Audit, risk and internal control


The Company engages external auditors to audit the Group’s annual financial statements.

The Company also has an internal audit function to act as the third line of defence in ensuring the effectiveness of the Company’s system of internal controls.

Download our System of internal control 


The Board is responsible for the effective management of Group risk, including by:

  • Considering and approving the Group’s risk appetite;
  • Reviewing the Group’s principal risks and approving the Group’s principal risk register; and
  • Reviewing the Group’s emerging risks and approving  the Group’s emerging risk register.

Please see here for the Group’s management of risk

Internal control

The Company has a system of internal control which is based on a three lines of defence model which is comprised of a number of features as illustrated below:

Risk framework

Audit Committee

The Audit Committee is responsible for reviewing the effectiveness of external and internal audit, management of risk and the system of internal control. More information about the Audit Committee can be found on our Committees page.

Safety & Environment

The Group also has:

  • strong controls to ensure the safety of our workforce, passengers and other road users; and
  • an environmental strategy and KPIs which are aimed at reducing our impact on the environment.

Safety & Environment Committee

The Safety & Environment Committee is responsible for assessing the effectiveness of these matters. More information about the Safety & Environment Committee can be found on our Committees page.


Corporate Governance