Page 136 - Annual Report 2020
P. 136
2.10 Risk and Audit Committee Report continued
Internal Audit Management’s assessment of internal control over
The Internal Audit function is carried out by Internal Audit financial reporting
and Advisory (IAA). IAA provides assurance on whether risk Management is responsible for establishing and maintaining
management, internal control and governance processes adequate internal control over financial reporting (as defined
are adequate and functioning. The Internal Audit function in Rule 13a-15(f) and Rule 15d-15(f) under the Exchange Act).
is independent of the External Auditor. The RAC evaluates Because of its inherent limitations, internal control over financial
and, if thought fit, approves the terms of reference of IAA, reporting may not prevent or detect misstatements and, even
the staffing levels and its scope of work to ensure it is when determined to be effective, can only provide reasonable
appropriate in light of the key risks we face. It also reviews assurance with respect to financial statement preparation and
and approves the annual internal audit plan and monitors presentation. Also, projections of any evaluation of effectiveness
and reviews the effectiveness of the internal audit activities. to future periods are subject to the risk that controls may become
The RAC approves the appointment and dismissal of the inadequate because of changes in conditions, or the degree
Group Assurance Officer and assesses their performance, of compliance with the policies or procedures may deteriorate.
independence and objectivity. The position was held Under the supervision and with the participation of our
throughout the period by Rama Devarajan who reported management, including our CEO and CFO, the effectiveness
directly to the RAC. During the period, functional oversight of BHP’s internal control over financial reporting has been
of IAA was provided by the Chief External Affairs Officer. evaluated based on the framework and criteria established
Effectiveness of systems of internal control and risk in Internal Controls – Integrated Framework (2013), issued
management (RAC and Board) by the Committee of the Sponsoring Organizations of the
In delegating authority to the CEO, the Board has established Treadway Commission (COSO). Based on this evaluation,
CEO limits, outlined in the Board Governance Document. management has concluded that internal control over financial
Limits on the CEO’s authority require the CEO to ensure there reporting was effective as at 30 June 2020. There were no
is a system of control in place for identifying and managing material weaknesses in BHP’s internal controls over financial
risk in BHP. Through the RAC, the Directors regularly review reporting identified by management as at 30 June 2020.
these systems for their effectiveness. These reviews include BHP has engaged our independent registered public accounting
assessing whether processes continue to meet evolving firm, EY, to issue an audit report on our internal control over
external governance requirements. financial reporting for inclusion in the Financial Statements
The RAC oversees and reviews the internal controls and risk section of the Annual Report and the Annual Report on Form
management systems. Any material breaches of Our Code, 20-F as filed with the SEC.
including breaches of our anti-bribery and corruption There have been no changes in our internal control over
requirements, as well as any material incidents reported financial reporting during FY2020 that have materially affected,
under our ‘speaking up with confidence’ requirements are or are reasonably likely to materially affect, our internal control
reported quarterly to the RAC by the Chief Compliance Officer. over financial reporting. This includes COVID-19, which only
These reports are then communicated to the Board through had a minor impact on internal controls over financial reporting
the report-out process. In undertaking this role, the RAC reviews: in relation to both the number and nature of controls that
• procedures for identifying, assessing and managing material were impacted.
risks and controlling their impact on the Group, and other During FY2020, the RAC reviewed our compliance with
stakeholders where relevant, and the operational effectiveness the obligations imposed by SOX, including evaluating and
of these procedures documenting internal controls as required by section 404
• processes and systems for managing budgeting, forecasting of SOX.
and financial reporting
• the Group’s strategy and standards for insurance Management’s assessment of disclosure controls
• the Group’s standards and procedures for reporting reserves and procedures
and resources Management, with the participation of our CEO and CFO,
• the Group’s standards and procedures for closure and performed an evaluation of the effectiveness of the design
rehabilitation provision and operation of our disclosure controls and procedures
as at 30 June 2020. Disclosure controls and procedures are
• standards and practices for detecting, reporting and preventing designed to provide reasonable assurance that the material
fraud, serious breaches of business conduct and whistle- financial and non-financial information required to be disclosed
blowing procedures supporting reporting to the Committee by BHP, including in the reports it files or submits under the
• procedures for ensuring compliance with relevant regulatory Exchange Act, is recorded, processed, summarised and
and legal requirements reported on a timely basis and this information is accumulated
• arrangements for the protection of the Group’s information and communicated to BHP’s management, including our CEO
and data systems and other non-physical assets and CFO, as appropriate, to allow timely decisions regarding
• operational effectiveness of the Business RAC structures required disclosure. Based on the evaluation, management
• overseeing the adequacy of the internal controls and allocation (including the CEO and CFO) has concluded that as at
of responsibilities for monitoring internal financial controls 30 June 2020, our disclosure controls and procedures are
Section 1.5.4 includes a description of the Group’s principal risks effective in providing that reasonable assurance.
that could result in events or circumstances that might threaten There are inherent limitations to the effectiveness of any system
BHP’s business model, future performance, solvency or liquidity of disclosure controls and procedures, including the possibility
and reputation and also provides an explanation of how those of human error and the circumvention or overriding of the
risks are managed. controls and procedures. Even effective disclosure controls
During FY2020, management presented an assessment of the and procedures can only provide reasonable assurance
of achieving their control objectives.
material risks facing BHP and the level of effectiveness of risk
management over the material business risks. The reviews In the design and evaluation of our disclosure controls and
were overseen by the RAC, with findings and recommendations procedures, management was required to apply its judgement
reported to the Board. In addition to considering key risks in evaluating the cost-benefit relationship of possible controls
facing BHP, the Board assessed the effectiveness of internal and procedures.
controls over key risks identified through the work of the
Board Committees. The terms of reference for the RAC are available
at bhp.com/governance.
The Board is satisfied with the effectiveness of risk management
and internal control systems.
134 BHP Annual Report 2020
