, which is classified as a non-audit fee.
Further details of the fees paid, for audit and non-audit services, to
EY for the 2022 and 2023 financial years can be found in note 3
to the financial statements.
The Committee is aware of the requirements of the Statutory
Auditors and Third Country Auditors Regulations 2016 (the ‘2016
Regulations’). The 2016 Regulations provide for a cap on non-audit
services of a maximum of 70% of the average of the audit fees
paid on a rolling three-year basis. In order to ensure this limit is
not exceeded, the Company shall in usual circumstances seek that
permitted non-audit fees shall not exceed 50% of the average
audit fee over the three preceding financial years in each case. The
three-year measurement period covers the 2021, 2022 and 2023
financial years and is 5.9%, which is considerably below the cap.
Taking the above into consideration, the Committee has concluded
that EY remains independent and objective and that appropriate
safeguards and controls are in place to assess ongoing
independence and objectivity.
Internal control and risk management
The Committee has the primary responsibility for the oversight
of the Company’s system of internal control, including the risk
management framework and the work of the internal audit function
(see below). During the year the Committee closely monitored
the Company’s internal control and risk management systems and
AUDIT COMMITTEE REPORT CONTINUED
received regular reports from management and the newly formed
Governance Risk and Compliance team (‘GRC’) (which now
incorporates the internal audit function) covering the major risks
and/or events faced by the business. As Softcat continues to grow,
the Committee recognises the importance of increasing its focus on
maturing our controls and formalising our ‘second line of defence’.
The Committee is monitoring a project lead by the interim Head of
Governance, Risk and Controls to mature the controls environment
and will continue to exercise oversight as this becomes embedded
into the business in FY2024.
The Committee continued to monitor the proposals arising from the
BEIS reforms on the audit market and on corporate governance,
including proposals to further strengthen processes and disclosures
on the effectiveness of a company’s internal controls. Provisional
plans to accommodate the proposed changes have been
prepared by management and summarised to the Committee.
Management and the Committee will review their plans in light
of the announcement by the Government in October 2023 to
withdraw the new statutory reporting regulations in respect of
the reforms.
Assessment of the Company’s system of internal
control, including the risk management framework
The Company’s risk assessment process and the way in which
significant business risks are managed is a key area of focus
for the Committee. Our activity here was driven primarily by the
Company’s assessment of its principal risks and uncertainties,
assetout on pages 72 to 77.
The Company has in place an internal control environment to
protect the business from the material risks which have been
identified. Management is responsible for establishing and
maintaining adequate internal controls over financial reporting
and the Committee has responsibility for ensuring the effectiveness
of these controls. As noted above, the Committee has monitored
management’s plans and the progress being made to further
strengthen the control environment.
The Committee has completed its review of the effectiveness
of the Company’s system of internal control, including risk
management, during the year and up to the date of this Annual
Report, in accordance with the requirements of the Guidance on
Risk Management, Internal Control and Related Financial and
Business Reporting published by the FRC. As part of the financial
year-end process, management presented to the Committee an
overview of the existing control framework and it summarised the
key controls in operation which underpinned the control environment
during FY2023. Management had over the year increased the
documentation of certain key controls and business processes,
including certain IT general controls, overarching controls for the
Finance department, financial management controls, audit risk
financial reporting controls, and fraud management.
Management had considered the control environment and
concluded that in its view the controls had been operating
effectively throughout the year and, taken together, provided a
high degree of assurance that the financial statements are free
from material misstatement.
Through the processes outlined above, the Audit Committee
has considered all significant aspects of the Company’s risk
management and internal control systems for the year and up
104 Softcat plc Annual Report and Accounts 2023