Annual Report • Sep 29, 2021
Annual Report
Open in ViewerOpens in native device viewer
Securing the future
Peace of mind today and forever
Annual report and accounts for the year ended 31 May 2021
NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies. As society's dependence on the connected environment and the associated technologies increase, we use our global insights to help organisations assess, manage and develop their cyber resilience posture, enabling them to confidently take advantage of the opportunities that sustain their business growth.
Read more online: www.nccgroup.com
Strategic report
1 References for the Group's results are for continuing operations.
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021. The 2017 to 2019 figures above have not been restated. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to the adoption of the IFRIC agenda decision:
| 2021 £m |
2020 £m |
Change | |
|---|---|---|---|
| Adjusted operating profit (as noted above) | 39.2 | 30.7 | 27.7% |
| Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below) | (3.0) | (1.4) | (114.3%) |
| Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements | 36.2 | 29.3 | 23.5% |
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted operating profit previously reported.
| Strong trading performance despite the pandemic |
Another year of excellent cash management |
Successful acquisition of IPM with strategic and financial importance |
|---|---|---|
| Exciting development and growth of key service lines for the future |
Our cyber and resilience markets continue to offer excellent long-term growth prospects |
Investing for the future |
As society's dependence on the connected environment and the associated technologies increase, we use our global insights to help organisations assess, manage and develop their cyber resilience posture, enabling them to confidently take advantage of the opportunities that sustain their business growth. This includes:
Getting the basics of cyber hygiene correct
Knowing what
and how to prioritise
Coping with the scarcity of skilled resources needed to deliver quality improvement, change and operations
Responding to the increasing compliance, regulatory and legislative burden
Quantifying cyber spend efficiency and return on investment
Across our two divisions, we deliver solutions that result in outcomes that match our customers' goals, budgets and risk appetite, giving them peace of mind that their most important assets – their business, software and personal data – are safe and secure.
Read more on our markets on pages 16 and 17 Read more on our markets on pages 16 and 17
We have a significant market presence in the UK, Europe and North America, and a rapidly growing footprint in Asia Pacific with offices in Australia, Japan and Singapore.
As investment in cyber resilience becomes essential to organisations' licence to operate, NCC Group's addressable market is expanding.
Cyber security market size, 2018–2025 (USD billion)
Source: https://seekingalpha.com/article/4335822-check-pointsoftware-market-misunderstands-subscription-growth.
We have grown revenue, gross margin and Adjusted operating profit 2 throughout a period of disruption. The performance of our key future service lines positions us to capture accelerating market growth.
We have recurring high margin revenues and sustainable cash flows from our globally scalable Managed Detection and Response (MDR) and Software Resilience services, and a quality customer base.
The acquisition of Iron Mountain's Intellectual Property Management (IPM) business will be accretive to earnings per share (EPS). We expect revenue opportunities from offering a richer set of software verification and cloud and wider cyber resilience services to IPM's extensive customer base over the medium term.
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
Our strong historical performance and enduring ability to succeed in a rapidly changing market are a result of four characteristics that will continue to fuel our growth now and in the future:
Our approach to sustainability is focused on the recognised elements of environment, social and governance (ESG). They're brought to life with our framework, which enables us to focus our efforts on the activities that deliver the greatest value to our people, our customers, our shareholders and the world we all live in.
We will continue to secure the future today and our sustainability agenda will play a strategic role to support conscious decision making as we begin to set targets that challenge us to continually improve in making the world safer and more secure for all.
Our greatest strength is our breadth and depth of world-class technical capabilities. We employ some of the most talented security consultants and researchers on the planet: every researcher on our team is also an active consultant. We consistently perform independent, cutting-edge security research that supports current and future specialist technical consulting capabilities and customer and consultant needs, and responds to world events. Through our agile methodologies, we have delivered six new solutions in response to market demand in the last year, including a next generation SaaS platform for digital escrow deposits and secured digital vault storage, data science-based analytical and machine learning approaches to threat detection, and our new data-driven cyber risk quantification and peer comparison offer.
Each day at NCC Group, our technologists and professionals wake up with one mission – to help make the world safer and more secure. Together they form a phenomenal knowledge network, collaborating, innovating and delivering value to our customers.
We continue growing our technical people base year on year, even managing to increase our global headcount throughout the disruption of the global pandemic, because we invest in our colleagues' wellbeing, career development and full potential.
As we are taking advantage of remote and flexible delivery models, we have doubled our global resourcing days in 2020. This means that we truly put the best person on any job, all around the world. And we will seek to increase this even further as we grow our global talent pool and our colleagues' skills and competencies and mature our global delivery model.
8.1% growth in headcount
6 new customer-facing propositions
35 tool releases
Read more on pages 18 and 19
Unlike other businesses in the technology space, we are an inherently asset-light business, limiting our capital expenditure and promoting our agility and flexibility to respond to changing circumstances.
We have strengthened our Balance Sheet through disciplined cash management and reduced overheads which positions us to exploit further opportunities in the future. It has allowed us to invest up to £3m in cloud technology, artificial intelligence/machine learning advanced analytics, and our new remediation and security improvement offer.
Read more on page 50 Read more on pages 32 to 39
Chris Stone Non-Executive Chair
Our colleagues have continued to show their commitment and resilience throughout the pandemic in delivering excellent service to our customers and pursuing our mission, vision and objectives relentlessly.
At the end of a financial year which has seen continued disruption to economies and trading environments worldwide, it is pleasing to be able to report to all our stakeholders that NCC Group has continued to demonstrate its resilience in many ways. In particular, NCC Group has achieved year on year revenue growth and profitability despite the headwinds of a global pandemic. Along the way, we secured the Group's largest acquisition to date, enjoyed strong growth in our most exciting propositions for the future and, had another year of strong cash management.
Overall, the Group delivered revenue growth of 2.6% (2020: 5.2%), Adjusted EBITDA 2 of £52.5m (2020: £45.5m) and Adjusted operating profit 2 of £39.2m (2020: restated £30.7m 3). On a statutory basis, after the partial recognition of acquisition costs of £7.6m and cloud configuration and customisation costs associated with the Group's transformation programme SGT (£5.1m, 2020: restated £7.9m 3), operating profit increased by 37% to £17.3m (2020: restated £12.6m 3) and profit before taxation increased 54% to £14.8m giving rise to a statutory EPS of 3.6p (2020: restated 2.3p 3) and Adjusted basic EPS 2 of 9.5p (2020: restated 7.2p 2) respectively.
The Group delivered sustainable cash flows with cash conversion 2 of 88.2%, resulting in the Group becoming cash positive in November 2020 prior to the equity funding process for the IPM business US acquisition.
As at year end, net cash (excluding lease liabilities 2) amounted to £83.3m including net placing proceeds of £70.2m; adjusting for this has meant that underlying cash amounted to £12.6m compared to net debt of £4.2m 12 months ago. It is also worth noting that we have taken no government subsidies or loans (other than deferring tax payments that have now been fully repaid), nor have we made any colleagues redundant or furloughed them during the pandemic, demonstrating our objective of being a global hub for cyber talent.
In Assurance, the North American and EU Assurance businesses grew by 6.5% and 5.9% respectively on a local currency basis. Our UK and APAC business increased 3.9%, supported by growth in MDR and the launch of our Remediation service. Our Global Software Resilience business declined by 2.4%, a result of execution challenges in a remote environment and capacity challenges in sales resourcing. However, we are proud to see that our cloud proposition (EaaS) continues to go from strength to strength, with orders having increased by 83% to £2.2m, providing a promising and exciting platform for the future.
Our business performance can be found in more detail on pages 9 to 13
Our strategy, mission and vision remain unchanged, and continue to drive progress towards our medium-term objectives:
NCC Group's research-driven, people-centric and capex-light business model enables us to remain at the forefront of the dynamic cyber industry.
Further details on our strategy and value creation through our business model are provided on pages 29 to 31 and 20 and 21 respectively
During the year, we agreed the acquisition and associated funding for Intellectual Property Management (IPM), the Software Resilience division of Iron Mountain, and received shareholder approval on 1 June. It was therefore pleasing post year end that we completed the transaction, which will be accretive to profitability and provide further strong cash generation. It is also pleasing that the management team has commenced the integration programme, and this is on plan.
The strength and flexibility of our Balance Sheet will allow us to pursue further organic and inorganic growth opportunities where they align with our strategic and financial objectives.
Further details on our recent acquisition are provided on page 12
We are recommending an unchanged final dividend of 3.15p (2020: 3.15p) per ordinary share, making a total for the year of 4.65p (2020: 4.65p), with our dividend policy continuing to remain under review. The final dividend will be paid on 12 November 2021, subject to approval at the AGM on 4 November 2021, to shareholders on the register at the close of business on 15 October 2021. The ex-dividend date is 14 October 2021.
There have been no changes to the Board during the year.
Further details on our Board composition are provided on pages 78 to 86
As Chair, I am responsible for providing leadership to ensure that the Board operates effectively in all aspects of its performance. We have an established and experienced Board, which actively oversees the Group's strategic development, monitors the delivery of its business objectives and considers risks and mitigating actions. Our performance and decisions made during this global pandemic are testament to the Board's effectiveness.
Further information on risk management and the key risk identification procedures is set out on pages 40 to 48
During the year, we have been further embedding the requirements of the UK Corporate Governance Code 2018 (the 'Code'), particularly the renewed focus on identifying and engaging with all our stakeholders in a remote world. During the year we complied with all other aspects of the Code with the exceptions that our CEO and CFO pensions were not in alignment with our general colleague population, we do not have post-employment shareholding guidelines and we did not engage with the workforce to explain how executive remuneration aligns with the wider Company pay policy. The first of these three areas of noncompliance will be resolved following our 2021 AGM and subject to shareholder approval of our new Directors' Remuneration Policy.
We recognise that we still have much progress to make in terms of improving the diversity of the Board and our Executive Team (and indeed our workforce as a whole). With that in mind, during the year we have made the commitment that by 2024, we will have at least 33% female representation on our Board and at least one person of colour. Although this is best practice for FTSE 350 companies, we will commit to this target regardless of which share index we are in.
Please see the Corporate Governance Statement starting on page 70 for further information
It has been a delight to welcome Inge Bryan as Managing Director for NCC Group's European Assurance operations, who joined us after a remarkable career in cyber and security. Inge previously held roles with the Dutch National Police and the General Intelligence and Security Service of the Netherlands and served as Home Affairs Counsellor in the Royal Netherlands Embassy in Paris. Before she joined NCC Group Inge was part of the cyber security leadership team with Deloitte Risk Advisory, securing the critical infrastructure of the Netherlands, including central government. In 2019 she was listed in the top 100 most influential women in the Netherlands and one of the 50 most inspiring women in tech.
Further details on our executive management composition are provided on pages 76 and 77
Successful stakeholder engagement is a key area of focus for NCC Group, especially during these remote and challenging times. During the year, we have engaged with our customers, our colleagues, our network and our shareholders. Certain highlights include the CyberUp Campaign, our "working together" approach with our
customers, an investor survey and shareholder engagement throughout the recent acquisition, and physical and mental wellbeing programmes for all our colleagues.
Further details on stakeholder engagement are provided on pages 49 to 52
We will always be a people-centric business and our technical colleagues are at the core of our customer offer, supported by agile sales and back-office functions. Our colleagues have continued to show their commitment and resilience throughout the pandemic in delivering excellent service to our customers and pursuing our mission, vision and objectives relentlessly. We seek to provide meaningful and rewarding career paths for all our colleagues. Following our colleague engagement survey, we will continue to create a great place to work and focus on becoming the employer of choice in our markets. We are also embracing more flexible ways of working and intend to continue with that flexibility as we anticipate returning to a hybrid office/remote way of working. In addition, through our colleague resource groups that create conversations inherent to an inclusive culture, we continue making NCC Group an organisation where everybody feels safe to be their authentic selves.
On behalf of the Board, I therefore offer our sincere thanks and appreciation to all of the Group's colleagues for their continued resilience and professionalism in delivering this performance. As a Board, we also welcome our new colleagues from the IPM business as we look to the future with enduring confidence.
NCC Group recognises the importance of an environment, social and governance (ESG) framework that underpins our operations as a key indicator of the Group's sustainability and ethical impact. The Group has developed an ESG framework which continues to evolve. Examples of progress to date include the ongoing review of key policies and maintaining our corporate governance and decision-making structures through the "move to remote" during the pandemic. In addition, we continue to foster partnerships that support the development of future diverse cyber talent and we encourage engagement from colleagues and our external stakeholders around our four focus areas of gender, LGBTQIA+, race and ethnicity and neurodiversity.
Non-Executive Chair 14 September 2021
It is essential for us all to proactively manage any risk to our safety and security. As you go about your daily routines you can be safe in the knowledge that we are passionate about keeping you and your personal data, the technology and devices you use, and the critical assets and software your business relies on safe and secure. It is our mission and is what drives our strategic roadmap...
Adam Palser Chief Executive Officer
Our resilience starts with our people and I would like to pay tribute to the remarkable skills and commitment of my colleagues. They are at the heart of our success.
Pandemics start somewhere else and affect other people – until very suddenly they are on your doorstep and inside your business, forcing you to re-evaluate how you live and how you work.
Our 2021 financial year was a tale of two pandemics, one biological and the other digital. The ensuing tug-of-war between these pandemics defined our markets:
Covid-19, supply chain shocks and rampant ransomware attacks have reminded us all how difficult it is to predict the future and thus of the importance of resilience against unknown risks. We are proud of our own resilience through the past 12 months, demonstrating our ability to deliver great work, to hire more talent and to grow even through the most extreme of shocks.
Our resilience starts with our people and I would like to pay tribute to the remarkable skills and commitment of my colleagues. They are at the heart of our success.
Last financial year we hired over 200 front-line technical specialists, increasing our global net headcount by 8.1%. It is remarkable to think that many of them have not been into an office or met their colleagues. Happily, the feedback from surveys we have conducted indicates that the work we have done to onboard colleagues in the remote environment has been valued.
Overall, the global voluntary attrition rate remained constant at c.15% and our technical attrition increased to 17.0% (2020: 14.4%). We identify two particular influences on this attrition increase. First, the advent of remote working drove significant labour mobility in the United States as it became possible to work for the largest and most exciting technology companies without having to move to the Bay Area. Second, while attrition was much lower in the UK and Europe through the first half, as the world began to open up we saw people leave to change lifestyle or gain variety after being locked down in the same place for an extended period of time.
However, once again demonstrating our own resilience, the global operating and resourcing model that we developed mitigated the impact of this higher attrition, enabling us to deliver revenue in North America using resources spread elsewhere across the globe.
There are not enough cyber skills in the world to meet today's challenges. We see ourselves as playing a significant role in the attraction and training of new talent, having one of the cyber industry's most effective training programmes. As we strive to bring more people into the world of cyber and to make the population of cyber specialists representative of the societies in which they live and work, we continue to focus on inclusion and improving the diversity of our teams. In particular:
Every day we work for customers in pursuit of our mission: to make the world a safer and more secure place. This mission and the focus on our people are at the heart of our value proposition and how we do business.
More broadly, our sustainability approach is focused on the recognised elements of environment, social and governance and our progress is outlined below:
Against this backdrop, Group revenues increased by 2.6% (2020: 5.2%). On a constant currency basis 2, Group revenues increased by 3.6%.
In our Assurance business, the North American and EU Assurance businesses grew by 6.5% and 5.9% respectively on a local currency basis 2 . Our UK and APAC region increased 3.9%, including a notable 9.6% in the second half as industries began to look forward to the easing of restrictions.
In our Software Resilience division, we were delighted by the 83% increase in Escrow-as-a-Service orders which herald great promise for the future, but disappointed by an overall revenue decline of 2.4%. Attracting sufficient sales resource, retaining sales colleagues, delivering on-site work and maintaining sales momentum have all been more difficult in a fully remote working environment and we anticipate improvements in all of these factors in the next 12 months as we work to return Software Resilience to sustainable growth.
Gross profit increased by 5.9% to £110.6m (2020: £104.4m) with gross margin percentage increasing to 40.9% (2020: 39.6%). The margin increase was significantly driven by the flourishing of our global resourcing engine where skilled resources from every part of our Group can now be deployed on high value engagements, smoothing out peaks and troughs of demand or skill shortages. The gross margin was, however, offset by a c.£2m provision taken in relation to existing long-term European contracts as a result of pandemic disruption, cost increases and project management challenges.
Operating profit increased by 37.3% to £17.3m (2020: restated £12.6m 3) after the inclusion of transaction costs of £7.6m in relation to the \$220m acquisition of Intellectual Property Management (IPM), the Software Resilience division of Iron Mountain and cloud configuration and customisation costs associated with the Group's SGT transformation programme (£5.1m, 2020: restated £7.9m 3). The Group manages its performance internally at an Adjusted operating profit 2, 3 level, with Adjusted operating profit 2, 3 increasing by 27.7% to £39.2m albeit with the benefit of a temporary reduction in travel and office usage costs of c.£3m. This information is disclosed below and reconciled to statutory operating profit.
During the year, the Group has incurred £12.7m of Individually Significant Items (ISIs) (2020: restated £7.9m 3). These items relate to the acquisition of the IPM business (£7.6m) and cloud configuration and customisation costs associated with the Group's SGT transformation programme (£5.1m, 2020: restated £7.9m 3).
| 2021 | 2020 (restated) 3 | |||||||
|---|---|---|---|---|---|---|---|---|
| Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
|
| Revenue | 233.9 | 36.6 | – | 270.5 | 226.2 | 37.5 | – | 263.7 |
| Cost of sales | (149.5) | (10.4) | – | (159.9) | (149.3) | (10.0) | – | (159.3) |
| Gross profit | 84.4 | 26.2 | – | 110.6 | 76.9 | 27.5 | – | 104.4 |
| Gross margin % | 36.1% | 71.6% | – | 40.9% | 34.0% | 73.3% | – | 39.6% |
| General administration expenses allocated |
(45.4) | (9.5) | (3.2) | (58.1) | (43.9) | (10.0) | (5.0) | (58.9) |
| Adjusted EBITDA 2 | 39.0 | 16.7 | (3.2) | 52.5 | 33.0 | 17.5 | (5.0) | 45.5 |
| Depreciation and amortisation | (9.4) | (0.7) | (3.2) | (13.3) | (10.7) | (0.6) | (3.5) | (14.8) |
| Adjusted operating profit 2, 3 | 29.6 | 16.0 | (6.4) | 39.2 | 22.3 | 16.9 | (8.5) | 30.7 |
| Individually Significant Items | – | – | (12.7) | (12.7) | – | – | (7.9) | (7.9) |
| Amortisation of acquired intangibles | – | – | (6.4) | (6.4) | – | – | (8.8) | (8.8) |
| Share-based payments | – | – | (2.8) | (2.8) | – | – | (1.4) | (1.4) |
| Operating profit | 29.6 | 16.0 | (28.3) | 17.3 | 22.3 | 16.9 | (26.6) | 12.6 |
For further detail, please refer to the Chief Financial Officer's review and Note 34 to the consolidated Financial Statements.
Profit before taxation increased 54.2% to £14.8m (2020: restated £9.6m 3) and profit for the year increased 56.3% to £10.0m (2020: restated £6.4m 3) giving rise to a basic EPS of 3.6p (2020: restated 2.3p 3). Adjusted basic EPS 2 amounts to 9.5p (2020: restated 7.6p 3).
In 2021, our cash conversion 2 was 88.2% (2020: restated 102.9% 3). Net cash/(debt) (including lease liabilities) 2 amounts to £48.9m (2020: net debt £42.4m).
We are fortunate to work in a sector of growing opportunity. Naturally, this opportunity attracts significant investment from many organisations leading to healthy competition for customers and talent. The four secular growth drivers of resilience demands (as we refer to them) continue to strengthen:
In this context, we cherish our research-driven, people-centric and capex-light business model that enables us to stay at the leading edge of the dynamic cyber resilience market and create profitable, cash generative growth. Every year we enable talented individuals from our global teams to research the latest technologies, discover new system vulnerabilities and develop skills. In turn:
Although the pandemic has impacted all our colleagues and customers around the world, our business has demonstrated its resilience and remains committed to securing the future for all.
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to the adoption of the IFRIC agenda decision:
| 2021 £m |
2020 £m |
Change | |
|---|---|---|---|
| Adjusted operating profit (as noted above) | 39.2 | 30.7 | 27.7% |
| Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below) | (3.0) | (1.4) | (114.3%) |
| Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements | 36.2 | 29.3 | 23.5% |
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted operating profit previously reported.
Over the past three years – and even through the disruption caused by Covid-19 – our confidence in the direction of our Company has grown. Our mission, vision and values have remained the same and we have created value through the relentless execution of our transformation programme, "Securing Growth Together".
Our mission is to make the world safer and more secure.
Our vision is to be the leading cyber resilience provider globally, trusted to protect and secure our customers' critical assets and sought after for our complete people-led, technology-enabled cyber resilience solutions that enable our customers to thrive.
Our values are work together, be brilliantly creative and embrace difference.
Our medium-term objectives are:
As noted at our interim results, we are now building on the strong initial foundations of our Securing Growth Together programme and have moved to the next phase of becoming the complete provider of global cyber resilience solutions, particularly by:
At our interim results, we announced the investment of £3m into propositions that we consider critical for the future and for realising our ambition to become a complete provider of cyber resilience services, acting as a one-stop shop to meet our customers' demand for evidence-based solutions that offer them peace of mind.
The table below describes these propositions and highlights our progress in FY21:
| Proposition | Progress |
|---|---|
| Escrow-as-a-Service (EaaS), our cloud escrow proposition |
• 83% increase in EaaS orders to £2.2m • Weighted year end EaaS pipeline at £1.1m • Notable FY21 wins include Sky, Carrefour, Christie's, Deutsche Bank, Standard Chartered and Barclays |
| Global Managed Services (GMS) |
• MDR revenue growth of 14.3% • Sales orders growth of 15.8% to £71.8m |
| New MDR service based on Microsoft's Azure Sentinel platform |
• Launched at the end of the financial year |
| New Remediation service to develop clients' resilience |
• Global rollout after successful UK launch (revenues of £2.1m with current pipeline of c.£3m) |
We will invest further in FY22 and beyond to build on these successes.
The most significant investment of the year was our recent acquisition of the IPM business, which marked an exciting culmination of our financial year. We obtained shareholder approval on 1 June and completed the transaction on 7 June for \$220m, subject to a normalised working capital adjustment during FY22. On this basis, the results of the IPM business will be consolidated from 1 June 2021. The acquisition was funded through an equity placing (£70.2m) in May combined with a new three year \$70m term loan, existing cash balances and our revolving credit facility.
The acquisition aligns with the Group's existing strategy and will:
Financially and, prior to our ownership, the business generated revenues of c.£23m and operating profit of c.£15m for the 12 months ended 31 December 2020, with cash conversion of c.90%. It is expected that for NCC Group's FY22 financial year, the business will incur c.£2.5m of one-off integration costs.
From an integration perspective, integration is on plan with all workstreams (People, Customers, Operations, Finance and IT) making good progress against objectives. The business is also supported by TSA and MSA arrangements.
From a personal perspective, it has been a pleasure to welcome our new colleagues from the IPM business. I look forward with confidence to the future as we transform our Software Resilience business into a growing, high margin global leader.
Strategic report
Our FY22 operational priorities are:
Chief Executive Officer 14 September 2021
Read more online: www.nccgroup.com
When the World Health Be resilient Organization announced the global pandemic, we began planning to support our colleagues and our customers through the inevitable lockdown.
The priority was colleague welfare and customer safety. Beyond that, we set out two clear objectives that would guide our actions:
We worked towards these objectives using five strategic pillars.
Objective: Plan for different outcomes and track KPIs to inform our decision making
Examples of our actions:
Objective: Ensure the safety of our colleagues and customers, and maintain continuous operations
Examples of our actions:
Objective: Proactively sell remote services; careful control of cost and cash
Examples of our actions:
Objective: Strengthen the firm every day through research and development
Examples of our actions:
Read more on our research on pages 18 and 19
• Developed our Global Assurance operating model, investing in our future delivery capability and value proposition
Objective: Preserve capability and capacity to invest selectively for the future
Examples of our actions:
A changing threat landscape and exponential digital transformation, coupled with society's ever-growing reliance on digital technologies and increasing regulatory and legislative requirements, mean that investment in cyber and software resilience is no longer optional and NCC Group's addressable market is growing.
The global geo-political environment fuels a buoyant cyber resilience market. Strategic competition is coming from China, and hostile threats from Russia, Iran and North Korea. This, coupled with emerging offensive capabilities in other nation states and organised crime groups, creates a volatile state of unpeace that organisations need to prepare for, navigate and defend against.
As the scourge of ransomware emerges as a distinct threat to organisations of all sizes, and software supply chain attacks inflict mass disruption in all geographies, the real-world kinetic impact of recent cyber attacks has catapulted a deeper awareness of the threat to our digital lives into the mainstream.
This has been exacerbated by exponential digital transformation. Software and cloud consumption, driven by the Internet of Things (IoT), has never been higher, and the digital supply chains upon which our connected environment depends have never been more complex and interdependent. And as the fall-out from ransomware attacks and technical outages alike has shown, we have never relied more on the smooth functioning of digital technologies than we do now.
That means, too, that focus on and expectations of ensuring the continuity of essential services – and with it a renewed awareness of the crucial importance of digital business continuity planning – have increased significantly.
And while citizens rightly expect organisations to act responsibly, so legislators and regulators have concluded that the defence and resilience of schools and hospitals, banks and insurers, water treatment facilities and gas pipelines are too important to be left to chance.
As a result, we are seeing a global increase in the depth and breadth of mandated requirements with which organisations must comply to enter or continue operating in their respective markets.
Cyber resilience measures are becoming an integral element of an organisation's licence to operate. We are seeing evidence of this in the UK with the government's proposed legislation for consumer IoT manufacturers, and the strengthening of security requirements for telecommunications companies. In the US, the government is taking forward software supply chain security measures by Executive Order and the Australian government is enhancing incident management for critical infrastructure operators, while the European Union is pressing ahead with expanding the scope of the Network and Information Security Directive.
At the same time, we are seeing a growing convergence of cyber and software resilience as part of a broader trend towards digital operational resilience. Global financial regulators, from the Basel Committee to the UK's Prudential Regulation Authority and Canada's Office of the Superintendent of Financial Institutions, have updated their rules and guidance on technology, third party technology and cloud outsourcing arrangements. All acknowledge that the financial systems' reliance on third party solutions presents risks that need to be mitigated before they fundamentally threaten the global financial system.
Although competition for customers and talent is also growing, our continued portfolio evolution and differentiation enable us to take advantage of the tremendous opportunities the cyber services market offers, fuelling our growth now and in the future.
As board-level and senior executive understanding – and liability – grows, cyber and software resilience is increasingly seen as a strategic investment.
That also means that the competitive landscape continues to be busy on all fronts, and that new and disruptive ways of working and service delivery come to market frequently. Excitement about new and emerging technologies – from artificial intelligence to quantum computing – that infuse traditional cyber offerings continues unabated.
By way of example, venture capital activity until May 2021 rivalled the full-year activity level in 2020 and continues on an upward trajectory, and private equity investment continues to focus on the typical "platform buy and bolt on" strategies across cyber services and technology domains globally.
We've also seen continued evolution in penetration testing to continuous, automated and on-demand/crowd-sourced models and experienced competitive pressures in the Managed Detection and Response space, and from regionally and vertically aligned specialists in the wider Software Resilience offering.
In addition, competition for talent continues unabated, not least as regulatory authorities are equally seeking to fill their capability gaps as they discharge their new responsibilities.
As the global pandemic has driven remote working models more widely, we have, moreover, experienced external challenges to our traditionally uncontested talent pools, for example, where US technology companies have acquired talent in the European and Asia Pacific regions.
Through our combined Cyber and Software Resilience offering, we are uniquely placed to offer our customers – current and new – easy-to-access peace of mind in an ever-more complex digital world.
Our service orientated research and development, and selective investments to meet our customers' changing challenges and demands have and will allow us to:
Finally, our tenure, stability and reputation mean we remain an attractive destination for global talent at all stages of their career and we continue to invest in creating a world-class environment in which everybody is welcome and can be successful.
NCC Group employs some of the most talented security consultants and researchers on the planet, serving customers worldwide and uncovering countless vulnerabilities per year through both customer work and independent vulnerability research. We are a research-driven firm where every researcher on our team is also an active consultant.
Our greatest strength is our breadth and depth of world-class technical capabilities, publicly exemplified by our research publications, now spanning into the hundreds per year, across two decades 1.
We consistently perform independent, cutting-edge security research across hardware and embedded systems security, applied cryptography, programming languages, artificial intelligence and machine learning, mobile privacy, cloud and container security, exploit development, critical infrastructure security and threat intelligence, and beyond all technologies, and in all sectors – the outputs of which support current and future specialist technical consulting capabilities and customer and consultant needs, and respond to world events.
We host a GitHub repository of over 200 open-source security tools 2 , have a research group dedicated to security research in the public interest 3 , and are trusted experts to whom open-source projects and major tech companies alike regularly turn for our publicly reported security audits of their most important technologies 4.
Public-facing reports, research papers and tool releases are published on our dedicated research blog, research.nccgroup.com, and are also regularly covered by publications including the Wall Street Journal, New York Times, Washington Post, DarkReading and Politico, as well as other mainstream and trade publications globally. Our research blog attracted over a quarter of a million visitors in the past financial year.
We also regularly work with independent UK consumer body Which? undertaking research across a range of smart devices – from toys to doorbells. The results are published in its online and print magazine titles as well as extensively covered by the mainstream media with our more detailed research findings published on our blog.
In addition to our published work, our researchers regularly present their work in top research venues across as the world as well as serving on review boards of conferences. These include Black Hat USA, Chaos Communication Congress, HITB Amsterdam, CanSecWest and DEF CON to name a few.
Our technical capabilities extend beyond our public-facing work, to include our internal-only research and development function, including our Exploit Development Group, Threat Intelligence Fusion Centre and Full Spectrum Attack Simulation Group as well as unpublished proprietary tooling.
Our research investment has had a direct and positive impact on the safety and security of our digital world for everyone, from operators of critical infrastructure to everyday consumers. We discover and remediate existing vulnerabilities before they can be uncovered and exploited by threat actors. We continue to invest in our future – both as a firm, and in improving the security of the global internet ecosystem.
In January 2021, we published our inaugural Annual Research Report, in which we summarised our security research findings from across all our conference publications, blog posts and tool releases published by researchers at NCC Group between 1 January and 31 December 2020. In this report, we presented our findings and their impact in context, with links to the associated research papers, recorded conference presentations, publicly reported security audits, technical advisories and open-source tools, as well as selected media coverage of our work 5.
conference presentations, including over 20 presentations at "Tier 1" research venues
9
35
71
Jennifer Fernick SVP & Global Head of Research
• We invested a record 3,400 days on technical security research, which resulted in a significant contribution of conference presentations, vulnerability advisories, blog posts, research papers and open-source tools being released
Offensive – we perform deep technical vulnerability research to understand the complexities involved in attacking different technologies and systems and the true impact of any successes that attackers might derive with similar capabilities.
Defensive – outputs from our offensive research inform our defensive research – this is where we research methods, tooling and solutions to mitigate the issues that we identify across technologies.
Capability – we are constantly innovating and developing new technical testing capabilities and methodologies to keep pace with the rapid change in technology and threat landscapes. This ensures that when we assess client systems and networks, our techniques are at least as good as those of their adversaries.
Future looking/horizon scanning – we routinely research emerging technologies to understand the potential security impact of those technologies on the sectors in which our customers operate.
Customer-driven commercial research – we regularly perform paid research for customers, helping them to answer any uncertainties they might have on technology risk, such as understanding security capabilities of specific technologies or emerging technological security impact on an industry or sector.
Collaborative – we are open to research collaborations and regularly work with academia through joint research and PhD sponsorships. We also contribute many of our research outputs to various international security standards bodies and we are open to B2B and consortia-based research collaborations.
https://research.nccgroup.com @NCCGroupInfoSec
We draw on our expertise, capabilities and global footprint to develop solutions to meet current and future cyber challenges. We help to educate policymakers and regulators. We give back to protect our local community services. And we share opportunities to experience the world of cyber and inspire the next generation to secure our future.
• In a fast-moving and complex environment our enduring strategy enables us to be agile to continue to make sustainable investments, creating the world's leading cyber and software resilience, risk mitigation and remediation specialist
• We are a global community of talented individuals working together, being brilliantly creative and embracing difference to help make the world safer and more secure
• Research driven where every researcher is also an active consultant. We invest in sustainable product development, continually enhancing our proposition to meet current and future needs of customers
• We are active members of the global cyber and software resilience community, working in collaboration and in partnership with key industry players. Many successful global partnerships have delivered integrated, seamless solutions to customers
• We understand our customers' challenges and the risks these pose to their business. Successful delivery to customers worldwide means we are in a strong position to help them understand and improve their cyber resilience posture and how best to mitigate against evolving threats, keeping them up to date and aligned to regulations and compliance needs throughout
We continue to innovate and develop new technical testing capabilities to keep pace with the rapid change in technology and threat landscapes. Our ongoing research allows us to understand and quantify risk for our customers about the technologies they use and the threats to the sectors and industries in which they operate.
Read more on pages 18 and 19
Read more on our strategy on pages 29 to 31
As one of the world's leading cyber security service providers we are best placed to help businesses assess, develop and manage the cyber security risks they face.
Through an unrivalled suite of services, we provide organisations with peace of mind that their most important assets are protected.
33+3433I
Assurance
Regardless of whether the infrastructure or data is on-premise or in the cloud, security and regulatory compliance of business-critical technology need to be assured.
Through our data and application continuity solutions we safeguard buyers from supplier failure, software vulnerabilities and unforeseen technology disruption while providing credibility and intellectual property rights protection for software suppliers.
A fast and global response with the ability to understand what the problem is, using experience and/or relevant industry frameworks. The value is not just in the assessment but in the clear advice and guidance from the results to improve cyber resilience.
Read more on pages 22 and 23
We work together with our customers to help them develop security capability or fix the issues identified during the assess stage. It is only once these areas have been remediated that the true return on investment will be realised against their cyber spend.
Read more on pages 24 and 25
The ever-evolving threat landscape means that beyond the initial assess and develop phases it is vital to continually improve levels of security, detect incidents and react to them. We help companies manage their own capability or provide it through efficient security managed services.
• Our core strength is the expertise of our colleagues and we aim to create an environment where everyone can reach their full potential. From our technical teams to our professional teams, we work together in support of our customers. Colleagues are part of a phenomenal knowledge network, connected through online collaboration and communication platforms with access to formal and on the job learning opportunities
• We are active members of the cyber and software resilience community, working in collaboration and partnership with key industry players around the world. Our network extends to ensuring we have the relevant accreditations and certifications to assure our customers of our professional services. This includes our partner programme
• Our scale provides us insights and understanding of the vulnerability landscape and our technical teams and tools allow us to provide insight into the patterns of vulnerability. This, along with our people-led culture, gives us a competitive advantage and superior shareholder value
BUSINESS MODEL INSIGHTS: ASSESS CYBER RISK
The key priority for the automotive industry has for many years been safety – the safety of vehicle occupants, other road users and pedestrians, by trying to prevent crashes from occurring and minimising injury when a crash does occur.
Established international standards and regulations are in place to support this initiative. However, as connectivity and automation have increased (and are still increasing at pace), the safety challenge has now been joined by a cyber security challenge, resulting in a concept of cyber safety. Many modern vehicles have Advanced Driver Assistance Systems (ADAS), such as Adaptive Cruise Control and Lane Keep Assist, that require software to automatically control physical aspects of the vehicle, e.g. steering, braking and acceleration. These systems have primarily been designed to increase safety; however, as thousands of lines of complex code are controlling these vehicle functions, cyber security flaws could result in catastrophic outcomes and, therefore, cyber security and functional safety have become closely coupled.
Automotive cyber security standards are being developed to support the industry and regulations have been recently introduced. These will ensure that the vehicle manufacturers and their suppliers don't just consider cyber security as a checklist item during their production phase, but instead embed cyber security into their entire vehicle design and development lifecycle, making fundamental cultural changes to the way vehicles are created.
The diverse nature of the automotive industry – from small electric vehicle start-ups to huge multinational manufacturing groups and many other shapes and sizes of organisation in between – means that cyber security has had different priorities in different companies historically. This is especially due to the tight margins within the sector. A recent industry report 6 highlighted that 30% of car manufacturers and suppliers do not have an established product cyber security programme or team. Therefore, the automotive industry is facing a steep learning curve and will require significant assistance from the cyber security community.
As in many other industries, the automotive sector faces serious cyber security resourcing challenges. In an article 7, our CTO, Ollie Whitehouse, highlighted the shortage of cyber resilience skills, explaining that from our own research, of those who planned to outsource elements of their cyber security in the next 12 months, 43% said that this was being driven by return on investment. This suggests that organisations recognise the importance of validating cyber security spend, but they are not confident that they have the skills or resources to do so in house.
The NCC Group Transport practice has been part of the independent review process validating new automotive cyber security standards and has aligned our services (in some cases, developing new ones) to help support vehicle manufacturers to achieve compliance with the new regulations, as the most serious consequence of non-compliance is the inability to sell new vehicles. The services involve close collaboration between our governance, risk and compliance teams and deeply technical cyber security experts with automotive industry-specific knowledge and expertise.
Our services help vehicle manufacturers to address some fundamental cyber security challenges, not just to achieve initial compliance with the regulations, but to maintain that compliance by changing cyber security culture. As advisory partners to our customers, we will continue to help them increase their cyber security maturity by providing expert advice, security assurance and software resilience, which over time is expected to become a market differentiator within the automotive industry.
BUSINESS MODEL INSIGHTS: DEVELOP CYBER MATURITY 33I+3433
A ransomware attack on a UK local government authority in early 2020, which significantly disrupted its ability to maintain operations, brought into sharp focus the risk posed by cyber criminals and other malicious actors.
This event raised concerns that comparable organisations within the public sector may also be similarly vulnerable and the importance of maintaining citizen services and operational resilience.
In response a central government sponsored 14-week remediation programme was initiated to rapidly establish the risk position in 28 organisations thought to be at the greatest risk of ransomware, and to make practical interventions to reduce the specific risks identified.
The objectives were:
An initial view of the risk in key areas was established through a targeted questionnaire and workshops, with a programme of accelerated security improvement and remediation work initiated to quickly reduce risk across all organisations.
The pace of the programme required a high degree of integration and collaboration across the broad stakeholder group, working with multiple independent organisations each with different priorities.
The joint programme between the local authorities, Ministry of Housing, Communities and Local Government, Cabinet Office and our team of NCC Group experts coupled with the broader stakeholders required a highly transparent and flexible operating model to succeed.
A baseline of vulnerability exposure and security posture was established through a facilitated, self-assessment approach via a workshop. This provided an indication of the risk present in each estate; however, in most cases, a cyber threat actor emulation was required to truly understand security posture.
The delivery of risk prioritised remediation at this scale was only achievable through a modular approach that delivered essential solutions to the organisations that needed them.
The modules are continually updated based on the latest technology and threat information and cover key security and resilience themes. This approach allowed consistency of delivery at scale for common risks, while enabling a more flexible approach to unique risks where required.
The programme quantifiably reduced the risk of the ransomware threat across many organisations critical to the UK government's Covid-19 response:
The scale and criticality of the cyber security challenges we all face can only be tackled through a collaborative approach that embraces diverse teams and perspectives across the public and private sectors. It's not easy, but the benefits in understanding and reducing risk are significant.
Deputy Director Cyber Defence in the UK Cabinet Office
What needs to be in place?
The last year has seen intensified global dialogue on the challenges facing regulatory authorities around the world, to update guidance, rules and frameworks on third party and technology risk management and operational resilience in the face of accelerated cloud and technology adoption, particularly in financial services.
Third party software has become a permanent fixture of many competitive organisations' supply chains: according to the Bank of England, 40 to 90% of banks' workloads globally could be hosted on public cloud or Software-as-a-Service within a decade.
We have been delving into the topic of operational resilience and third party risk management within financial institutions (FIs), exploring what the latest guidelines and proposals released by regulators across the globe mean for businesses, their resilience, and the pace of digital transformation across the sector.
As reliance on third party software and its availability continues to increase, financial institutions must ensure that all providers they work with have the necessary risk mitigation and business continuity measures in place.
NCC Group has long taken the view that software, technology and data escrow solutions offer legal and technical assurance to allow firms to adopt, innovate and manage third party technologies with confidence. We continue to engage with regulators worldwide to encourage them to acknowledge escrow agreements as a mechanism that enables organisations to comply with third party risk mitigation, outsourcing and business continuity requirements and as a way to operate and grow in a resilient, safe and secure way.
We believe that awareness and education of operational resilience need to improve and that regulators can play a role in supporting financial institutions in achieving resilience by design.
Simon Fieldhouse Global Managing Director, Software Resilience
Overview of the financial regulatory authorities publishing consultations, supervisory statements and update guidance on operational resilience and third-party risk management over the past 12 months.
Office of the Superintendent of Financial Institutions (OSFI) Technology Risk Consultation
European Union Digital Operational Resilience Act
Central Bank of Ireland Consultation on Cross Industry Guidance on Operational Resilience
Proposed Interagency Guidance on Third-Party Relationships: Risk Management
Stability Board Discussion Paper on Outsourcing and Third Party Relationships
Dubai Financial Services Authority Guidelines for Financial Institutions Adopting Enabling Technologies
Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines
BUSINESS MODEL INSIGHTS: MANAGE CYBER OPERATION
The ever-evolving threat landscape means that beyond the initial assess and develop phases it is vital to continually improve levels of security, detect incidents and react to them. We were engaged by a university to design a comprehensive package, including a broad, ongoing Managed Detection and Response (MDR) solution.
From our previous experience in the higher education sector, we knew that securing universities from cyber threat can be more complex than in other sectors. Liberal expectations of information sharing from the student body need to be balanced with the requirement to protect extremely valuable intellectual property. A nuanced and segmented approach to risk is required. Additionally, any solution had to work for both on-premise and cloud architectures.
The starting point was to understand the enterprise deployment in a way that was digestible by the customer's security team. From this baseline, the priority was to implement a solution to identify malicious activity at the earliest point to accurately report incidents so that effective remediation could be conducted.
The NCC Group technical team designed a multi-layered solution, including a Managed Detection and Response (MDR) suite incorporating Security Information and Event Management, endpoint detection and network detection with a unifying service wrap centred on a 24/7 security operations centre (SOC) facility.
During the engagement, we were presented with a time-critical challenge to assure the security of its essential Covid-19 research programme, which was part of a World Health Organization global megatrial on treatments. Our specialist team worked round the clock to ensure the infrastructure was penetration tested, remediated and added to 24/7 monitoring within three days.
One year on, the customer's cyber risk was detailed and demonstrated and a risk mitigation solution was designed and is now managed through a 24/7 MDR solution. The benefit is the university is better informed and more secure and the solution enables it to continue in its critical research and develop the next generation of leaders through its educational programmes.
In January 2021 we announced a partnership with SURF – the IT cooperative for education and research across the Netherlands – to provide 24/7 security incident and event management (SIEM) and security operations centre (SOC) services over the next five years. Our specialist team in Delft provides the services in support of SURFsoc – the security operations service launched by SURF, which is dedicated to securing and continuously monitoring the systems of all its member institutions.
SURFsoc is a forward-thinking example of how industry-wide bodies, individual institutions and security teams can work together to improve the resilience of entire sectors and we are proud to be providing our expert services in support of this mission.
This combination of ongoing knowledge sharing and 24/7 threat intelligence gathering is a model that will not only increase the resilience of individual educational institutions, but will be at the forefront of educational security around the world in the years to come.
Inge Bryan Managing Director, Assurance Europe
We are successfully executing our strategy, realising our vision to become the complete provider of cyber and software resilience solutions globally.
This section demonstrates how we are making progress to becoming a one-stop shop for our customers, offering them a complete set of cyber and software resilience services, which are promoted and sold to a global market, underpinned by research, data and quantification.
In securing NCC Group's future, we build on strong foundations to create a highly engaged and diverse talent base, as we continue to:
Read more on our business model on pages 20 and 21
Deliver world-class research and thought leadership coupled with leaders who can gauge audiences and convey our message across all channels
• Continue high impact research
3,400+ research days (2020: 3,300)
conference presentations, over 20 at Tier 1 venues (2020: 76)
Win high value work as a result of a deep understanding of our customers' cyber needs in the context of their business
• Create "One Global Offer" that articulates the full spectrum of our services to deliver the firm across the globe
134 orders with a value greater than £250k (2020: 144)
£2.2m Software Resilience cloud proposition orders (EaaS)
Link to risks
(2020: £1.2m)
1 6 10
Deliver consistently high quality solutions that our customers value, fully utilising our global capability and the technical excellence of our consultants
• Promote a global delivery model and embed new ways of working with our clients, providing a distinctive service
Technical specialists increased by
49 (2020: 91)
10,600 days' global resourcing (2020: 5,100 days)
Strategic report
Provide the tools and processes that enhance how we work today enabling access to quality management information
• Deploy systems that provide us with the information we need to run the business in an assertive and agile way
Adjusted operating profit (£m) 2,3
Link to risks
Create a positive colleague experience like no other offer in the industry, investing in our talent and organisation to unlock our full potential
Attrition rate (%) 17.0% 21 21 20 17.0 14.4 21.1 23.4 18.2
Engagement score (Best Companies)
Employee engagement score
642.7 (2020: 626.9)
Link to risks 1 3 5 10
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
Tim Kowalski Chief Financial Officer
We have delivered another period of good financial results, demonstrating our resilience during a global pandemic. During 2022, the Group will continue to strategically invest for the future with the expectation of higher revenue growth accompanied by increased global costs from inflationary pressures as well as a resumption in travel and office usage.
Group revenues increased by 2.6%. On a constant currency basis 2, Group revenues increased by 3.6% due to the strengthening of Sterling against the US Dollar. In Assurance, the North American and EU Assurance businesses grew by 6.5% and 5.9% respectively on a local currency basis 3. Our UK and APAC region increased 3.9%, supported by growth in MDR and the launch of the Remediation service. Disappointingly, Software Resilience declined by 2.4%. This decline was mainly a result of execution challenges in a remote environment together with retaining sales colleagues and attracting sufficient sales resource to enable a return to contract growth.
Gross profit increased by 5.9% to £110.6m (2020: £104.4m) with margin percentage increasing to 40.9% (2020: 39.6%) mainly owing to higher global resourcing and utilisation offset by a c.£2m provision taken in relation to long-term European contracts as a result of pandemic disruption, cost increases and project management challenges. Assurance margin percentage increased to 36.1% (2020: 34.0%) and Software Resilience decreased to 71.6% (2020: 73.3%) due to execution challenges.
Total administrative expenses (including Individually Significant Items) have increased by £1.5m compared to the adjusted prior year figure mainly owing to a tighter control of overheads, a reduction on travel and office costs of c.£3m, a profit arising on disposal of an intangible asset of £0.5m and a reduction in amortisation of intangibles of £2.4m, offset by increased system licence costs of £1.3m, a foreign exchange charge of £1.5m, an increase in a share-based payment charge of £1.4m and an increase in Individually Significant Items of £4.8m.
Following the adoption of the IFRIC agenda decision on cloud configuration and customisation costs, capitalised software and development costs during the year amounted to £2.3m (2020: restated £2.3m 3), with all cloud configuration and customisation costs now being expensed as incurred. Further details on the application of IFRIC agenda decision and prior year restatement are included later in this review.
Operating profit has increased by 37.3% to £17.3m (2020: restated £12.6m 3) following the inclusion of Individually Significant Items of £12.7m (2020: restated £7.9m 3) in relation to the IPM US Acquisition (£7.6m) and cloud configuration and customisation costs associated with the Group's SGT transformation programme (£5.1m, 2020: restated £7.9m 3). Operating profit also includes amortisation of acquired intangible assets of £6.4m (2020: £8.8m) and share-based payments of £2.8m (2020: £1.4m). Adjusted operating profit 2, 3 increased by 27.7% to £39.2m (2020: restated £30.7m 3). Adjusted EBITDA 2 increased by 15.4% to £52.5m (2020: £45.5m). Profit before taxation increased by 54.2% to £14.8m (2020: restated £9.6m 3) following the inclusion of Individually Significant Items noted above.
Basis EPS amounted to 3.6p and diluted EPS amounted to 3.5p (2020: restated basic and diluted 2.3p 3). Adjusted basic EPS 2 amounts to 9.5p (2020: restated 7.6p 3).
During the year, we secured the acquisition of the IPM business and following shareholder approval on 1 June we completed the transaction for \$220m, subject to a normalised working capital adjustment. On this basis, the results of the IPM business will be consolidated from 1 June 2021. The acquisition was funded through an equity placing in May (£70.2m) combined with a new three year \$70m term loan, existing cash balances and our revolving credit facility.
Our Balance Sheet remains strong; we have continued to demonstrate effective cash management with cash conversion 2 of 88.2% and are now cash positive. Our Balance Sheet strength can therefore continue to fund organic and inorganic opportunities.
The Board is also declaring an unchanged interim dividend of 3.15p per ordinary share (2020: 3.15p). This represents a dividend equal to that paid in the prior year as the Board is conscious of the need to invest in initiatives to support longer-term growth and service debt profile following the recent acquisition. The dividend policy will therefore continue to remain under review.
1 References for the Group's results are for continuing operations.
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
Summary Income Statement 1:
| 2020 | |||
|---|---|---|---|
| £m | 2021 | (restated) 3 | % change |
| Revenue | 270.5 | 263.7 | 2.6% |
| Cost of sales | (159.9) | (159.3) | (0.4%) |
| Gross profit | 110.6 | 104.4 | 5.9% |
| Depreciation and amortisation | (13.3) | (14.8) | 10.1% |
| Other administration expenses | (58.1) | (58.9) | 1.4% |
| Adjusted operating profit 2, 3 | 39.2 | 30.7 | 27.7% |
| Individually Significant Items | (12.7) | (7.9) | (60.8%) |
| Acquired intangible amortisation | (6.4) | (8.8) | 27.3% |
| Share-based payments | (2.8) | (1.4) | (100.0%) |
| Operating profit | 17.3 | 12.6 | 37.3% |
| Finance costs | (2.5) | (3.0) | 16.7% |
| Profit before taxation | 14.8 | 9.6 | 54.2% |
| Taxation | (4.8) | (3.2) | (50.0%) |
| Profit for the year | 10.0 | 6.4 | 56.3% |
| EPS | |||
| Basic | 3.6p | 2.3p | 56.5% |
| Diluted | 3.5p | 2.3p | 52.2% |
| Revenue summary: | |||
| £m | 2021 | 2020 | % change |
| Assurance | 233.9 | 226.2 | 3.4% |
| Software Resilience | 36.6 | 37.5 | (2.4%) |
| Total revenue | 270.5 | 263.7 | 2.6% |
| Operating profit summary: | |||
| £m | 2021 | 2020 (restated) 3 |
% change |
| Assurance | 29.6 | 22.3 | 32.7% |
| Software Resilience | 16.0 | 16.9 | (5.3%) |
| Central and head office | (6.4) | (8.5) | 24.7% |
| Central and head office | (6.4) | (8.5) | 24.7% |
|---|---|---|---|
| Adjusted operating profit 2, 3 | 39.2 | 30.7 | 27.7% |
| Individually Significant Items | (12.7) | (7.9) | (60.8%) |
| Acquired intangible amortisation | (6.4) | (8.8) | (27.3%) |
| Share-based payments | (2.8) | (1.4) | 100% |
| Operating profit | 17.3 | 12.6 | 37.3% |
| Operating profit margin % | 6.4% | 4.8% | 1.6% pts |
Throughout this Financial Review, certain APMs are presented. As discussed in the FY20 Annual Report and in accordance with FRC guidelines, the Group no longer presents a Consolidated Income Statement showing adjusting items separately. In prior periods, the Group disclosed adjusting items in 2020 of £10.2m relating to amortisation of acquired intangibles (2020: £8.8m) and sharebased payments (2020: £1.4m) as a separate column on the face of the Consolidated Income Statement. This is no longer disclosed in this way to simplify the Group's results. However, as the Group manages internally its performance at an Adjusted operating profit level (before Individually Significant Items, amortisation of acquired intangibles and share-based payments), which management believes better represents the underlying trading of the business, this information is still disclosed as an APM. This APM is reconciled to statutory operating profit, together with the consequently Adjusted basic EPS (before Individually Significant Items, amortisation of acquired intangibles, share-based payments and the tax effect thereon) to statutory basic EPS.
This change has removed the following adjusted measures from the Group's narrative reporting and disclosures:
Following this revision to APMs, the Group has the following APMs/ non-statutory measures:
These measures provide supplementary information that assists the user to understand the financial performance, position and trends of the Group. Further detail is included within the glossary of terms to these Financial Statements that provide supplementary information that assists the user in understanding these APMs/non-statutory measures.
The Group also reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account constant foreign exchange rates year on year. This involves translating comparative numbers to current year rates for comparability to enable a growth factor to be calculated. In addition, the Group also reports these regions on a local currency basis to demonstrate the revenue performance on a local basis. As these measures are not statutory revenue numbers, management considers these to be APMs; see Note 3 for further details.
Divisional performance includes the allocation of certain central costs incurred on behalf of the divisions. Segmental information is disclosed below:
| 2021 | 2020 (restated) 3 | |||||||
|---|---|---|---|---|---|---|---|---|
| Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
|
| Revenue | 233.9 | 36.6 | – | 270.5 | 226.2 | 37.5 | – | 263.7 |
| Cost of sales | (149.5) | (10.4) | – | (159.9) | (149.3) | (10.0) | – | (159.3) |
| Gross profit | 84.4 | 26.2 | – | 110.6 | 76.9 | 27.5 | – | 104.4 |
| Gross margin % | 36.1% | 71.6% | – | 40.9% | 34.0% | 73.3% | – | 39.6% |
| General administrative expenses allocated |
(45.4) | (9.5) | (3.2) | (58.1) | (43.9) | (10.0) | (5.0) | (58.9) |
| Adjusted EBITDA 2 | 39.0 | 16.7 | (3.2) | 52.5 | 33.0 | 17.5 | (5.0) | 45.5 |
| Depreciation and amortisation | (9.4) | (0.7) | (3.2) | (13.3) | (10.7) | (0.6) | (3.5) | (14.8) |
| Adjusted operating profit 2, 3 | 29.6 | 16.0 | (6.4) | 39.2 | 22.3 | 16.9 | (8.5) | 30.7 |
| Individually Significant Items | – | – | (12.7) | (12.7) | – | – | (7.9) | (7.9) |
| Acquired intangible amortisation | – | – | (6.4) | (6.4) | – | – | (8.8) | (8.8) |
| Share-based payments | – | – | (2.8) | (2.8) | – | – | (1.4) | (1.4) |
| Operating profit | 29.6 | 16.0 | (28.3) | 17.3 | 22.3 | 16.9 | (26.6) | 12.6 |
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to the adoption of the IFRIC agenda decision:
| 2021 £m |
2020 £m |
Change | |
|---|---|---|---|
| Adjusted operating profit (as noted above) | 39.2 | 30.7 | 27.7% |
| Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below) | (3.0) | (1.4) | (114.3%) |
| Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements | 36.2 | 29.3 | 23.5% |
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted operating profit previously reported.
2021 £m 2020
£m % change
Total Assurance revenue 233.9 226.2 3.4% * With the continuing growth and formation of a European division we have changed geographical segments in line with how this information is reported to the Board and managed on an ongoing basis and have restated prior year figures on a like-for-like basis. The APAC division was previously included within the segment Europe and APAC. See the notes to the Financial Statements for further detail. Assurance revenue increased by 3.4% despite lower rechargeable travel expenses, foreign exchange and the ongoing disruption of a global
pandemic. UK and APAC increased by 3.9% supported by growth in MDR and the launch of the Remediation service. North America grew by 6.5% on a local currency basis (\$) and Europe experienced continued growth after benefit from multi-year product sales in 2020. Our global average order value increased by 2.3% year on year.
Amortisation of acquired intangibles decreased during the year as certain historical acquisitions became fully amortised. It is expected that for FY22, the charge will increase significantly following the US acquisition of the IPM business. Share-based payments increased during the
UK and APAC* 102.7 98.8 3.9% North America 82.7 82.4 0.4% Europe * 48.5 45.0 7.8%
The Assurance division accounts for 86.5% of Group revenue (2020: 85.8%) and 76.3% of Group gross profit (2020: 73.7%).
Assurance revenue analysed by type of service/product line:
year following the introduction of new share schemes for key management.
Assurance revenue analysis – by originating country:
Assurance
| 2021 £m |
2020 £m |
% change | |
|---|---|---|---|
| Global Professional Services (GPS)** | 172.2 | 166.2 | 3.6% |
| Global Managed Services (GMS)** | 56.2 | 49.6 | 13.3% |
| Product sales (own and third party) | 5.5 | 10.4 | (47.1%) |
| Total Assurance revenue | 233.9 | 226.2 | 3.4% |
** With the continuing global growth and focus on recurring revenues we have changed the type of service/product lines in line with how this information is to be reported to the Board and managed on an ongoing basis and have restated prior year figures on a like-for-like basis. Previously Risk Management Consulting was shown separately and is now included within Global Professional Services, and certain other activities are now included in Global Managed Services. Contained within GMS is Managed Detection and Response (MDR) which is considered the high growth service line due to the nature of the cyber resilience market. Product sale categorisation has remained the same.
Global Professional Services grew by 3.6% to £172.2m (2020: £166.2m) supported by global resourcing with Covid-19 still felt across all geographies. During the year, day rates have remained consistent.
Global Managed Services, a service line that provides operational cyber defence and managed security services, grew in total by 13.3% to £56.2m (2020: £49.6m). Within GMS, our MDR offering grew by 14.3% to £45.5m. Sales orders secured during the period amounted to £71.8m compared to £62.0m in 2020, a 15.8% increase, although slower procurement processes were still experienced due to the pandemic.
Assurance gross profit is analysed as follows:
| 2021 £m |
2021 % margin |
2020 £m |
2020 % margin |
% pts change |
|
|---|---|---|---|---|---|
| UK and APAC* | 41.0 | 39.9% | 35.0 | 35.4% | 4.5% pts |
| North America | 27.4 | 33.1% | 25.9 | 31.4% | 1.7% pts |
| Europe * | 16.0 | 33.0% | 16.0 | 35.6% | (2.6% pts) |
| Assurance gross profit and % margin | 84.4 | 36.1% | 76.9 | 34.0% | 2.1% pts |
Gross margin improved due to higher global resourcing (increased from 5,094 days to 10,602 days), lower client travel and billable utilisation (+7%) through remote delivery, offset by a c.£2m provision taken in relation to long-term European contracts caused by pandemic disruption, cost increases and project management challenges.
The Software Resilience division accounts for 13.5% of Group revenues (2020: 14.2%) and 23.7% of Group gross profit (2020: 26.3%).
Software Resilience revenue analysis – by originating country:
| 2021 £m |
2020 £m |
% change | |
|---|---|---|---|
| UK | 25.2 | 25.9 | (2.7%) |
| North America | 7.3 | 7.8 | (6.4%) |
| Europe | 4.1 | 3.8 | 7.9% |
| Total Software Resilience revenue | 36.6 | 37.5 | (2.4%) |
In Software Resilience, we experienced a disappointing overall revenue decline of 2.4%. This decline was mainly a result of execution challenges in a remote environment together with recruiting sufficient sales resource to enable a return to contract growth.
The UK experienced a decline of 2.7% exacerbated by recruitment challenges in a pandemic market. North America declined 6.4% albeit 2.9% on a constant currency basis due to a decrease in on-premise testing. Europe, as a relatively new market, continued to progress positively during the year mainly due to increased testing revenues. Renewal rates improved to 89.2% (2020: 87.0%) and remain within our expected range.
Software Resilience revenues analysed by service line:
| Software Resilience services revenue | 2021 £m |
2020 £m |
% change |
|---|---|---|---|
| Software Resilience contracts | 24.0 | 25.8 | (7.0%) |
| Verification services | 12.6 | 11.7 | 7.7% |
| Total Software Resilience revenue | 36.6 | 37.5 | (2.4%) |
Our contract revenue was impacted by the pandemic and sales recruitment challenges. Our future expectation is that our nascent channel sales model will contribute to revenue going forward. Verification services grew 7.7% to £12.6m owing to the success of EaaS (£0.8m).
Gross margin is analysed as follows:
| 2021 £m |
2021 % margin |
2020 £m |
2020 % margin |
% pts change |
|
|---|---|---|---|---|---|
| UK | 18.4 | 73.0% | 19.5 | 75.3% | (2.3% pts) |
| North America | 4.9 | 67.1% | 5.3 | 67.9% | (0.8% pts) |
| Europe | 2.9 | 70.7% | 2.7 | 71.1% | (0.4% pts) |
| Software Resilience gross profit and % margin | 26.2 | 71.6% | 27.5 | 73.3% | (1.7% pts) |
Gross profit has declined due to the challenges noted above and as we started to make investments in our channel proposition and cloud infrastructure to underpin sustainable growth.
During the period, the Group has incurred £12.7m of Individually Significant Items (ISIs) (2020: restated £7.9m 3). These items relate to the acquisition of the IPM business (£7.6m) and cloud configuration and customisation costs associated with the Group's transformation programme SGT (£5.1m, 2020: restated £7.9m 3). These costs are considered material and are in accordance with the Group's policy on identification of certain costs that distort the underlying performance of the Group. For further detail, please refer to Note 5 to the consolidated Financial Statements.
Net finance costs for the period were £2.5m compared to £3.0m in 2020 due to the reduction in our drawn facilities and LIBOR during the global pandemic. Net finance costs include lease financing costs from IFRS 16 of £1.2m (2020: £1.2m).
The Group's effective statutory tax rate is 32.4% (2020: restated 33.3% 3). The Group's adjusted tax rate is 27.8% (2020: 23.5%). The effective rate remains above the UK standard rate of corporation tax, reflecting the origin of a reasonable proportion of Group profits in overseas territories with higher tax rates than the UK and due to a review of US R&D tax credits recognition.
| 2021 pence |
2020 (restated) 3 pence |
|
|---|---|---|
| Statutory | ||
| Basic EPS | 3.6p | 2.3p |
| Diluted EPS | 3.5p | 2.3p |
| Adjusted 2 | ||
| Basic EPS | 9.5p | 7.6p |
The table below summarises the Group's cash flow and net debt 2:
| 2020 | ||
|---|---|---|
| 2021 £m |
(restated) 3 £m |
|
| Operating cash inflow before | ||
| movements in working capital | 47.3 | 38.8 |
| Increase/(decrease) in trade and other receivables |
4.7 | (11.0) |
| Increase in inventories | (0.2) | (0.2) |
| (Decrease)/increase in trade and | ||
| other payables | (5.5) | 19.2 |
| Cash generated from operating activities before interest and taxation |
46.3 | 46.8 |
| Interest element of lease payments | (1.2) | (1.2) |
| Finance interest paid | (1.1) | (1.6) |
| Taxation paid | (5.1) | (4.8) |
| Net cash generated from | ||
| operating activities | 38.9 | 39.2 |
| Purchase of property, plant and equipment | (2.7) | (2.8) |
| Software and development expenditure | (2.1) | (2.5) |
| Proceeds on disposal of intangibles | 0.5 | – |
| Equity dividends paid | (13.0) | (12.9) |
| Repayment of lease liabilities | (6.0) | (5.3) |
| Proceeds from the issue of ordinary share capital |
72.6 | 1.1 |
| Net movement | 88.2 | 16.8 |
| Opening net debt | (4.2) | (20.2) |
| Non-cash movements (release of deferred | ||
| issue costs and lease financing costs) | (0.2) | (0.2) |
| Foreign exchange | (0.5) | (0.6) |
| Closing net cash/(debt) excluding | ||
| lease liabilities 2 | 83.3 | (4.2) |
| Lease liabilities | (34.4) | (38.2) |
| Closing cash/net (debt) 2 | 48.9 | (42.4) |
| Free cash flow (net cash generated | ||
| from operating activities less net capital expenditure) |
34.6 | 33.9 |
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
Net cash/(debt) 2 can be reconciled as follows:
| 2021 £m |
2020 £m |
|
|---|---|---|
| Cash and cash equivalents | 116.5 | 95.0 |
| Borrowings (net of deferred issue costs) | (33.2) | (99.2) |
| Net cash/(debt) excluding lease liabilities 2 |
83.3 | (4.2) |
| Lease liabilities | (34.4) | (38.2) |
| Net cash/(debt) 2 | 48.9 | (42.4) |
The calculation of the cash conversion ratio 2 is set out below:
| 2021 £m |
2020 (restated) 3 £m |
% change | |
|---|---|---|---|
| Net operating cash flow before interest and taxation (A) Adjusted EBITDA 2 (B) |
46.3 52.5 |
46.8 45.5 |
(1.1%) 15.4% |
| Cash conversion ratio 2 (%) (A)/(B) |
88.2% | 102.9% | (14.7% pts) |
Cash conversion remains above our medium target of c.85%, as we have maintained strong cash management through the global pandemic.
The increase in tax paid is mainly due to the FY20 deferral of £1.2m under government tax deferral schemes now fully repaid.
Net cash capital expenditure during the year was £4.3m (2020: restated £5.3m 3) which includes tangible expenditure of £2.7m (2020: £2.8m) and capitalised software and development costs of £2.1m (2020: restated £2.5m 3), which has been offset by proceeds from the disposal of an intangible asset for £0.5m. Additional cash capital expenditure will be incurred during 2022 as we finish the installation and improve our new systems.
Acquisition costs paid prior to the shareholder approval on 1 June 2021 of the US acquisition of IPM amounted to £1.2m. During early FY22, further costs have been paid of c.£6.4m.
Dividends of £13.0m paid in the year (2020: £12.9m) comprised the final dividend for FY20 of 3.15p and the interim dividend of 1.5p per ordinary share for FY21 (2020: 1.5p). The Board is declaring an unchanged final dividend of 3.15p per ordinary share (2020: 3.15p).
This represents a dividend equal to that paid in the prior year as the Board is conscious of the need to invest in initiatives to support longer-term growth and service debt profile following the recent acquisition. The dividend policy will therefore continue to remain under review.
The final dividend will be paid on 12 November 2021, to shareholders on the register at the close of business on 15 October 2021. The ex-dividend date is 14 October 2021.
As noted within the Business Review, prior to our ownership of IPM, the business generated revenues of c.£23m and operating profit of c.£15m for the 12 months ended 31 December 2020, with cash conversion of c.90%. It is expected that for NCC Group's FY22 financial year, the business will report proforma numbers on a similar basis and that we will incur c.£2.5m of one-off integration costs.
However, on a statutory basis the Group will have to recognise acquisition fair value adjustments for the first year only in relation to deferred income, resulting in an expected consequential reduction to IPM numbers in relation to revenue and operating profit for the first year only.
In April 2021, the IFRS Interpretations Committee (IFRIC) published an agenda decision on the clarification of accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) as follows:
Due to the nature of this agenda decision and the level of spend incurred in relation to the Group's Securing Growth Together digital transformation programme, the Group's accounting policy has been reviewed retrospectively to align with the IFRIC guidance recently issued in relation to SaaS costs previously capitalised. This has resulted in a prior year restatement to reflect costs previously capitalised as an expense when incurred and represents a non-cash adjustment. See Notes 1, 5, 12 and 34 to the Financial Statements for further details.
The Group is financed through a combination of bank facilities, retained profits and equity. As at 31 May 2021, the Group had committed bank facilities (revolving credit facility) of £100m (2020: £100m), of which £33.8m (2020: £100m) was drawn down. These arrangements were agreed in June 2019 and are due for renewal in June 2024. Under these arrangements the Group can also request (seeking bank approval) an additional accordion facility to increase the total size of the revolving credit facility by up to £75m.
On 12 May 2021, the Group entered into a new Term Loan Facility Agreement of \$70m, to fund the US acquisition of the IPM Software Resilience business in early June 2021. The Term Facility is repaid in annual instalments of \$23.3m on each of 10 June 2022 and 10 June 2023, with a final instalment of \$23.4m payable on 10 June 2024. The Term Facility Agreement also contains financial covenants consistent with the revolving credit facility.
On our banking covenants, leverage as at 31 May 2021 amounted to (1.8)x as we have become cash positive (2020: 0.1x) and net interest cover amounted to 35.0x (2020: 22.7x). The Group was in compliance with the terms of all its facilities, including the financial covenants, at 31 May 2021 and expects to remain in compliance with the terms going forward. The terms and ratios are specifically defined in the Group's banking documents (in line with normal commercial practise) and are materially similar to GAAP with the exceptions being net debt excludes IFRS 16 lease liabilities and Adjusted EBITDA 2 excludes amortisation of acquisition intangibles, share-based payments and Individually Significant Items.
The Directors have acknowledged guidance published in relation to going concern assessments.
The Group's business activities, together with the factors likely to affect its future development, performance and position, are set out in the Business Review and Financial Review. The Group's financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending September 2022 which indicate that, taking account of severe but plausible downsides and the anticipated impact of Covid-19 on the operations of the Group and its financial resources, the Group and Company will have sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving credit facility that matures in June 2024. The Group is required to comply with financial covenants for leverage (net debt to Adjusted EBITDA 2) and interest cover (Adjusted EBITDA 2 to interest charge) that are tested bi-annually at 31 May and 30 November each year. As at 31 May 2021, the Group had drawn down £33.8m for working capital requirements.
Subsequent to the year end and shareholder approval on 1 June, the Group acquired on 7 June the IPM business for \$220m; the US acquisition was funded through an equity placing in May of £70.2m (net proceeds) combined with a new three year \$70m term loan, existing cash balances and our existing revolving credit facility. The impact of the acquisition on the Group's financial performance, covenants and business model has therefore been considered within this going concern assessment. As at 2 June 2021, following the acquisition of the IPM business, the Group had drawn down £75.5m of its revolving credit facility and was due to incur further transaction costs of £6.4m. As at 31 August 2021, cash, net debt (excluding lease liabilities) 2 and headroom amounted to £43.6m, £74.7m and £80.5m respectively.
Although the Group has demonstrated resilience to the challenging environment resulting from Covid-19, the Directors acknowledge that the financial performance of the Group has been adversely impacted to a certain degree since the commencement of the pandemic, and for this reason the base case forecast for 2021 reflects this assessment. The continuing macro-economic risks and potential changes in government policies (on the severity of enforced lockdowns worldwide) could have a continued effect on the Group's performance. However, trading throughout the pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible scenarios as follows:
These scenarios have been modelled individually and also in combination in order to assess the Group's ability to withstand multiple challenges, although the Directors do not believe a scenario combining all these risks to be plausible. The impact of these sensitivities has been reviewed against the Group's projected cash flow position, available bank facilities and compliance with financial covenants. In the instance that a combination of the above scenarios arise, mitigating actions would be required to ensure that the Group remains liquid and financially viable, which might include a reduction of planned capital expenditure, freezing pay and recruitment and not paying a dividend to shareholders. All of the mitigating actions are within the Directors' control. These forecasts, including the severe but plausible downsides, show that the Group is able to operate within its available banking facilities, with no forecasted covenant breaches, and that the Group will have sufficient funds to meet its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. Having reviewed the current trading performance, forecasts, other Group trading entities' financial support, debt servicing requirements, total facilities and risks, the Directors are confident that the Company and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the date of approval of these Financial Statements. Accordingly, they continue to adopt the going concern basis of accounting in preparing the Group's Financial Statements for the year ended 31 May 2021.
The Group's operations based in Continental Europe have so far proven structurally resilient to any significant disruption caused by Brexit. The main risks to the Group from Brexit continue to be any reduction in demand from an economic slowdown as well as real or perceived differences in data protection standards which impact our global ways of working.
Chief Financial Officer 14 September 2021
2 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
3 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
Embedded risk management systems have supported the Group in pursuing its strategy for sustainable and profitable growth.
Risk is an inherent part of doing business and risk management is a fundamental part of good corporate governance. A successful risk management process balances risk and reward and is underpinned by sound judgement of their impact and likelihood. The Board has overall responsibility for ensuring that NCC Group has an effective risk management framework, which is aligned to our business objectives.
The Board has established a Risk Management Policy, which has established protocols, including:
The integrated approach to risk management diagram summarises the Group's overall approach to risk management, which is supported by a web-based tool – the Integrated Risk Management System (IRMS). The tool is designed to follow the risk management model described in the next section and records both strategic and operational risk registers and tracks risk mitigation action plans, helping embed ownership of risks and treatment actions while also providing access to live management information, which is used at both a Board and operational management level.
NCC Group adopts both a "top down" and "bottom up" approach to risk, to manage risk exposure across the Group to enable the effective pursuit of strategic objectives. The approach is summarised in the diagram on page 41.
The approach is one of collaboration, which supports our comprehensive approach to risk identification, from the "top down" and "bottom up". The Group believes that this is the most efficient and effective way to identify its business risks.
The Board, Audit Committee and Cyber Security Committee review risks on an ongoing basis and are supported by the Executive Committee and subject matter specialists (including Software Resilience, Assurance, information security, data protection and health and safety). The Board gives consideration to the Group's strategic objectives and any barriers to their achievement.
The Board and senior leadership team engage with colleagues at every level of the Group in recognition of the importance of their expertise, contribution and views. In relation to matters of wrongdoing, or risks not being recognised and adequately managed, the Group has a robust and effective whistleblowing procedure, which is supported by the Safecall reporting line.
| Top down Strategic risk management |
Bottom up Operational risk management |
|
|---|---|---|
| • Establishing guidance on the Group's approach to risk management and establishing the parameters for risk appetite and associated decision making • Identification, review and management of identified Group strategic risks and associated actions • Ongoing consideration of: – IT and cyber-centric risk – Environmental risk |
Board Audit Committee Cyber Security Committee |
• Periodically assessing the effectiveness of the embedded Group risk management process • Challenging the content of the strategic risk register to support a comprehensive and balanced assessment of risk • Reporting on the principal risks and uncertainties of the Group |
| • Implementing and embedding the Group's Risk Management Policy and approach • Directing the delivery of the Group's identified actions associated with managing/mitigating risk • Identification of key risk indicators, monitoring and taking timely action where appropriate |
Executive Board and leadership team |
• Responsible for reviewing the operational risks across the business units and Group • Challenging the appropriateness and adequacy of proposed action plans to mitigate risk ag • Giving due consideration to the aggregation of risk across the Group g • Provisioning suitable cross-functional/business unit resource to effectively manage risk where appropriate |
| • Instrumental in developing the risk management framework adopted by the Board • Providing governance and control over the IRMS • Conduit between the Board and the business units – providing training and support where appropriate • Developing and executing a risk-based internal audit plan to assess the management of risks |
Global Governance function, incl. dedicated CISO |
• Ongoing monitoring and reporting to the Board in relation to the progress being made by the business units in implementing agreed action plans to mitigate strategic risk • CISO dedicated to the identification, management, monitoring and reporting of data security risks |
| • Execution of the delivery of the Group's identified actions associated with managing risk • Timely reporting on the implementation and progress of agreed action plans • Provision of key risk indicator updates |
Business units | up • Identification and reporting of strategic risk to the Board • Provision of reports and data relating to significant emerging risks to the Group (internal and external) • Implementation of risk management approach which promotes the ongoing identification, evaluation, prioritisation, mitigation and monitoring of operational risk |
| Effective pursuit of strategic objectives |
The Board has overall responsibility for ensuring that NCC Group adopts an effective risk management model, which is aligned to our objectives and promotes good risk management practice. We have therefore adopted the model described in this section and summarised in the diagram above.
The Board, Audit Committee, Cyber Security Committee and Executive Team review risks on an ongoing basis throughout the year. The appropriateness and relevance of the risks and issues tracking system – IRMS – are monitored by the global governance team to ensure that it continues to be updated, meets the needs of the Group and remains in line with good risk management practice. In addition, there is a robust process in place for monitoring and reporting the implementation of agreed actions.
We are satisfied that the Risk Management Policy, framework and model currently in place are sufficient to manage risk across the Group.
The key areas of identifying, assessing, addressing and monitoring risks are explained in more detail below:
Risks exist within all areas of our business and it is important for us to identify and understand the degree to which their impact and likelihood of occurrence will affect the delivery of our key objectives. This is achieved through day-to-day working practices and incorporates risks in both the internal and external environment. Examples of identification include horizon scanning for legislative and market changes, operational and delivery reviews (such as SGT), procedures in relation to projects and change and independent systems audits.
All identified risks are initially assessed for their "inherent" risk (risk with no controls in place), using a scoring mechanism that accounts for the likelihood of an event occurring and the impact that it may have on the Group. The scoring mechanism adopted takes account of high impact, low likelihood events and these risks are managed in a timely manner.
In addition to ongoing risk identification, an annual exercise is undertaken to review the Group's strategic risk universe by the Board. This exercise is reliant on the "top down" "bottom up" approach discussed earlier.
Post identification of the Group's inherent risk exposure, a comprehensive assessment of the effectiveness of current mitigating controls is undertaken. This exercise takes account of the design of the current control environment and the application of these controls prior to assessing the Group's current exposure to risk – mitigated risk score. The Board uses a number of sources of information to support the scoring of risk and these include, but are not limited to:
Having identified and assessed the risks faced by the Group, the risks are scored according to likelihood of occurring and impact to the business should they occur. The risks are then mapped according to their rating onto a risk heat map, which reflects the Group's overall risk appetite set by the Board. The Group's Risk Management Policy then provides guidance on the expected level of response to those risks, depending on where they sit on the risk heat map. The heat map shows the four bandings in the different shades of risks as set out below as well as expected actions and responses to risks in these areas:
An assessment of whether additional actions are required to reduce our risk exposure is undertaken, with actions falling into the one of four categories:
Output from the evaluation of strategic risks has resulted in milestone plans owned by senior business leaders, or has been used in the development of the Group's transformation programme.
Ongoing monitoring of risks and related actions is key to the implementation of our risk management model and, therefore, NCC Group is committed to making enterprise-wide risk management part of business as usual. Examples of ongoing monitoring of business risks include, but are not limited to:
Whilst risk management identifies threats to the Group achieving its strategic objectives, internal controls are designed to provide assurance that these objectives are being achieved, such as the effectiveness and efficiency of operations and delivery, accurate and reliable financial reporting, and compliance with applicable laws and regulation.
NCC Group has established a robust internal control framework which is made up of a number of components:
The control environment has primarily been established taking account of the Group's values (working together, being brilliantly creative and embracing difference) and its Code of Ethics, which sets the foundations for the expected behaviours, values and competencies for all colleagues across the Group. The Board, Executive Committee and extended leadership team lead by example and strive to maintain effective control environments, whilst also maintaining integrity and transparency.
Risk assessments are conducted at both a strategic and operational level of the Group and support the Group in understanding the risks that it faces and the controls in place to mitigate them. Importantly, they provide a mechanism to identify operational improvements which is vital in our transformational programmes.
Established policies communicate expected behaviours and these are supported through procedures and guidelines defining required processes and controls. This in turn supports the business to adopt efficient and effective control environments.
Access to accurate and timely data is key in supporting our colleagues to make decisions and to be well informed in order to conduct, manage and control their areas of responsibility. During the year, the Group has continued to focus on its data systems – rolling out the Workday Finance system to support consistent controls and reporting.
Financial minimum controls were established during FY20 for local finance teams. The financial minimum controls have been selfassessed by all finance teams and a programme of audit against these standards launched in FY21. The financial minimum controls framework was established in consultation with the Chief Financial Officer, Group Financial Controller and local Finance Directors and has taken account of the implementation of Workday Finance. Further enhancement of the framework is being considered in preparation for potential changes proposed in the Brydon Review and related white paper issued by the Department for Business, Energy and Industrial Strategy.
Financial accounting and reporting follows generally accepted accounting practices.
Group review and approval procedures exist in relation to major areas of risk and require Executive Committee/Board approval, including mergers and acquisitions, major contracts, capital expenditure, litigation, treasury management and taxation policies.
Compliance with all legislation, current and new, is closely monitored.
During the current financial year, NCC Group has focused on establishing the "three lines of defence" to provide a robust internal controls structure that will support the Board, Audit Committee, Cyber Security Committee, Executive Committee and extended leadership team with accurate and reliable information in relation to the systems of internal control.
Three lines of defence:
The Group continues to operate in a particularly dynamic and evolving marketplace. The current strategic risk register has been developed to reflect those factors and includes those risks that would threaten its business model, future performance, solvency or liquidity. Detailed descriptions of the current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls are set out below. A risk related to sustainability (10) has been added to the strategic risks for FY21 and reflects the importance being placed on a sustainable business strategy by NCC Group and its investors.
The heat map provides a pictorial representation of the Group's strategic risks and their direction of travel.
| Strategic | VR | |
|---|---|---|
| 1. Business strategy | ||
| Link to strategy: Lead the market |
Win business Deliver excellence |
Support growth Develop our people |
| A comprehensive business strategy is essential to the continued success of the Group as we strive to maximise shareholder value. Accountable Executive Adam Palser, Chief Executive Officer |
Impact A poor strategy or ineffective execution of a strategy could have a material negative impact on the Group's financial performance and value. It would potentially weaken the Group compared to its competitors and risk the Group's established position in the marketplace. Risk movement/impact |
Key controls and mitigating factors Members of the Board have significant experience in evolving business strategies. The Board is significantly engaged in both setting and reviewing strategy and held a dedicated strategy session in March 2021. |
| 2. Management of strategic change | ||
| Link to strategy: Win business |
Support growth Develop our people |
|
| As the Group adapts and executes its strategy there are a number of complex projects and initiatives that not only need to be delivered but also require understanding and support from all colleagues. |
Impact Poor change management could lead to ineffective implementation of projects that then cost more to deliver, take longer to deliver and result in fewer benefits being realised (or all three). Poor delivery of change could ultimately impair business performance. |
Key controls and mitigating factors The Group has established a strategic change management capability and this includes access to programme management professionals and the deployment of associated change management processes, for example the operation of senior change oversight committees. |
| Accountable Executive Adam Palser, Chief Executive Officer |
Risk movement/impact | |
| Operational | ||
| 3. Global pandemic – Covid-19 | ||
| Link to strategy: Lead the market |
Support growth Develop our people |
|
| NCC Group has a number of features which give the Group greater resilience in the face of a global pandemic. Failure to prepare for this may cause disruption and uncertainty to our business, as well as risk the health and safety of our |
Impact The potential impact of a pandemic globally is closed offices, people who are unwell and unable to work for periods of time and a slow-down in business from our clients. Risk movement/impact |
Key controls and mitigating factors During 2021, we successfully moved to remote working during the lockdown periods across our offices and were able to deliver our services off client sites. We have also used remote working as an opportunity to develop our services to support remote delivery. |
| people. Any disruption or uncertainty could have an adverse effect on our business, financial results and operations. |
In addition, the Group has developed an office re-opening programme, which has taken into account the health and wellbeing of our colleagues, which has further supported our successful service delivery. |
|
| Accountable Executive Tim Kowalski, Chief Financial Officer |
||
| Risk movement: Increased Viability risk: VR New risk: NR |
Risk impact: Decreased Unchanged |
High Medium Low |
44 NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Strategic report
The Group is heavily reliant on
continued and uninterrupted access to its IT systems. As well as environmental and physical threats, the Group is a natural target for individuals who may seek to disrupt
the Group's commercial activities.
Steve Boughton, Global Operations Director
If the Group's critical systems failed, this could affect the Group's ability to provide services to our customers.
The Group continues to make significant investment in its IT infrastructure to ensure it continues to support the growth of the organisation. This has been particularly pertinent during home working as part of the response to Covid-19.
The Group has controls in place in order to reduce the risk of actual loss of critical systems; this has included a review of single points of failure and these have been mitigated. Further, controls are operated to ensure the availability of backup media in the event of prolonged loss of systems.
The Group also standardises and simplifies processes whilst increasing resilience. Additional focus is given to proving the recoverability of systems and data.
VR
Link to strategy: Lead the market Win business Support growth Develop our people
The Group would be adversely impacted if it were unable to attract and retain the right calibre of skilled colleagues. Some roles within the Group operate in highly technical and extremely specialised areas in which there are shortages of skilled people.
Loss of key colleagues or significant colleague turnover could result in a lack of necessary expertise or continuity to execute the Group's strategy.
An inability to attract and retain sufficient highcalibre colleagues could become a barrier to the continued success and growth of NCC Group.
Colleagues are offered a rewarding career structure and attractive salary and benefits packages, which can include participation in share schemes.
Comprehensive communications with our colleagues are ongoing and include all-hands calls, The Wire and Group and local communications.
Linked to the development of our people, the Group continues to review our values and continues to use personal performance management processes, and aligned development programmes, which are linked to succession planning.
Chief People Officer
| Key controls and mitigating factors The Board operates a Cyber Security Committee chaired by the Chair of the Board and is responsible for the ongoing oversight of this risk and related |
|---|
| control environments. |
| All colleagues globally are required to undertake annual security training and updates to alert them to potential methods of security breach and to their responsibilities in safeguarding information and reporting potential issues. |
| Security testing is regularly carried out on the Group's infrastructure and there are extensive response plans, which were reviewed during the year, in the event of a major security incident. |
| Comprehensive plans are in place and being delivered associated with discharging our data protection obligations. |
| Low |
| Medium |
Link to strategy: Win business Support growth We aspire to attain and retain key internationally recognised
Impact The risk of the Group failing to retain a core standard, e.g. 9001, 27001 or PCI, with a consequential loss of key customer accounts or ability to operate.
Risk movement/impact
We operate a comprehensive programme to ensure the retention of our core standards. This includes a portfolio of aligned policies and cascading business processes. A programme of internal audit provides assurance over the design and application of these policies and procedures.
External assessors provide a further layer of review and challenge, confirming during the year the retention of our Quality and Security standards, which were renewed in April 2021.
VR
standards, which form an important component for many of our customers. Accountable Executive
Tim Kowalski, Chief Financial Officer
Failure to comply with changing EU regulations as a result of Brexit may cause disruption to our business. Any disruption could have an adverse effect on our business operations.
Viability risk: VR New risk: NR
Accountable Executive Tim Kowalski,
Chief Financial Officer
There remains some uncertainty around the detail of EU regulatory changes as these are finalised (for example, finalisation of trade negotiations with the wider world), which may impact on some of the services delivered by the Group, which fall under export control regulations.
Risk movement: Decreased Unchanged High Medium Low
Increased Risk impact:
Risk movement/impact
Similar to any UK company, we list post-Brexit as a significant risk due to the continued uncertainty surrounding the final EU post-Brexit trade deals with Europe and other international countries, which are still being negotiated.
As our operations around the world include business entities based in Continental Europe and the wider world, we believe NCC Group is structurally resilient to the post-Brexit trading environment. The main risks to our business post-Brexit are:
NCC Group recognises the importance of good environment, social and governance (ESG) frameworks as a key indicator of the Group's sustainability and ethical impact of our business.
Yvonne Harley, Global Director of Sustainability and Corporate Affairs
Non-compliance with the Group's frameworks related to ESG will impact on our ability to display robust working practices, grounded in good working practice, which take account of our environment, people and communities. This in turn could impact on our ability to develop and maintain business relationships and may lead to the loss of key customer accounts and shareholder investment.
New
11. Acquisition of IPM (Intellectual Property Management)
The Group has developed an ESG framework which continues to evolve. Examples of progress to date include:
More examples are outlined in the sustainability section of the report.
| 11. Acquisition of IPM (Intellectual Property Management) | NR | ||
|---|---|---|---|
| Link to strategy: Deliver excellence |
Support growth Develop our people |
||
| NCC Group obtained shareholder approval to acquire Iron Mountain's Intellectual Property Management (IPM), post extensive due diligence on 1 June 2021. The acquisition of the IPM division significantly grows the US Software Resilience customer base and allows us to support them with a broader set of services. A comprehensive integration plan has been established to support the effective and efficient transition of IPM into the Group. Accountable Executive Simon Fieldhouse, Global Managing Director – Software Resilience |
Impact Ineffective implementation of the integration plan may lead to: • Staggered transition to key systems • Increased costs against the budgeted £2.5m Risk movement/impact New |
Key controls and mitigating factors The Group has established a comprehensive integration plan, which has been sub-divided into specific workstreams, including, but not limited to, finance; legal; compliance; and IT. Each workstream has specific deliverables, along with deadlines, and these are being regularly monitored to validate "on time" delivery and to enable additional actions/resource to be deployed if required. |
|
| Risk movement: Increased |
Risk impact: Decreased Unchanged |
High Medium Low |
|
| Viability risk: VR New risk: NR |
During the year, the global pandemic of Covid-19 continued, with minimal impact on financial performance; it also provided opportunities. The Group mobilised its Executive Support Team and its business continuity plan in January 2020 and this enabled a number of planned initiatives to be brought forward to support a Group-wide response to remote working and delivery.
We have continued to successfully negotiate with our customers where appropriate to work remotely, which has minimised disruption to service delivery.
NR
In accordance with the requirements of the UK Corporate Governance Code, the aim of the Viability Statement is for the Directors to report on the assessment of the prospects of the Group meeting its liabilities over the assessment period, taking into account the current financial position, outlook, principal risks and uncertainties and key judgements and estimates in preparing the Financial Statements.
The Directors have based their assessment of viability on the Group's current business model and strategic plan, which is updated and approved annually by the Board, in line with our objectives to deliver sustainable and profitable growth, increase shareholder value and offer an improved service and product offering to our customers. This is underpinned by the strategic priorities outlined on pages 20 and 21 of the Strategic Report. The effective management of principal risks and uncertainties is outlined within pages 40 to 48 and this assessment emphasises those risks that could theoretically threaten the Group's ability to operate, or to continue in existence (with the VR designation).
The Directors have assessed the viability of the Group over the three year period to May 2024, as this is an appropriate planning time horizon given the speed of change and customer demand in the industry and is in line with the Group's strategic planning period.
The viability of the Group has been assessed taking into account the Group's current financial position, available bank facilities, and the Board approved FY22 budget and three year strategic plan.
The Directors have produced a budget for FY22 which reflects the anticipated trading levels in the current environment and years two to three of the strategic plan represent the expected trading growth over this period factoring in the initial planned growth in the budget. The Directors have also assessed the viability of the Group taking into account the current financial position, including the recent acquisition of the Intellectual Property Management division of Iron Mountain and the associated new equity issue and additional debt taken on to fund that acquisition. The Directors have also modelled the impact of certain severe but plausible scenarios, which have the greatest potential impact on viability in the period under review, as set out in the table below. In particular, the Directors have considered the potential impact of additional Covid-19 related economic disruption on both the short and long-term growth prospects for the Group in a number of different scenarios, the potential impact of Covid-19 on customers and the associated impact on the Group's performance, as well as the Group's ability to execute its strategy.
The impact of these sensitivities has been reviewed against the Group's projected cash flow position, available bank facilities and compliance with financial covenants over the three year viability period. Should these occur, mitigating actions would be required to ensure that the Group remains liquid and financially viable, which include a reduction of planned capital expenditure, freezing pay and recruitment and not paying a dividend to shareholders, all of which are within the Directors' control.
Based on these severe but possible scenarios, the Directors have a reasonable expectation that the Group and Company will be able to continue in operation and remain commercially viable over the three year period of assessment.
| Scenario | Associated principal risks and uncertainties | Description and potential impact |
|---|---|---|
| Business strategy |
Attracting and retaining appropriate colleagues' capacity and capability |
Failure to deliver the Securing Growth Together transformation programme. |
| Loss of key colleagues or inability to attract and retain key talent. |
||
| The potential impact of the above would act as a barrier to future growth. |
||
| Systems failure |
Availability of critical information systems Cyber risk (including data protection) |
A critical systems failure, leading to an inability to provide services to customers. |
| The potential impact of this would be short-term reputational damage and an inability to do business in the short term, impacting revenue and profits. |
||
| Cyber security |
Cyber risk (including data protection) | A cyber security breach occurs with theft of data and disruption to business services. |
| breach | The potential impact of this would be long-term reputational damage significantly impacting future revenue. |
|
| Covid-19 (over and above base |
Global pandemic – Covid-19 | The world was victim to a global pandemic of Covid-19 in early 2020. Most affected countries were locked down for a minimum of six weeks and the economic disruption is still ongoing. |
| case short term impact) |
The potential longer-term impact of this would be loss of jobs due to loss of revenue. There would also be reputational damage if there was a cyber security breach due to the remote working we have put in place to safeguard our people. |
Katharina Sommer Head of Public Affairs
Our public affairs function is focused on creating a conducive political and regulatory operating environment to improve cyber security policies, so they materially improve the cyber resilience for our customers and broader society (see pages 50 to 52 for more on stakeholder engagement).
Nowhere is this demonstrated better than in our continued efforts to reform the UK's Computer Misuse Act 1990, to enable cyber security professionals to undertake this critical work without fear of prosecution and unleash their full potential in making the world safer and more secure.
As founding members of the CyberUp Campaign 1, we brought together peers from across the cyber security industry alongside trade associations, incubators, academics and parliamentarians, all of whom believe that UK cyber crime laws should not inadvertently criminalise the very same people seeking to keep the nation safe and secure.
This campaign approach paid off, when, in May 2020, UK Home Secretary, the Rt Hon Priti Patel MP, announced that "now is the right time to undertake a formal review of the Computer Misuse Act" 2 and launched a call for information to assess if the law remained fit for use following the technological advances since its introduction in 1990 3.
The campaign, driven by an evidence-based, pragmatic approach, considers the operational realities of cyber resilience in modern day society. The security of the internet and our digital world is strengthened by the work undertaken by security and threat intelligence researchers who help us identify and fix weaknesses, to stay one step ahead of our adversaries.
Our vulnerability assessments of smart doorbells, for example, demonstrated attackers would be able remotely to control some devices, further highlighting the importance of good security practices in developing Internet of Things (IoT) products, and our research into a cyber threat group showed its preference for abusing cloud services in its operations, enabling us to help organisations improve their detection of and protection against future attacks.
We will continue working with all our key stakeholders to create a reformed law that adequately protects security and threat intelligence researchers.
1 https://www.cyberupcampaign.com/.
2 https://www.gov.uk/government/speeches/home-secretary-priti-patel-speech-to-cyberuk-conference.
3 https://www.gov.uk/government/consultations/computer-misuse-act-1990-call-for-information.
We believe by understanding and meeting the needs of our stakeholders, we will secure long-term success. This is achieved through consistent and authentic engagement.
Here we have highlighted our key stakeholders, their identified needs and how we have engaged with them. Engagement of each stakeholder is done so with the NCC Group values at the heart of everything we do. We recognise the importance of listening to and understanding the views of our key stakeholders. We use insights to support our approach, addressing opportunities to build enduring and trusted relationships. Insights are gathered during our day-today business and are used to improve decision making at every level of the organisation – from the Board down to operations.
Section 172 of the Companies Act 2006 requires a director of a company to act in the way they consider, in good faith, would most likely promote the success of the company for the benefit of its members as a whole but having regard to a range of factors set out in section 172(1)(a)–(f) in the Companies Act 2006. In discharging our section 172 duty, we have regard for these factors taking them into consideration when decisions are made. Examples of how our Directors have oversight of stakeholder matters and have regard for these matters when making decisions are set out on these pages.
We are a people business and our 2,000+ colleagues around the world each have an important role in helping to make the world safer and more secure.
Colleagues
Develop our people
Link to strategy:
The past 12 months have seen threats turn into impacts across all markets. Our solutions continue to help to keep our customers' businesses secure and operational.
• Continued successful delivery through remote working and maintained a "working together" approach to match our customers' challenging needs through the impact of local restricted working practices
NCC Group is committed to engaging with our shareholders through continued sufficient and effective communication.
Link to strategy:
We engage with a large number of different suppliers across our global business. Historically, we have had a very local and transactional relationship with suppliers; however, to enhance our competitiveness and remain agile, we are developing more formalised and sustainable relationships with our key suppliers based on both spend level and risk profile.
NCC Group is committed not only to creating a conducive operating environment to enable our long-term growth ambitions but to using our expertise to inform evidence-based policy making and improving the resilience of our societies.
Link to strategy:
52 NCC Group plc — Annual report and accounts for the year ended 31 May 2021
NCC Group's commitment to sustainability is integral to how we do business – simply it is our licence to operate. Grounded in our values and principles, we're guided by our Code of Ethics and driven by our mission to make the world safer and more secure for our people, our customers, our investors, and the communities we live and work in.
As society's dependence on the connected environment and its associated technologies increase, we use our global insights to help organisations assess, develop and manage their cyber resilience posture, enabling them to confidently take advantage of the opportunities that sustain their business growth.
We draw on our expertise, capabilities and global footprint to develop solutions to meet current and future cyber challenges. We help to educate policymakers and regulators. We give back to protect our local community services and we share opportunities to experience the world of cyber and inspire the next generation to secure our future.
Read more on our business model on pages 20 and 21
Read more on how we manage and monitor risk in relation to sustainability on page 47
Our approach to sustainability is focused on the recognised elements of environment, social and governance (ESG). These are brought to life with our framework, which enables us to focus our efforts on the activities that deliver the greatest value to our people, our customers, our shareholders, and the world we all live in.
We will set objectives that consider people and the planet, and we will hold ourselves to account through our annual reporting cycle and through regular stakeholder engagement.
Yvonne Harley Global Director of Sustainability and Corporate Affairs
NCC Group plc — Annual report and accounts for the year ended 31 May 2021 53
We have partnered with Willis Towers Watson to develop our approach to identifying and assessing climate change risk, which will support the development of a robust strategy and enable reporting against the Task Force on Climate-Related Financial Disclosures (TCFD) in 2022
We continue to foster partnerships that support development of future diverse cyber talent
The conversations alongside our performance management programme and career framework development will help drive our performance culture, creating an environment where everyone is welcome and can be successful
We continue to be committed to building long-term sustainable relationships, earning trust through understanding the challenges our customers have and delivering high quality solutions to take their pain away
In FY22, we are conducting a Responsible Business Tracker with the UK's Business in the Community organisation. This will provide us with a detailed report of how we are performing and coupled with recent investment ratings feedback will support us to identify longer-term sustainability targets.
In the interim, in FY22, building on our work to date we aim to:
While technology was able to break (in part) the barrier of isolation caused by the global pandemic, there was also a risk of it becoming a barrier as fatigue and frustration started to creep in. We know from our engagement with other organisations we weren't unique, and we took action to mitigate the risk to our Covid-19 survive and thrive strategy.
We continued to focus on the health and wellbeing of colleagues – prioritising the training of a global network of 61 Mental Health First Aiders and training over 100 managers in mental health awareness and supporting wellbeing, building resilience through a series of engagements throughout the organisation.
We also launched our NCC Conversations programme to support engagement around our four inclusion and diversity priorities (page 62) – gender, LGBTQIA+, race and ethnicity and neurodiversity. The conversations, hosted through panel sessions, articles, workshops and podcasts, have led to positive changes in how we operate as a firm.
Project Manager
Our focus on inclusion and diversity is sustained through embedding insights for dialogue, and local target setting into our monthly executive business reviews and is a key priority in our growth strategy.
We continued to reduce complexity in our business, reducing our legal entities, combining our Benelux and Danish entities to create one powerful European business and creating a global operating committee to unify how our professional and managed services operate in service of our customers. This not only increases our ability to attract a wider and more diverse talent pool but also reduces the risk of regional talent challenges affecting our ability to deliver for customers.
In the ever-increasing connected society, cyber resilience is important and should be part of responsible business practice – from design to operations. As a major player in the cyber resilience market, we have a responsibility to apply our world-class research skills, market knowledge and threat intelligence to ensure we design products and services that support our customers to meet their whole cyber resilience posture requirements.
This is the driver of the progress towards our vision to be the complete global provider of cyber resilience solutions within a growing global market and evidenced with the launch of new propositions to meet this requirement.
We review partnerships on an annual basis with a view to ensure they continue to be of value. In the past year we became members of the UK's Business in the Community programme, undertaking its Responsible Business Tracker assessment to support our future sustainability plans. In this new financial year, we have become members of the United Nations Global Compact, with full Board and CEO endorsement to embed its principles into our strategy, culture and ways of working.
More broadly, our active network engagement and industry partnerships help us to further support the United Nations Sustainable Development Goals, build global cyber resilience and help make the whole world safer and more secure.
Our commitment is to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic and representative of the diversity of the world they live in, to share their personal experiences and to have equal opportunity to achieve.
We want to drive the focus globally but empower local action ensuring that we reflect and embrace our differences.
This commitment influences our partnerships, how we recruit and how we deliver value to our customers. We will continue to secure the future today and our sustainability agenda will play a strategic role to support conscious decision making as we begin to set targets that challenge us to continually improve in making the world safer and more secure for all.
The United Nations Sustainable Development Goals provide us with a blueprint to achieving a better and more secure future for all. We selected the following goals, which we felt were most relevant to our business and to our stakeholders:
Through our threat intelligence and cyber resilience solutions, we are helping to secure the technology for increasing and protecting the provision of health services globally.
We are focused on investing in the future of cyber security skills, developing not only career frameworks and pathways for research, but also helping to protect the technology, which gives access to education.
We are committed to building a diverse and inclusive culture, for our colleagues and our customers.
We are focused on equality, creating an environment where everyone is welcome and can be successful.
We are a global business, with local hubs, attracting and developing diverse talent – from early careers to senior experts – all to support the global need for cyber resilience skills.
Our commitment to research, vulnerability disclosure and threat intelligence and the industry partnerships we foster help to provide safe and secure by design technologies, which enable industrialisation and innovation to drive future developments.
As well as our own ambition to reduce our carbon footprint, working with our customers we will seek to contribute to reductions in global greenhouse gas emissions through continuing to develop remote solutions.
Our value proposition is based on trust and this is founded on our Code of Ethics, considering the interests of all our stakeholders when we make decisions on the Group's future strategy and priorities.
Average CO2 emissions of our company car fleet
The greenhouse gas (GHG) reporting period is aligned with our financial reporting year running from 1 June to 31 May.
The reported figures detail annual GHG emissions from activities for which NCC Group is directly responsible. Having considered the production metrics within the business, we have concluded that annual turnover is the most appropriate to achieve a benchmark, which aligns with the carbon reduction policy and methodology that we will work towards in FY22.
The methodology used to calculate total energy consumption and carbon emissions has been through the extraction of consumption data from invoices and meter reads for the financial years stated. Where data was not available, estimates have been calculated using historical profiles and details held on record by the Group's Compliance department for audit purposes. Energy and fuel consumption has been expressed in tonnes of carbon dioxide equivalent (tCO2e), using 2019 DEFRA published conversion factors. Fuel for transportation has been converted using statistical data sets published by the UK Department of Transport.
The overall energy and carbon report was produced by PEP Energy, an independent third party that analysed invoices from energy suppliers and data from expense systems to calculate the overall results.
Over the past year, we've had little use of our global office space due to pandemic restrictions and we've also reduced our office footprint so comparing like for like is not possible.
Our calculations do not consider the impact of our colleagues working from home and the increase of their domestic energy use or decrease of their commuting over the full year. We are continuing to seek expert advice on how this can be measured to enable us to truly reflect the CO2 emissions of our organisation as we continue to operate in a more flexible environment in the future.
In FY22 our aim is to reduce carbon intensity for the Group and, working with our key stakeholder groups, we will set out targets, which will minimise the impact of our operations on the environment.
Due to the size and nature of NCC Group, an external environment audit is not required; however, we will continue to assess this as the Group grows in conjunction with any legislative developments.
Emissions by type %
| Total GHG tCO2e | |||||
|---|---|---|---|---|---|
| Source | 2019 | 2020 | 2021 | tCO2 change from previous year (2020 and 2021) |
% change from previous year |
| Scope 1 | |||||
| Gas | 63.11 | 61.35 | 79.96 | 19 | 30 |
| Company vehicles | 185.83 | 309.42 | 46.83 | (263) | (85) |
| Diesel | 121.98 | 187.27 | 22.68 | (165) | (88) |
| Petrol | 63.85 | 122.15 | 24.15 | (98) | (80) |
| Total scope 1 | 248.94 | 370.77 | 126.79 | (244) | (192) |
| Scope 2 | |||||
| Electricity | 345.43 | 415.32 | 297.79 | (118) | (39) |
| Total scope 2 | 345.43 | 415.32 | 297.79 | (118) | (39) |
| Total scope 1 and 2 | 594.36 | 786.09 | 424.58 | (362) | (85) |
| Scope 3 | |||||
| Business travel | 222.32 | 611.17 | 29.14 | (582) | (95) |
| Total scope 3 | 222.32 | 611.17 | 29.14 | (582) | (95) |
| Total scope 1, 2 and 3 | 816.68 | 1,397.26 | 453.72 | (944) | (68) |
The table below shows the proportion of Scope 1 and Scope 2 energy use that occurs in the UK and non-UK countries alongside the total carbon emissions. In FY21, 45% of the Group's energy consumption and 72% of carbon emissions arose from the UK.
| FY21 energy use | FY21 carbon emissions | |||
|---|---|---|---|---|
| Area | KwH | % of global energy use |
tCO2e | % tCO2e |
| UK | 1,436,210 | 45% | 305.003 | 72% |
| Non-UK | 1,780,945 | 55% | 119.577 | 28% |
| Total | 3,217,155 | N/A | 424.58 | N/A |
We recognise the importance of identifying the financial and non-financial impacts of climate change on the business. To make more informed financial decisions, we and our investors, lenders and insurance underwriters need to understand how climate related risks and opportunities are likely to impact our future financial position.
A robust approach to assessing climate change risks and opportunities will support us to develop business strategies, which will support future sustainability and growth. While we are not required to report against TCFD requirements this year, we recognise the importance of this initiative and how it aligns with our wider ESG agenda.
We have established a partnership with Willis Towers Watson to further develop our approach to identifying and assessing climate change risk, which supports the development of a robust strategy.
The model to achieve this is shown opposite.
In April 2021 we enhanced the benefit allowance, in line with the UK government's cycle to work scheme, from £1,000 to £6,000 for colleagues living in the UK and using a bike to commute to work. Colleagues can purchase a bike and equipment through this organised salary sacrifice scheme and the increase was made because of their feedback in our colleague forums and annual engagement survey. This enhancement is part of our overall wellbeing programme and commitment to reducing the impact we have on the environment.
At the very start of the pandemic in early 2020, an important consideration for organisations around the world was how they were going to function as restrictions impacted their traditional way of working. With remote working becoming the norm, trust was required to make it work.
We are committed to building new products, which support our sustainability commitments and meet our customers' current and future needs. Our product development ethos is to improve our end-to-end product design and build processes, ensuring we design with sustainability in mind, purposely and continuously.
This approach enabled us to be agile in adapting many of our products to be purchased, deployed and implemented remotely, ensuring we could support our customers as they moved to remote/ hybrid working models due to pandemic restrictions. (An example of this is our Firebase appliance illustrated opposite.)
Another critical element of our design approach is to ensure our product offerings are accessible. Our new Calibrate platform, which offers intelligent data-driven cyber resilience dashboards to guide risk strategy, is a great example of this. The platform was purposely designed to support user accessibility for those with the visual impairment of colour blindness. This inclusive design provides high colour contrast visual aids to support the interactive engagement between users and the Calibrate platform.
We listen to our customers, ensuring their voice is represented in the products we take to market.
With 80% of the work we traditionally do for customers already being delivered remotely, one area that is often overlooked is routine security testing. In 2018 our consultants developed an appliance – Firebase – that would enable remote security testing to be conducted – a great example of designing for the future. From the early prototype, NCC Group's Nick Watkins developed the current appliance as a research project supported by Simon Beattie. Their current version can be downloaded or posted and provides our customers with a credible and necessary alternative to ensuring their systems were secure.
Initially launched in the UK, and later in North America and our APAC region, the Firebase appliance is being developed and used to support our incident response teams as well as being planned for use by our European business.
Between 1 April 2020 and 31 May 2021, we conducted 761 jobs using Firebase, which equalled 11,656 days of remote working, and with an average of a 45–50 mile round trip from a consultant's home to customer premises, we reduced our travel impact by c.500–600k miles – the equivalent of 20–25 times around the world.
We will continue to engage with customers and encourage continued deployment of security testing remotely to improve efficiency for their business and remove unnecessary travel, which has a negative impact on climate change.
We design today for the future, working in collaboration with our colleagues across the Group, understanding the whole needs of our customers and ensuring our product offerings are accessible by all.
Michelle Barry Director of Product and Development
Each day at NCC Group our technologists and professionals wake up with one mission – to help make the world safer and more secure. Together they form a phenomenal knowledge network, collaborating, innovating and delivering value to our customers.
This culture is important to us and we strive to create a great place to work, a place where everyone is welcome and can be successful.
We are guided by our Code of Ethics – treat everyone and everything with respect; our common values are:
No matter how brilliant an individual might be, they are no match for a team. Our best and most impactful work has always resulted from collaboration. We act in the best interests of the whole Group and we never miss an opportunity to help each other and our customers. We exist to help keep our customers safe and secure – the better we understand our customers and their values, the better we can help them thrive. So, we work closely with our customers too.
We like to win. We like to, and we are good at, solving hard problems. We work hard but, in our world, success does not just come from hard work – it comes from looking at things differently and never being satisfied with the way things are. In being brilliantly creative, we need to work together – we expect collaboration, innovation, and diversity, which brings us onto our third value…
The ability to think in a different way (to, for example, how systems were intended to be used) is what leads to much cyber vulnerability and is the cornerstone of the security testing and risk work we do.
So, we work together, we are brilliantly creative and:
During the past year, we continued to improve how we listen to colleagues both at a global and a local level.
We created a monthly team engagement pack for managers to talk to their teams about various aspects of our business – all with the aim to ensure we kept connected to our mission, vision, values, and strategy despite the isolation of the pandemic restrictions. These monthly sessions encouraged teams to talk, explore and feed back – not just about our business operations but also how they were feeling. From those conversations we recognised the opportunity to create a global people managers' forum to support them to manage the drivers of engagement – it enables them to get closer to their local executive member and our HR team has created a dedicated resource centre to further support people managers and to improve how we listen at every level of the organisation.
Building on the UK colleague forum pilot launched in the previous year, we extended the colleague forums to our operations in Spain, Australia, Singapore and Japan and our Global Software Resilience business and Group functions, and we launched a new Works Council for colleagues in Denmark alongside our existing Works Council in the Netherlands.
We ran our annual b:Heard employee engagement survey with Best Companies, increasing our response rate to 81.85% (up nearly 2%) on the prior year, and continuing to improve our colleague engagement score to 642.7 (626.9 in 2019). While still within Best Companies' index of "one to watch" companies, through robust local and global action planning and active listening we strive to match our world-class participation rate with a world-class engagement score of 3*.
The investment in our Manager Essentials programme can be seen in the results from our engagement survey where 77% of eligible managers were recognised by their teams:
Jennifer Duvalier, our designated Non-Executive Director for colleague engagement, continued to meet with colleagues around the world virtually, extending our listening ability, and you can read more about her experience on page 80.
Regular town hall events and the creation of virtual communities using Microsoft Teams gave more opportunities for us to improve how we listen and learn through our day-to-day operations. Visible leadership played a critical role in this improvement and even more so due to the continued isolation of colleagues due to the ongoing pandemic restrictions.
Our ambition is to be known as a hub for cyber talent, a place where people can come and develop personally and professionally.
In FY21 we:
In addition, listening to feedback from our colleague forums and engagement survey, we launched our career framework pilot in March 2021.
The initial focus for the pilot is our technical community in our Global Professional Services in the UK and APAC region. The aim is to clarify how colleagues can progress from junior through to senior levels and how to move across specialist and management roles, with a view to empowering them to manage their own career.
The career framework will include:
The pilot will extend to other parts of the business including our Global Software Resilience, Global Managed Services and Sales colleagues over the coming year.
We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, representative of the diversity of the world they live in, share their personal experiences and have equal opportunity to achieve.
Our inclusion and diversity plan underpins our growth strategy and in FY21 was focused on four areas that were identified as being important to our colleagues:
For each of these focus areas we have colleague resource groups led by a Steering Committee, each of which has an Executive sponsor, HR and a Talent Partner. A dedicated Group Communications Business Partner is responsible for supporting our colleague resource groups to drive engagement both internally and externally.
At the heart of our commitment to inclusion and diversity is our NCC Conversations programme, which we launched in August 2020. Each month the focus area Steering Committees work together to produce content, from blogs to panel sessions and resources, which support our ongoing awareness and education for colleagues.
In addition, the programme includes workshops with external experts invited to support learning around topics exploring what it means personally and in the workplace.
What a journey we've been on over the past nine months. The content, the resources, the conversations and the personal experiences being shared, alongside the feedback we've received both internally and externally, have been inspiring.
Our NCC Conversations programme is a great example of our values in action. We work together, being brilliantly creative and embracing difference, and what connects us – what we all have in common – is our desire to make this a safe and great place for all.
A highlight for me was when a colleague said: "Had I ever before today come out as a transvestite in the workplace? Well, I never had. This is a first for me and it is indeed a big step. So why did I feel the need to do it? It is because of our inclusion and diversity programme that I felt like it was no longer a matter of why, but why not."
Communications Business Partner and NCC Conversations lead
These conversations are leading to positive changes in how we operate as a firm – investing in annual inclusion and diversity training as well as building into Manager Essentials training, partnering with organisations to develop future pathways for diverse talent to enter the industry, reviewing colleague policies, and improving how we recruit new talent and invest in career development.
We take our role as a responsible employer seriously and see the UK requirement to publish gender pay gap figures as an important step towards transparency around a key issue within our industry. We recognise steps need to be taken to continually improve our gender mix at all levels as part of our broader strategy and the investment we are making under our broader sustainability commitment is supporting us to achieve this. Our full report is available to view on our website and in FY21, in addition to the work of our Gender colleague resource group, we continued to support local initiatives aimed at encouraging more women to enter the world of cyber security.
* Source: NCC Group payroll data.
Read more online: www.nccgroupplc.com/investorrelations/corporate-governance/gender-pay-gap/
Data Protection and Governance Officer
Liz James Security Consultant
We are a global business with colleagues in many different countries around the world. We work hard to be an inclusive workplace, where everyone is treated with respect. Discrimination and harassment due to race or ethnicity are unacceptable and will not be tolerated here.
But saying it isn't enough, and like many companies addressing the systemic racism embedded in our societies, we are planning action to remove barriers for underrepresented individuals that exist within our organisation. Over the past nine months our Race and Ethnicity Steering Committee has covered key themes such as an introduction to race and ethnicity, and cultural intelligence, with guest speakers from North America and the UK discussing how to build an anti-racist organisation. We have also been working hard on providing colleagues across the Group with resources on inclusive language and behaviours and why representation matters as well as sharing personal and historic experiences of racism across the world.
We believe that a workplace in which colleagues feel safe and empowered regardless of their sexual and romantic orientation, and their gender identity enables everyone to perform at their best.
We are at the beginning of a long journey and committed to increasing our awareness and activity in this space to work towards creating an environment that provides inclusion for all underrepresented groups, ensuring their voices are heard. As the first colleague resource group in NCC Group, launched in 2019, we were delighted to be joined by the other groups to create a broader inclusion and diversity community.
This year, our LGBTQIA+ Steering Committee has helped colleagues explore sexual and gender identity in its many forms, taken a deeper dive into the importance of inclusion and hosted talks on topics including how language matters, asexuality, being transgender and transvestism, as well as providing content based on personal experience and informative articles.
Together we have utilised our social platforms to provide advice and support to parents of children who sit within the community, written to UK Members of Parliament to show our support against anti-trans bills, made pronoun badges available to colleagues across the globe and given guidance on adding pronouns onto email signatures.
Joy Evans Chief Data Protection and Governance Officer
We strive to create a working environment where neurodiversity is embraced. We value all colleagues equally and adjust as necessary to meet the personal needs of neurodiverse individuals.
The NCC Conversations series we've led has so far focused on both dyslexia and autism as a subcategory of neurodiversity, where the Steering Committee has been challenging taboos and taking a deeper dive into dyslexia and autism in the workplace through a range of activities including panel discussions, resources, tips for managers and a podcast on parenting an autistic child.
Most recently, we've invited Lexxic, a specialist consultancy championing and advising on neurodiversity in the workplace, to run an interactive workshop with colleagues to produce a neurodiversity smart roadmap with recommendations and actions based on any gaps identified in our business. This workshop builds on an earlier webinar that was hosted as part of our NCC Conversations series.
Neurodiverse individuals bring many strengths that not only need to be understood but further celebrated and valued. At NCC Group we are lucky to work with neurodiverse colleagues who bring many positive attributes to our workplace.
Natasha Gardner Technical Pre-Sales Engineer We recognise that gender inequality affects everyone across all genders. We want to provide opportunities for every colleague across the Group to be involved, to share experiences and to help set the vision for how we can work together in creating a more gender inclusive and diverse workplace.
We are committed to ensuring that equal opportunities are presented across the Group. We will do this by constantly reviewing and improving our hiring processes and examining the channels we use for talent attraction and recruitment, at the same time as leading with an approach of inclusivity and fairness to promote career progression.
Over the past year the Gender Steering Committee, working closely with our people team, has shone a light on mental and physical health with external talks on the menopause and prostate cancer, and internal panels on male mental health as well as publishing an external webpage celebrating some of the incredible women we have working here across the Group. Our recent project, Action Ally, aims to support and educate colleagues on what allyship looks like in certain situations through using examples of uncomfortable instances that colleagues have either experienced or observed throughout their careers in a bid to recognise and call out poor behaviour. We've also established NCC Group Women's International Network (WIN), which is open to those who identify as women and are passionate about championing an inclusive and diverse workforce.
We recognise that now, more than ever, it's important for us all to pull together, as families, as colleagues, and as communities. Our giving back day is designed to help colleagues connect with and support local communities and causes that mean something to them.
Managing Director, Assurance UK and RoW
Through our annual engagement survey and local colleague forums, we know that giving back to our local communities is important to colleagues. Up until more recently these giving back activities have been informal and led entirely locally and colleagues were keen for us to create a more formal giving back activity while still retaining that local action.
So last year, in preparation for pandemic restrictions lifting, we developed a pilot giving back programme with colleagues in our UK, Spain and APAC Assurance division. The programme enables colleagues to take one day of additional paid leave in a calendar year, to support a local community or charitable organisation.
During FY22, the programme will be rolled out to the wider Group, ensuring compliance with local requirements relating to volunteering.
In 2019, we launched our partnership with the Small Charities Coalition, organising cyber resilience training workshops to give small charities the practical tools to improve their cyber resilience.
In FY 2020, despite the challenges of the pandemic restrictions, we continued to invest in our commitment. Across four virtual workshops, offering ad-hoc advice, and the production of four easy to understand cyber security videos, more than ten colleagues invested over 40 hours to help make the world safer and more secure.
71 representatives from small charities across the UK, with an average annual income of less than £190,000, attended our virtual workshops: that means that, on average, the cost of a cyber breach 1 represents at least 1% of those charities' annual income, highlighting the importance of improved cyber resilience for their future.
Moreover, those charities play a fundamental role in their local communities and often work with vulnerable communities, or on sensitive issues, from addiction and mental health support, to supporting asylum seekers, veterans, disabled children or disadvantaged communities.
1 https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/ cyber-security-breaches-survey-2021.
I found it so helpful to get a broad introduction about the main areas of cyber security while also getting lots of specific and practical tips about the many things I can do to make our charity as safe as possible.
Workshop attendee
We launched our global NCC Diamonds and Stars awards in July 2020 to celebrate the incredible achievements of our colleagues – as they work together and as individuals. Our aim was to create a public platform where we could recognise colleagues and say thank you, as well as to shine a light on these achievements. It helps to instil a sense of pride and accomplishment and, importantly, the value we place on every colleague who every single day helps to make our world safer and more secure.
Our team awards – NCC Stars – saw 68 entries highlighting contributions against each of our five nomination categories – Working Together, Being Brilliantly Creative, Embracing Difference, Delighting the Customer and Community Champion. Our global winners were announced in a virtual online ceremony – not allowing the pandemic restrictions to get in the way of our celebrations.
Demonstrating the impact of our work, 80% of charity attendees said they felt better informed on cyber resilience issues and were very keen to implement their learnings. And their combined reach includes the more than 2,500 staff, volunteers and trustees who work with them, and the more than 28,000 service users and beneficiaries they support.
Our support has extended to becoming a referral partner for the Small Charities Coalition helpdesk, so that callers with cyber security queries will be routed to our NCC Group experts. This builds on our work with the Federation of Small Businesses' cyber advice helpline and the Scottish Business Resilience Centre's cyber incident helpline.
Next up in February 2021 we launched our NCC Diamonds, inviting colleagues to nominate their colleagues. We received 498 nominations, which were judged locally, and winners of each category were given an "experience of their choice" prize. The local winners were then submitted to a global judging panel with our global winners being celebrated across the Group.
Nomination categories:
Working together Carla Strong
Carla is the person you want to go to whenever you need some information or have a problem, or if you're a fresh face at NCC looking for a little guidance. Along with mentioning her infectious positive energy, her nominators said that Carla is a fount of all knowledge on office administration, facilities management, delivery operations, and any other way she can support colleagues. Her commitment to ensure that everyone has support means she truly is an #NCCDiamond.
Inspiring colleague Natasha Gardner
Beyond her role as a Technical Pre-Sales Engineer, she is chair of our Gender colleague resource group, a Mental Health First Aider, a member of the UK Colleague Forum, and host of our internal podcast series, NCC Untitled. As her nominators said, she manages each of these responsibilities with an unfailingly positive attitude and puts her heart and soul into everything she does.
Embracing difference Charlotte Tanner
When her secondment to Sydney was prevented by the Covid-19 pandemic, she still took on the responsibilities of her new Business Partner role, despite being unable to relocate. This meant supporting the APAC team with long, unsociable hours across two time zones!
Those who nominated her spoke of her appreciation of cultural differences and acknowledgement and respect of colleagues' diverse perspectives on issues. This, combined with her flexibility, empathy, and commitment to going above and beyond, has resulted in several brilliant outcomes for her team.
Inspiring people manager Ben Mitchell
Ben Mitchell was recognised as the global winner of the NCC Diamonds inspiring people manager award for his caring, positive and empathetic attitude. Those who nominated him mentioned his genuine care for those he manages, his extraordinary support and encouragement, and his willingness to go above and beyond for those who need his help.
Being brilliantly creative aschmitz
aschmitz was nominated several times for being brilliantly creative, but one example stands out in particular. When we moved to a new system in North America, aschmitz was quick to notice that colleagues required greater functionality than was initially built in. Realising that the data required for the functionality was available to them, aschmitz worked around the clock to develop a tool that would help colleagues use the new system and continue their work uninterrupted. This brilliantly creative idea is a great example of how they jump on opportunities to find solutions and help others.
Brand ambassador Tim Anderson
Our brand ambassador award acknowledges those who love sharing the brilliant things people get up to across the business. Our global winner, Tim Anderson, kept his network in the loop on recent research, new partnerships, expert insights, and the latest NCC Group news with an unparalleled number of shares. His commitment to letting people know what's going on at the Group makes him a true #NCCDiamond.
In addition to colleague nominations, CEO Adam Palser selected Sourya Biswas as the recipient of the CEO choice award.
Nominated by a significant number of colleagues for a variety of different reasons, Sourya's impact is felt across NCC Group. Known for delighting customers through brilliantly creative solutions to problems, his expert insight is invaluable. He provides support and guidance for colleagues through guides on technical processes, by setting an admirable example, and by encouraging colleagues to be the best they can be through thoughtful feedback. His speaking engagements and publications demonstrate his great knowledge and provide new opportunities to engage with customers and prospects.
Our Code of Ethics sets the standard we uphold ourselves to and we take pride in our approach. We consider the interests of all our stakeholders, including colleagues, when we make decisions on the Group's future priorities and plans.
We do not tolerate bribery and corruption. We have established policies on anti-bribery and the receiving and giving of gifts, and hospitality. Anti-bribery awareness is part of our colleague induction process and regular refresher training is mandated.
Colleagues are encouraged to report any concerns to their manager or, if required, our confidential and independent whistleblowing service. The whistleblowing process is overseen by the Audit Committee.
We aim to engender in our colleagues principles of honesty and integrity and the desire to work to the best of their ability.
We strive to act in a professional, honest and ethical manner in all our dealings with our customers, colleagues, shareholders, suppliers, and the community. Our reputation is paramount and nothing we do should detract from or compromise our standing in the market and the community. Our independence and impartiality as a Group are fundamental. We have a Code of Ethics, which all colleagues are required to adhered to.
Our customers and colleagues respect us for providing a trusted service, and to achieve this we rely on supply chain partners to support our business operations.
We are fully aware of the responsibility we have toward our stakeholders and we seek to work with supply chain partners who are equally aware of and proud to uphold these high standards.
Our relationship with supply chain partners is based on trust, collaboration and continuous improvement, underpinned by fair contracts.
We, and our customers, expect our supply chain partners (and their supply chain) to behave ethically and securely and to treat everyone fairly and with respect. Supply chain partners are an extension of the NCC Group team, and our Supply Chain Code of Conduct exists to clearly articulate the standards and behaviours we expect to see in our supply chain partnerships.
We recognise our responsibility to uphold and protect the rights of individuals in all aspects of our operations across the world.
Through our published statement and our global policies, we make it clear that we will observe and uphold the principles contained in the Universal Declaration of Human Rights and the International Labour Organization Fundamental Conventions.
We believe that human rights belong equally to all people without distinction as to race, colour, sex, language, religion, political or other convictions, national or social origin, birth or other traits. We support freedom of association, the abolition of forced labour and the elimination of child labour.
We have a zero-tolerance approach to modern slavery and are committed to acting ethically and with integrity in all our business dealings and relationships. We communicate this to all our suppliers, contractors, and business partners at the outset of the relationship and regularly thereafter. Our Anti-Slavery and Human Trafficking Statement is available to download from our website.
The Board recognises that robust governance and oversight are vital to maintaining a strong business, which can weather a changing business environment.
We have a dedicated and independent Global Governance function, which has been designed to work together to ensure seamless oversight of the control environment and management decision making. This team is made up of:
The Global Governance function reports into the Group Board, or its sub-committees, the Audit Committee and Cyber Security Committee.
The primary remit of the team is to validate compliance with the Group's policies and procedures, legislation and regulations and good practice.
Read more about our governance on pages 70 to 73 and risk management on pages 40 to 48
This Strategic Report was approved by the Board of Directors and signed on its behalf by:
Adam Palser Tim Kowalski Chief Executive Officer Chief Financial Officer
14 September 2021 14 September 2021
As Directors we recognise the renewed focus on the contribution that a successful company can make to wider society in general, in addition to generating value for shareholders, and as a Board we want to ensure that we have effective engagement with, and encourage participation from, shareholders and other stakeholders
NCC Group plc — Annual report and accounts for the year ended 31 May 2021 69
During the year we have made the commitment that by 2024, we will have at least 33% female representation on our Board and at least one person of colour. Although this is best practice for FTSE 350 companies, we will commit to this target regardless of which share index we are in.
Chris Stone Non-Executive Chair
The last year has been one of unprecedented upheaval and disorder from the Covid-19 pandemic reaching all parts of the globe and significantly impacting economies everywhere. We as a Board had a very busy year dealing with the impact of the pandemic on the Group and also considering its impact on all of our stakeholders. It is worth noting that we have taken no government subsidies or loans (other than deferring tax payments), nor have we made any colleagues redundant or furloughed them during the pandemic. We continued to pay dividends, in line with our policy, throughout the year.
We have also been engaged with the Executive Team in ensuring that all of our colleagues received the best support we could give them, specific to each of their individual needs, to manage in these new and changed circumstances. I have been very impressed by the depth and quality of the colleague support programme that the team has delivered.
The Board is committed to creating and maintaining a culture where strong levels of governance thrive throughout the organisation, specifically ensuring that we send out consistent messages on our values and acceptable behaviours for our colleagues, our customers, our suppliers and our advisers.
As a Board we have focused our attention on the requirements of the UK Corporate Governance Code 2018 (the 'Code') and are reporting against this Code in our Annual Report and Accounts. A key focus for the 2018 Code is culture and ensuring that it aligns with the Group's purpose, strategy and values. Culture has been high on the Board's agenda for some time and the Board considers culture to be an essential ingredient in meeting our long-term, sustainable returns to shareholders and indeed our stakeholders.
The Board, the Executive Committee and the senior management continue to promote our culture and standards throughout the business and lead by example to provide a strong corporate governance framework.
One of the most significant changes to the Code affecting NCC Group is in respect of workforce engagement. Our main stakeholder is our colleagues and we wanted to develop meaningful mechanisms to ensure that we, as a Board, have meaningful and regular dialogue with our dedicated and committed workforce. This then puts us in a strong position to deliver our strategy.
To assist us with this, during the year, Jennifer Duvalier, a Non-Executive Director, has continued her excellent work as our designated Non-Executive Director for workforce engagement. Jennifer (along with other Non-Executive colleagues, including me) has been meeting (albeit virtually) and speaking with colleagues around the world and reporting back on findings at each Board meeting via a dedicated agenda slot. We have not let Covid-19 be a barrier to hearing our colleagues' opinions around the Board table. As a people business, this is a crucial area for us to focus on and get right.
Towards the end of our financial year, we re-joined the FTSE 350 so we are now reflecting on the new governance provisions that are now relevant and we will report back on these next year.
As individual Directors we recognise our statutory duty to act in the way we each consider, in good faith, would be most likely to promote the success of NCC Group for the benefit of its members as a whole, as set out in section 172 of the Companies Act 2006. Our role as the Board is to set the strategy of the Group and ensure that management operates the business in accordance with this strategy. We believe this approach will promote the Group's long-term success and our customers' interests as well as create value for shareholders and have regard to our other key stakeholders such as our colleagues.
The Board's intention is to hand over the business to our successors in a better and more sustainable position for the future. We recognise the renewed focus on the contribution that a successful company can make to wider society in general in addition to generating value for shareholders, and as a Board we want to ensure that we have effective engagement with, and encourage participation from, shareholders and other stakeholders. During the year we have reflected on who our key stakeholders are and assessed our current engagement mechanisms to ensure the effectiveness of that engagement. We then factor into our decision making any feedback from that engagement.
We have made no changes to the Board during the year. The biographies of all the Board members can be found on pages 74 and 75.
With regard to our current diversity, I am satisfied that we have an appropriately diverse Board in terms of experience, skills and personal attributes among our Board members. The Directors have many years of experience gained across a variety of industries and sectors, ensuring a mix of views and providing a broad perspective.
All that said, we recognise that we still have much progress to make in terms of improving the diversity of the Board and our Executive Team (and indeed our workforce as a whole). With that in mind, during the year we have made the commitment that by 2024, we will have at least 33% female representation on our Board and at least one person of colour. Although this is best practice for FTSE 350 companies, we will commit to this target regardless of which share index we are in. (To achieve this commitment by 2024 based on our current Board size of seven Directors, we would need to have at least three female Directors out of the seven. At least one of the seven would be a person of colour).
We will look to address this during future Board and Executive Committee appointments. Given that this is a fairly young Board in terms of tenure, this improvement in diversity will not be a quick process but we are very mindful of the need to take positive action, and the matter is fully on our agenda. Accessing the candidates we require to reach this target will involve us looking beyond the obvious pool of existing board directors within the UK and we intend to ensure that we extend our talent search to other sectors and countries to ensure we find a diverse pool of candidates from which to choose to provide us with true diversity around our Board table.
As Chair, I am responsible for providing leadership to ensure that the Board operates effectively. I have been supported in this by all the Directors, in particular Chris Batterham, our Senior Independent Director. The annual reviews of Board effectiveness help the Board to consider how it operates and how its operations can be improved. This year, the review was undertaken internally and the findings of this review have provided us with ideas to further improve the manner in which the Board operates, and build on previous evaluations. The results were very useful and insightful and have been incorporated into our plans for the coming year. In particular, Board succession planning remains a priority, particularly as we look to ensure the Board and Executive Committee have the right set of skills and experience to support the Group as the business evolves.
I have been very impressed about how effectively the business as a whole, and indeed the Board, has transitioned to remote working during the Covid-19 pandemic. Although I feel that longer meetings are best done face to face, we have continued to hold all of our scheduled Board and Committee meetings as planned and also our strategy day in March, which all attendees agreed was our best strategy session to date. While being mindful of the impact of Covid-19 on the wider world and us as a business, our approach as a Board has been one of "business as usual" and we continue to focus on important longer-term strategic and governance issues facing the Group, while supporting management on more short-term tactical decisions. Despite most colleagues working from home, we managed to successfully purchase Iron Mountain's Intellectual Property Management (IPM) business which will now form part of our Global Software Resilience division. The acquisition meant that we held a number of additional Board meetings throughout the year, and I was very grateful for the flexibility demonstrated by my colleagues to make sure that they were available for this process. As lockdown eases, the Board is very much looking forward to holding some in-person meetings and reconnecting with our colleagues as part of office and site visits.
We are in regular contact with our large investors through a regular scheduled programme of meetings attended by either our CEO or CFO or both of them. Chris Batterham, our Senior Independent Director, and I are also available to meet with investors should the need arise.
I met with our larger investors in February/March 2021 and fed back my findings to Board colleagues at the next Board meeting. In addition, our brokers undertook an investor survey on the back of our half year results in January and the results of this were presented and discussed at a Board meeting. Our aim is to engage with our shareholders in an open and meaningful way.
Ensuring that the Directors' remuneration packages align the Directors' and senior managers' interests with the long-term interests of NCC Group and its shareholders is always a key area of interest for investors. Our Directors' Remuneration Policy was last approved by shareholders at the 2020 AGM and at the 2021 AGM we will be asking shareholders to approve a new Remuneration Policy.
The 2020 Directors' Remuneration Policy received 81.44% of votes in favour at the 2020 AGM. Our 2018 and 2019 Directors' Remuneration Reports received over 99% of votes in favour, recognising the continued support of our shareholders for our approach to executive remuneration, so naturally we were very disappointed with the voting outcome of the 2020 AGM of only 51.53% votes in favour. Jonathan Brooks, as our Remuneration Committee Chair, consulted with our shareholders who voted against the Remuneration Report following this significant vote against and we published our response on 2 February 2021 which can be read here, https://www.nccgroupplc.com/media/zfhhxutu/ voting-results-of-2020-annual-general-meeting.pdf. The UK Corporate Governance Code 2018 has increased the role and remit of the Remuneration Committee and this is reported on within the Remuneration Report. As part of our new Remuneration Policy, we will be aligning our Executive Directors' pensions with our wider colleague population, and introducing post-employment shareholding rules.
The Company measures itself against the requirements of the UK Corporate Governance Code 2018 (the 'Code'), which is available on the Financial Reporting Council website (www.frc.org.uk).
From 1 June 2020 to 31 May 2021, the Company complied with the Code in full with the exceptions that our CEO and CFO pensions were not in alignment with our general colleague population, and we do not have post-employment shareholding guidelines. Both of these areas of non-compliance will be attended to post our 2021 AGM and subject to shareholder approval of our new Directors' Remuneration Policy.
Also between 1 June 2020 and 31 May 2021, the Company did not engage with the workforce to explain how executive remuneration aligns with the wider Company pay policy as required by the Code. However, the Remuneration Committee compares information on general pay levels and policies across the Group when setting Executive Director pay. Jennifer Duvalier undertakes regular colleague engagement sessions where colleagues are able to ask about Executive Director pay. During the year no questions or concerns on executive pay were raised to Jennifer.
We are immensely proud of our colleagues for their extraordinary efforts during the pandemic, recognising that many were working from home in far from ideal circumstances, acting in the best interests of our customers and our stakeholders. I would like to thank all our colleagues for their incredible contribution in stepping up and meeting the unprecedented challenges of the Covid-19 pandemic.
Chris Stone Non-Executive Chair 14 September 2021
The different parts of the Company's governance framework are shown below, with a description of how they operate and the linkages between them.
For further details on Board composition and division of responsibilities see pages 78 to 86
Chris Stone Non-Executive Chair
Appointment to the Board: 6 April 2017
Chris has held various Non-Executive Director and Chief Executive roles at listed and private equity backed technology companies. He was CEO of Northgate Information Solutions plc from 1999 to 2008, until its sale, and stayed as CEO until 2011. From 2013 to 2016, he was CEO of Radius Worldwide. Chris was also a Non-Executive Director of CSR plc, and Chair of the Remuneration Committee, from 2012 until its sale in 2015. Chris was also Chair of AIM listed CityFibre plc from January 2017 until June 2018, when it was sold to private equity buyers.
Chris is the Chair of Everynet BV, a privately owned Internet of Things infrastructure business, and Chair of AIM listed Idox plc. Chris is also a Non-Executive Director of Rural Broadband Solutions Plc.
Adam Palser Chief Executive Officer
Prior to NCC Group, Adam was the CEO of NSL Ltd, the public services provider. He joined NSL in 2015 and led the successful transformation and sale of the business for its private equity owner. Between 2003 and 2013 Adam performed a number of different roles at QinetiQ including taking responsibility of QinetiQ's cyber, information warfare and professional services businesses.
Adam does not currently have any external appointments.
Internal appointments Adam is an Executive sponsor of the Gender resource group.
Tim Kowalski Chief Financial Officer and Company Secretary
Tim is an accomplished CFO with significant listed and private company experience. Prior to joining NCC Group, Tim was Group Finance Director of Findel Plc between 2010 and 2017 and prior to that held similar roles with Homestyle Group Plc and N Brown Group Plc. Tim has significant experience of divisional financial management within the hospitality sector. Tim qualified as a Chartered Accountant with KPMG and spent his early career there. Tim has a wide breadth of finance expertise obtained from experiencing differing finance roles within organisations and also within a variety of companies, and has been involved in a number of high profile financial turnarounds.
Tim does not currently have any external appointments.
Internal appointments Tim is an Executive sponsor of the Race and Ethnicity resource group.
Chris Batterham Senior Independent Non-Executive Director
A C N R
Appointment to the Board: 1 May 2015
Chris is a qualified Chartered Accountant, spending his early career with Arthur Andersen, and also has significant experience in senior finance roles across the technology sector. Chris was Finance Director of Unipalm plc (the first internet company to IPO in the UK) from 1996 until 2001, before becoming CFO of Searchspace Limited until 2005 and has since held a wide variety of non-executive and advisory roles, the majority having a technology focus.
Chris is currently the Senior Independent Director and Non-Executive Deputy Chair of Blue Prism Group plc (and also chairs the nomination committee, as well as being a member of its audit and remuneration committees) and Non-Executive Director at Nanoco Group plc (and also chairs the audit committee, as well as being a member of its nomination and remuneration committees). Chris is also Chair of Racing Digital Limited.
Audit Committee C Member of Cyber Security Committee
N Member of Nomination Committee R Member of
Remuneration Committee Committee Chair
74 NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Jonathan Brooks Independent Non-Executive Director
R A C N
Appointment to the Board: 16 March 2017
Jonathan was Chief Financial Officer of ARM Holdings plc from 1995 until 2002. He has since held a number of Non-Executive Director positions with listed and private technology businesses, including chairing the audit committees at IP Group, Aveva Group, FDM Group, Sophos Group PLC, and e2v PLC. He also chaired the remuneration committees of IP Group and Xyratex Ltd, where he also served as Chair between 2011 and 2013.
Jonathan does not currently have any external appointments.
Jennifer Duvalier Independent Non-Executive Director
C N R
Jennifer was Executive Vice President of People at ARM Holdings plc, with responsibility for all people and internal communications activity globally, from September 2013 to March 2017.
Jennifer is currently the Senior Independent Director of Trainline plc (where she is also a member of the audit and risk, nomination and remuneration committees) and an independent Non-Executive Director and Chair of the Remuneration Committee of Mitie Group plc (as well as being a member of its nomination committee) (she is also the designated Non-Executive Director for colleague engagement at both companies) and of Guardian Media Group plc. She is Non-Executive Director of The Cranemere Group Ltd, a member of The Council of the Royal College of Art and Chair of the Remuneration Committee, and a senior adviser to the Cleveland Clinic London and M Squared.
Mike Ettling Independent Non-Executive Director
A
Mike has strong sector and non-executive experience. He has had an extensive career in global technology businesses including SAP-Sucessfactors, NorthgateArinso, Unisys, Synstar and EDS and was formerly a Non-Executive Director of Backoffice Associates LLC, a US PE backed data business, and also formerly a Non-Executive Director of Telkom BCX Ltd, a South African IT and telecommunications business. Mike has also served as a Non-Executive Director with Topia Inc, a Silicon Valley cloud relocation software business.
Mike is currently CEO of Unit4, a world leader in enterprise applications for services and people organisations. He is also Non-Executive Director of Impellam PLC, an AIM listed recruitment business.
Diversity of skills and experience
Strategy development
Sales and marketing
Human resources
Corporate governance
Financial management
M&A
Professional services
Max Baldwin Group Sales and Marketing Director
Steve Boughton Global Operations Director
Max joined the Group in October 2019 and is responsible for inspiring and challenging its business growth plans towards continued sustainable and profitable revenue. Max owns the Group Marketing function and provides regional sales and portfolio teams with global insight, tools, techniques and direction that support their business winning objectives. Max was the Executive sponsor of the Race and Ethnicity resource group in FY21.
Steve is responsible for our Group transformation programme and for Group central services around the world. He joined the business in March 2018 from the NSL Group where he was the Chief Operating Officer supporting the business through its sale in 2017, and previously served as Managing Director of QinetiQ's technical advisory business, leading software and service subsidiaries in the UK, Canada and Australia. In FY22 Steve will be the Executive sponsor of the new Accessibility resource group.
Simon Fieldhouse Global Managing Director, Software Resilience
Yvonne Harley Global Director of Sustainability and Corporate Affairs
Simon is Global Managing Director of the Software Resilience division, with locations in the UK, the USA, Europe and the Middle East. Simon is focused on returning the division to sustainable growth, supporting Group investment in product innovation to underpin growth across our EaaS cloud portfolio. Having completed the acquisition of the Intellectual Property Management company from Iron Mountain, Simon is leading the integration of the IPM business into NCC Group. Prior to NCC Group, Simon was the CEO of Hardware.com, an international value-added reseller of hybrid IT solutions operating in the UK, the USA, Europe and South Africa. In FY22 Simon will be Executive sponsor alongside Tim Kowalski of the Race and Ethnicity resource group.
Yvonne is Global Director of Sustainability and Corporate Affairs responsible for driving our sustainability strategy and setting communication standards, channels, brand reputation, colleague communication, public relations and crisis communication as well as co-sponsoring our inclusion and diversity engagement initiatives with Chief People Officer, Colin Watt.
Joining the Group in July 2018, Yvonne has international experience across a range of industry sectors, which includes senior roles in financial services, oil and gas, and shipping.
Robert Horton Global Head of Assurance Delivery
Nick Rowe Managing Director, Assurance North America
Robert has worked in a number of areas across the Group, most recently on the creation of the single European division. He is also the Executive sponsor for Global Managed Services. Currently he is involved in the business transformation programme driving business alignment.
Robert was a Director of NGS Software, a security consulting company he co-founded, from its formation in 2001 through to its acquisition by and successful integration into the Group in 2008.
Nick is Managing Director of the North American Assurance division based in California. He has held positions across business development, consulting and operations management since joining the firm in 1998. Currently Nick is responsible for the Group's North American operations since relocating from the UK in 2013 and while the primary focus is on the growth of this region Nick also sponsors global initiatives across sales, marketing and, as part of the Group-wide commitment to diversity and inclusion, the Neurodiversity resource group in FY21.
Assurance Europe
Inge is Managing Director for NCC Group's Continental European operations, including Fox-IT and the former Fort Consult brand (Denmark). With a strong career in cyber and security she has previously held roles with the Dutch National Police and the General Intelligence and Security Service of the Netherlands and served as Home Affairs Counsellor in the Royal Netherlands Embassy in Paris. Before she joined NCC Group Inge was part of the cyber security leadership team with Deloitte Risk Advisory, securing the critical infrastructure of the Netherlands, including central government. In 2019 she was listed in the top 100 most influential women in the Netherlands and one of the 50 most inspiring women in tech. In FY22 Inge will sponsor the Neurodiversity resource group.
Ian Thomas
Managing Director, Assurance UK and RoW
Ian joined NCC Group in December 2018 and is responsible for the Group's UK and RoW Assurance division and acts as Executive sponsor for Global Professional Services and for the LGBTQIA+ community. Prior to that he was UK MD at Sopra Steria for two and a half years, following a successful interim career working for a number of global businesses and private equity backed firms, in Managing Director and Sales Director positions. He was at Cable&Wireless for eight years, where he ran global service assurance and the wholesale and public sector divisions. Ian's early career includes 14 years at British Airways.
Colin Watt Global Chief People Officer
Ollie Whitehouse
Chief Technical Officer
Colin is the Global Chief People Officer for NCC Group. He is responsible for the human resources team across the Group, as well as being the co-sponsor with Yvonne Harley on the Group's inclusion and diversity initiatives. Prior to joining NCC Group, Colin was the Director of Employee Engagement and Relations at Shop Direct, the online digital retailer. He previously held a number of senior leadership roles in Telefonica's O2UK, research, European and global HR teams and Co-operative Financial Services.
Ollie is Chief Technical Officer at NCC Group responsible for the Group's technical strategy, research, product and development functions. Ollie is ultimately tasked with ensuring that NCC Group is well placed with capability and technology to exploit market opportunities now and in the future. In FY21 Ollie was the Executive sponsor of the Gender resource group.
Joining the Group in 2012, over the past 25 years Ollie has worked in a variety of cyber security consultancy, applied research and management roles. Ollie is Chair of a science advisory council to the UK government and is an adviser on matters of cyber security to several government departments.
Role profiles are in place for the Chair and Chief Executive Officer, which clearly set out the duties of each role.
| Role | Responsibilities |
|---|---|
| Chair of the Board (Chris Stone) |
Is responsible for the running and leadership of the Board, setting its agenda and ensuring its effectiveness on all aspects of its role, and promoting a culture of openness, debate and the highest standards of corporate governance. The Chair, in conjunction with the CEO and other Board members, plans the agendas, which are issued with the supporting Board papers in advance of the Board meetings. These supporting papers provide appropriate information to enable the Board to discharge its duties which include monitoring, assessing and challenging the executive management of the Group. |
| Chief Executive Officer (Adam Palser) |
Together with the senior management team (ExCom), is responsible for the day-to-day running of the Group's business, implementing the strategy and policies approved by the Board, and regularly providing performance reports to the Board. The role of CEO is separate from that of the Chair to ensure that no one individual has unfettered powers of decision. |
| Chief Financial Officer (Tim Kowalski) |
Works closely with the CEO with specific responsibility for all financial matters, including Group accounting policies, financial control, tax and treasury management, risk management and financial probity. The CFO is also accountable for the transparency and appropriateness of management information and key performance indicators, internally and externally. |
| Senior Independent Director (Chris Batterham) |
Provides a sounding board for the Chair and serves as an intermediary for other Directors, colleagues and shareholders when necessary. The main responsibility is to be available to the shareholders should they have concerns that they have been unable to resolve through normal channels or when such channels would be inappropriate. |
| Non-Executive Directors (Jonathan Brooks, Jennifer Duvalier and Mike Ettling) |
Bring experience and independent judgement to the Board. Maintain an ongoing dialogue with the Executive Directors which includes constructive challenge of performance and the Group's strategy. |
| Designated Non-Executive Director for engagement with the workforce (Jennifer Duvalier) |
Leads on Board engagement with the workforce (please see separate section on page 80). |
| Company Secretary (Tim Kowalski) |
Ensures good information flows within the Board and its Committees and between senior management and Non-Executive Directors. The Company Secretary is responsible for facilitating the induction of new Directors and assisting with their professional development as required. All Directors have access to the advice and services of the Company Secretary to enable them to discharge their duties as Directors. The Company Secretary is responsible for ensuring that Board procedures are complied with and for advising the Board through the Chair on governance matters. The appointment and removal of the Company Secretary is a matter for the Board as a whole. Tim is supported with his company secretarial duties by a Deputy Company Secretary. |
The Board considers that each Director is able to allocate sufficient time to the Company to discharge their responsibilities effectively. The Non-Executive Directors are contracted to spend a minimum of 24 days per annum on the Group's affairs, and the Chair 60 days.
A summary of each current Director's attendance at meetings that they were eligible to attend of the Board and its Committees during the financial year ended 31 May 2021 is shown below. Unless otherwise indicated, all Directors held office throughout the year. More Board meetings than usual were held during the year due to the delayed full year results caused by Covid-19, plus the acquisition of IPM.
| Board | Audit | Nomination | Cyber Security | Remuneration | |
|---|---|---|---|---|---|
| Chris Stone | N/A | N/A | |||
| Adam Palser | N/A | N/A | N/A | N/A | |
| Tim Kowalski | N/A | N/A | N/A | N/A | |
| Chris Batterham | |||||
| Jonathan Brooks 1 | |||||
| Jennifer Duvalier | N/A | ||||
| Mike Ettling 2 | N/A | N/A | N/A | ||
Committee Chair 1 Was absent for July 2020's meetings due to sudden illness. Jennifer Duvalier chaired the July 2020 Remuneration Committee meeting. 2 Was absent due to personal circumstances.
At every meeting the Board reviews the minutes from the previous meeting and the status of any outstanding actions. Colleague engagement is a standing agenda item presented by Jennifer Duvalier as our designated Non-Executive Director for workforce engagement. The CEO and CFO present their monthly performance update reports, which are also circulated to Board members in months where there is no scheduled Board meeting. Over the year, the Board has had reports on the Group's trading in light of Covid-19 along with the defensive measures the Group has taken in response to the pandemic. Potential opportunities created by Covid-19 have also been discussed. A significant proportion of the Board's time has been spent on the IPM acquisition.
The Board has also reviewed the following during 2020/21:
Attended the AGM and the general meeting to seek shareholder approval for the IPM acquisition
Recommended new share plan rules to shareholders for approval at the AGM
In March 2021 the Board held a dedicated one day strategy session which allowed for "deep dives" into all aspects of the Group's business.
As the Group remains focused on the successful execution of its strategy, the March 2021 Board strategy day presented an opportunity to understand the trends and changes in the cyber and software resilience markets, assess the Board's confidence in the Group's strategic direction, and discuss our preparedness to make any future changes.
To prepare, Board members received a briefing pack in advance of the day which contained a concise, high level presentation for each business unit, including an overview of global and regional inclusion and diversity initiatives and colleague engagement programmes, along with additional background briefing material, to allow for high quality presentations and discussions on the day.
The Board strategy day itself focused on our Global Software Resilience and Global Assurance divisions.
Advisers and brokers offered an external view of the broader market environment for both, before the divisions' Managing Directors presented to the Board on their transformation plans for growth, provided their reflections on NCC Group's opportunities within Europe and beyond, and outlined progress and expectations for the Group's growth propositions, notably the Microsoft Sentinel and Remediate offers.
Following an open exchange of views between Managing Directors and the Board to discuss any outstanding questions, the Board strategy day concluded with a Board only discussion that focused on driving long-term value creation for NCC Group.
The Board agreed that the 2021 strategy day had been the best to date, provided thought provoking and inspirational insights, and demonstrated the Group's decisive strategic action to realise its vision.
Managing Directors used the feedback from the day to inform their 2021/22 budget considerations and associated approvals, and a progress check will be held at the halfway point to the 2022 strategy day to ensure that the agreed actions remain on track and the Group remains in the best possible position to increase its chances of success.
Jennifer Duvalier is the Board's designated Non-Executive Director to lead the Board's colleague engagement programme.
Jennifer also undertakes the designated Non-Executive Director role at both Trainline plc and Mitie Group plc meaning she has the relevant experience as to what is needed and can draw on her successful HR career. She is committed to understanding the views of our colleagues and ensuring they are incorporated into the Board's decision-making process.
Colleagues were introduced to Jennifer via our internal social channels where she explained her role through a video and written communications. Jennifer has access to these channels to enable her to engage fully outside of the formal events.
Jennifer has not let Covid-19 get in the way of her engagement activities and the past year has been a busy one with Jennifer meeting colleagues virtually from Australia, the Netherlands, San Francisco, Seattle, Canada, Singapore, Japan and Spain. We were keen to build on the momentum in the previous year. Jennifer is sometimes joined by our Chair, Chris Stone, or other Non-Executives, to meet colleagues, all of whom are invited from below the mid-management level and all parts of the business to ensure diversity of thought. We ensure that no one has their line manager in the (virtual) room to ensure they can speak freely and tell Jennifer what is on their mind.
Feedback from each session's participants is shared anonymously to the Board and to our CEO, Adam Palser. This enables action to be taken, further strengthening the value of listening. Colleagues attending are invited to give their feedback and, so far, results have been positive and valued.
I have really enjoyed getting out and meeting with colleagues across the Group albeit virtually. I have been very pleased by the positive comments received and have been impressed by the people I have met and their engagement and dedication particularly working remotely, with a number of recent joiners never having met their colleagues in person! Of course, there are things to be addressed, of which some are "quick wins", but some matters will take longer to address. Colleagues also make really helpful suggestions as to how we can improve how the business runs which I feed back to management. I hope that as the designated Non-Executive Director I am able to facilitate positive change and ensure that the colleague voice is heard strongly within the boardroom and reflected within all the decisions we as a Board make that impact our most important stakeholder.
Designated Non-Executive Director
All Directors have access to the advice and services of the Company Secretary and Directors are entitled to take independent professional advice if necessary, at the expense of the Company.
The Companies Act 2006 requires Directors to avoid situations where they have, or could have, a direct or indirect interest that conflicts or potentially conflicts with the interests of the Company. The Company's Articles of Association require any Director with a conflict or potential conflict to declare this to the Board.
That Director will not then be involved in the discussions relating to the proposal, transaction, contract or arrangement in which they have an interest, unless agreed otherwise by the Directors of the Company in the limited circumstance specified in the Articles of Association, nor will they be counted in the quorum or be permitted to vote on any issue in which they have an interest. Directors are required to inform the Board without delay should they be aware of any actual or potential conflicts of interest and a check on conflicts is undertaken each year with a report to the Board.
As required by the Code, at least 50% of the Board, excluding the Chair, are independent Non-Executive Directors. The Board comprises two Executive Directors, four independent Non-Executive Directors, and the Non-Executive Chair.
The Board has debated and considers that all of the current Non-Executive Directors are independent, and in so doing considered the profile of all of the individuals, concluding that none of them:
The Non-Executive Directors provide a strong independent element on the Board and are well placed to constructively challenge and help develop proposals on strategy and succession planning. Between them they bring an extensive and broad range of experience to the Group.
Details of the Directors' respective experience are set out in their biographical profiles on pages 74 and 75.
The terms and conditions of appointment of Non-Executive Directors are available for inspection at the Company's registered office during normal business hours.
The principle of Board diversity (and indeed diversity across the Group) is strongly supported by the Board. It is the Board's policy that appointments to the Board will always be based on merit so that the
Board has the right balance of individuals in place. The Board recognises that diversity of thought, approach and experience is an important consideration and is therefore one of the selection criteria used to assess candidates prior to any Board appointments. Read more about diversity in the Nomination Committee Report on pages 95 to 97.
The Company's policy is to find, develop and maintain a diverse workforce at all levels with an initial focus on developing a culture where women can achieve and retain senior positions.
In accordance with the Code, any Directors appointed in the financial year are subject to election by shareholders at the AGM and, in line with best practice, all the other Directors are subject to re-election annually.
No new members of the Board were appointed during the year.
New Directors are provided with an induction on appointment, which would include visits to the Group's operations and meetings with operational and executive management. Each Director's induction is tailored to their experience and background with the aim of enhancing their understanding of the Group's strategy, business, operating divisions, colleagues, customers, suppliers and advisers and the role of the Board in setting the tone of our culture and governance standards.
The Company acknowledges the importance of developing the skills of the Directors to run an effective Board. To assist in this, Directors are given the opportunity to attend relevant courses and seminars to acquire additional skills and experience to enhance their contribution to the ongoing progress of the Group. All of the Directors attend sessions which are aimed at updating the Board on trends and developments in corporate governance.
The performance of the Board and its Committees is appraised annually and an internal effectiveness review was completed for 31 May 2021. The overall rating was very positive meaning that the Board and its Committees continue to function well.
The results were presented to the May 2021 Board meeting and the Chair also held one-to-one calls with Board colleagues for "deeper dives" into any areas they wished to discuss in more detail and with the CEO to discuss areas highlighted by the evaluation process. We have also scheduled in a progress check in September 2021 to ascertain how we are doing against our proposed improvements and whether we need to do anything different in the second half of the financial year.
The evaluation identified changes which would improve the working of the Board, including:
Although all of the above were considered important, it was agreed that the key area to focus on would be succession planning.
To focus on these actions, we have agreed the following:
| Action | Progress and our plan |
|---|---|
| An increased focus on diversity |
• Firm commitment to at least 33% female representation and at least one person of colour on the Board by 2024 |
| • Presenters to the Board encouraged to highlight diversity statistics within their business area as happened during the strategy day, when each presenter did this |
|
| • Appointment of Inge Bryan as Managing Director of NCC Assurance Europe | |
| • Unconscious bias training has now been completed by the Board with the ExCom having already completed it |
|
| • Significant work underway internally on creating an inclusive culture throughout the organisation | |
| Assessing and | • More Board discussion on ensuring our culture aligns with our values |
| monitoring culture | • Regular updates on how colleagues were coping with remote working during Covid-19 and the support available to them |
| • Presenters to the Board encouraged to highlight culture initiatives within their business area | |
| • Board to have more exposure to senior executives across the business | |
| • Having a designated NED for workforce engagement reporting back to every Board meeting has helped with this (please see page 80 on colleague engagement for further details) |
|
| • NEDs to spend more time in the business and at different offices (which will be done in person as we come out of lockdown) |
|
| • Reporting on the "mood" of the business within the monthly CEO reports and areas of concern or where there are higher than expected colleague attrition levels |
|
| • Discussing the results of both the annual colleague engagement survey and the more regular "pulse" surveys |
|
| A continued focus on strategy and strategic |
• One day dedicated strategy session now held annually, attended by all divisional Managing Directors and this year by brokers and advisers to provide an external and wider market perspective |
| discussion | • Ensuring strategy is more of an ongoing Board discussion between annual strategy days rather than a once a year activity |
| • Shifting Board discussion away from short-term tactical issues to more longer-term strategic issues | |
| • Actions from dedicated strategy day circulated to the Board with a check-in on strategy halfway through the year |
|
| An increased focus on succession planning and ensuring that these plans are reviewed on a regular basis |
• Nomination Committees now being held with a programme of four Committee meetings planned every year with the Committee moving away from a transactional Committee (e.g. to recruit a new Director) to a more holistic view encompassing: future skills needs, talent pipelines, diversity, succession planning, and reviewing leadership needs of the Company |
| • Nomination Committee redoubling focus on succession planning for the Board and senior management including discussing Executive Director succession planning in general terms |
|
| • Chris Stone (Nomination Committee Chair) and Colin Watt (Global Chief People Officer) are now meeting regularly and discussing a separate workstream on succession planning |
Governance
| Action | Progress and our plan |
|---|---|
| An increased focus on CSR/ESG (labelled as "sustainability" internally) |
• Global Director of Sustainability and Corporate Affairs taken on ESG lead within the Group and presents every six months to the Board |
| • Gap analysis has been undertaken to provide an action plan to close the gaps and an ESG framework has now been developed |
|
| • Policies have been refreshed and standardised (e.g. Code of Ethics and Modern Slavery). The whole organisation has undertaken Code of Ethics refresher training |
|
| • Increasing recognition that this area will become an ever-more important area for new and existing clients and investors when they are evaluating who to buy from and partner with/invest in |
|
| • Improving the visibility of what the organisation is doing with regard to ESG and ensuring that all the ESG initiatives and activities are being properly recorded and reported |
|
| • TCFD will be reported on within the 2022 Annual Report. A TCFD steering group has been formed | |
| • Partnerships with external organisations being developed, e.g. we have become a member of Business in the Community (BitC) and joined the UN Global Compact (UNCG) at the "Participant" membership level. With BitC, we have taken part in its Responsible Business Tracker |
The 2021 evaluation process also reviewed progress on actions identified in previous evaluation processes.
| Areas identified in previous evaluations |
2021 evaluation – progress |
|---|---|
| An increased focus on succession planning and ensuring that these plans are reviewed on a regular basis |
Good progress and firmly on the Board's and Nomination Committee's agenda with a firm commitment to at least 33% female representation on the Board and at least one person of colour by 2024 (see above table for further details). |
| An increased focus on CSR/ESG |
Good progress and firmly on the Board's agenda (see above table for further details). |
| A continued focus on strategy and strategic discussion |
Good progress with the 2021 strategy day felt to be the best to date (see above table for further details). |
| Enhancing Board interactions and communications with the |
Good progress. The Board has continued to interact with a significant number of colleagues on both a Company-wide basis and via receiving presentations from various members of the ExCom plus senior managers. There are regular updates on customers within the CEO's Report. |
| Company and its customers | |
| Developing Board involvement in the Group's culture related initiatives |
Good progress (see above table for further details). |
| Company Secretary reviewed 2020 questionnaires and evaluation exercise results and, based on this, proposed questionnaires for the 2021 evaluation exercise. |
The proposed questionnaires were reviewed and approved by the Chair and Committee Chairs and (for the Chair's review) the Senior Independent Director. |
Questionnaires were added to an online survey website which ensured the anonymous and efficient collection of answers. |
|---|---|---|
| Summary reports together with the results and comments received were prepared for the Board and Committee meetings where the results were discussed and key actions for the coming year agreed. |
The responses were collated and analysed by the Company Secretary who then shared these with the Chair and Committee Chairs and (for the Chair's review) the Senior Independent Director. |
Board members, the Company Secretary and regular Committee attendees were then invited to complete the questionnaires. |
| The Chair held one-to-one meetings with Board members where areas of interest could be discussed in more detail. |
The Senior Independent Director met with the Chair to discuss the Chair evaluation results. |
During the year, each of the Audit, Remuneration, Nomination and Cyber Security Committees carried out an internal self-evaluation on their effectiveness. The conclusion from the Committee reviews is that, overall, the Committees are working well but some recommendations were made, as per the table below.
| Committee | Focus areas |
|---|---|
| Audit | • Continuing to focus on reducing the length of Committee papers (using summaries where appropriate) but acknowledgement that the internal papers had improved |
| • Continuing to ensure that Committee papers were circulated as early as possible | |
| • An acknowledgement that Covid-19 (and the delay to the 2020 full year results) had resulted in too many Committee meetings and the number of meetings should be reduced to normal levels |
|
| • The change in audit partner during the year was felt to have brought a refreshed perspective to the external auditor's view and the audit partner's onboarding should continue |
|
| Cyber Security | • Continuing to take the papers/presentations as read and focusing on more value-adding dialogue, discussion, and interaction rather than going through the Committee briefing packs |
| • Acknowledgement that the presentation from the Director of Operations at the UK's National Cyber Security Centre (NCSC) had been excellent and more external presenters should be used where possible |
|
| • A review of whether external advisers/consultants could attend future Committee meetings | |
| • More frequent updates on the nature of the changing cyber threat landscape, e.g. what are the current major topics within cyber and the significant threats |
| Committee | Focus areas |
|---|---|
| Nomination | • Making strong initial progress with our firm commitment to have at least 33% female representation and at least one person of colour on the Board by 2024 |
| • Succession planning for the Board and senior management and in particular a discussion on Executive Director succession planning in general terms over the next 6–12 months |
|
| • Improving succession plans for senior executives and improving exposure to senior executives at Board meetings and within more informal settings |
|
| Remuneration | • Continuing to have opportunities for more open and unfettered discussion (Executive Directors and HR colleagues are now invited to meetings on a by exception basis) |
| • Embedding the 2021–2024 Directors' Remuneration Policy (subject to shareholder approval at the 2021 AGM) |
|
| • Ensuring that the Group's reward structure aligns to the key issues facing the Group rather than standard industry practice |
|
| • Continuing to focus on choosing appropriate benchmarks against which to compare NCC Group's remuneration packages against |
During the year, the Senior Independent Non-Executive Director evaluated the performance of the Chair and the Chair evaluated the performance of each Director. In addition, the Non-Executive Directors met independently from the Executive Directors to discuss with the Chair the overall functioning of the Board and his contribution in making it effective.
The Board is responsible for reviewing, challenging and approving the strategic direction of the Group, while providing strong values-based leadership of the Company, within a framework of prudent and effective controls, which enable risk to be assessed and appropriately managed. The Board reviews the Group's business model and strategic objectives to ensure that the necessary financial and human resources are in place to achieve these objectives, to sustain them over the long term and to review management's performance in their delivery.
The Board sets the tone of the Company's values and ethical standards and manages the business in a manner to meet its obligations to shareholders and other stakeholders.
The Board receives information on at least a monthly basis to enable it to review trading performance, forecasts and strategy and it has a schedule of matters specifically reserved for its decision. The most significant of these are:
The Board has a schedule of specific matters reserved for its decision where it feels they are critical to the ongoing success of the business and are of a significant nature to merit the Board having such a decision reserved to it. The Group also has a Group Authority Matrix (which documents the levels of authority delegated from the Board to various role holders within the Group). The schedule of matters reserved for decision by the Board and the Group Authority Matrix are complementary documents and are designed to ensure that decisions are either made by the Board or delegated to an appropriate senior colleague within the Group.
As noted above, the operational management of the Group is delegated to the Executive Committee. The Board also delegates other matters to Board Committees and management as appropriate.
The Board has ultimate responsibility for ensuring that business risks are effectively managed. The Board has delegated regular review of the risk management procedures to the Cyber Security Committee in relation to cyber risks and to the Audit Committee in relation to all other risks. The Board reviews the overall risk environment on at least an annual basis. The day-to-day management of business risks is the responsibility of the Executive Committee.
The Group has a system of internal controls which aims to support the delivery of the Group's strategy by managing the risk of failing to achieve business objectives and to protect the stewardship of the Group's assets. As with all such systems, the goal is to manage risk within acceptable parameters rather than to eliminate risk entirely. The Group can therefore only provide reasonable and not absolute assurance that the business objectives and asset stewardship will be provided successfully.
In addition, the Group insures against various risks, but certain risks remain difficult to insure, due to the breadth and cost of cover. In some cases, external insurance is not available at all, or at least not at an economically viable price. The Group regularly reviews both the type and amount of external insurance that it buys in conjunction with its insurance brokers. For a more detailed review of risk management processes, the principal risks faced by the Group and their mitigation, see pages 40 to 48.
The Audit Committee is responsible for reviewing the effectiveness of the risk management and internal control systems. The steps it takes in relation to the review are set out on page 92.
The Audit Committee makes a recommendation to the Board on effectiveness which the Board considers, together with reports from the Cyber Security Committee, in forming its own view on the effectiveness of the risk management and internal control systems.
During the year ended 31 May 2021, the Board reviewed the effectiveness of the Group's risk management and internal control systems. We confirm that the processes outlined above and on page 92 have been in place for the year under review and up to the date of approval of this Annual Report and Accounts and that these processes accord with the UK Corporate Governance Code and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. We also confirm that no significant failings or weaknesses were identified in relation to the review.
During the year, we operated within the Remuneration Policy approved by shareholders at the 2020 AGM. Details of how the Remuneration Policy has been applied during this financial year are set out on pages 103 to 108 of the Remuneration Committee Report.
The Company's issued share capital at 31 May 2021 consisted of 308,956,045 ordinary shares of 1p each. There are no special control rights or restrictions on share transfer or special rights pertaining to any of the shares in issue and the Company does not have preference shares.
As far as is reasonably known to the Board, the Company is not directly or indirectly owned or controlled by another company or by any government.
Communications with shareholders are given high priority. There is a regular dialogue with institutional investors including presentations after the Company's year end and half year results announcements.
A programme of meetings takes place throughout the year with major institutional shareholders, and private shareholders have the opportunity to meet the Board face to face and ask questions at the AGM.
We are in regular contact with our large investors through a regular scheduled programme of meetings attended by either our CEO or CFO or both of them. Chris Batterham, our Senior Independent Director, and I are also available to meet with investors should the need arise. I met with our larger investors in February 2021 and fed back my findings to Board colleagues at the next Board meeting. In addition, our brokers undertook an investor survey on the back of our half year results in January and the results of this were presented and discussed at a Board meeting. Our aim is to engage with our shareholders in an open and meaningful way. During the financial year the Directors held a number of meetings with shareholders as set out below.
Feedback from major institutional shareholders is provided to the Board on a regular basis and, where appropriate, the Board takes steps to address their concerns and recommendations.
One-to-one meetings (held virtually due to Covid-19) Group meetings
31
As at 31 May 2021, the Company had been notified of the following interests of 3% or more in the issued share capital of the Company under the UK Disclosure and Transparency Rules:
| Number of | % of NCC's total |
|
|---|---|---|
| Shareholder | ordinary shares | share capital |
| Artemis Investment Management | 13,822,640 | 4.98% |
| BlackRock, Inc | 14,224,646 | 5.15% |
| Castlefield Fund Partners | 14,325,000 | 5.16% |
| Montanaro Asset Management | 16,546,426 | 5.90% |
| Schroder Investment Management | 15,364,318 | 5.53% |
| Unicorn Asset Management | 10,796,426 | 3.89% |
The following changes to the above interests have been notified to the Company from 31 May 2021 to 14 September 2021.
| Shareholder | Number of ordinary shares |
% of NCC's total share capital |
|---|---|---|
| Canaccord Genuity Wealth Group Limited | 15,580,182 | 5.04% |
For details of Directors' shareholdings, remuneration and interests in the Company's shares and options, together with information on service contracts, see pages 109 to 118 of the Directors' Remuneration Report.
The AGM is an opportunity for shareholders to vote on certain aspects of Group business and provides a useful forum for one-to-one communication with private shareholders. At the AGM shareholders receive presentations on the Company's performance and may ask questions of the Board. The Chair seeks to ensure that the Chairs of the Audit, Remuneration, Nomination and Cyber Security Committees are available at the meeting to answer questions and all Directors attend.
The Company prepares separate resolutions on each substantially separate issue to be voted upon at the AGM. The result of the vote on each resolution is published on the Company's website after the AGM and will be announced via the regulatory information service. At the 2020 AGM, shareholders representing over 70.78% of the Company's issued share capital returned their proxy votes.
On behalf of the Board
Non-Executive Chair 14 September 2021
The Committee particularly focuses on systems and processes of management control, the reporting of internal management information and externally reported financial information.
The purpose of the Audit Committee is to assist the Board in the discharge of its fiduciary duties of stewardship of the Group's assets. The Committee particularly focuses on systems and processes of management control, and the reporting of internal management information and externally reported financial information. The Committee also provides a forum for reporting by the external auditor.
The Committee's main responsibilities include:
Reviewing the audit findings with the external auditor including discussing any major issues that arise during an audit, the accounting and audit judgements made, the level of any errors identified during the audit and the effectiveness of the audit process itself
Reviewing the effectiveness of the Group's internal control systems
A full copy of the Committee's terms of reference can be found in the Investor Relations section of the Group's website at www.nccgroup.trust/uk/about-us/investor-relations.
Reviewed the progress of Securing Growth Together and conducted a review of the reasons for any time and cost overruns experienced (e.g. systems implementation)
Received a self-assessment of the finance controls highlighting enhancements made during the year, areas of continuous improvement and specific actions to implement minimum control standards
The Audit Committee is chaired by me, a Chartered Accountant of 42 years' standing. I have previously served as the Finance Director of Unipalm plc, before becoming Chief Financial Officer of Searchspace Limited until 2005. Both businesses operated in digital technology sectors. My earlier career included roles with BICC Group and accountants Arthur Andersen. I also am a member of the audit committee at Blue Prism Group plc and chair the audit committee at Nanoco Group plc (both listed companies) which provides me with additional external perspectives to bring to my chairing of this Committee. The Board considers that I have the recent and relevant experience required by the Code.
The other members of the Committee who served throughout the year are Jonathan Brooks and Mike Ettling. All members of the Committee are considered to be independent and the Committee as a whole continues to have competence in the technology sector.
Summary biographies of each member of the Committee are included on pages 74 and 75.
The terms of reference for the Committee require at least three meetings per year. During this financial year the Committee met seven times. As well as the members of the Committee, standing invitations are given to the Chair, the other independent Non-Executive Directors, the Chief Executive Officer, the Chief Financial Officer and the Group Financial Controller, with other attendees also appearing by invitation. The external auditor also attends each meeting. During the year the Committee met, on a number of occasions, with the external auditor without the Executive Directors being present. In addition, following the appointment in early 2020 of the Group's Director of Global Governance, who heads up the Group's internal audit function, a number of meetings were held with her without management being present.
The attendance of individual Committee members at Audit Committee meetings is shown in the table below:
| Attendee | Meetings attended |
|---|---|
| Chris Batterham | |
| Jonathan Brooks 1 | |
| Mike Ettling 2 |
1 Absence due to sudden illness.
2 Absence due to personal circumstances.
At all times the Committee remained quorate.
The table below summarises the significant accounting issues, judgements and estimates that the Committee considered during the year in relation to the Financial Statements. These are split between those items which are identified either as recurring items that the Committee regularly reviews or as items of current year focus. The table also sets out the financial context and potential impact of each item as well as the impacted metric. Finally, the table shows the degree of judgement or estimation that the Committee feels has to be applied for each item. Items with a significant impact but with a "low" judgement level will typically have extensive independent third party evidence of the bases for any judgement. Areas assessed as requiring a "high" level of judgement tend to rely more heavily on management estimates and historical trends than extensive independent third party evidence.
| Review items | Accounting judgement | Estimation required |
|---|---|---|
| Goodwill carrying values (recurring) | N/A | High |
| Intangible assets – capitalisation of cloud-based software and development costs (revised) | Yes | N/A |
| Control of Iron Mountain IPM business (new) | Yes | N/A |
| Research and development tax credits (new) | N/A | High |
| Long-term loss-making contracts – other estimate (recurring) | Yes | Low |
During the year, the Committee reviewed and considered the following areas in respect of financial reporting and the preparation of the interim and annual Financial Statements:
In carrying out this review the Committee challenged the significant estimates and judgements made by the Group's finance team and considered the external auditor's reports setting out its views on the accounting treatments and judgements included in the Financial Statements.
(Recurring item: see Note 12 to the Financial Statements)
The Group has significant balances relating to goodwill at 31 May 2021 as a result of acquisitions of businesses in previous years. The carrying value of goodwill at 31 May 2021 is £182.9m (2020: £193.1m). Goodwill balances are tested annually for impairment. Tests for impairment are primarily based on the calculation of a value in use for each CGU.
This involves the preparation of discounted cash flow projections, which require significant estimates of both future operating cash flows and an appropriate risk-adjusted discount rate.
The commercial viability of individually capitalised development project costs is also part of the overall assessment of carrying values.
Future cash flow estimates are based on two critical estimates: the rate of revenue growth and the discount rate, particularly in relation to the Europe Assurance CGU which is the most sensitive to movements in estimates.
The calculation of an appropriate discount rate to apply to the future cash flow estimate is itself an estimate. While some aspects of discount rate calculations can be more mechanical in nature (such as using the 30 year gilt yield as a proxy for the risk free rate) others, such as entity or sector-specific risk adjustments, rely more on management estimates. The discount rate is also a key component in assessing the terminal value which is often an important part of any valuation. Sensitivity analysis on what are regarded as reasonably possible changes is provided in Note 12.
Governance
The Committee has reviewed the rationale used to determine the CGUs including a change in CGUs driven by how the business is managed. The Committee also reviewed assumptions used in future cash flows that underpin the valuation of goodwill, particularly in relation to Europe Assurance since this CGU is the most sensitive to movements in estimates and assumptions.
The Committee concurred with the view of management that no impairment should be recognised as either the discounted future cash flows or fair value was higher than carrying value.
(Revised item: see Note 12 and 34 to the Financial Statements)
Where software costs are incurred as part of a service agreement, judgement is required in assessing whether the Group has control over the resources defined in the arrangement.
Software development activities involve a plan or design for the production of new or substantially improved products or processes. Judgement is required in determining whether the project is technically and commercially feasible; judgement is required in assessing the future economic benefit and viability of the project.
Such judgements are inherently subjective and can have a material impact on determining whether such costs should be capitalised.
The total net book value of software and development costs on 31 May 2021 was £5.4m, including additions of £2.3m.
The Committee reviews the level of intangible additions and especially how capitalised internal staff time relates to specific assets to ensure alignment with the Group's policy and is satisfied the policy was applied appropriately for the year ended 31 May 2021.
During the year, the Committee has reviewed judgements taken when applying the Group's new accounting policy in relation to the IFRIC agenda decision regarding configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS). This resulted in a prior year restatement. See Note 34 of the consolidated Financial Statements for further details.
The Committee is satisfied with the judgements made for the year ended 31 May 2021.
(Current year focus item: see Note 35 to the Financial Statements)
A key judgement in the year ended 31 May 2021 is the acquisition date for the purchase of the IPM Software Resilience business. Management considers shareholder approval of the transaction constitutes a change in control and therefore the date of shareholder approval is considered to be the acquisition date for the transaction.
Shareholder approval was granted on 1 June 2021 and the IPM Software Resilience business will be consolidated into the Group results from that date.
The Committee has reviewed management's assessment of the date of change of control of the Iron Mountain IPM business and is satisfied that it is reasonable.
(Current year focus item: see Note 9 to the Financial Statements)
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be uncertainty. The most significant source of uncertainty arises from claims for US research and development (R&D) tax credits relating to historical periods. Uncertainty arises as a result of a
degree of uncertainty concerning interpretation of US legislation and because the statute of limitations has not expired. The basis on which the Group has claimed R&D tax credits involves a technical assessment of which party bears the economic risk in any research contracts entered into with third parties. This assessment is a key estimate. It is considered "probable" that the US taxation authority would accept the uncertain tax treatment in relation to the utilised tax credits recognised.
For the periods ending 31 May 2017 to 31 May 2021, the aggregate net current tax benefit included in the Income Statement relating to the R&D tax credits is £2.7m (2020: £4.3m). The gross deferred tax asset relating to the R&D tax credits is £1.0m, although due to the uncertainty we have made a provision of £0.6m against this asset. The aggregate gross amount of US R&D tax credits recognised amounts to £8.2m (2020: £5.1m) and we have made a provision of £5.1m (2020: £0.8m) against this gross position. Sensitivity analysis on what are regarded as reasonably possible changes is provided in Note 2.
The Committee has reviewed management's assessment of US R&D tax credits together with an independent third party review assessment and is satisfied the estimate made is reasonable and consistent with IFRIC 23 'Uncertainty over Income Tax Treatments'.
(Recurring item: see Note 21 to the Financial Statements)
Some aspects of the Group's revenue are derived from relatively long-term fixed price contracts. On this basis, an estimate is disclosed in relation to one contract:
• An onerous provision recognised during the year ended 31 May 2020 of £0.2m has increased during the period by a further £1.9m, of which £1.7m has been utilised leaving a closing balance of £0.4m of a total provision for loss-making contracts of £1.1m (see Note 21). This additional provision relates to a European contract and has been caused by Covid-19 disruption and some project management challenges during the year. Management prepares projections, which, due to the complexity of the contract, require estimates and accounting judgement of both revenue and cost recognition (including the number of performance obligations). Revenue is recognised based on the input method of IFRS 15 in relation to total costs and therefore management has to estimate the number of hours still required to complete the long-term projects and labour cost to complete. Sensitivity analysis on what are regarded as reasonably possible changes is provided in Note 2
The Committee reviewed and challenged the assumptions underpinning this accounting treatment and is satisfied that the contract has been correctly treated, and that in the case of the loss-making contract the liabilities recorded are reasonable.
In considering the materiality of any individual issue or issues in aggregate, the Group looks at a range of qualitative and quantitative measures to assess whether or not omitting, misstating or obscuring information could reasonably be expected to influence decisions that the primary users of general purpose financial statements make on the basis of those financial statements. The range of measures includes (but is not limited to) the primary Financial Statements themselves, the individual line item in question, and whether or not the issue moves the result from one side of an inflection point to another (for example, turning a profit into a loss or a net asset into a net liability). Qualitative and quantitative measures are both considered as is any potential impact on remuneration or banking arrangements such as debt covenants.
The internal audit function is responsible for internal audit, the assurance of other quality systems and processes, and monitoring the embedding of risk management processes throughout our operations. The internal audit plan was approved by the Committee during the financial year and a number of audits were performed, the findings of which have been reviewed by the Committee. During the year, eight internal audit reports were issued. The Group will look to increase the scope of the audit plan during FY22, drawing on third party resource provided under co-source arrangements, and through the use of data analytics.
The Board is responsible for establishing, maintaining and monitoring the Group's system of risk management and internal control and reviewing its effectiveness. The Committee monitors the performance of management in this area.
We have an ongoing process for identifying, evaluating and managing the principal risks faced by the Group which has been in place for the year under review and up to the date of approval of the Annual Report and Accounts. The Group's non-cyber security risks are monitored by the Audit Committee on behalf of the Board which sets aside time for an in-depth discussion of notable or changing risks to the business. A description of the process for managing risk together with a description of the principal risks and strategies to manage those risks is provided on pages 40 to 48. Cyber risks are reviewed by the Cyber Security Committee; the Cyber Security Committee Report can be found pages 98 and 99.
Internal control systems are designed to meet the particular needs of the Group and the risks to which it is exposed. By their nature, however, internal control systems are designed to manage rather than eliminate the risk of failure and can provide only reasonable but not absolute assurance against material misstatement or loss. During the year, the Group has implemented new systems which have brought about some changes in controls, as the Group transitions away from historic systems. These controls will require further changes in the forthcoming year as we continue to embed new ways of working across all our systems. Key elements of the risk management and internal control system are described below. Enhancements during the year are highlighted while the other elements have all been in place throughout the year.
The external auditor regularly reports its findings on those areas of internal control which it assesses as part of the external audit and half year review to the Board and the Audit Committee.
Our internal control effectiveness is assessed through the performance of regular checks, which in the year ended 31 May 2021 included:
The Group operates a confidential reporting and whistleblowing procedure (known as our "Whistleblowing Policy"). The policy aims to support the stewardship of the Group's assets and the integrity of the Financial Statements as well as protecting colleague welfare. The procedure is reviewed annually by the Committee to ensure that it remains fit for purpose.
The Group has appointed an independent third party reporting agent to be the first point of contact for those who do not wish to use normal internal line management channels for reporting their concerns. This is advertised internally via colleague noticeboards and our intranet. During the year, the Code of Ethics Policy was updated and all colleagues were asked to undertake refresher training. As part of this training, colleagues were reminded of the existence of the Whistleblowing Helpline.
The Committee reviews any whistleblowing or confidential reporting of concerns raised during the year with respect to their nature, scale and any associated or consequential risks.
The Committee has reviewed and considered the effectiveness of its performance during the year. The review included the views of members of the Committee and of regular attendees at the various meetings (including the Executive Directors). I am satisfied that the degree of rigour and challenge applied in performing the Committee's responsibilities is appropriate and effective and continues to improve. Please see page 84 for further details of the Committee evaluation process.
The Committee received a formal statement of independence from the external auditor.
The Company also operates a rigorous policy designed to ensure that the auditor's independence is not compromised by it undertaking inappropriate non-audit work. The Audit Committee's approval is therefore required for any fees for any non-audit work undertaken by the auditor. However, the Company recognises that it can receive particular benefit from certain non-audit services provided by the external auditor due to its technical skill and detailed understanding of the Company's business.
During this financial year non-audit fees of £75,000 (2020: £50,000) were paid to the external auditor for the half year review.
All significant pieces of non-audit work are put to informal tender to suitable parties that, if appropriate, can include the external auditor. Upon review as to suitability and price, the work will then be placed with the service provider recommended. If this is the external auditor, then Audit Committee approval is required.
The external auditor was not engaged during the year to provide any services which may have given rise to a conflict of interest. The Committee is satisfied that the overall levels of audit and non-audit fees (i.e. the half year review fee) are not material relative to the income of the external auditor as a whole and therefore that the objectivity and independence of the external auditor were not compromised.
The Committee reviews and makes recommendations regarding the reappointment of the external auditor following a formal review of the auditor's performance following completion of the prior year Financial Statements' audit. In making these recommendations the Committee considers:
During the financial year, I attended regular meetings with KPMG's engagement partner without management being present. This provided the opportunity for open dialogue. The engagement partner demonstrated her understanding of the Group's business risks and the consequential impact on the Financial Statements. Feedback on the conduct of the audit from the engagement partner's perspective is used to determine if any challenges in the prior year audit would be sufficiently addressed in the next audit cycle.
The Group's current auditor, KPMG LLP, has been in place since 1 November 2013 with a competitive audit tender process having last been undertaken in November 2011. Frances Simpson has replaced Mick Davies as KPMG's engagement partner for the year ended 31 May 2021. The lead audit partner rotates at least every five years to ensure independence.
The Group will continue to keep this position under review during the new financial year. The Group intends to remain in full compliance with the requirement to carry out a formal tender at least once every ten years; therefore, a formal tender is expected to be undertaken before November 2023.
Therefore, having fully considered the effectiveness, independence and objectivity of the external auditor and the reports it has produced in the current financial year, the Committee has concluded that it is appropriate to recommend to the Board the reappointment of KPMG LLP as the Group's external auditor for the next financial year.
The following process was followed by the Committee in making its assessment:
Refer to Note 32 for related party transactions in the year. There were no such fees payable in the current year.
At the request of the Board, the Committee considered whether the 2021 Annual Report and Accounts, when taken as a whole, was fair, balanced and understandable (FBU) and whether it provided the necessary information for shareholders to assess NCC Group's position and performance, business model and strategy. The reviews outlined in the diagram above include reviews of all material matters, as reported elsewhere in this Annual Report and Accounts, and reviews of the balance of good and bad news and ensure the Annual Report and Accounts correctly reflects:
The independent reviewers were not major contributors to the Annual Report and Accounts but, at the same time, as members of the Executive Committee or other senior colleagues, are deemed to be sufficiently well informed on the Group's activities to be able to give appropriate feedback on the FBU criteria. They undertake a qualitative review of disclosures and a review of internal consistency throughout the Annual Report and Accounts.
The Directors' statement on a fair, balanced and understandable Annual Report and Accounts is set out on page 123.
Chair, Audit Committee 14 September 2021
Our priorities for the coming year focus on three areas:
During this year we have made the formal commitment that by 2024, we will have at least 33% female representation on our Board and at least one person of colour. Although this is best practice for FTSE 350 companies, we will commit to this target regardless of which share index we are in.
Committee Chair
The members of the Nomination Committee are Chris Batterham, Jonathan Brooks and Jennifer Duvalier along with me.
The Nomination Committee is responsible for reviewing the size, structure, balance, composition and progressive refreshing of the Board and its Committees and as such its duties include:
The Chair of the Board leads the process for the appointment of new Non-Executive Directors to the Board and for the appointment of the Chief Executive Officer. The Chief Executive Officer, in conjunction with the Chair, leads the process for the Chief Financial Officer. The Senior Independent Director leads the process for a new Chair of the Board.
In relation to an appointment to the Board, the Committee draws up a specification and assesses the capabilities and experience required for such a role, taking into account the Board's existing composition, including relevant experience and understanding of our stakeholder groups.
We also assess the time commitment required. Candidates are sought by third party executive search consultants and, where appropriate, through the assessment of internal candidates and are then formally considered by the Nomination Committee. Extensive external referencing is completed.
Our objective is to have a broad range of skills, backgrounds, experiences and personal attributes within the Board as this ensures the Board is best placed to serve the Company.
All appointments are made on merit and against objective criteria with due regard for the benefits of diversity on the Board, including gender, nationality, and educational and professional background, as well as individual characteristics which will enhance diversity of thinking on the Board. The Company and the Committee value the aims and objectives of the Hampton-Alexander Review on FTSE women leaders and the Parker Review on ethnic diversity of UK boards and support and apply the Group's diversity policy.
The Group's gender diversity statistics are set out on page 63. At Board level, we currently have one female on our Board and no people of colour, but we note that diversity extends beyond the measurable statistics of gender and ethnicity. As such, while we historically have not set any particular targets, we continue to take diversity in its wider context into account, having regard to the diversity policy, and recommend only the most appropriate candidates for appointment to the Board.
That said, we recognise that we still have much progress to make in terms of improving the diversity of the Board and our Executive Team (and indeed our workforce as a whole). With that in mind, during the year we have made the formal commitment that by 2024, we will have at least 33% female representation on our Board and at least one person of colour. Although this is best practice for FTSE 350 companies, we will commit to this target regardless of which share index we are in. (To achieve this commitment by 2024 based on our current Board size of seven Directors, we would need to have at least three female Directors out of the seven. At least one of the seven would be a person of colour.)
We will look to address this during future Board and Executive Committee appointments to improve our diversity. Given that this is a fairly young Board in terms of tenure, this improvement in diversity will not be a quick process but we are very mindful of the need to improve this and take positive action, and the matter is fully on our agenda. Accessing the candidates we require to reach this target will involve us looking beyond the obvious, for example existing board directors within the UK, and we intend to ensure that we extend our talent search to other sectors and countries to ensure we find a diverse pool of candidates from which to choose from.
When a new Director is appointed they receive a full, formal and tailored induction into the Company and discuss with the Chair any immediate training requirements.
The Committee's terms of reference can be found in the Investor Relations section of the Company's website: www.nccgroupplc.com/investor-relations.
The terms of reference are reviewed annually and updated when necessary.
During this financial year, the Committee held three scheduled meetings.
The attendance of individual Committee members at Nomination Committee meetings is shown in the table below. Unless otherwise indicated, all Directors held office throughout the year.
| Attendee | Meetings attended |
|---|---|
| Chris Stone | |
| Chris Batterham | |
| Jonathan Brooks | |
| Jennifer Duvalier |
During the year, the Committee:
During the year, the Nomination Committee has had several in-depth presentations from the Chief People Officer and the Global Head of Learning and Development which focused on people, talent and succession planning. These presentations looked at the overall current position and in particular senior succession, i.e. the Executive Committee and its direct reports.
One presentation also described a roadmap to a 2022 future state where we wish to be a "destination employer with a quirky, distinctive environment". In terms of our ongoing focus on improving diversity, we are focusing on:
• Continuing to develop and assess the broad range of opportunities for colleagues to ask questions, to provide feedback and to play an active role in creating a great place to work. (For further information, please see the stakeholder engagement section on pages 49 to 52)
During the year, the Nomination Committee carried out an internal self-evaluation on its effectiveness.
A number of recommendations were made, including the need to:
The intention is to again have a Committee discussion on all senior roles during the 2021/22 financial year, to ensure that we have the depth and breadth of diverse talent to deliver our strategy.
No external search consultancies were utilised in the year.
Chris Stone Chair, Nomination Committee 14 September 2021
Through the Committee, the Group continues to review and challenge the data governance and information security risks that affect the Group, particularly in light of the "move to remote" during the Covid-19 pandemic and the changing regulatory landscape post-Brexit and Schrems II.
Committee Chair
The Cyber Security Committee was formed to focus specifically on the cyber risks faced by the Group. This reflects the significant threat posed by cyber risks, the nature of our business, and the potential damage to the business as a high value target for malicious acts. The Committee's activities aim to challenge and support improvements to the Group's information security and data protection policies, defences and controls, so as to comply with global data protection regulations around the world, and ensure that the Group looks after its own information, and the information that its customers entrust to it, with the proper care and attention.
The Committee was formed in November 2016 and I have been Chair since January 2018.
Chris Batterham, Jonathan Brooks and Jennifer Duvalier (all independent Non-Executive Directors) served as members of the Committee throughout the year.
The Group's Director of Global Governance, the Group's Chief Information Security Officer (CISO), and the Group's Chief Data Protection and Governance Officer (CDPGO) are standing invitees of the Committee. The Executive Directors are invited to attend Committee meetings when the Committee considers it to be appropriate.
The Cyber Security Committee is responsible for assessing the performance of the Group's internal security and defences and as such its duties are to:
Review reports on any cyber security incidents and the adequacy of resulting actions
Receive and consider the regular update reports from the CISO and CDPGO and ensure the CISO and CDPGO are given the right of direct access to the Committee
The Committee's terms of reference can be found in the Investor Relations > Corporate Governance section of the Company's website (www. nccgroupplc.com/investor-relations/corporate-governance). The terms of reference are reviewed annually and updated when necessary.
During the year, the Cyber Security Committee carried out an internal self-evaluation on its effectiveness, as it continues to mature since its formation in November 2016. The Committee was found to be working effectively and I am satisfied that the degree of rigour and challenge applied in performing the Committee's responsibilities is appropriate and effective and continues to improve. In terms of specific focus areas for the year ahead we agreed on the following:
As an output of both this and previous evaluations, the Committee, along with the Board, reaffirmed that cyber security is a sufficiently important risk for the business that the Committee should remain focused on this specific set of risks. Therefore, the current structure in which the responsibility for broader risk management remains with the Audit Committee will continue.
The Committee continues to make sure that the Group's resilience to cyber-attack is maintained and improved as the threat landscape changes. As the Securing Growth Together programme comes to its latter stages, more focus was put on longer-term initiatives that will stand the Group in good stead in the years to come. In November, the Committee had a fascinating talk from the Director of Operations at the UK's National Cyber Security Centre (NCSC), about the NCSC's perception and analysis of the cyber threat that faces the UK.
The Group continues to improve its cyber security controls. Building on our initial rollout of Microsoft Defender for Endpoint in 2020, we extended this to servers as well as endpoints, giving us ever-deeper security insight into our IT assets. In addition, we invested in technology that allows us to patch application software on endpoints in a more automated way across the internet, rather than requiring a VPN connection. Both of these controls stood us in good stead during the coronavirus pandemic, when almost all colleagues were working remotely. Our SOC implemented its latest detection suite across our networks, and we continue to benefit from novel detection methods and techniques as the SOC's "customer zero"; as those detection techniques are refined, they are rolled out into our commercial offering.
In terms of our global data protection programme and internal data privacy activities, we are developing a three year strategy to align the approach across the business, continue to improve our privacy maturity, and support in light of the rapidly changing regulatory landscape. Considerations include the newly approved Standard Contractual Clauses and their requirement for detailed information security provisions to be documented for each service line, as well as updating internal agreements to secure our global business in terms of facilitating data transfers. Noteworthy highlights since our previous report include:
During this financial year, the Committee met three times and the attendance of individual Committee members at the Cyber Security Committee meetings is shown in the table below. Unless otherwise indicated, all Directors held office throughout the year.
| Attendee | Meetings attended |
|---|---|
| Chris Stone | |
| Chris Batterham | |
| Jonathan Brooks 1 | |
| Jennifer Duvalier | |
1 Was absent for July 2020's meeting due to illness.
Chair, Cyber Security Committee 14 September 2021
Annual statement
Our new Remuneration Policy will balance an increase to variable remuneration with a reduction in the threshold vesting level for the LTIP and an increase to the toughness of the LTIP's stretch EPS target. At the same time, if the new Policy is approved, we will immediately reduce Executive Director pension contributions to the workforce level of 4.5%, and adopt a more demanding post-employment shareholding policy.
Committee Chair
On behalf of your Board, I am pleased to present our Directors' Remuneration Report (DRR) for the year ended 31 May 2021.
The report is divided into three sections: an Annual Statement, our Directors' Remuneration Policy and the Annual Report on Remuneration, which sets out the actual application of the Policy.
2020/21 was another busy year for the Remuneration Committee and we had seven meetings in total. The Committee, which remained unchanged for the third year in succession, comprised Chris Batterham, Jennifer Duvalier and me as Chair. Our Board Chair, Chris Stone, also attended all the meetings. We invited our remuneration consultants, Chief People Officer, CEO, CFO, and other executives to meetings as required.
The arrival of the Covid-19 pandemic at the start of 2020 obliged us to wrestle with the immediate impact to our business of a significant period of uncertainty. The impact of the pandemic fell late on in the financial year and it was immediately apparent that forecasting the financial effects for both the end of the 2019/20 financial year as well as the 2020/2021 financial year would be extremely difficult, although we are pleased that we did not furlough any staff, make any staff redundant or reduce our dividend. As a Committee, and mindful of the desire to keep colleagues appropriately rewarded for their performance and incentivised to deliver the best outcomes for our shareholders during such a difficult period, we took some immediate action to address this period of uncertainty. Firstly, we
Governance
applied our discretion and replaced the formulaic assessment of the financial underpin to the non-financial element of the 2019/20 bonus with a non-formulaic assessment. Secondly, we decided that the non-financial element of the annual bonus for 2020/21 should have a weighting of 40% of the total, compared with the previous year's figure of 25%. Thirdly, we decided that for 2020/21, we would divide the year in two for bonus target setting purposes, with one set of bonus targets based on the first six months' performance and a revised target being set for the second half of the year. While many shareholders recognised this pragmatic approach, we were disappointed that a significant minority of others voted against our Annual Remuneration Report in 2020.
Immediately after the AGM, I therefore engaged with all major shareholders who voted against the resolutions to better understand their reasons for doing so. There were two main reasons which explained their objections: some did not feel that the application of discretion during the year to replace the annual bonus profit underpin for 2019/20 was appropriate, while others did not support the increased weighting on non-financial measures in the annual bonus from 25% to 40% for 2020/21.
The Remuneration Committee acknowledged these views in its statement in early February 2021, and whilst it still considers its decisions were appropriate and pragmatic in the exceptional circumstances of the pandemic, emphasised that the weighting on non-financial measures in the annual bonus would revert to 25% of the total in 2021/22 and that a profit underpin would be applied in future.
During the 2020/21 financial year, we operated within the Remuneration Policy that was approved by shareholders at the 2020 AGM.
With the arrival of the Covid-19 pandemic, changes to the Remuneration Policy last year were minimal and we flagged at the time that we planned on submitting a new Policy this year. The aim of these changes was to reflect the strong performance of the business and development of the senior team over a number of years and ensure that the remuneration of our senior team is appropriately positioned against a highly competitive market for talent within the sectors in which NCC Group operates. We refined some changes with our remuneration consultants and then undertook a period of consultation with shareholders in March and April 2021, who were supportive of our approach. Our proposed new Remuneration Policy can be found in the next section of this report and will be voted upon at our AGM in November.
Its main features are to make phased increases to the variable pay opportunity for our CEO and CFO. The first of the proposed changes will take place in 2021/22 and increase the level of LTIP from 100% of salary to 175% and 150% of salary for the CEO and CFO, respectively. Implementation of the second increase will be take place in 2022/23 when the annual bonus opportunity for both the CEO and CFO will increase from 100% to 125% of salary. The Committee considers this phased approach to be appropriate in the current environment and these increases will be balanced by a reduction in the threshold vesting level for the LTIP and an increase to the toughness of the LTIP's stretch EPS target. At the same time, if the new Policy is approved, we will immediately reduce their pension contributions to the workforce level of 4.5% and adopt a more demanding post-employment shareholding policy. The overall effect of these changes will result in levels of total remuneration that are at or below the market level. Further details can be seen in the next section of the report.
With respect to base pay, for the 2020/21 financial year, average salaries in the Group rose by approximately 2.9% but we decided to increase the salary of the CEO and CFO by 1% to take effect from
September 2020. For 2021/22, salaries increased by an average of 3.1% and we increased the CEO's salary by 3%, taking his base salary to £465,000 with effect from 1 June 2021.
For the CFO, recognising that his salary is well below the level that the Committee considers to be appropriate given his performance and experience in the role, we consulted with shareholders to increase his pay over a two year period. In June 2021 his salary increased to £308,000, representing an increase of 4.9% above the average workforce increase (i.e. 8% in total). In June 2022, we also intend to increase his salary by up to 3% above the average workforce figure. While these increases will still result in a below market salary, when combined with the proposed increases to variable remuneration this should bring his overall remuneration closer to market levels.
As a Board, we remain committed to broadening share ownership throughout the Group, both as a reward and retention tool. During the year, we introduced our Restricted Share Plan (RSP), authorisation for which had been granted at the 2020 AGM. An increased number of colleagues were made a share award dependent on their continuing service within the Group for a period of up to three years. RSPs are extremely common in the technology sector in the USA, where we have increased our presence in the last few years, and we expect to issue more RSPs annually.
In addition, we also offered colleagues the opportunity to participate in our Save As You Earn/stock purchase share plans in the UK, the US, Canada, the Netherlands, Australia, Denmark and Spain. Once again, these proved popular in terms of take-up and participation levels.
In line with our Remuneration Policy, Non-Executive Director fees are reviewed annually. During the year, the Non-Executive Director fees were reviewed (by the Company Chair, CEO and CFO) and increases were proposed with effect from 1 June 2021, being the first increases for three years. In addition, as social distancing restrictions are being progressively removed it was decided to reinstate the travel expense allowance with effect from 1 June 2021. This had been withdrawn in March 2020 at the start of the pandemic when physical Board meetings were not possible.
The Remuneration Committee also reviewed the Chairman's fees using data provided by our remuneration consultants. As a result the Chairman's fees were increased for the first time since his appointment in 2017.
Details of these fees and allowances are given in the Annual Report on Remuneration on page 110.
The annual bonus for the year ended 31 May 2021 for both the Chief Executive Officer and Chief Financial Officer was based on the satisfaction of stretching financial and strategic targets. This resulted in an overall payment of 92% of base salary for the CEO and 87% of base salary for the CFO. With respect to the financial targets, as we reported in the Annual Report 2020, in light of the impact of the pandemic and the difficulty in estimating its short-term impact on the business, we decided to divide the 2020/21 financial year into two, with the first six months of the year qualifying for up to a 30% financial bonus if the half year Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements * achieved £17.0 million, with the financial target for the second half of the year being based on a reforecast which took place in November 2020, and an Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements * of £19.0m being required for a further 30% bonus.
Annual statement continued
The targets for both halves of the 2020/21 financial year, were exceeded, resulting in a total financial bonus for the year of 60%, the maximum for this element.
For the 2020/21 financial year, the strategic objectives for both the CEO and CFO were given a weighting of 40% in total. The bonus earned was judged to be 32% for the CEO and 27% for the CFO. The strategic objectives covered three areas:
Further detail on performance against strategic objectives is provided later in the report.
For both the CEO and CFO, 35% of the actual bonuses achieved will be deferred into nominal cost share options and will vest after two years. Clawback and malus provisions are also in place for the annual bonus.
For 2021/22, the Committee will change the annual bonus weightings back to its more normal weightings of 75% financial and 25% non-financial. For the financial bonus, as in previous years, it will be set within a tight range with bonuses between 15% and 75% of base salary being calculated by linear interpolation. For 2021/22, we will introduce a revenue target component for both the Assurance and Software Resilience businesses to complement the targets on Adjusted operating profit.
For the CEO, the strategic targets will be grouped under the following broad headings:
For the CFO, the strategic objectives will be similar but, instead of strategic objectives within the Assurance business, he will have objectives related to the effective configuration and optimisation of our integrated systems to meet the evolving needs of the business.
The grant of the 2020–23 LTIPs was delayed as a result of extended prohibited periods including those connected to the acquisition of the Iron Mountain IPM division, as a result of which the grants which would ordinarily have been made in the autumn of 2020 were not made until May 2021. The awards will vest subject to demanding EPS, cash and relative TSR targets outlined later in this report.
The LTIP outcome for those LTIPs issued in 2018 was an award equivalent to 40% of the maximum award, which in the case of the CEO constituted an award of 78,914 shares, and the CFO constituted an award of 49,779 shares.
Our LTIP award for 2021–24 will be granted after our next AGM in November and subject to shareholder approval of the revised Remuneration Policy, the Committee intends to make awards of up to 175% of base salary for the CEO and 150% for the CFO compared to 100% of base salary for both executives as at present. These will vest after three years as long as a number of demanding performance targets are satisfied. As in previous years, 60% of the potential award will be based on the achievement of a demanding EPS target, 30% on the achievement of certain cash targets and 10% on relative TSR targets. We plan to issue LTIPs to the Executive Directors shortly after the 2021 AGM in November 2021.
Clawback and malus provisions are in place for the LTIP.
In order to further align executives with shareholders, executives are required to retain any LTIP vested shares (net of tax) for a period of two years. After this holding period, all vested shares must also be retained if the shareholding requirement has not been met. In addition, our new post-employment shareholding policy requires executives to retain the lower of the value of their holding on cessation or 200% of salary for the first year following cessation, reducing to 100% of salary for the second year following cessation. It is envisaged that this will be managed through a restricted account maintained by NCC's registrars and the Company Secretariat.
At the AGM in October 2020, 51.53% of shareholders voted in favour of the adoption of the Annual Report on Remuneration. The 2021 Annual Statement and Annual Report on Remuneration will be put to an advisory vote at the AGM on 4 November 2021, providing shareholders with the opportunity to express their support on how the Committee has implemented the Remuneration Policy this year. As always, the Committee remains committed to engagement and transparency and I welcome the opportunity for discussion of the Group's remuneration with any shareholder, at our AGM or at any other time during the year.
During the coming year, we intend to focus on embedding our 2021–24 Remuneration Policy along with continuing to focus on the Committee's responsibilities under the 2018 UK Corporate Governance Code (the 'Code').
These include:
Chair, Remuneration Committee 14 September 2021
* The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted operating profit previously reported. See Strategic Report for further details and a reconciliation between Adjusted operating profit of £39.2m and Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements of £36.2m.
The Remuneration Committee determines the Company's policy on the remuneration of the Executive Directors and (from 1 June 2019) the Executive Committee (ExCom). The principles which underpin the Remuneration Policy for the Company are to:
Our remuneration strategy has been designed to reflect the needs of a complex multinational organisation, which has grown both organically and by acquisition.
Remuneration for the Executive Directors is structured so that the variable pay elements (annual bonus and long-term incentives) form a significant proportion of the overall package. This provides a strong link between the remuneration paid to Executive Directors and the performance of the Group, as well as providing a strong alignment of interest between the Executive Directors and shareholders.
For the purposes of section 226D-(6)(b) of the Companies Act 2006, this Policy, if approved, will take effect from the date of the 2021 AGM on 4 November 2021.
| Purpose and link to short and long-term strategic objectives |
Operation (including framework to assess performance) | Maximum opportunity | Changes since last Directors' Remuneration Policy |
|---|---|---|---|
| Salary | |||
| To attract, retain and reward high calibre Executive Directors |
The Remuneration Committee reviews salaries for Executive Directors and also the Executive Committee (ExCom) annually unless responsibilities change. |
Details of current Executive Director salaries are set out on page 110. |
N/A |
| Pay reviews take into account Group and personal performance. Salaries are set on appointment and benchmarked periodically against market data for companies operating in IT services, management consulting and relevant high tech sectors, which, although not directly comparable, provide an indicative range. |
Salary increases are normally in line with those for other colleagues but also take account of other factors such as changes to responsibility, |
||
| In setting appropriate salary levels the Committee takes into account pay and employment conditions of colleagues elsewhere in the Group, alongside the impact of any increase to base salaries on the total remuneration package. |
development and the complexity of the role. |
||
| Any changes are normally effective from 1 June each year. | |||
| Benefits | |||
| To attract, retain and reward high calibre Executive Directors |
Benefits in kind currently include the provision of a car or car | Market-competitive benefits. | N/A |
| allowance, payment of private fuel, car insurance, private medical insurance, life assurance and permanent health insurance. |
SAYE Sharesave Scheme subject to HMRC-approved |
||
| Executive Directors may be invited to participate in the Sharesave Scheme approved by HMRC or other benefits introduced for all colleagues. |
limits. | ||
| Pension | |||
| To provide a competitive benefit, which attracts high calibre executives and allows flexible retirement planning to suit individual needs |
Executive Directors are entitled to a Company pension contribution, which is paid into the Group defined contribution personal pension scheme. |
Until 30 November 2021: up to 10% of base salary as a contribution into the Group |
Alignment of Executive Directors' pensions with the wider workforce |
| They can also opt to have the same level of contribution made in the form of a cash contribution. |
scheme or base salary supplement of 10% of base salary. |
||
| For both the current CEO and CFO, cash contributions in lieu of a pension are paid. |
From 1 December 2021: capped at the level of the majority of the workforce (currently 4.5%). |
from 1 December 2021. |
Governance
Directors' remuneration policy continued
| Purpose and link to short and long-term strategic objectives |
Operation (including framework to assess performance) | Maximum opportunity | Changes since last Directors' Remuneration Policy |
|---|---|---|---|
| Annual bonus | |||
| To drive and reward | Based on a range of stretching targets measured over one year. | 125% of base salary. | With effect |
| sustainable business performance |
This might include, but not exclusively, profit measures and other strategic objectives such as cash management, brand development, customer satisfaction and retention, business unit sales growth and colleague engagement. Performance below the minimum performance target results in no bonus. No more than 20% of the maximum opportunity is paid for achievement of the threshold performance targets. Payments rise from the threshold payment to 100% of the maximum opportunity for levels of performance between the threshold and maximum targets. The rate of the rise and the various payment targets are determined annually by the Committee. |
A lower maximum of 100% of base salary will be operated in 2021/22. |
from 2022/23, the intention is to increase the opportunity to 125% of salary for both the CEO and CFO. |
| The Committee has discretion to reduce the formulaic bonus outcome if individual performance is determined to be unsatisfactory or if the individual is the subject of disciplinary action. |
|||
| At least 35% of any bonus payment is normally deferred into shares or nominal cost share options which vest after a two year period. Dividend equivalents are paid on vesting share options. |
|||
| Malus and clawback provisions are in place for both cash and deferred elements. |
|||
| Long Term Incentive Plan | |||
| To drive long-term performance in line |
Awards have a performance period of at least three years and normally must be held for a further two years after vesting. |
Award over shares with a face value at grant of 175% of salary p.a. with awards to the CFO normally capped at 150% of salary. |
For any awards made following the 2021 AGM, the intention is to increase the award to 175% for the CEO, and to 150% for |
| with Group strategy and incentivise through share ownership |
The level of vesting is determined by measures appropriate to the strategic priorities of the business. At least half of any award will normally be subject to financial performance measures. Measures might include, but not exclusively, EPS, cash flow and relative TSR metrics. |
||
| The Remuneration Committee has the discretion to determine the number of measures to be used. |
|||
| Performance below the threshold target results in no vesting. For performance between the threshold target and maximum performance target, vesting starts at 15% and rises to 100% of the shares vesting. |
the CFO. | ||
| Should a change in control of the Group occur, crystallisation of any LTIP awards is within the discretion of the Remuneration Committee. |
|||
| Malus and clawback provisions are in place. |
| Purpose and link to short and long-term strategic objectives |
Operation (including framework to assess performance) | Maximum opportunity | Changes since last Directors' Remuneration Policy |
|---|---|---|---|
| Executive Director shareholding requirement | |||
| To align the interests of Executive Directors with the interests of all of the Company's shareholders |
The Executive Directors are expected to build and retain a shareholding in the Group at least equivalent to 200% of base salary. Executives will be required to retain all vested deferred bonus shares and LTIP shares released from the holding period until they have attained the minimum shareholding requirement and even then they may normally only sell when they have held vested LTIP shares for a minimum period of two years. |
N/A | For any awards made following the 2021 AGM, the post employment shareholding |
| For the avoidance of doubt, Executive Directors are permitted to sell sufficient shares in order to meet any tax or withholding obligation arising from vesting shares. |
policy will require 200% of base salary to be held in the first year post employment, falling to 100% for the second year. |
||
| Retention of shares post-employment: Executives will be expected to retain the lower of their holding on cessation or 200% of salary for the first year following cessation, reducing to 100% of salary for the second year. Only shares granted from the conclusion of the 2021 AGM will count towards this requirement. |
For both the annual bonus and LTIPs, the objective of our Policy is to choose performance measures which help drive and reward the achievement of our strategy and which also provide alignment between executives and shareholders. The Committee reviews metrics annually to ensure they remain appropriate and reflect the future strategic direction of the Group.
Targets for each performance measure are set by the Committee with reference to internal plans and external expectations. Performance is generally measured so that incentive payouts increase pro rata for levels of performance in between the threshold and maximum performance targets.
With regard to the annual bonus, the Remuneration Committee believes that a simple and transparent scheme with sufficiently stretching targets and an element of bonus deferral prevents short-term decisions being made and ensures that the executives are focused on the delivery of sustainable business performance. For 2021/22, overall Adjusted operating profit and revenue growth by division have been selected as the principal financial measures, with non-financial measures selected that support the delivery of our key in-year strategic goals.
With regard to the LTIP, the Committee believes in setting demanding objectives, which reward steady, progressive growth, in order to incentivise and encourage long-term growth and enhance shareholder value. EPS, cash conversion and relative TSR have been chosen for the awards to be granted in 2021/22 as these meet these criteria and are aligned with our strategy.
Performance measures and targets are disclosed in the Annual Report on Remuneration. In cases where targets are commercially sensitive, for example annual profit targets for the annual bonus, they will normally be disclosed retrospectively in the year in which the bonus is paid.
The principles behind the Remuneration Policy for Executive Directors are cascaded down through the Group and their aims are to attract and retain the best staff and to focus their remuneration on the delivery of long-term sustainable growth by using a mix of salary, benefits, bonus and longer-term incentives.
As a result, no element of the Executive Director Remuneration Policy is operated exclusively for Executive Directors other than the post-employment shareholding policy:
The main difference between pay for Executive Directors and colleagues is that, for Executive Directors, the variable element of total remuneration is greater while the total remuneration opportunity is also higher to reflect the increased responsibility of the role. In addition, we have the ability to grant awards of restricted shares to Executive Committee members. This will enable us to be competitive in certain markets, most notably the USA, where such plans are very much part of any executive remuneration package.
Directors' remuneration policy continued
| Purpose and link to short and long-term strategic objectives |
Operation (including framework to assess performance) | Maximum opportunity | Changes since last Directors' Remuneration Policy |
|---|---|---|---|
| Fees | |||
| To attract, reward and retain experienced Non-Executive Directors |
Fees for the Non-Executive Directors are determined by the Board within the limits set by the Articles of Association and are based on information on fees paid in similar companies, taking into account the experience of the individuals and the relative time commitments involved. There will be separate disclosures of fees paid for chairing the Audit and Remuneration Committees and for acting as Senior Independent Director or for other additional responsibilities. Fees for the Non-Executive Directors are reviewed annually. Additional fees may be paid in certain circumstances such as taking on extra duties, or if exceptionally the time commitment is significantly increased. An expenses allowance is paid or alternatively any reasonable business related expenses (including tax thereon) can be reimbursed if determined to be a taxable benefit. |
Current fee levels are set out on page 110. The overall fee limit will be within the current £750,000 limit set out in the Company's Articles of Association, approved on 25 September 2019, which is subject to increase on 25 September each year by the same percentage increase as the percentage increase in the General Index of Retail Prices for all items (or such other comparable index as may be substituted for it from time to time before such anniversary) in the 12 months immediately preceding such date. |
The overall fee limit is now £750,000. Extra fees may be paid in certain circumstances such as taking on extra duties. |
The principle applied in the recruitment of a new Executive Director is for the remuneration package to be set in accordance with the terms of the approved Remuneration Policy for existing Executive Directors in force at the time of appointment. Further details of this Policy for each element of remuneration are set out below.
| Pay element | Approach | Areas of flexibility |
|---|---|---|
| Salary | Set to reflect the executive's skills and experience, the Company's intended pay positioning and the market rate for the applicable role. |
The Committee will have the discretion to allow phased salary increases over a period of time for newly appointed Directors, even though this may involve increases in excess of the rate for the wider workforce and inflation in circumstances where starting salary was below median levels. |
| Benefits and pension |
Benefits will be provided in line with those offered to other Executive Directors, taking account of local market practice, with relocation expenses or arrangements provided if necessary. |
Tax equalisation may also be considered if an Executive Director is adversely affected by taxation due to their employment with the Company. The Company may also pay legal fees and other costs incurred by the individual. These would all be disclosed. Pension would be set in line with the workforce level. |
| Incentive opportunity |
The aggregate ongoing incentive opportunity offered to new recruits will be no higher than that offered under the annual bonus plan and the LTIP to the existing Executive Directors. |
Different performance measures and targets may be set initially for the annual bonus plan, taking into account the responsibilities of the individual and the point in the financial year at which they join. |
| "Buyout" awards | Sign-on bonuses are not generally offered by the Group but, at Board level, the Committee may offer additional cash and/or share-based "buyout" awards when it considers these to be in the best interests of the Company and, therefore, shareholders, including awards made under Listing Rule 9.4.2R. Any such "buyout" payments would be based solely on remuneration lost when leaving the former employer and would reflect the delivery mechanism such as cash, shares, options, time horizons and performance requirements attaching to that remuneration. |
|
| Transitional arrangements for internal appointments to the Board |
In the case of an internal appointment, any variable pay element awarded in respect of the prior role may be allowed to pay out according to its terms on grant, adjusted as relevant to take into account the appointment. |
In addition, any other ongoing remuneration obligations existing prior to appointment may continue, provided that they are put to shareholders for approval at the first AGM following their appointment. |
The Committee's policy is to offer service contracts for Executive Directors with notice periods of between six and 12 months exercisable by either party. In addition, the Executive Directors are subject to a non-compete clause from the date of termination, where enforceable.
All Non-Executive Directors' appointments are terminable on at least three months' notice on either side.
The Executive Directors and Non-Executive Directors offer themselves for re-election at the AGM every year.
Payments on termination for Executive Directors are restricted to the value of salary and contractual benefits for the duration of the notice period. It is the policy of the Remuneration Committee to seek to mitigate termination payments and pay what is due and fair. There are no predetermined special provisions for Executive Directors with regard to compensation in the event of loss of office. The Company may also pay an amount considered to be reasonable by the Committee where loss of office is due to redundancy or in respect of fees for legal advice for the outgoing Director or to settle or compromise any legal claims. Assistance with outplacement may also be provided.
Elements of variable remuneration would be treated as follows:
| Pay element | Approach | Areas of flexibility | ||
|---|---|---|---|---|
| Annual bonus | Determined on a case-by-case basis. When the Committee determines that the payment of an annual bonus is appropriate, the annual bonus payment is typically: |
The Committee has the discretion to pay cash bonus amounts or allow deferred bonus awards to vest on cessation or whether they lapse. If the Committee |
||
| • Prorated for the period of time served from the start of the financial year to the date of termination and not for any period in lieu of notice or garden leave |
exercises this discretion, it can also determine if the vesting should be prorated to reflect time served since the beginning of the deferral date. The same discretionary principle would apply to the payment |
|||
| • Subject to the normal bonus targets, tested at the end of the year, and would take into account performance over the notice period |
of dividend equivalents on any shares that have been deferred, but not yet vested. |
|||
| • Subject to deferral of 35% of the value | ||||
| Long Term Incentive Plan |
Unvested awards will normally lapse upon cessation of employment. |
The Committee has discretion to allow awards to vest at the normal vesting date or earlier. If the Committee exercises this discretion, awards are normally prorated to reflect time served since the date of grant and based on the achievement of the performance criteria. The holding period detailed above will apply to such incentives. |
||
| All-colleague share schemes |
The Executive Directors, where eligible for participation in all-colleague share schemes, participate on the same basis as for other colleagues. |
None. |
The chart below details the hypothetical composition of each Executive Director's remuneration package and how it could vary at different levels of performance under the new Remuneration Policy set out above.
Directors' remuneration policy continued
Note that the charts are indicative, as actual amounts may depend on share price. Assumptions made for each scenario are as follows:
The Remuneration Committee does not consult directly with colleagues when determining the Remuneration Policy for Executive Directors. However, as stated above, the annual bonus and LTIP are operated for other colleagues to ensure alignment of objectives across the Group and the terms of the pension scheme (save for the contribution entitlements) are the same for all permanent colleagues. In addition, the Committee compares information on general pay levels and policies across the Group when setting Executive Director pay. Jennifer Duvalier undertakes regular colleague engagement sessions where colleagues are able to ask about Executive Director pay. During the year no questions or concerns on Executive pay were raised to Jennifer (please see page 80 for further information).
The Remuneration Committee considers shareholder feedback received on the Directors' Remuneration Report each year and guidance from shareholder representative bodies more generally. Shareholders' views are key inputs when shaping remuneration policy. When any material changes are proposed to the Remuneration Policy, the Remuneration Committee Chair will inform major shareholders in advance and will generally offer a meeting to discuss these.
The Committee operates the Group's variable incentive plans according to their respective rules and in accordance with HMRC rules where relevant. To ensure the efficient administration of these plans, the Committee will apply certain operational discretions. These discretions are implicit in the Policy stated above, but we have listed them for clarity. These include, but are not limited to, the following:
For the avoidance of doubt, in approving the Remuneration Policy, authority is given to the Company to honour any commitments entered into with current or former Directors before the current legislation on remuneration policies came into force or before an individual became a Director, such as the payment of outstanding incentive awards, even where it is not consistent with the policy prevailing at the time such commitment is fulfilled.
Details of any payments to former Directors will be set out in the Annual Report on Remuneration as they arise.
Executive Directors may accept one external non-executive directorship with the prior agreement of the Board, provided it does not conflict with the Group's interests and the time commitment does not impact upon the Executive Director's ability to perform their primary duty. The Executive Directors may retain the fee from external directorships.
This part of the report has been prepared in accordance with Part 3 of The Large and Medium-sized Companies and Groups (Accounts and Reports) (Amendment) Regulations 2013 as amended and 9.8.8R of the Listing Rules.
The following report will be subject to an advisory shareholder vote at the 2021 AGM, which is scheduled to be held on 4 November 2021. The information on pages 109 to 118 has been audited where indicated.
The Committee has decided to award a salary increase to the Chief Executive Officer of 3%, which is in line with the average increase for the workforce of 3.1%. As set out in the Annual Statement, the base salary of the Chief Financial Officer is significantly below the market level for comparable roles and a base salary increase of approximately 4.9% above the level of the workforce with effect from 1 June 2021.
The table below details the Executive Directors' salaries as at 31 May 2021 and salaries which took effect from 1 June 2021:
| Base salary at 31 May 2021 £000 |
Base salary at 1 June 2021 £000 |
% change | |
|---|---|---|---|
| Chief Executive Officer | 451 | 465 | 3% |
| Chief Financial Officer | 285 | 308 | 8% |
There will be no changes to benefits provision. Effective 1 December 2021, and conditional on the approval of the Directors' Remuneration Policy at the 2021 AGM, the CEO's and CFO's pension provision will reduce from 5% of base salary and 10% of base salary, respectively, to the level of the wider workforce, which is currently 4.5%. These contributions are cash payments in lieu of formal pension contributions.
The annual bonus maximum for the Chief Executive Officer and the Chief Financial Officer in 2021/22 will be 100% of salary with 75% based on the achievement of certain Adjusted operating profit and revenue targets and 25% based on the achievement of strategic targets as outlined on page 102.
A financial underpin will apply to the revenue and non-financial bonus targets.
To the extent they are no longer commercially sensitive, these targets will be disclosed in next year's report.
In addition, to ensure that this bonus opportunity results in shareholder alignment and provides greater retention value, 35% of any bonus payment will be deferred into nominal cost share options for two years.
The bonus, nominal cost share options and associated dividend equivalents are also subject to malus and clawback provisions.
Subject to approval of the new Remuneration Policy it is intended that awards with a maximum value of 175% and 150% of base salary to the CEO and CFO respectively will be made under the LTIP shortly following the 2021 AGM.
These will be subject to a two year post-vesting holding period for the Executive Directors. As well as the holding period, the executives have to achieve a shareholding requirement of 200% of salary (post shares sold to cover any tax) before they can sell any shares that vest, with these awards also counting towards the post-employment shareholding requirement. The awards are also subject to malus and clawback provisions.
The vesting of these LTIP awards will be based on earnings per share (60%), a cash flow metric (30%) and a relative total shareholder return metric (10%). 15% of each element will vest at the threshold performance level, rising to 100% vesting at maximum. The proposed targets are as follows:
| Metric | Weight | Threshold (15% vests) | Maximum (100% vests) |
|---|---|---|---|
| Earnings per share growth | 60% | 9% p.a. | 22.5% or higher |
| Average cash conversion | 30% | 70% | 80% or higher |
| Relative TSR vs FTSE 250 (excluding investment trusts) |
10% | Median | Upper quartile or above |
For performance between threshold and maximum, awards vest on a straight-line basis.
The Committee believes that these three measures are transparent, easy to understand, easy to track and communicate, cost effective to measure and fundamentally aligned to the Group's strategic goals.
In line with the current Policy, Non-Executive Director fees are reviewed annually.
| As at | As at | |
|---|---|---|
| 1 June | 1 June | |
| 2021 | 2020 | |
| Annualised fees (inclusive of travel allowance of £8,200 for the Chair and £4,750 for other Non-Executive Directors which was waived in 2020/21) | £000 | £000 |
| Chris Stone | 158 | 147 |
| Chris Batterham | 75 | 64 |
| Jonathan Brooks | 65 | 58 |
| Mike Ettling | 55 | 51 |
| Jennifer Duvalier | 60 | 51 |
This section sets out how the Remuneration Policy was implemented in 2020/21. The key implementation decisions during the year related to:
Further detail on these decisions, together with other information on payments made to Directors, is set out in the following sections.
The detailed emoluments received by the Executive and Non-Executive Directors for the year ended 31 May 2021 are below:
| Director | Year ended | Salary/ Non-Executive Director fees 1 £000 |
Benefits 2 £000 |
Pension benefits 3 £000 |
Total fixed pay £000 |
Annual bonus 4 £000 |
Long-term incentive 5 £000 |
Total variable pay £000 |
Total £000 |
|---|---|---|---|---|---|---|---|---|---|
| Chris Stone | 31 May 2021 | 138 | – | – | 138 | – | – | – | 138 |
| 31 May 2020 | 145 | – | – | 145 | – | – | – | 145 | |
| Adam Palser | 31 May 2021 | 450 | 16 | 22 | 488 | 414 | 218 | 632 | 1,120 |
| 31 May 2020 | 447 | 16 | 22 | 485 | 103 | 273 | 376 | 861 | |
| Tim Kowalski 6 | 31 May 2021 | 284 | 31 | 28 | 343 | 247 | 137 | 384 | 727 |
| 31 May 2020 | 282 | 17 | 28 | 327 | 56 | – | 56 | 383 | |
| Chris Batterham | 31 May 2021 | 59 | – | – | 59 | – | – | – | 59 |
| 31 May 2020 | 63 | – | – | 63 | – | – | – | 63 | |
| Jonathan Brooks | 31 May 2021 | 53 | – | – | 53 | – | – | – | 53 |
| 31 May 2020 | 57 | – | – | 57 | – | – | – | 57 | |
| Jennifer Duvalier 7 | 31 May 2021 | 51 | – | – | 51 | – | – | – | 51 |
| 31 May 2020 | 50 | – | – | 50 | – | – | – | 50 | |
| Mike Ettling | 31 May 2021 | 46 | – | – | 46 | – | – | – | 46 |
| 31 May 2020 | 50 | – | – | 50 | – | – | – | 50 | |
| Total | 31 May 2021 | 1,081 | 47 | 50 | 1,178 | 661 | 355 | 1,016 | 2,194 |
| 31 May 2020 | 1,094 | 33 | 50 | 1,177 | 159 | 273 | 313 | 1,609 |
1 The Chair and Non-Executive Directors each receive an allowance paid as part of their base fees of £8,200 and £4,750 respectively, to cover all travel and expenses related to their roles on the Board. In light of Covid-19 and the fact that Board meetings were being held virtually, these allowances were not paid between 1 June 2020 and 31 May 2021.
2 Taxable benefits include the provision to every Executive Director of a car or car allowance, payment of private fuel, car insurance, private medical insurance, life assurance and permanent health insurance. In 2020/21, Tim Kowalski switched from receiving a car allowance to a leased vehicle at no additional cost to the Group. The P11D value of the leased
vehicle is higher than the monthly cash value of the car allowance which he forfeited. 3 Pension benefits include employer contributions to the Group pension scheme and payments in lieu of pension contributions. The Company provided pension payments in lieu of pension contributions for two Executive Directors during the year ended 31 May 2021.
4 Annual bonus payments for performance in the relevant financial year; 35% of this bonus is deferred into nominal cost share options for two years. Dividend equivalents accrue on these shares.
5 Long-term incentive awards vesting under the LTIP. 78,914 shares vested to Adam Palser and 49,773 shares vested to Tim Kowalski with respect to the LTIP granted in 2018 which had a performance period ending on 31 May 2021. These have been valued using a share price of £2.76 which is the three month average share price over March, April and May 2021. These shares were awarded based on a share price of £2.21 on the day before the date of grant. As a result, the change in share price since the date of grant has resulted in an increase in value of £43,402.70 and £27,375.15 respectively. With regard to the LTIP awards with a performance period ending on 31 May 2020, 93,533 shares vested to Adam Palser which have been valued using the share price at the date of vesting of £2.92.
6 Tim Kowalski was appointed as Chief Financial Officer on 23 July 2018.
7 Jennifer Duvalier's fee was increased by £5,000 with effect from 1 June 2020 to reflect her additional responsibilities for engaging with colleagues on behalf of the Board.
For the year ended 31 May 2021, the maximum potential bonus opportunity for Adam Palser was 100% of salary. For Tim Kowalski, the maximum potential bonus opportunity was also 100% of salary. For the year ended 31 May 2021, bonuses of 92% and 87% of base salary respectively were payable.
The actual bonus awarded to Adam Palser was £413,876 and to Tim Kowalski was £247,071 based on the achievement of the performance conditions set out below. 35% of each payment will be deferred into nominal cost share options for two years, with the remaining 65% paid in cash. The performance measures and targets are set out below.
| Performance targets | Adam Palser | Tim Kowalski | |||
|---|---|---|---|---|---|
| 30 November 2020 | Threshold | £11.5m | Weighting (% of salary) | 6% | 6% |
| Adjusted operating profit less a proforma |
Maximum | £12.5m | Weighting (% of salary) | 30% | 30% |
| amortisation charge in respect of certain cloud-based software arrangements * |
Actual | £17.0m | Payout (% of salary) | 30% | 30% |
| 31 May 2021 | Threshold | £16.0m | Weighting (% of salary) | 6% | 6% |
| Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements * |
Maximum | £19.0m | Weighting (% of salary) | 30% | 30% |
| Actual | £19.2m | Payout (% of salary) | 30% | 30% | |
| Strategic targets | The strategic targets were set individually | Weighting (% of salary) | 40% | 40% | |
| of responsibility – see below | for the Executive Directors based on key strategic objectives for the year in their area |
Payout (% of salary) | 32% | 27% | |
| Payout (% of salary) | 92% | 87% | |||
| Total bonus | £413,876 | £247,071 | |||
| Amount paid in cash | £269,019 | £160,596 | |||
| Amount deferred in shares | £144,857 | £86,475 |
* The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted operating profit previously reported. See Strategic Report for further details and a reconciliation between Adjusted operating profit of £39.2m and Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements of £36.2m.
The table below highlights the key strategic targets and achievements for each Executive Director. Bonus target ranges have been disclosed to the extent possible, but the achievement of some areas is determined by the Committee based on its judgement of performance.
| 31 May 2021 | |||
|---|---|---|---|
| Maximum % of bonus Target and performance conditions | Adam Palser | Tim Kowalski | |
| 20% | Broaden the portfolio (20%) | ||
| 5% | EaaS orders (5%) – Target range of £1.5m to £2.0m. Exceeded max target by +10%. | 5% | 5% |
| 5% | Remediation revenue (5%) – Target range of £1.0m to £1.5m. Exceeded max target by +40%. | 5% | 5% |
| 5% | MDR revenue growth (5%) – Target range of 15% to 20% growth. Positive double-digit growth was achieved but below the target range. |
0% | 0% |
| 2% | Hyperscaler (2%) – Target to certify 43 new consultants and deploy them successfully. Target was exceeded with more than 43 consultants certified and deployment resulting in launch of Sentinel offering, sales growth, and strong pipeline. |
2% | 2% |
| 3% | Data (3%) – Target of progress towards (1) being able to benchmark clients' cyber maturity and underpin FY22 revenues and (2) improved data analytics and machine learning to satisfy our more demanding MDR clients and underpin future revenue growth. Both objectives were met and exceeded as models have been developed and even deployed to meet both objectives. |
3% | 3% |
| 15% | 15% | ||
| Sustainability (10%) | |||
| 3% | Diversity (3%) – Evidence of a comprehensive programme to nurture and promote diversity and inclusion including: effective steering committees, improved hiring practices, rollout of unconscious bias training and awareness raising/engagement programme. Target achieved and exceeded as all objectives achieved and demonstrating success. |
3% | 3% |
| 2% | Diversity (2%) – Evidence of greater diversity and inclusion in the workforce, especially in leadership roles. Target achieved and exceeded by improving hiring practices which has resulted in the number of men employed for every woman reducing by over 50% at senior levels and by 11% overall. |
2% | 2% |
| 3% (CEO) | Reduce attrition (3%) – Target range for a reduction of 1% to 2%. Performance below threshold. | 0% | – |
| 2% (CEO) | Clear measurement of colleague and customer engagement (2%) – achieved. | 2% | – |
| 5% (CFO) | Key hires (5%) – Progress against recruitment/upgrade plan measured through: assessment of number and quality of hires, team progress against development plans, and how these changes have improved reporting deliverables. Partial achievement and progress made. |
– | 2% |
| 7% | 7% | ||
| Improvement and efficiencies (10%) | |||
| 3% | Overheads as % revenue (3%) – Target to reduce overheads/revenue vs. prior year – achieved and exceeded. |
3% | 3% |
| 2% (CEO) | Creation of an EU division (2%) – Evidence of the successful creation of a single (Continental) European division. Achieved – new MD in place and management team confirmed. |
2% | – |
| 3% (CEO) | Global resourcing (3%) – 3% awarded if there is >20% increase in cross-border delivery (demonstrating our global way of operating). Achieved and exceed with an increase of over 100%. |
3% | – |
| 2% (CEO) | Creation of "Global Professional Services" and "Global Managed Services" business to underpin future growth and efficiency (2%). Set-up of global product lines with strategic business plans in place and initial progression tracked against these. Achieved. |
2% | – |
| 7% (CFO) | Finance function (7%) – Evidence of team improvements and efficiencies including: systems installation to time/quality/risk targets, assessment, design, and delivery of new reporting requirements for Europe and GPS/GMS, improvement in timings/accuracy/quality of month end and end of year reporting and quality of analyst presentations. Evidence of progress in all areas and improvement in quality of analyst presentations, but too early to judge the success of all actions taken. As a result, a partial outcome was awarded. |
– | 2% |
| 10% | 5% | ||
| Total | 32% | 27% |
The LTIP awards made in August 2018 vested in May 2021. Adam Palser and Tim Kowalski were beneficiaries of these and achieved a vesting of 40% of the award of 197,285 and 124,434 shares respectively, being 78,914 and 49,773 shares respectively:
| Executive | Number of LTIP awards 1 |
Basis | Performance condition | Performance period |
|---|---|---|---|---|
| Adam Palser Tim Kowalski |
197,285 124,434 |
100% of base salary |
Vesting determined by: • Growth in Adjusted EPS 3 over the performance period • Average cash conversion ratio ³ over the performance period • TSR over the performance period vs FTSE 250 comparator group |
1 June 2018 to 31 May 2021 |
The performance conditions for these awards are set out below:
| Proportion | Component | Metric | Threshold | Maximum vesting |
Actual performance |
Actual % vested |
Vesting basis |
|---|---|---|---|---|---|---|---|
| 60% | Adjusted EPS 3 |
Average growth over a three year period |
9% | 20% | 8.2% | 0% | Straight line between threshold and maximum |
| 30% | Cash conversion 3 |
Average cash conversion ratio ³ over three years |
70% | 80% | 109.3% | 30% | Straight line between threshold and target, then target and maximum |
| 10% | TSR | TSR over three years vs FTSE 250 comparator group (excluding investment trusts) |
Median | Upper quartile |
Above upper quartile |
10% | Straight line between threshold and maximum |
During the financial year, the Executive Directors were granted awards subject to the performance conditions set out below. The awards were as follows:
| Executive | Number of LTIP awards 1 |
Basis | Face value 2 | Performance condition | Performance period | |
|---|---|---|---|---|---|---|
| Adam Palser | 151,876 | 100% of base | £447,000 | Vesting determined by: | 1 June 2020 | |
| salary | • Growth in Adjusted EPS³ over the performance period |
to 31 May 2023 | ||||
| • Average cash conversion ratio ³ over the performance period |
||||||
| • TSR over the performance period vs FTSE 250 comparator group |
||||||
| Tim Kowalski | 95,875 | 100% of base salary |
£282,000 | As above | 1 June 2020 to 31 May 2023 |
|
| The performance conditions for these awards are set out below: | ||||||
| Threshold | Target | Maximum |
| Proportion | Component | Metric | Threshold | vesting | Target | vesting | Maximum | vesting | Vesting basis |
|---|---|---|---|---|---|---|---|---|---|
| 60% | Adjusted EPS 3 |
Average growth over a three year period |
9% | 20% | N/A | N/A | 20% | 100% | Straight line between threshold and maximum |
| 30% | Cash conversion ³ |
Average cash conversion ratio ³ over three years |
70% | 20% | 75% | 50% | 80% | 100% | Straight line between threshold and target, then target and maximum |
| 10% | TSR | TSR over three years vs FTSE 250 comparator group (excluding investment trusts) |
Median | 20% | N/A | N/A | Upper quartile |
100% | Straight line between threshold and maximum |
1 LTIP awards are structured as nominal cost options.
3 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
2 Based on a share price of £2.94, which was the closing mid-market price of the Company's shares on the day before the date of grant.
The Group operates an HMRC-approved SAYE scheme. All eligible colleagues, including Executive Directors, may be invited to participate on similar terms for a fixed period of three years. During the year Adam Palser and Tim Kowalski did not join any new SAYE schemes.
Neither Executive Director participated in the 2020 or 2021 SAYE schemes as both contribute the maximum £500 per month to the 2018 SAYE scheme.
The tables below set out details of the Executive Directors' outstanding share awards, which will vest in future years subject to performance conditions and/or continued service.
| Total LTIP options held at 31 May 2020 1 |
Granted during the period |
Exercised during the period |
Share price on date of exercise |
Lapsed during the period |
Total LTIP options held at 31 May 2021 1 |
|
|---|---|---|---|---|---|---|
| Adam Palser | 536,156 | 151,876 | 93,533 | £2.92 2 | (118,371) | 476,128 |
| Tim Kowalski | 279,310 | 95,875 | – | – | (74,655) | 300,530 |
1 Includes only unvested and unexercised LTIP options.
2 £2.92 was the sale price.
All awards granted under the LTIP are subject to continued employment and the satisfaction of the performance conditions as set out above. The awards were all nominal cost options.
The beneficial and non-beneficial interests of the current Directors in the share capital of NCC Group plc at 31 May 2021 are set out below:
| Beneficial interests in ordinary shares 1 |
Maximum share awards subject to performance conditions 2 |
Share options 3 | Deferred Bonus Plan 4 | nil-cost options | Vested but unexercised | Total | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 31 May 2021 |
31 May 2020 |
31 May 2021 |
31 May 2020 |
31 May 2021 |
31 May 2020 |
31 May 2021 |
31 May 2020 |
31 May 2021 |
31 May 2020 |
31 May 2021 |
31 May 2020 |
|
| Chris Stone |
162,843 | 124,382 | – | – | – | – | – | – | – | – | 162,843 | 124,382 |
| Adam Palser |
94,502 | 23,779 | 397,214 | 442,623 | 10,273 | 10,273 | 53,458 | 52,225 | 78,914 | 93,533 | 634,361 | 622,433 |
| Tim Kowalski |
48,964 | 23,614 | 250,751 | 279,310 | 10,273 | 10,273 | 27,173 | 20,462 | 49,773 | – | 386,934 | 333,659 |
| Chris Batterham |
55,000 | 50,000 | – | – | – | – | – | – | – | – | 55,000 | 50,000 |
| Jonathan Brooks |
50,000 | 50,000 | – | – | – | – | – | – | – | – | 50,000 | 50,000 |
| Jennifer Duvalier |
19,115 | 9,500 | – | – | – | – | – | – | – | – | 19,115 | 9,500 |
| Mike Ettling |
50,000 | 50,000 | – | – | – | – | – | – | – | – | 50,000 | 50,000 |
1 This information includes holdings of any connected persons.
2 These awards represent the outstanding LTIP interests, included in the table above, which are due to vest in either July/August 2022 or July/August 2023.
3 Representative SAYE scheme interests, which are due to vest in October 2021.
4 Nominal cost share options granted under the 2018–20, 2019–21 and 2020–22 Deferred Bonus Plans on 23 August 2018, 4 September 2019 and 20 May 2021, subject to a service condition, tax and National Insurance.
The Executive Directors are expected to build and retain a shareholding in the Group equivalent to at least 200% of base salary. Executives will normally be required to retain all vested deferred bonus shares and LTIP shares released from the holding period, until they have attained the minimum shareholding requirement and, even then, only when they have held vested LTIP shares for a minimum period of two years. Executive Directors will also be required to retain all shares vesting from SAYE schemes. For the avoidance of doubt, Executive Directors are permitted to sell sufficient shares in order to meet any tax obligation arising from vesting shares.
The percentages within this table have been calculated using a three month average share price (1 March 2021 to 31 May 2021) of £2.76 and include Adam Palser's and Tim Kowalski's vested 2018–2021 LTIP of 78,914 and 49,773 shares respectively on a net of tax and National Insurance basis, and all unvested deferred bonus plans on a net of tax and National Insurance basis.
| Shareholding | ||
|---|---|---|
| Shareholding requirements (% of salary) |
as at 31 May 2021 (% of salary) |
Requirement met |
| Adam Palser 200% |
101% | No |
| Tim Kowalski 200% |
87% | No |
No new Directors were appointed within the year.
The following table sets out the percentage change in distributions to shareholders and colleague remuneration costs.
| 31 May 2021 £m |
31 May 2020 £m |
% change | |
|---|---|---|---|
| Colleague remuneration costs 1 | 174.3 | 170.1 | 2.5% |
| Dividends 2 | 13.0 | 12.9 | 0.8% |
1 Based on the figure shown in Note 7 to the Consolidated Financial Statements.
2 Based on the total cash returned to shareholders in the year ended 31 May 2021 through dividends, as shown in Note 10 to the Consolidated Financial Statements (excluding the proposed 2021 final dividend).
The table below shows the movement in the salary or fees, benefits and annual bonus for each Director between the current and previous financial year compared to the equivalent changes for all colleagues of the Company.
The comparator group for salaries and benefits is all colleagues in the UK – there were no benefit policy changes in this time.
The comparator group for the bonus is those in the senior management population who also have an annual scheme and excludes those on commission and incentive plans.
| Director | % increase in salary |
% increase in benefits |
% increase in annual bonus |
|---|---|---|---|
| Chris Stone 1 | – | – | – |
| Adam Palser 2 | 1% | – | 303% |
| Tim Kowalski 2 | 1% | – | 341% |
| Chris Batterham 1 | – | – | – |
| Jonathan Brooks 1 | – | – | – |
| Jennifer Duvalier 1 | – | – | – |
| Mike Ettling 1 | – | – | – |
| All colleagues | 3.1% | – | 173% |
1 Pay decreased for the Chair and Non-Executives during the year as they were not paid the travel allowance.
2 These increases represent the change in bonus payment from 2019/20 to 2020/21. For Adam Palser, this was an increase from £103,000 to £414,000 (i.e. from 23% of maximum to 92% of maximum). For Tim Kowalski, this was an increase from £56,000 to £247,000 (i.e. from 20% of maximum to 87% of maximum).
Annual report on remuneration continued
The following table shows the ratio between the single total figure of remuneration (STFR) of the Chief Executive for 2020/21 and the lower quartile, median and upper quartile pay of our UK colleagues. The salary and total pay and benefits for the lower quartile, median and upper quartile colleagues are also shown.
| Financial year | Method | 25th percentile pay ratio |
50th percentile pay ratio |
75th percentile pay ratio |
|---|---|---|---|---|
| 2019/20 | Option B | 18:1 | 12:1 | 8:1 |
| 2020/21 | Option B | 27:1 | 18:1 | 11:1 |
| CEO 25th percentile 50th percentile 75th percentile | ||||
| Salary (£000) | 450 | 38 | 55 | 84 |
| Total pay and benefits (£000) | 1,120 | 41 | 61 | 99 |
Option B was chosen to calculate the CEO pay ratio. This option uses the most recent gender pay gap information to determine the relevant colleague at the 25th, 50th and 75th percentile. We have omitted joiners and leavers from the data to ensure that the data is on a like-forlike basis. This option was chosen in preference to the other possibilities as it uses the most accurate and comprehensive data currently available. It refers to gender pay data as at April 2020.
The CEO pay ratio has increased compared to the prior year. This increase is not attributable to a change in remuneration for the CEO, pay and benefits for colleagues as a whole, or a change in the composition of our workforce. Instead, the change in CEO pay ratio is attributable to the increase in share price over the financial year and the strong financial performance which increased payments from our variable incentive plans. As CEO pay places greater weight on "at risk" variable remuneration, Company performance has a greater impact on CEO pay than on pay for the median colleague, which leads to greater year-on-year variations.
The pay ratio is consistent with the pay, reward and progression policies currently in place at NCC. A common pay structure operates throughout our organisation in the United Kingdom with a greater focus on performance related pay for more senior levels.
The following graph shows the total shareholder return, with dividends reinvested, from 31 May 2011 against the corresponding changes in a hypothetical holding in shares in both the FTSE All Share and FTSE 250 Indices.
The FTSE All Share and FTSE 250 Indices represent broad equity indices. The Company is a constituent member of the FTSE All Share Index and the Committee has adopted the FTSE 250 Index for part of its LTIP performance measure. Both indices give a market capitalisation-based perspective.
During the year, the Company's share price varied between £1.492 and £3.075 and ended the financial year at £2.96.
Ten year historical TSR performance is the growth in the value of a hypothetical £100 holding over ten years. It has been calculated for NCC Group plc, and the FTSE All Share and FTSE 250 Indices (excluding investment trusts) based on spot values.
The share price was £1.586 on 1 June 2020 and £2.96 on 31 May 2021.
| 31 May 2018 1 | 292 1 | 32.5 | – | |
|---|---|---|---|---|
| 31 May 2018 2 | 257 2 | 32.5 | – | |
| 31 May 2017 | 610 | – | – | |
| 31 May 2016 | 1,091 | 70 | 20 | |
| 31 May 2015 | 993 | 73 | 15 | |
| 31 May 2014 | 1,089 | 73 | 50 | Go |
| 31 May 2013 | 1,118 | – 6 | 63 | ver |
| 31 May 2012 | 1,074 | 85 | 70 | nan ce |
| 31 May 2011 | 1,222 | 67 | 54 | |
Total remuneration £000
Annual bonus % of maximum 4
Long-term incentives % of maximum 5
The table below shows the total remuneration for the Chief Executive over the same ten year period, including share awards valued at the date they vested.
31 May 2021 1,120 92 40 31 May 2020 861 23 52 31 May 2019 679 48 –
1 Adam Palser was appointed on 1 December 2017. The total remuneration figure above is in respect of the period from 1 December 2017 to 31 May 2018.
2 During the year ended 31 May 2018, Brian Tenner acted as Interim Chief Executive Officer for the period 1 June 2017 to 30 November 2017. The total remuneration figure above is the total remuneration received in relation to that six month period.
3 Relates to the former CEO in the period above between 1 June 2010 and 31 May 2017.
4 Note that this shows the annual bonus payments as a percentage of the maximum opportunity.
5 This shows the LTIP vesting level as a percentage of the maximum opportunity. 6 In 2012/13 the former CEO waived his right to a bonus, which would have been equal to 32% of salary. This was equivalent to 50% of the maximum bonus opportunity.
Year ended 1, 2, 3
The Remuneration Committee membership consists solely of Non-Executive Directors and comprises Jonathan Brooks as Chair, Chris Batterham and Jennifer Duvalier.
The Company Chair, Chief Executive Officer, Chief Financial Officer, Chief People Officer and Company Secretary attend the Remuneration Committee by invitation of the Chair of the Committee from time to time and assist the Committee with its considerations. No Director is involved in setting their personal remuneration.
The attendance of individual Committee members at Remuneration Committee meetings is shown in the table below:
| Attendee | Meetings attended |
|---|---|
| Jonathan Brooks 1 | |
| Chris Batterham | |
| Jennifer Duvalier |
1 Jonathan Brooks missed the July 2020 Committee meeting as he was taken ill on the day of the Committee meeting. Jennifer Duvalier chaired the July 2020 meeting.
During the year, the Committee received advice on senior executive remuneration from Alvarez and Marsal (A&M) and was comfortable that the advice was objective and independent. A&M is a member of the Remuneration Consultants Group and is a signatory to its Code of Conduct. The total fee charged in 2020/21 for providing advice in relation to executive remuneration was £59,100. A&M did not provide any other services to the Company during the year.
The Committee reviews the performance and independence of its adviser on an annual basis.
The service contracts and letters of appointment of the current Directors include the following terms:
| Date of contract | Notice period | |
|---|---|---|
| Executive | ||
| Adam Palser | 29 November 2017 | 12 months |
| Tim Kowalski | 16 July 2018 | 6 months |
| Non-Executive | ||
| Chris Stone | 31 March 2017 | 3 months |
| Chris Batterham | 9 April 2015 | 3 months |
| Jonathan Brooks | 13 March 2017 | 3 months |
| Jennifer Duvalier | 25 April 2018 | 3 months |
| Mike Ettling | 21 September 2017 | 3 months |
The LTIP has a dilution limit, for new and treasury shares, of 10% of the issued ordinary share capital of the Company in any ten year period for any share option scheme operated by the Company. As at 31 May 2021 the Company had utilised 15,956,413 (31 May 2020: 15,250,101) ordinary shares through LTIP, DABS, SAYE, CSOP, ISO, RSP and ESPP awards counting towards the 10% limit which represents 5.17% (2020: 5.47%) of the issued ordinary share capital of the Company. To clarify, this figure of 5.17% includes both discretionary and all-colleague share schemes.
The following votes were received from the shareholders in respect of the Directors' Remuneration Report and in respect of the Remuneration Policy:
| Remuneration Report (2020 AGM) |
Remuneration Policy (2020 AGM) |
|||
|---|---|---|---|---|
| Total number of votes | % of votes cast |
Total number of votes | % of votes cast |
|
| For 1 | 102,161,835 | 51.53 | 163,090,941 | 81.44 |
| Against | 96,087,573 | 48.47 | 37,158,392 | 18.56 |
| Total votes cast (for and against excluding withheld votes) |
198,249,408 | 200,249,333 | ||
| Votes withheld 2 | 12,904,409 | 10,904,484 | ||
| Total votes cast (including withheld votes) | 211,153,817 | 211,153,817 |
1 Includes Chair's discretionary votes.
2 A vote withheld is not a vote in law and is not counted in the calculation of the proportion of votes cast "for" and "against" a resolution.
Approved by the Board and signed on its behalf:
Jonathan Brooks Chair, Remuneration Committee 14 September 2021
The Directors present their report and the Group and Company Financial Statements of NCC Group plc (the 'Company') and its subsidiaries (together the 'Group') for the financial year ended 31 May 2021.
The Company is a public limited company incorporated in England, registered number 4627044, with its registered office at XYZ Building, 2 Hardman Boulevard, Spinningfields M3 3AQ.
The principal activity of the Group is the provision of independent advice and services to customers through the provision of Software Resilience and cyber assurance services. The principal activity of the Company is that of a holding company.
The Directors have acknowledged guidance published in relation to going concern assessments.
The Group's business activities, together with the factors likely to affect its future development, performance and position, are set out in the Business Review and Financial Review. The Group's financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending September 2022 which indicate that, taking account of severe but plausible downsides and the anticipated impact of Covid-19 on the operations of the Group and its financial resources, the Group and Company will have sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving credit facility which matures in June 2024. The Group is required to comply with financial covenants for leverage (net debt to Adjusted EBITDA 1) and interest cover (Adjusted EBITDA 1 to interest charge) which are tested bi-annually at 31 May and 30 November each year. As at 31 May 2021, the Group had drawn down £33.8m for working capital requirements.
Subsequent to the year end and shareholder approval on 1 June, the Group acquired on 7 June the IPM business for \$220m; the US acquisition was funded through an equity placing in May of £70.2m (net proceeds) combined with a new three year \$70m term loan, existing cash balances and our existing revolving credit facility. The impact of the acquisition on the Group's financial performance, covenants and business model has therefore been considered within this going concern assessment. As at 2 June 2021, following the acquisition of the IPM business, the Group had drawn down £75.5m of its revolving credit facility and was due to incur further transaction costs of £6.4m. As at 31 August 2021, cash, net debt (excluding lease liabilities) 1 and headroom amounted to £43.6m, £74.7m and £80.5m respectively.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer's Review and the Glossary of terms on pages 187 and 188.
Although the Group has demonstrated resilience to the challenging environment resulting from Covid-19, the Directors acknowledge that the financial performance of the Group has been adversely impacted to a certain degree since the commencement of the pandemic, and for this reason the base case forecast for 2021 reflects this assessment. The continuing macro-economic risks and potential changes in government policies (on the severity of enforced lockdowns worldwide) could have a continued effect on the Group's performance. However, trading throughout the pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible scenarios as follows:
These scenarios have been modelled individually and also in combination in order to assess the Group's ability to withstand multiple challenges, although the Directors do not believe a scenario combining all these risks to be plausible. The impact of these sensitivities has been reviewed against the Group's projected cash flow position, available bank facilities and compliance with financial covenants. In the instance that a combination of the above scenarios arise, mitigating actions would be required to ensure that the Group remains liquid and financially viable, which might include a reduction of planned capital expenditure, freezing pay and recruitment and not paying a dividend to shareholders. All of the mitigating actions are within the Directors' control. These forecasts, including the severe but plausible downsides, show that the Group is able to operate within its available banking facilities, with no forecasted covenant breaches, and that the Group will have sufficient funds to meet its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. Having reviewed the current trading performance, forecasts, other Group trading entities' financial support, debt servicing requirements, total facilities and risks, the Directors are confident that the Company and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the date of approval of these Financial Statements. Accordingly, they continue to adopt the going concern basis of accounting in preparing the Group's Financial Statements for the year ended 31 May 2021.
The Group's and Company's audited Financial Statements for the financial year ended 31 May 2021 are set out on pages 133 to 186.
The Directors propose a final dividend of 3.15p per ordinary share, which, together with the interim dividend of 1.5p per ordinary share paid on 5 March 2021, makes a total dividend of 4.65p for the year.
The final dividend will be paid on 12 November 2021, subject to approval at the AGM on 4 November 2021, to shareholders on the register at the close of business on 15 October 2021. The ex-dividend date is 14 October 2021.
On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially all of the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain exclusively related to the IPM business. Details of assets acquired that are subject to provisional fair value adjustments will be reported for the year ending 31 May 2022. The acquisition for a total consideration of \$220m was funded through an equity gross placing of £72.6m (see Note 27) on 17 May 2021 combined with a new three year \$70m term loan, existing cash balances and our revolving credit facility. The term loan was entered into on 12 May 2021 but not drawn down until 2 June 2021. See further details within Note 34 to the consolidated Financial Statements.
At the AGM held on 20 October 2020, the Directors were granted authority to allot up to 93,021,700 ordinary shares representing approximately a third of the Company's issued share capital. In addition, the Directors were granted authority to allot a further 93,021,700 ordinary shares, again representing approximately a third of the Company's issued share capital, solely to be used in connection with a pre-emptive rights issue.
As at 31 May 2021, the Company's issued ordinary share capital comprised 308,956,045 ordinary shares with a nominal value of 1p each, of which no ordinary shares were held in treasury.
During the year ended 31 May 2021, 2,140,474 shares in the Company were issued further to the exercise of options pursuant to the Company's share option schemes.
The holders of ordinary shares are entitled, among other rights, to receive the Company's Annual Reports and Accounts, to attend and speak at general meetings of the Company, to appoint proxies and to exercise voting rights.
Details of the movements of the called up share capital of the Company are set out in Note 27 to the Financial Statements and the information in this Note is incorporated by reference and forms part of this Directors' Report.
All rights and obligations attaching to the Company's ordinary shares are set out in the Company's Articles of Association (the 'Articles'), copies of which can be obtained from the Companies House website or by writing to the Company Secretary. Unless otherwise provided in the Articles, the terms of issue of any shares, any restrictions from time to time imposed by laws or regulations (for example insider trading laws) or pursuant to the UK Market Abuse Regulations whereby certain Directors, officers and colleagues of the Group require the approval of the Company to deal in ordinary shares of the Company, any shareholder may transfer any or all of their shares.
The Company is not aware of any agreements between shareholders that may result in restrictions on the transfer of securities and/or voting rights.
The Directors may refuse to register a transfer of shares in certificated form that are not fully paid up or otherwise in accordance with the Articles.
At the AGM held on 20 October 2020, shareholders authorised the Company to make market purchases of up to 27,906,500 ordinary shares representing approximately 10% of the issued share capital. This authority was not used during the financial year ended 31 May 2021. At the 2021 AGM, shareholders will be asked to give a similar authority.
The Company does not currently hold any ordinary shares in treasury.
Biographical details of the Company's current Directors are set out on pages 74 and 75. Subject to law and the Company's Articles of Association, the Directors may exercise all of the powers of the Company and may delegate their power and discretion to Committees.
The Company's Articles of Association give the Directors power to appoint and replace Directors. Under the terms of reference of the Nomination Committee, any appointment to the Board of the Company must be recommended by the Nomination Committee for approval by the Board. The Articles of Association also require one-third of the Directors to retire by rotation each year end and each Director must offer themself for re-election at least every three years. However, in accordance with previous years and in accordance with best practice, all Directors will submit themselves for re-election at the AGM each year. During the year, no Director had any material interest in any contract of significance in the Group's business.
The Company maintains Directors' and Officers' liability insurance, which provides appropriate cover for any legal action brought against its Directors (including those who served as Directors or Officers during 2020/21). This cover was in place throughout the financial year ended 31 May 2021 and up to the date of this Directors' Report. The Directors of the Company have also entered into individual deeds of indemnity with the Company which constitute as qualifying third party indemnity provisions for the purposes of section 234 of the Companies Act 2006.
The deeds were in effect during the course of the financial year ended 31 May 2021 for the benefit of the Directors and, at the date of this report, are in force for the benefit of the Directors in relation to certain losses and liabilities which they may incur (or have incurred) in connection with their duties, powers or office.
The Group uses a number of ways to engage with its colleagues on matters that impact them and the performance of the Group. These include briefings by members of the Executive Committee, regular team meetings, the Group's intranet site, global communications and update emails which together provide, among other information, an awareness of the financial and economic factors affecting the Company's performance. Further information on how the Directors engage with colleagues along with how colleague interests are taken into account during decision making can be found within the Corporate Governance Report on page 80.
We conduct a colleague engagement survey to ensure all colleagues are given a voice in the organisation. In 2018, using insights from our survey and subsequent colleague engagement, we defined new values for the organisation. Details of these values are set out in the Sustainability Report on page 60.
We offer colleagues the opportunity to purchase ordinary shares in the Company through participation in the Company's Save As You Earn Scheme. At the 2019 AGM, shareholders also approved a Share Incentive Plan. Both schemes help to encourage colleague interest in the performance of the Group.
The Group is committed to providing equality of opportunity to all colleagues without discrimination and applies fair and equitable employment policies which seek to promote entry into and progression within the Group. Appointments are determined solely by application of job criteria, personal ability, behaviour and competency.
In the opinion of the Directors, all colleague policies are deemed to be effective and in accordance with their intended aims.
Disabled persons have equal opportunities when applying for vacancies, with due regard to their aptitudes and abilities. Procedures ensure that disabled colleagues are fairly treated in respect of training and career development. For those colleagues becoming disabled during the course of their employment, the Group is supportive so as to provide an opportunity for them to remain with the Group, wherever reasonably practicable.
During the year the Company made no political donations (2020: £nil).
The Company's Sustainability Report on pages 53 to 68 provides an update on the Group's policies and activities in respect of its wider stakeholders, including colleagues; community, environmental, ethical and health and safety issues; and modern slavery.
As at 31 May 2021, the Group had no overseas branches.
We are committed to using innovative, cost effective and practical solutions for providing high quality services and we recognise the importance of ensuring that we focus our investment on the development of technology. The Group's research and development expenditure is predominantly associated with computer and software systems.
In the event of a change of control of the Company, the Group and each of its lenders shall enter into negotiation for a period to determine how the Group's loan facilities may continue and if after negotiation there is no agreement the lender has the right to cancel the commitment.
There are no agreements between the Company and its Directors or colleagues providing for compensation for loss of office or employment (whether through resignation, purported redundancy or otherwise) that occurs because of a takeover bid.
The Directors who held office at the date of approval of this Directors' Report confirm that, so far as they are each aware, there is no relevant audit information of which the Company's auditor is unaware; and each Director has taken all reasonable steps to ascertain any relevant audit information and ensure the auditor is aware of such information.
The Board approved the Audit Committee's recommendation to put a resolution to shareholders recommending the reappointment of KPMG LLP as the Company's auditor and KPMG LLP has indicated its willingness to accept the reappointment as auditor to the Company. The Audit Committee, in its recommendation, confirmed that (1) the recommendation was free from influence by a third party and (2) no contractual term of the kind mentioned in Article 16(6) of the EU Regulation 537/2014 has been imposed on the Company. A resolution to reappoint KPMG LLP as auditor will be put to the members at the AGM.
The notice of the Company's AGM to be held at 2pm on 4 November 2021 at its head office at XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ, along with details of the business to be proposed and explanatory notes, will be available on the Group's website together with the Annual Report and Accounts. All shareholders will be notified by post or email, at their request, when the documents have been made available.
Although the Company is not expecting to be legally restricted in terms of attendance at the AGM, the Board remains committed to protecting the health and wellbeing of its shareholders and of the general public. Therefore, it is regrettably the opinion of the Board that due to the increase in the number of Covid-19 cases reported in the UK, shareholders should not physically attend the AGM. Accordingly, the Board strongly urges shareholders to consider whether travelling to and attending the AGM would be necessary under the current circumstances. In any event, attendees may be required to wear face coverings and will be required to keep a distance between themselves and other attendees.
The Company will arrange for the AGM to be convened with the minimum necessary quorum, to conduct the necessary business of the AGM. The Company therefore strongly encourages all shareholders to appoint the Chair of the Meeting as their proxy and to submit their voting instructions electronically in advance of the Meeting, in accordance with the instructions contained in the Notice of AGM.
During the period, no interest was capitalised by the Group (2020: £nil). The tax benefit on this amount was £nil (2020: £nil).
The following sets out the location of additional information forming part of the Directors' Report which is incorporated by reference into this report:
| Reporting requirement | Location |
|---|---|
| Board's assessment of the Group's internal control systems | Corporate Governance Report on pages 70 to 86 and Audit Committee Report on page 92 |
| Details of uses of financial instruments and specific policies for managing financial risk |
Note 25 (Financial Instruments) on pages 173 to 177 |
| Directors' interests | Directors' Remuneration Report on page 114 |
| Directors' Responsibilities Statement | Directors' Responsibilities Statement on page 123 |
| Directors' remuneration including disclosures required by Schedule 5 and Schedule 8 of SI2008/410 – Large and Medium-sized Companies and Groups (Accounts and Reports) Regulations 2008 |
Directors' Remuneration Report on pages 109 to 118 |
| DTR4.1.8.R – Management Report – the Directors' Report and Strategic Report comprise the management report |
Directors' Report on pages 119 to 122 and Strategic Report on pages 1 to 68 |
| Going concern statement | Chief Financial Officer's Review on page 39 and going concern section within Note 1 on pages 140 to 151 |
| Greenhouse gas emissions and energy consumption | Sustainability Report on page 57 |
| Likely future developments of the business and Group | Strategic Report on pages 9 to 13 |
| LR 9.8.4 (4) – Long-term incentive schemes | Directors' Remuneration Report on pages 109 and 113 to 115 |
| LR 9.8.6 (2) – Substantial shareholders | Shareholder relations section of Corporate Governance Report on page 87 |
| Statement on corporate governance | Corporate Governance Report, Audit Committee Report, Nomination Committee Report and Directors' Remuneration Report on pages 70 to 118. Statement of compliance with the UK Corporate Governance Code is on page 72 |
| Strategic Report – Companies Act 2006 section 414A-D | Strategic Report on pages 1 to 68 |
The Strategic Report on pages 1 to 68 and this Directors' Report on pages 119 to 122 have been approved and authorised for issue by the Board. They were signed on its behalf by:
Adam Palser Tim Kowalski Chief Executive Officer Chief Financial Officer 14 September 2021 14 September 2021
The Directors are responsible for preparing the Annual Report and Accounts and the Group and Parent Company Financial Statements in accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and Parent Company Financial Statements for each financial year. Under that law they are required to prepare the Group Financial Statements in accordance with International Accounting Standards in conformity with the requirements of the Companies Act 2006 and applicable law and have elected to prepare the Parent Company Financial Statements on the same basis. In addition the Group Financial Statements are required under the Financial Conduct Authority's Disclosure Guidance and Transparency Rules (DTRs) to be prepared in accordance with International Financial Reporting Standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union ('IFRSs as adopted by the EU').
Under company law the Directors must not approve the Financial Statements unless they are satisfied that they give a true and fair view of the state of affairs of the Company and of the Group's profit or loss for that period. In preparing each of the Group and Parent Company Financial Statements, the Directors are required to:
The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the Parent Company and enable them to ensure that its Financial Statements comply with the Companies Act 2006. They are responsible for such internal control as they determine is necessary to enable the preparation of Financial Statements that are free from material misstatement, whether due to fraud or error, and have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration Report and Corporate Governance Statement that comply with that law and those regulations.
The Directors are responsible for the maintenance and integrity of the corporate and financial information included on the Company's website. Legislation in the UK governing the preparation and dissemination of Financial Statements may differ from legislation in other jurisdictions.
We confirm that to the best of our knowledge:
We consider the Annual Report and Accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's position and performance, business model and strategy.
For and on behalf of the Board
Chief Executive Officer Chief Financial Officer 14 September 2021 14 September 2021
to the members of NCC Group plc
We have audited the financial statements of NCC Group plc ("the Company") for the year ended 31 May 2021 which comprise the consolidated income statement, consolidated statement of comprehensive income, consolidated balance sheet, consolidated cash flow statement, consolidated statement of changes in equity, company balance sheet, company cash flow statement, company statement of changes in equity, and the related notes, including the accounting policies in note 1.
We conducted our audit in accordance with International Standards on Auditing (UK) ("ISAs (UK)") and applicable law. Our responsibilities are described below. We believe that the audit evidence we have obtained is a sufficient and appropriate basis for our opinion. Our audit opinion is consistent with our report to the audit committee.
We were first appointed as auditor by the directors on 1 November 2013. The period of total uninterrupted engagement is for the eight financial years ended 31 May 2021. We have fulfilled our ethical responsibilities under, and we remain independent of the Group in accordance with, UK ethical requirements including the FRC Ethical Standard as applied to listed public interest entities. No non-audit services prohibited by that standard were provided.
| Materiality: Group financial statements as a whole |
£1.2m (2020: £0.8m) 4.5% (2020: 5.0%) of normalised Group profit before tax |
||
|---|---|---|---|
| Coverage | 87% (2020: 93%) of the total profit and losses that make up Group profit before tax |
||
| Key audit matters | vs 2020 | ||
| Recurring risks: | Recoverability of goodwill in EU Assurance cash generating unit ('CGU') |
||
| Fox IT long term fixed price contract accounting |
|||
| Assurance revenue recognition in the cut off period |
|||
| Recoverability of parent company investments and intercompany receivables |
|||
| Event driven risks: | Accounting treatment of costs related to cloud-based software arrangements |
New | |
| Recognition of US research and development ('R&D') tax credits |
New |
to the members of NCC Group plc
Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the financial statements and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by us, including those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team. We summarise below the key audit matters, in decreasing order of audit significance, in arriving at our audit opinion above, together with our key audit procedures to address those matters and, as required for public interest entities, our results from those procedures. These matters were addressed, and our results are based on procedures undertaken, in the context of, and solely for the purpose of, our audit of the financial statements as a whole, and in forming our opinion thereon, and consequently are incidental to that opinion, and we do not provide a separate opinion on these matters.
| The risk | Our response | |
|---|---|---|
| Accounting treatment of costs related to cloud-based software arrangements Costs related to cloud-based |
Accounting treatment Previously, the Group capitalised internal and external costs in respect of cloud-based software arrangements. |
Our procedures included: • Accounting clarity: We assessed the accounting clarification of the IFRIC April 2021 decision against the proposed change in the Group's accounting policy |
| software £5.1m (2020 restated: £7.9m) Refer to page 91 (Audit Committee Report), page 142 (accounting policy) and page 151, page 156, pages 160–161 and pages 184–185 (financial disclosures) |
In April 2021 the IFRS Interpretations Committee ('IFRIC') published an agenda decision on configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) arrangements. This IFRIC decision has been considered by the Group and the Group have identified that a change in accounting policy in respect of the capitalisation of certain costs associated with SaaS arrangements is required. The risk is that the accounting policy change is not appropriately applied to both the current and |
• Test of detail: We agreed a sample of costs related to cloud-based software arrangements to supporting documentation, including labour costs to timesheets and other relevant project information to understand the nature of the items and considered this against the accounting standards and related interpretations • Personnel enquiries: We interviewed selected employees who were assigned to projects to corroborate the nature of the work performed and considered this against the accounting standards and related interpretations • Assessing transparency: We assessed the adequacy of |
| prior years. | the Group's related disclosures in respect of the change in accounting policy and the judgements taken by management Our results We found the accounting treatment of costs related to cloud-based software arrangements to be acceptable. |
|
| Recognition of US R&D | Uncertain tax position | Our procedures included: |
| Tax Credits US R&D net current tax benefit £2.7m and US R&D deferred tax asset £0.4m |
The Group submits R&D tax claims in the US. These claims are open to challenge by the Internal Revenue Service ('IRS'). |
• Inspecting correspondence: We inspected correspondence with the Group's tax advisors for both the current and historic claims |
| Refer to page 91 (Audit Committee Report), page 151 (accounting policy) and page 152, pages 158–159 and |
Unutilised tax credits of £1.0m remain open to challenge by the IRS as at 31 May 2021 and utilised tax credits of £7.2m. The Group have recognised a provision against these balances to reflect the |
• Assessment of experts: We assessed the competence, capabilities and objectivity of the external tax experts engaged by the Group |
| page 168 (financial disclosures) | uncertain tax position, therefore the net tax creditor and net deferred tax asset recognised in the accounts are £2.7m and £0.4m respectively. |
• Tests of detail: Together with our own tax specialists, we challenged the appropriateness of recognition of the US R&D tax credits and the basis on which the claims have been |
| Therefore a risk exists in relation to the accounting estimation applied by management. |
made, focussing on economic risk and who bears this under the contractual arrangements entered into by the Group. We have challenged the findings of management's experts, |
|
| The basis on which the Group has claimed R&D tax credits involves a technical assessment of which party is bearing economic risk in research contracts entered into with third parties. |
including performing sample testing on the findings of management's experts • Assessing transparency: We assessed the adequacy of the |
|
| The risk has increased in year following the increase in quantum of claims, resulting in a high risk of material misstatement. The Group have engaged an external expert to assess these claims. |
Group's related disclosures in respect of the uncertain tax position and the estimation uncertainty Our results We found the recognition of US R&D Tax Credits and the related |
|
| The effect of these matters is that, as part of our risk assessment, we determined that the US R&D tax credit accounting has a high degree of estimation uncertainty with a potential range of outcomes greater than our materiality for the financial statements as a whole. The financial statements (note 2) disclose the range estimated by the Group. |
disclosures to be acceptable. |
| The risk | ||
|---|---|---|
respect of EU Assurance cash before current year change in CGUs) Refer to page 90 (Audit Committee Report), pages 142–143 (accounting Forecast based valuation There is inherent uncertainty involved in forecasting and discounting future cash flows, which are the basis of the assessment of goodwill recoverability. The outcome could vary significantly if different assumptions were applied in the model. There is a risk of error, due to the judgemental and complex nature of the impairment model. This risk currently is specific to the EU Assurance Cash generating unit ('CGU'). This is a result of limited headroom historically in the impairment model and the sensitivity of the value in use calculation to reasonably possible changes in key assumptions. We consider that the value-in-use calculation Our procedures included: • Historical comparison: We assessed the reasonableness of the forecast used, by considering the Group's forecasting accuracy by comparing actual results in the year to the Group's previous forecast for the year • Benchmarking assumptions: We challenged, with the support of our own valuation specialists, the risk adjusted discount rates, having regard for market observable data with regard to risk free rates and returns on equity for comparator companies. We also evaluated the revenue growth assumptions and the long-term growth rates into perpetuity, comparing to external sources of data including industry growth rates and internal sources including the order book ("CAGR") and the discount rate
We found the carrying value of the goodwill related to the EU Assurance CGU to be acceptable (2020 result: acceptable).
Our procedures included:
We found the accounting treatment and estimates of the revenue associated with long term contracts and the provisions for long term contracts and the related disclosures to be acceptable (2020 result: acceptable).
Recoverability of goodwill in
policy) and page 152 and pages 161–163 (financial disclosures)
generating Unit ('CGU') Goodwill £64.7m (2020: £64.3m
Revenue associated with long term contracts £1.8m (2020: £1.1m)
Provision for long term contracts £1.1m (2020: £0.2m)
Refer to page 91 (Audit Committee Report), page 149 (accounting policy) and page 152 and page 170 (financial disclosures)
The contractual arrangements that underpin the measurement of revenue and associated profit, within the long-term contracts within Fox IT can be complex. These involve judgements around the accounting treatment and subjective estimates, which form the basis of both the in-year and future recognition of revenue and profit.
Incentives and pressures to meet market expectations, increase the risk of fraudulent revenue recognition. The significant risk relates to fixed price long term contracts that are not completed as at the balance sheet date.
Within Fox IT, the forecasts used in assessing the contract outturn positions are inherently judgemental, due to the uncertainty involved in forecasting future cash flows, including costs to complete.
Furthermore, where the fixed price contracts are loss-making or low margin, these assumptions may have a significant impact on the recognition of revenue and profit in the period and may result in impairment of related contract assets or further onerous contract provisions being required.
The financial statements (note 2) disclose the sensitivity estimated by the Group.
to the members of NCC Group plc
| The risk | Our response | |
|---|---|---|
| Assurance revenue recognition in the cut off period Contract assets – accrued income £21.3m; (2020: £17.6m) Contract liabilities – deferred income £32.6m; (2020: £29.7m) Refer to pages 144–149 (accounting policy) and pages 166 and 171 (financial disclosures) |
2021/2022 sales Incentives and pressures to meet market expectations, increase the risk of fraudulent revenue recognition. There is a specific risk around the cut-off period at the year end, with regards to ensuring revenue, including accrued and deferred income are recognised in the correct accounting period. This is a particular risk for projects in the assurance business, where projects are ongoing at the year end and there are judgements taken in determining completion and progress to date. |
Our procedures included: • Tests of detail: We agreed a sample of revenue transactions within the cut off period pre and post year end to supporting documentation to assess whether these have been recorded in the correct accounting period. This also included specific item testing of a sample of items held in accrued and deferred income at the year end. We performed an assessment of whether over and under statements of revenue, accrued income and deferred income identified through these procedures were material • Analytic Sampling: We also used data & analytics tools to identify journals with unusual account combinations involving revenue and performed testing over the identified items. This included procedures to understand the nature and substance of the transaction and obtaining supporting documentation |
| Our results We found the recognition of Assurance revenue in the cut-off period to be acceptable (2020 result: acceptable). |
||
| Recoverability of parent | Low risk, high value | Our procedures included: |
| company's investments in subsidiaries and intercompany receivables Investments – £151.8m (2020: £78.3m) |
The carrying amount of the Parent Company's investments in subsidiaries and intercompany receivables represents 48% (2020: 34%) and 52% (2020: 63%) respectively of the Company's total assets. Their recoverability is not at a high risk of |
• Tests of detail: We compared the carrying amount of investments and intercompany receivables with the relevant subsidiaries' draft balance sheet as at 31 May 2021 to identify whether their net assets, being an approximation of their minimum recoverable amount, were in excess of their carrying amount and assessing whether those subsidiaries have historically been profit-making |
| Intercompany receivables £162.6m (2020: £142.0m) |
significant misstatement or subject to significant | • Assessing subsidiary audits: We assessed the work performed |
| Refer to page 144 and 151 (accounting policy) and pages 166 and 182 (financial disclosures) |
judgement. However, due to their materiality in the context of the Parent Company financial statements, this is the area that had the greatest |
by the group and subsidiary audit team on a sample of those subsidiaries and considering the results of that work, on those subsidiaries' profits and net assets |
| effect on our overall Parent Company audit. | Our results We found the Group's assessment of the recoverability of the parent company's investment in subsidiaries to be acceptable (2020 result: acceptable). |
For each of the key audit matters reported, we performed the detailed tests above rather than seeking to rely on any of the Group's controls. This is because our knowledge of the design of these controls indicated that we would not be able to obtain the required evidence to support reliance on controls.
We continue to perform procedures over going concern and the impact of uncertainties due to the UK exiting the European Union on our audit. However, following the Group's trading in the period, as well as the UK's departure from the European Union and the end of the transition period in January 2021, we have not assessed these as one of the most significant risks in our current year audit and, therefore, they are not separately identified in our report this year.
Materiality for the Group financial statements as a whole was set at £1.2 million (2020: £0.8 million), determined with reference to a benchmark of Group profit before tax, normalised to exclude individually significant items as disclosed in note 5 of £27.5 million (2020: profit before tax of £16.1 million, as stated in the accounts before the prior period restatement), of which it represents 4.5% (2020: 5.0%).
Materiality for the Parent Company financial statements as a whole was set at £0.3 million (2020: £0.3 million), determined with reference to a benchmark of Company total assets, of which it represents 0.1% (2020: 0.1%).
In line with our audit methodology, our procedures on individual account balances and disclosures were performed to a lower threshold, performance materiality, so as to reduce to an acceptable level the risk that individually immaterial misstatements in individual account balances add up to a material amount across the financial statements as a whole.
Performance materiality was set at 65% (2020: 65%) of materiality for the financial statements as a whole, which equates to £0.78 million (2020: £0.5 million) for the Group and £0.2 million (2020: £0.2 million) for the parent company. We applied this percentage in our determination of performance materiality based on the level of identified misstatements and control deficiencies during the prior period.
We agreed to report to the Audit Committee any corrected or uncorrected identified misstatements exceeding £60,000 (2020: £40,000), in addition to other identified misstatements that warranted reporting on qualitative grounds.
Of the Group's 41 (2020: 23) reporting components, we subjected 8 (2020: 10) to full scope audits for Group purposes.
We conducted reviews of financial information (including enquiry) at a further 4 (2020: 4) non-significant components as these components were not individually financially significant enough to require an audit for Group reporting purposes but a review was performed to provide further coverage over the Group's results.
The components within the scope of our work accounted for the percentages illustrated opposite.
For the residual components, we performed analysis at an aggregated group level to re-examine our assessment that there were no significant risks of material misstatement within these.
The Group team instructed component auditors as to the significant areas to be covered, including the relevant risks detailed above and the information to be reported back. The Group team approved the component materialities, which ranged from £0.22m to £0.55m (2020: £0.10m to £0.63m), having regard to the mix of size and risk profile of the Group across the components. The work on 1 of the 41 components (2020: 1 of the 23 components) was performed by component auditors and the rest, including the audit of the Parent Company, was performed by the Group team.
The Group team held video and telephone conference meetings with 1 (2020: 1) component location in the Netherlands to assess the audit risk and strategy as well as updates on performance. Video and telephone conference meetings were also held with the component auditors for the Netherlands. At these meetings, the audit findings reported to the Group team were discussed in more detail, and any further work required by the Group team was then performed by the component auditor.
The US components were audited remotely by the Group audit team.
£27.5m (2020: £16.1m)
Group revenue
Group total assets
Total profits and losses that made up Group profit before individually significant items and tax
Whole financial statements materiality (2020: £0.8m)
Whole financial statements performance materiality (2020: £0.5m)
Range of materiality at 8 components (£0.22m–£0.55m) (2020: £0.10m to £0.63m)
Misstatements reported to the audit committee (2020: £0.04m)
to the members of NCC Group plc
The Directors have prepared the financial statements on the going concern basis as they do not intend to liquidate the Group or the Company or to cease their operations, and as they have concluded that the Group's and the Company's financial position means that this is realistic. They have also concluded that there are no material uncertainties that could have cast significant doubt over their ability to continue as a going concern for at least a year from the date of approval of the financial statements ("the going concern period").
We used our knowledge of the Group, including the post-year end acquisition of trade and assets of Iron Mountain Intellectual Property Management Inc., its industry, and the general economic environment to identify the inherent risks to its business model and analysed how those risks might affect the Group's and Company's financial resources or ability to continue operations over the going concern period. The risk that we considered most likely to adversely affect the Group's and Company's available financial resources, and metrics relevant to debt covenants, over this period was in respect of the economic impact of COVID-19, with uncertainty remaining over the full range of possible effects on the Group's financial and operational performance. We also considered less predictable but realistic second order impacts, such as the erosion of customer confidence.
We considered whether these risks could plausibly affect the liquidity or covenant compliance in the going concern period by comparing severe, but plausible downside scenarios that could arise from these risks, individually and collectively, against the level of available financial resources and covenants indicated by the Group's financial forecasts.
Our procedures also included:
Our conclusions based on this work:
However, as we cannot predict all future events or conditions and as subsequent events may result in outcomes that are inconsistent with judgements that were reasonable at the time they were made, the above conclusions are not a guarantee that the Group or the Company will continue in operation.
To identify risks of material misstatement due to fraud ("fraud risks") we assessed events or conditions that could indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud. Our risk assessment procedures included:
We communicated identified fraud risks throughout the audit team and remained alert to any indications of fraud throughout the audit. This included communication from the Group to the component audit team of relevant fraud risks identified at the Group level and request to the component audit team to report to the Group audit team any instances of fraud that could give rise to a material misstatement at Group.
As required by auditing standards, and taking into account possible pressures to meet expectations of third parties, we perform procedures to address the risk of management override of controls and the risk of fraudulent revenue recognition, in particular the risk that Assurance revenue is recorded in the wrong period and the risk that Group and component management may be in a position to make incorrect accounting entries, and the risk of bias in accounting estimates and judgements such as provisions against long term contracts.
On this audit we do not believe there is a fraud risk related to Software resilience revenue recognition because there is minimal opportunity for manipulation since the revenue stream is relatively straightforward and is typically based on annual agreements which set out the period over which revenue is to be recognised.
We did not identify any additional fraud risks.
Further detail in respect of Assurance revenue recognition and Fox IT long term fixed price contracts are set out in the key audit matter disclosures in section 2 of this report.
We also performed procedures including:
We identified areas of laws and regulations that could reasonably be expected to have a material effect on the financial statements from our general commercial and sector experience, and through discussion with the directors and other management (as required by auditing standards), and discussed with the directors and other management the policies and procedures regarding compliance with laws and regulations.
As the Group is regulated, our assessment of risks involved gaining an understanding of the control environment including the entity's procedures for complying with regulatory requirements.
We communicated identified laws and regulations throughout our team and remained alert to any indications of non-compliance throughout the audit. This included communication from the Group to the component audit team of relevant laws and regulations identified at the Group level, and a request for component auditors to report to the Group team any instances of non-compliance with laws and regulations that could give rise to a material misstatement at Group.
The potential effect of these laws and regulations on the financial statements varies considerably.
Firstly, the Group is subject to laws and regulations that directly affect the financial statements including financial reporting legislation (including related companies legislation), distributable profits legislation and taxation legislation, and we assessed the extent of compliance with these laws and regulations as part of our procedures on the related financial statement items.
Secondly, the Group is subject to many other laws and regulations where the consequences of non-compliance could have a material effect on amounts or disclosures in the financial statements, for instance through the imposition of fines or litigation. We identified the following areas as those most likely to have such an effect: health and safety, employment law and certain aspects of company legislation recognising the nature of the Group's activities and its legal form. Auditing standards limit the required audit procedures to identify non-compliance with these laws and regulations to enquiry of the directors and other management and inspection of regulatory and legal correspondence, if any. Therefore if a breach of operational regulations is not disclosed to us or evident from relevant correspondence, an audit will not detect that breach.
We assessed the legality of the distribution in the period based on the level of distributable reserves available when the distributions were approved.
Owing to the inherent limitations of an audit, there is an unavoidable risk that we may not have detected some material misstatements in the financial statements, even though we have properly planned and performed our audit in accordance with auditing standards. For example, the further removed non-compliance with laws and regulations is from the events and transactions reflected in the financial statements, the less likely the inherently limited procedures required by auditing standards would identify it.
In addition, as with any audit, there remained a higher risk of non-detection of fraud, as these may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal controls. Our audit procedures are designed to detect material
misstatement. We are not responsible for preventing non-compliance or fraud and cannot be expected to detect non-compliance with all laws and regulations.
The directors are responsible for the other information presented in the Annual Report together with the financial statements. Our opinion on the financial statements does not cover the other information and, accordingly, we do not express an audit opinion or, except as explicitly stated below, any form of assurance conclusion thereon.
Our responsibility is to read the other information and, in doing so, consider whether, based on our financial statements audit work, the information therein is materially misstated or inconsistent with the financial statements or our audit knowledge. Based solely on that work we have not identified material misstatements in the other information.
Based solely on our work on the other information:
In our opinion the part of the Directors' Remuneration Report to be audited has been properly prepared in accordance with the Companies Act 2006.
Disclosures of emerging and principal risks and longer-term viability We are required to perform procedures to identify whether there is a material inconsistency between the directors' disclosures in respect of emerging and principal risks and the viability statement, and the financial statements and our audit knowledge.
Based on those procedures, we have nothing material to add or draw attention to in relation to:
We are also required to review the Viability Statement, set out on page 48 under the Listing Rules. Based on the above procedures, we have concluded that the above disclosures are materially consistent with the financial statements and our audit knowledge.
to the members of NCC Group plc
Our work is limited to assessing these matters in the context of only the knowledge acquired during our financial statements audit. As we cannot predict all future events or conditions and as subsequent events may result in outcomes that are inconsistent with judgements that were reasonable at the time they were made, the absence of anything to report on these statements is not a guarantee as to the Group's and Company's longer-term viability.
We are required to perform procedures to identify whether there is a material inconsistency between the directors' corporate governance disclosures and the financial statements and our audit knowledge.
Based on those procedures, we have concluded that each of the following is materially consistent with the financial statements and our audit knowledge:
We are required to review the part of the Corporate Governance Statement relating to the Group's compliance with the provisions of the UK Corporate Governance Code specified by the Listing Rules for our review. We have nothing to report in this respect.
Under the Companies Act 2006, we are required to report to you if, in our opinion:
We have nothing to report in these respects.
As explained more fully in their statement set out on page 123, the directors are responsible for: the preparation of the financial statements including being satisfied that they give a true and fair view; such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; assessing the Group and parent Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern; and using the going concern basis of accounting unless they either intend to liquidate the Group or the parent Company or to cease operations, or have no realistic alternative but to do so.
Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue our opinion in an auditor's report. Reasonable assurance is a high level of assurance, but does not guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.
A fuller description of our responsibilities is provided on the FRC's website at www.frc.org.uk/auditorsresponsibilities.
This report is made solely to the Company's members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Company's members those matters we are required to state to them in an auditor's report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Company and the Company's members, as a body, for our audit work, for this report, or for the opinions we have formed.
for and on behalf of KPMG LLP, Statutory Auditor Chartered Accountants 1 St. Peter's Square Manchester M2 3AE United Kingdom 14 September 2021
for the year ended 31 May 2021
| Notes | 2021 £m |
2020 (restated) 2, 3 £m |
|
|---|---|---|---|
| Revenue | 4 | 270.5 | 263.7 |
| Cost of sales | 4 | (159.9) | (159.3) |
| Gross profit | 4 | 110.6 | 104.4 |
| Administrative expenses | |||
| Depreciation and amortisation | (19.7) | (23.6) | |
| Other administrative expenses | (60.9) | (60.3) | |
| Individually Significant Items | 5 | (12.7) | (7.9) |
| Total administrative expenses | (93.3) | (91.8) | |
| Operating profit | 4 | 17.3 | 12.6 |
| Finance costs | 8 | (2.5) | (3.0) |
| Profit before taxation | 6 | 14.8 | 9.6 |
| Taxation | 9 | (4.8) | (3.2) |
| Profit for the year attributable to the owners of the Company | 10.0 | 6.4 | |
| Earnings per ordinary share 11 |
||
|---|---|---|
| Basic EPS | 3.6p | 2.3p |
| Diluted EPS | 3.5p | 2.3p |
for the year ended 31 May 2021
| 2020 | ||
|---|---|---|
| 2021 £m |
(restated) 2 £m |
|
| Profit for the year attributable to the owners of the Company | 10.0 | 6.4 |
| Other comprehensive (loss)/income | ||
| Items that may be reclassified subsequently to profit or loss (net of tax) | ||
| Cash flow hedges – effective portion of changes in fair value | (0.8) | – |
| Foreign exchange translation differences | (11.6) | 4.0 |
| Total other comprehensive (loss)/income | (12.4) | 4.0 |
| Total comprehensive (loss)/income for the year (net of tax) attributable to the owners of the Company | (2.4) | 10.4 |
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also contained within the Glossary of terms on pages 187 and 188.
2 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
3 Results for the year ended 31 May 2020 have been re-presented to include adjusting items within statutory results.
at 31 May 2021
| 31 May 2021 | 31 May 2020 (restated) 2 |
1 June 2019 (restated) 2 |
||
|---|---|---|---|---|
| Notes | £m | £m | £m | |
| Non-current assets | ||||
| Goodwill | 12 | 182.9 | 193.1 | 189.4 |
| Intangible assets | 12 | 21.0 | 29.0 | 38.3 |
| Property, plant and equipment | 13 | 11.5 | 13.9 | 16.9 |
| Right-of-use assets | 14 | 23.8 | 28.7 | 26.5 |
| Investments | 15 | 0.3 | 0.3 | 0.3 |
| Deferred tax asset | 18 | 2.0 | 2.3 | 2.2 |
| Total non-current assets | 241.5 | 267.3 | 273.6 | |
| Current assets | ||||
| Inventories | 16 | 1.1 | 0.9 | 0.7 |
| Trade and other receivables | 17 | 68.7 | 73.4 | 61.6 |
| Current tax receivable | 4.5 | 0.6 | 0.6 | |
| Cash and cash equivalents | 24 | 116.5 | 95.0 | 34.9 |
| Total current assets | 190.8 | 169.9 | 97.8 | |
| Total assets | 432.3 | 437.2 | 371.4 | |
| Current liabilities | ||||
| Trade and other payables | 19 | 45.2 | 46.4 | 31.6 |
| Borrowings | 24 | – | – | 5.0 |
| Lease liabilities | 20 | 5.1 | 5.3 | 5.2 |
| Current tax payable | 4.0 | – | – | |
| Derivative financial instruments | 25 | 0.8 | – | – |
| Provisions | 21 | 2.4 | 2.0 | 0.2 |
| Contract liabilities – deferred revenue | 22 | 43.6 | 39.5 | 36.2 |
| Total current liabilities | 101.1 | 93.2 | 78.2 | |
| Non-current liabilities | ||||
| Borrowings | 24 | 33.2 | 99.2 | 50.1 |
| Lease liabilities | 20 | 29.3 | 32.9 | 30.5 |
| Deferred tax liabilities | 18 | 1.2 | 2.9 | 5.4 |
| Provisions | 21 | 0.6 | 1.7 | 1.3 |
| Contract liabilities – deferred revenue | 22 | 0.7 | 1.4 | – |
| Total non-current liabilities | 65.0 | 138.1 | 87.3 | |
| Total liabilities | 166.1 | 231.3 | 165.5 | |
| Net assets | 266.2 | 205.9 | 205.9 | |
| Equity | ||||
| Share capital | 27 | 3.1 | 2.8 | 2.8 |
| Share premium | 27 | 223.2 | 150.9 | 149.8 |
| Hedging reserve | 27 | (0.8) | – | – |
| Merger reserve | 27 | 42.3 | 42.3 | 42.3 |
| Currency translation reserve | 27 | 20.3 | 31.9 | 27.9 |
| Retained earnings | 27 | (21.9) | (22.0) | (16.9) |
| Total equity attributable to equity holders of the Parent | 266.2 | 205.9 | 205.9 |
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 14 September 2021. They were signed on its behalf by:
Adam Palser Tim Kowalski Chief Executive Officer Chief Financial Officer 14 September 2021 14 September 2021
for the year ended 31 May 2021
| Cash flows from operating activities Profit for the year 10.0 6.4 Adjustments for: Depreciation of property, plant and equipment 13 4.4 5.8 Depreciation of right-of-use assets 14 5.9 6.0 2.8 Share-based payments 26 1.4 6.4 Amortisation of customer contracts and relationships 12 8.8 3.0 Amortisation of software and development costs 12 3.0 – Impairment of right-of-use assets 14 1.1 1.2 Lease financing costs 8 1.2 1.3 Other financing costs 8 1.8 1.5 Foreign exchange – Acquisition of businesses – transaction costs (1.2) – Individually Significant Items (non-cash impact) 5 7.6 – Profit on disposal of right-of-use assets (0.2) Profit on sale of intangible assets (0.5) – Loss on sale of property, plant and equipment 0.2 – (0.6) Research and development UK tax credits (0.6) 1.9 Research and development US tax credits 9 0.5 2.9 Income tax expense 9 2.7 0.7 Increase in provisions 0.8 Cash inflow for the year before changes in working capital 47.3 38.8 Decrease/(increase) in trade and other receivables 4.7 (11.0) Increase in inventories (0.2) (0.2) (Decrease)/increase in trade and other payables (5.5) 19.2 Cash generated from operating activities before interest and taxation 46.3 46.8 (1.2) Interest element of lease payments (1.2) (1.1) Other interest paid (1.6) (5.1) Taxation paid (4.8) Net cash generated from operating activities 38.9 39.2 Cash flows from investing activities Purchase of property, plant and equipment (2.7) (2.8) (2.1) Software and development expenditure (2.5) 0.5 Net proceeds from sale of intangible assets – Net cash used in investing activities (4.3) (5.3) Cash flows from financing activities 72.6 Proceeds from the issue of ordinary share capital 27 1.1 Principal element of lease payments (6.0) (5.3) Drawdown of borrowings (net of deferred issue costs) – 44.3 Issue costs related to borrowings – (1.0) Repayment of borrowings (60.4) – Equity dividends paid 10 (13.0) (12.9) Net cash (used in)/generated from financing activities (6.8) 26.2 Net increase in cash and cash equivalents 27.8 60.1 Cash and cash equivalents at beginning of year 95.0 34.9 Effect of foreign currency exchange rate changes (6.3) – Cash and cash equivalents at end of year 116.5 24 95.0 |
Notes | 2021 £m |
2020 (restated) 2 £m |
|---|---|---|---|
| (0.1) | |||
Reconciliation of net change in cash and cash equivalents to movement in net cash/(debt) 1
| 2021 | 2020 | |
|---|---|---|
| £m | £m | |
| Net increase in cash and cash equivalents | 27.8 | 60.1 |
| Change in net debt 1 resulting from cash flows (net of deferred issue costs) | 60.4 | (43.3) |
| Interest incurred on borrowings | (1.1) | (1.6) |
| Interest paid on borrowings | 1.1 | 1.6 |
| Non-cash movements (release of deferred issue costs) | (0.2) | (0.2) |
| Effect of foreign currency on cash flows | (6.3) | – |
| Foreign currency translation differences on borrowings | 5.8 | (0.6) |
| Change in net cash/(debt) 1 during the year | 87.5 | 16.0 |
| Net debt 1 at start of year excluding lease liabilities | (4.2) | (20.2) |
| Net cash/(debt) 1 at end of year excluding lease liabilities | 83.3 | (4.2) |
| Lease liabilities | (34.4) | (38.2) |
| Net cash/(debt) 1 at end of year | 48.9 | (42.4) |
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
for the year ended 31 May 2021
| Notes | Share capital £m |
Share premium £m |
Hedging reserve £m |
Merger reserve £m |
Currency translation reserve £m |
Retained earnings £m |
Total £m |
|
|---|---|---|---|---|---|---|---|---|
| Balance at 1 June 2019 (as reported) | 2.8 | 149.8 | – | 42.3 | 27.9 | (14.0) | 208.8 | |
| Impact of change in accounting policy in respect of cloud configuration and customisation costs (Note 34) |
– | – | – | – | – | (2.9) | (2.9) | |
| Balance at 1 June 2019 (as restated) 2 | 2.8 | 149.8 | – | 42.3 | 27.9 | (16.9) | 205.9 | |
| Profit for the year (as restated) 2 (Note 34) | – | – | – | – | – | 6.4 | 6.4 | |
| Other comprehensive income for the year | – | – | – | – | 4.0 | – | 4.0 | |
| Total comprehensive income for the year (restated) 2 |
– | – | – | – | 4.0 | 6.4 | 10.4 | |
| Transactions with owners recorded directly in equity |
||||||||
| Dividends to equity shareholders | 10 | – | – | – | – | – | (12.9) | (12.9) |
| Share-based payments | 26 | – | – | – | – | – | 1.4 | 1.4 |
| Shares issued | 27 | – | 1.1 | – | – | – | – | 1.1 |
| Total contributions by and distributions to owners |
– | 1.1 | – | – | – | (11.5) | (10.4) | |
| Balance at 31 May 2020 (restated) 2 | 2.8 | 150.9 | – | 42.3 | 31.9 | (22.0) | 205.9 | |
| Profit for the year | – | – | – | – | – | 10.0 | 10.0 | |
| Other comprehensive income for the year | – | – | (0.8) | – | (11.6) | – | (12.4) | |
| Total comprehensive income for the year | – | – | (0.8) | – | (11.6) | 10.0 | (2.4) | |
| Transactions with owners recorded directly in equity |
||||||||
| Dividends to equity shareholders | 10 | – | – | – | – | – | (13.0) | (13.0) |
| Share-based payments | 26 | – | – | – | – | – | 2.8 | 2.8 |
| Tax on share-based payments | 26 | – | – | – | – | – | 0.3 | 0.3 |
| Shares issued | 27 | 0.3 | 72.3 | – | – | – | – | 72.6 |
| Total contributions by and distributions to owners |
0.3 | 72.3 | – | – | – | (9.9) | 62.7 | |
| Balance at 31 May 2021 | 3.1 | 223.2 | (0.8) | 42.3 | 20.3 | (21.9) | 266.2 |
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
at 31 May 2021
Company no: 4627044
| Notes | 2021 £m |
2020 £m |
|
|---|---|---|---|
| Non-current assets | |||
| Investments in subsidiary undertakings | 33 | 151.8 | 78.3 |
| Trade and other receivables | 17 | 162.6 | 142.0 |
| Total non-current assets | 314.4 | 220.3 | |
| Current assets | |||
| Cash and cash equivalents | 24 | 0.6 | 6.8 |
| Total current assets | 0.6 | 6.8 | |
| Total assets | 315.0 | 227.1 | |
| Current liabilities | |||
| Trade and other payables | 19 | 13.5 | 13.0 |
| Total current liabilities | 13.5 | 13.0 | |
| Total liabilities | 13.5 | 13.0 | |
| Net assets | 301.5 | 214.1 | |
| Equity | |||
| Share capital | 27 | 3.1 | 2.8 |
| Share premium | 27 | 223.2 | 150.9 |
| Merger reserve | 27 | 42.3 | 42.3 |
| Retained earnings | 27 | 32.9 | 18.1 |
| Total equity | 301.5 | 214.1 |
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 14 September 2021. They were signed on its behalf by:
Adam Palser Tim Kowalski Chief Executive Officer Chief Financial Officer 14 September 2021 14 September 2021
for the year ended 31 May 2021
| Notes | 2021 £m |
2020 £m |
|---|---|---|
| Cash flows from operating activities | ||
| Profit for the year 28 |
25.0 | 6.0 |
| Cash inflow for the year before changes in working capital | 25.0 | 6.0 |
| Increase in trade and other receivables | (20.6) | (0.6) |
| Increase in trade and other payables | 0.5 | 13.0 |
| Net cash generated from operating activities | 4.9 | 18.4 |
| Cash flows from investing activities | ||
| Investments in subsidiary undertakings 32 |
(70.7) | – |
| Net cash used in investing activities | (70.7) | – |
| Cash flows from financing activities | ||
| Proceeds from the issue of ordinary share capital 27 |
72.6 | 1.1 |
| Equity dividends paid 10 |
(13.0) | (12.9) |
| Net cash generated from/(used in) financing activities | 59.6 | (11.8) |
| Net (decrease)/increase in cash and cash equivalents | (6.2) | 6.6 |
| Cash and cash equivalents at beginning of year | 6.8 | 0.2 |
| Cash and cash equivalents at end of year | 0.6 | 6.8 |
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
for the year ended 31 May 2021
| Notes | Share capital £m |
Share premium £m |
Merger reserve £m |
Retained earnings £m |
Total £m |
|
|---|---|---|---|---|---|---|
| Balance at 31 May 2019 and 1 June 2019 | 2.8 | 149.8 | 42.3 | 21.9 | 216.8 | |
| Profit for the year | – | – | – | 6.0 | 6.0 | |
| Total comprehensive income for the year | – | – | – | 6.0 | 6.0 | |
| Transactions with owners recorded directly in equity | ||||||
| Dividends to equity shareholders | 10 | – | – | – | (12.9) | (12.9) |
| Increase in subsidiary investment for share-based charges | – | – | – | 3.1 | 3.1 | |
| Shares issued | 27 | – | 1.1 | – | – | 1.1 |
| Total contributions by and distributions to owners | – | 1.1 | – | (9.8) | (8.7) | |
| Balance at 31 May 2020 | 2.8 | 150.9 | 42.3 | 18.1 | 214.1 | |
| Profit for the year | – | – | – | 25.0 | 25.0 | |
| Total comprehensive income for the year | – | – | – | 25.0 | 25.0 | |
| Transactions with owners recorded directly in equity | ||||||
| Dividends to equity shareholders | 10 | – | – | – | (13.0) | (13.0) |
| Increase in subsidiary investment for share-based charges | – | – | – | 2.8 | 2.8 | |
| Shares issued | 27 | 0.3 | 72.3 | – | – | 72.6 |
| Total contributions by and distributions to owners | 0.3 | 72.3 | – | (10.2) | 62.4 | |
| Balance at 31 May 2021 | 3.1 | 223.2 | 42.3 | 32.9 | 301.5 |
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
for the year ended 31 May 2021
NCC Group plc (the 'Company') is a company incorporated in the UK, with its registered office at XYZ Building, 2 Hardman Boulevard, Manchester M3 3AQ. The Group Financial Statements consolidate those of the Company and its subsidiaries (together referred to as the 'Group'). The principal activity of the Group is the provision of independent advice and services to customers through the supply of cyber assurance and Software Resilience services. The Parent Company Financial Statements present information about the Company as a separate entity and not about the Group. These Financial Statements have been approved for issue by the Board of Directors on 14 September 2021.
These Group and Parent Company Financial Statements were prepared in accordance with International Accounting Standards in conformity with the requirements of the Companies Act 2006 and these Group Financial Statements were also in accordance with International Financial Reporting Standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union ('IFRSs as adopted by the EU'). On publishing the Parent Company Financial Statements here together with the Group Financial Statements, the Company is also taking advantage of the exemption in s408 of the Companies Act 2006 not to present its individual Income Statement and related notes that form a part of these approved Financial Statements.
Management has reviewed the impact of Brexit on the Financial Statements. The Group has so far proven structurally resilient to any significant disruption caused by Brexit. The main risks to the Group from Brexit continue to be any reduction in demand from an economic slowdown as well as real or perceived differences in data protection standards which impact our global ways of working. On this basis, management has concluded that the impact should be limited; this includes any impact on the IFRS 9 expected credit loss model. Management also notes no changes to this assessment from a post-Balance Sheet event perspective.
Management has reviewed the potential impact of Covid-19 on the Financial Statements. Accordingly, consideration has been given to the impact on the IFRS 9 expected credit loss model, IFRS 15 collectability assessments, IFRS 16 lease term assessments (no material impact on lease term assessment), the annual impairment review and the going concern and viability assessments.
At the date of authorisation of these Financial Statements, the following standards and interpretations were in issue but have not been applied in these Financial Statements as they were not yet mandatory:
These IFRSs are not expected to have a material impact on the Group's consolidated financial position or performance of the Group.
The following amended standards and interpretations were also effective during the year; however, they have not had a material impact on our consolidated Financial Statements.
In April 2021, the IFRS Interpretations Committee (IFRIC) published an agenda decision on the clarification of accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) as follows:
See Notes 12 and 34 for further details.
The consolidated Financial Statements have been prepared on the historical cost basis except for consideration payable on acquisitions, the revaluation of certain financial instruments and investments.
The Group and Company Financial Statements are presented in millions of Pounds Sterling (£m) because that is the currency of the principal economic environment in which the Group operates.
The Directors have acknowledged guidance published in relation to going concern assessments.
The Group's business activities, together with the factors likely to affect its future development, performance and position, are set out in the Business Review and Financial Review. The Group's financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending September 2022 which indicate that, taking account of severe but plausible downsides and the anticipated impact of Covid-19 on the operations of the Group and its financial resources, the Group and Company will have sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving credit facility which matures in June 2024. The Group is required to comply with financial covenants for leverage (net debt to Adjusted EBITDA 1) and interest cover (Adjusted EBITDA 1 to interest charge) which are tested bi-annually at 31 May and 30 November each year. As at 31 May 2021, the Group had drawn down £33.8m for working capital requirements.
Subsequent to the year end and shareholder approval on 1 June, the Group acquired on 7 June the IPM business for \$220m; the US acquisition was funded through an equity placing in May of £70.2m (net proceeds) combined with a new three year \$70m term loan, existing cash balances and our existing revolving credit facility. The impact of the acquisition on the Group's financial performance, covenants and business model has therefore been considered within this going concern assessment. As at 2 June 2021, following the acquisition of the IPM business, the Group had drawn down £75.5m of its revolving credit facility and was due to incur further transaction costs of £6.4m. As at 31 August 2021, cash, net debt (excluding lease liabilities) 1 and headroom amounted to £43.6m, £74.7m and £80.5m respectively.
Although the Group has demonstrated resilience to the challenging environment resulting from Covid-19, the Directors acknowledge that the financial performance of the Group has been adversely impacted to certain degree since the commencement of the pandemic, and for this reason the base case forecast for 2021 reflects this assessment. The continuing macro-economic risks and potential changes in government policies (on the severity of enforced lockdowns worldwide) could have a continued effect on the Group's performance. However, trading throughout the pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible scenarios as follows:
These scenarios have been modelled individually and also in combination in order to assess the Group's ability to withstand multiple challenges, although the Directors do not believe a scenario combining all these risks to be plausible. The impact of these sensitivities has been reviewed against the Group's projected cash flow position, available bank facilities and compliance with financial covenants. In the instance that a combination of the above scenarios arise, mitigating actions would be required to ensure that the Group remains liquid and financially viable, which might include a reduction of planned capital expenditure, freezing pay and recruitment and not paying a dividend to shareholders. All of the mitigating actions are within the Directors' control. These forecasts, including the severe but plausible downsides, show that the Group is able to operate within its available banking facilities, with no forecasted covenant breaches, and that the Group will have sufficient funds to meets its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. Having reviewed the current trading performance, forecasts, other Group trading entities' financial support, debt servicing requirements, total facilities and risks, the Directors are confident that the Company and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the date of approval of these Financial Statements. Accordingly, they continue to adopt the going concern basis of accounting in preparing the Group's Financial Statements for the year ended 31 May 2021.
Business combinations are accounted for by applying the acquisition method at the acquisition date, which is the date on which control is transferred to the Group. The Group controls an entity when the Group is exposed to, or has rights to, variable returns from its involvement with the entity and has the ability to affect those returns through its power over the entity.
The Group measures goodwill at the acquisition date as:
When the excess is negative, a bargain purchase gain is recognised immediately in profit or loss. The consideration transferred does not include amounts related to the settlement of pre-existing relationships. Such amounts generally are recognised in the Income Statement.
for the year ended 31 May 2021
Costs related to the acquisition, other than those associated with the issue of debt or equity securities, are expensed as incurred.
Any deferred or contingent consideration payable is recognised at fair value at the acquisition date. If the contingent consideration is classified as equity, it is not remeasured and settlement is accounted for within equity. Otherwise, subsequent changes to the fair value of contingent consideration are recognised in the Income Statement. On a transaction-by-transaction basis, the Group elects to measure non-controlling interests either at their fair value or at their proportionate interest in the recognised amount of the identifiable net assets of the acquiree at the acquisition date.
Subsidiaries are entities controlled by the Group. The Financial Statements of subsidiaries are included in the consolidated Financial Statements from the date that control commences until the date that control ceases.
Control is achieved where the Company has the power to govern the financial and operating policies of an investee entity so as to obtain benefits from its activities. Intercompany transactions and balances between subsidiaries are eliminated on consolidation.
Goodwill represents amounts arising on acquisition of subsidiaries. In respect of business acquisitions that have occurred since 1 June 2004, goodwill represents the difference between the cost of the acquisition and the fair value of the net identifiable assets acquired including identifiable intangible assets. Identifiable intangibles are those which can be sold separately or which arise from legal rights regardless of whether those rights are separable.
In respect of acquisitions prior to 1 June 2004, goodwill is included at its deemed cost, which represents the amount recorded under UK GAAP at 31 May 2004 which was broadly comparable, save that only separable intangibles were recognised and goodwill was amortised.
Goodwill is stated at cost less any accumulated impairment losses. Goodwill is allocated to cash generating units and is not amortised but is tested annually for impairment. In respect of equity accounted investees, the carrying amount of goodwill is included in the carrying amount of the investment in the investee.
Expenditure on research activities is recognised in the Income Statement as an expense as incurred. Expenditure on development activities is capitalised as "development costs" if the product or process is technically and commercially feasible, if the Group has the technical ability and sufficient resources to complete development, if future economic benefits are probable and if the Group can measure reliably the expenditure attributable to the intangible asset during its development. Development activities involve a plan or design for the production of new or substantially improved products or processes.
The Group capitalises "software costs" in accordance with the criteria of IAS 38. Software costs comprise third party costs and internal employee time costs for internal system developments. Capitalised amounts are initially measured at cost and amortised on a straight-line basis over the period for which the developed system is expected to be in use as a business platform. Software costs incurred as part of a service agreement are only capitalised when it can be evidenced that the Group has control over the resources defined in the arrangement.
The expenditure capitalised includes the cost of materials, direct labour, overhead costs that are directly attributable to preparing the asset for its intended use and capitalised borrowing costs. Other development expenditure is recognised in the Income Statement as an expense as incurred. Software customisation and configuration costs relating to software not controlled by the Group are expensed over the period such services are received. Software costs are stated at cost less accumulated amortisation and less accumulated impairment losses.
Expenditure on internally generated goodwill is recognised in the Income Statement as an expense as incurred.
Intangible assets that are acquired by the Group are stated at cost less accumulated amortisation and less accumulated impairment losses.
Subsequent expenditure is capitalised only when it increases the future economic benefits embodied in the specific asset to which it relates. All other expenditure, including expenditure on internally generated goodwill, is recognised in the Income Statement as an expense as incurred.
Amortisation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of intangible assets unless such lives are indefinite. Intangible assets with an indefinite useful life and goodwill are systematically tested for impairment at each Balance Sheet date. Intangible assets are amortised from the date they are available for use. The estimated useful lives are as follows:
| Acquired customer contracts and relationships | – between three and ten years |
|---|---|
| Software | – between three and five years |
| Capitalised development costs | – between three and five years |
Financial assets and financial liabilities, in respect of financial instruments, are recognised in the Group Balance Sheet when the Group becomes a party to the contractual provisions of the instrument.
Classification of financial assets is generally based on the business model in which the financial asset is managed and its contractual cash flow characteristics. A financial asset is measured at amortised cost if it is held with the objective of collecting the contractual cash flows and its contractual terms give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount outstanding. All other financial assets are measured at fair value through other comprehensive income or the Income Statement.
Trade receivables and other receivables that have fixed or determinable payments that are not quoted in an active market are classified as financial assets measured at amortised cost.
Under the IFRS 9 "expected credit loss" model, a credit event (or impairment "trigger") no longer needs to occur before credit losses are recognised.
The Group analyses the risk profile of trade receivables based on past experience and an analysis of the receivables' current financial position, potential for a default event to occur, adjusted for specific factors, general economic conditions of the industry in which the receivables operate and assessment of both the current and the forecast direction of conditions at the reporting date. A default event is considered to occur when information is obtained that indicates that a receivable is unlikely to be paid to the Group.
Credit risk is regularly reviewed by management to ensure the expected credit loss (ECL) model is being appropriately applied. The Group has performed the calculation of ECL separately for each business unit.
Trade payables are other financial liabilities initially measured at fair value and subsequently measured at amortised cost.
The carrying amounts of the Group's non-financial assets, other than deferred tax assets, are reviewed at each reporting date to determine whether there is any indication of impairment. If any such indication exists, then the asset's recoverable amount is estimated. For goodwill, and intangible assets that have indefinite useful lives or that are not yet available for use, the recoverable amount is estimated each year at the same time.
The recoverable amount of an asset or cash generating unit is the greater of its value in use and its fair value less costs to sell. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset.
For the purpose of impairment testing, assets that cannot be tested individually are grouped together into the smallest group of assets that generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups of assets (the 'cash generating unit'). The goodwill acquired in a business combination, for the purpose of impairment testing, is allocated to cash generating units (CGUs). Subject to an operating segment ceiling test, for the purposes of goodwill impairment testing, CGUs to which goodwill has been allocated are aggregated so that the level at which impairment is tested reflects the lowest level at which goodwill is monitored for internal reporting purposes. Goodwill acquired in a business combination is allocated to groups of CGUs that are expected to benefit from the synergies of the combination.
An impairment loss is recognised if the carrying amount of an asset or its CGU exceeds its estimated recoverable amount. Impairment losses are recognised in the Income Statement. Impairment losses recognised in respect of CGUs are allocated first to reduce the carrying amount of any goodwill allocated to the units, and then to reduce the carrying amounts of the other assets in the unit (group of units) on a pro rata basis. An impairment loss in respect of goodwill is not reversed. In respect of other assets, impairment losses recognised in prior periods are assessed at each reporting date for any indications that the loss has decreased or no longer exists. An impairment loss is reversed if there has been a change in the estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent that the asset's carrying amount does not exceed the carrying amount that would have been determined, net of depreciation or amortisation, if no impairment loss had been recognised.
Details of related party transactions are set out in Note 32 to these Financial Statements.
Property, plant and equipment assets are carried at cost less accumulated depreciation and any recognised impairment in value. To the extent that borrowing costs relate to the acquisition, construction or production of a qualifying asset, borrowing costs are capitalised as part of the cost of that asset. Depreciation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of each part of an item of plant and equipment as follows:
| Computer equipment | – between three and five years |
|---|---|
| Plant and equipment | – between three and five years |
| Furniture | – between three and five years |
| Fixtures and fittings | – five years |
| Motor vehicles | – four years |
Property, plant and equipment is also tested for impairment whenever there is an indication of potential impairment.
At inception of a contract, the Group assesses whether a contract is, or contains, a lease. A contract is, or contains, a lease if the contract conveys the right to control the use of an identified asset for a period of time in exchange for consideration. To assess whether a contract conveys the right to control the use of an identified asset, the Group assesses whether:
for the year ended 31 May 2021
The Group recognises a right-of-use asset and a lease liability at the lease commencement date. The right-of-use asset is initially measured at cost, which comprises the initial amount of the lease liability adjusted for any lease payments made at or before the commencement date, and an estimate of costs to dismantle and remove the underlying asset or to restore the underlying asset or the site on which it is located, less any lease incentives received.
The right-of-use asset is subsequently depreciated using the straight-line method from the commencement date to the earlier of the end of the useful life of the right-of-use asset or the end of lease term. The estimated useful lives of right-of-use assets are determined on the same basis as those of property, plant and equipment. In addition, the right-of-use asset is periodically reduced by impairment losses, if any, and adjusted for certain remeasurements of the lease liability.
The lease liability is initially measured at the present value of the lease payments that are not paid at the commencement date, discounted using the interest rate implicit in the lease or, if that rate cannot be readily determined, the Group's incremental borrowing rate.
The lease liability is measured at amortised cost using the effective interest method. It is remeasured when there is a change in future lease payments arising from a change in an index or rate, if there is a change in the Group's estimate of the amount expected to be payable, or if the Group changes its assessment of whether it will exercise a purchase, extension or termination option.
When the lease liability is remeasured in this way, a corresponding adjustment is made to the carrying amount of the right-of-use asset, or is recorded in the Income Statement if the carrying amount of the right-of-use asset has been reduced to zero. The Group has elected not to recognise right-of-use assets and lease liabilities for short-term leases that have a lease term of 12 months or less and leases of low value assets, including certain IT equipment. The Group recognises the lease payments associated with these leases as an expense on a straight-line basis over the lease term.
Lease rental costs in respect of short-term leases (less than one year) and low value assets which are exempt from being accounted for under IFRS 16 are charged to the Income Statement on a straight-line basis over the period of the lease.
Investments in subsidiaries are carried at cost less impairment. Investments in property and unlisted shares are carried at cost less impairment, which is based on the fair value at acquisition.
Inventory is held at the lower of cost or net realisable value.
The Group provides independent global cyber assurance security and Software Resilience services.
The revenue streams in relation to Assurance include:
The revenue streams in relation to Software Resilience include:
While the detailed recognition is contract specific, and set out in the table on pages 145 to 148, in most cases:
Revenue is presented net of VAT and other sales related taxes.
Revenue is measured based on the consideration specified in a contract with a customer. The Group recognises revenue when it transfers control over a good or service to a customer.
Due to the nature of the Group's activities, the Group transaction price for the majority of its contracts is entirely variable consideration as these contracts are on a time and material basis, using set contractual rates per hour/day worked, giving rise to no estimation or reversal risk at period end. The Group does not have any material obligations in respect of returns, refunds or warranties. The impact of any financing component within contracts with customers has been assessed and concluded to be immaterial.
On contract inception, the probability of collectability is assessed across the Group and, unless there is a significant change in facts and circumstances, revenue is recognised. During the year, no instances have been identified where reassessment of the collectability has had to be reassessed, nor have there been any new contracts with customers for which the collection of consideration has not been assessed at inception as probable. This current year assessment also takes into account the impact of Covid-19 on the Group's customer base.
Assurance
The following table provides information about the nature and timing of the satisfaction of performance obligations in contracts with customers by reportable segments, including significant payment terms, and the related revenue recognition policies.
| Revenue stream | Nature | Timing of satisfaction of performance obligations and significant payment terms |
Revenue recognition policies, including determination of transaction price and rationale |
|---|---|---|---|
| Global Professional Services (GPS) |
GPS is the Group's core consulting service represented by consultants providing cyber security consultancy services to a customer over time or to a set deliverable. Some contracts may contain multiple services (e.g. cyber security assessment and certified product evaluation services). These will be identified as separate performance obligations, and the transaction price allocated to each of these is |
The customer simultaneously receives the benefits of the consulting services provided by the Group over the period over which the work is performed and one promise (performance obligation) is identified. Work is performed on a daily basis. Invoices are raised monthly or based on an agreed invoicing profile with the customer. Invoices are usually payable within 30 days. No discounts or retrospective rebates are provided. |
Revenue is recognised on an input basis to measure the satisfaction of performance obligations over time. This is done according to the number of days worked in comparison to the total contracted number of days of the performance obligation. The work performed occurs on a daily basis (for example security assessment of a customer's security environment). It is considered that as the customer benefits over time based on consultants' time, the input method faithfully depicts the Group's performance towards complete satisfaction of the single performance obligation. Transaction price is determined by fixed contract rates based upon day rates and number of days. |
| determined by using the fixed contract rate based upon day rates, being the relative standalone selling price basis. Specifically, the contract terms range from time and materials (based upon consultants' time and expenses) and discrete statements of work, whereby the customer benefits gradually over the period over which the work is performed, unless there is a set deliverable (for example a defined security assessment report). |
Where a set deliverable is required and the customer receives the incremental benefit at the end of the work when the deliverable is transferred to the customer, this represents one performance obligation. In this situation, the contract will have no abortive revenue rights; therefore, the Group has no right to consideration for performance to date. Invoicing will usually be on completion of the set deliverable and payable within 30 days. |
Revenue is recognised at a point in time, on completion of the performance obligation deliverable. It is considered that as the customer benefits once the set deliverable is received, the point in time method faithfully depicts the Group's performance towards complete satisfaction of the single performance obligation. Transaction price is determined by fixed contract rates. |
|
| The Group in certain situations operates on agreed customer terms which allow the Group to recover any abortive revenue from its customer in the event that a customer terminates a contract before the contract or deliverable is complete. |
The customer simultaneously receives and consumes the benefits of the consulting services provided by the Group over the period over which the work is performed by the Group and one performance obligation is identified. Invoices in relation to the abortive revenue will be recognised when aborted. Invoices are usually payable within 30 days. |
Revenue is recognised on an input basis to measure the satisfaction of performance obligations over time. This is done according to the number of days worked in comparison to the total contracted number of days of the performance obligation. Transaction price is determined by fixed contract rates based upon day rates and number of consultancy days. |
for the year ended 31 May 2021
Assurance continued
| Revenue stream | Nature | Timing of satisfaction of performance obligations and significant payment terms |
Revenue recognition policies, including determination of transaction price and rationale |
||
|---|---|---|---|---|---|
| Global Managed Services (GMS) |
These services provide operational cyber defence, incident response, scanning, |
The customer will benefit from the services over the period of the contract. |
The amount of revenue recognised in relation to software licence(s) depends on whether the Group acts as an agent or as a principal. |
||
| simulation and managed security operations centres (SOCs). Services are typically for an extended delivery |
However, the type of contract will depend on how the customer benefits from the software |
The Group acts as principal when the Group controls the specified software licence or service prior to transfer (MSP model). |
|||
| duration, with contract lengths varying up to a maximum of five years. The proposition will also provide the customer with software licence(s) to enable these services to occur. On this basis, the Group operates two types of contracts: • A Managed Service Provider (MSP) model whereby the customer is supplied with one complete integrated service including the software licence(s) |
licence(s). Where a MSP model is selected by the customer, the Group recognises three performance obligations: • Set-up fees • Post-go-live fees • Combined monitoring cyber and licence service The MSP model is considered to be under a principal arrangement whereby the Group controls the service prior to transfer. Where a reseller model is selected by the customer, the Group recognises four performance obligations: |
When the Group acts as a principal the revenue recorded is the gross amount billed. The transaction price is determined by a contract price (cost plus mark-up). The transaction price for the overall service is outlined within the customer contract. In certain scenarios, the contract will outline the price for each performance obligation, which is considered to be the standalone selling price of the services/ goods, and the transaction price is allocated to each performance obligation on this basis. Where the contract does not stipulate the price per performance obligation, management determines the relative standalone selling price for each performance obligation based on a market assessment approach for the services provided in comparison to market prices, and the contract transaction price is allocated to each performance obligation in proportion to those standalone selling prices. |
|||
| • A reseller model whereby the Group sources the software licence(s) on behalf of the customer and provides the Managed Detection and Response services These services will also include set-up fees. Set-up fees represent workshops, design, and configuration to create a "connection" between systems. Following services going live, the Group will also provide a certain level of professional service consultancy days |
• Sourced software licence(s) • Set-up fees • Post-go-live fees • Monitoring cyber service The reseller model is considered to be under an agency arrangement whereby the customer receives the benefit and control of the licence on delivery. Invoices are raised monthly or based on an agreed invoicing profile with the customer. Invoices are usually payable within 30 days. |
Under a reseller model, the Group's responsibility is to arrange for a third party to provide a specified software licence(s) to the customer. In these cases, the Group is acting as an agent and the Group does not control the relevant licence(s) before it is transferred to the customer. In particular, the Group does not have inventory risk, have access to its source code or hold the IP rights. |
|||
| When the Group is acting as an agent, the revenue is recorded at the net amount retained (commission) at a point in time as the customer receives immediate benefit from access to the licence and the Group does not have any further obligations in relation to the provision of the licence. The commission transaction value represents the mark-up on the licence provided. |
|||||
| based on a day rate (post-go-live fees). |
Set-up fees are recognised over time of the set-up. In particular, the level of administrative tasks involved in the set-up process is considered immaterial and therefore the work performed is considered a distinct promised service and incremental benefit of the installation to the customer. The fees are based on day rates incurred (defined by an in-house day rate sales pricing matrix). Accordingly, the charge out rates are recognised and allocated to these tasks when performed akin to technical professional day |
rate services. These rates are considered to be the standalone selling prices and are not discounted
or reduced for other services.
| Revenue stream | Nature | Timing of satisfaction of performance obligations and significant payment terms |
Revenue recognition policies, including determination of transaction price and rationale |
|---|---|---|---|
| Global Managed Services (GMS) continued |
Post-go-live fees are recognised on delivery of consultancy services over time as the customer obtains incremental benefit from the hours provided. Revenue is recognised on an input basis (day rates) to measure the satisfaction of performance obligations over time. |
||
| Transaction price is determined by fixed contract rates based upon day rates and number of post-go-live consultancy days. |
|||
| One performance obligation, being a combined monitoring cyber and licence service, is identified in relation to the MSP model monitoring service. Revenue is recognised over the contract length as the software and monitoring process is an overall service, whereby the Group retains control of the licence and provides a complete monitoring service to the customer. If the customer cancels the contract, the Group will retain control of the licence. |
|||
| The customer benefits from a 24/7 monitoring service whereby benefit is obtained daily and therefore revenue is recognised on straight-line basis as the performance obligation is satisfied over time. |
|||
| The transaction price is determined by fixed contract rates for the combined services. |
|||
| Revenue in relation to the reseller model monitoring service is recognised over the contract length on a straight-line basis as the performance obligation is satisfied over time. The customer benefits from a 24/7 monitoring service whereby benefit is obtained daily on straight-line basis. |
|||
| Product sales | This revenue represents the sale of own manufactured and/or resale of third party |
The customer only benefits from the products on delivery. |
Revenue is recognised when control of the product is transferred to the customer. This occurs upon delivery under the contractual terms. |
| Invoices are raised monthly or products with no connection based on an agreed invoicing to other Group services. profile with the customer. |
On certain sales of third party products, the control of the product is considered to pass from the |
||
| Invoices are usually payable within 30 days. |
vendor to the end customer and in these cases the Group acts as an agent, and hence only records a commission on sale as opposed to gross revenue and costs of sale. |
NCC Group plc — Annual report and accounts for the year ended 31 May 2021 147
for the year ended 31 May 2021
Assurance continued
| Revenue stream | Nature | Timing of satisfaction of performance obligations and significant payment terms |
Revenue recognition policies, including determination of transaction price and rationale |
|---|---|---|---|
| Long-term fixed price contracts |
This revenue represents the long-term development and/or manufacture of specialised software and hardware solutions. |
Delivery of the product is considered to represent one performance obligation. The development and/or manufacturing work carried out by the Group is not considered to create an asset with an alternative use to the entity. The Group is entitled to payment as performance of the contract is completed. On this basis, revenue is recognised over time. Invoices are raised based on achievements of pre-defined milestones in the contract. Invoices are usually payable within 30 days. |
Revenue is recognised on an input basis to measure the satisfaction of the performance obligation over time. This is done according to total costs incurred in comparison to the total expected costs to be incurred to satisfy the performance obligation. This input measure is driven by the nature of the activities carried out in satisfying the performance obligation. The transaction price is fixed within the terms of the contractual arrangement. |
| Software Resilience | |||
| Escrow contract services |
These services securely maintain in "escrow" the long-term availability of business critical software and applications while protecting the intellectual property rights (IPR) of technology partners. The service will include set-up time which is administrative in nature. |
The customer benefits from the escrow service evenly over a contract period, usually at least a year and potentially up to three years. The service represents one performance obligation. Invoices are raised based on an agreed invoicing profile with the customer. Invoices are usually payable within 30 days. |
Revenue is recognised over time on a straight line basis representing the service delivery agreement. The nature of the agreement gives rise to the customer having the benefit of software resilience if and when required over the contract period. Revenue is recognised on a straight-line basis as the pattern of benefit to the customer as well as the Group's efforts to fulfil the contract are generally even throughout the period. The transaction price is determined by a contract price. Set-up time is not considered distinct and a separate performance obligation due to the administrative nature and therefore is recognised over the period of the contract. |
| Verification services |
These services verify source code based upon an agreed scope between all parties, and provide a fully managed secure service and result validation, typically delivered over a short period of time (days). These include SaaS services and ICANN services. |
The customer benefits from the verification service on completion because the source code will only have been fully verified/validated at that point. The service represents one performance obligation. Invoices are raised monthly or based on an agreed invoicing profile with the customer. Invoices are usually payable within 30 days. |
Revenue is recognised on completion of the verification services. Transaction price is determined by fixed contract rates based upon day rates and number of verification days. |
Contract costs comprise incremental sales commissions paid to sales agents which can be directly attributed to an acquired or retained contract. Capitalised commission costs are amortised on a systematic basis that is consistent with the transfer to the customer of the services when the related revenues are recognised. In all other cases, all internal and external costs of obtaining the contract are recognised as incurred.
Costs directly incurred in fulfilling a contract with a customer, which comprise labour hours on long-term contracts, are recognised as an asset to the extent they are recoverable. Such costs are amortised on a systematic basis that is consistent with the transfer to the customer of the services when the related revenues are recognised.
Accrued income represents the Group's rights to consideration for work completed but not billed at the reporting date. Remaining balances are transferred to receivables when the rights become unconditional.
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time.
Long-term contracts are reviewed annually to establish if the contract is onerous in nature. In particular, the long-term contract becomes an onerous contract when the unavoidable costs (i.e. the lower of the cost of fulfilling the contract and any compensation or penalties arising from failure to fulfil it) exceed the economic benefits expected to be received under the contract. The assessment of cost to fulfil includes costs that relate directly to the contract and includes direct costs of production, direct costs of supplies/hardware from external suppliers (materials), direct labour in relation to performance obligations and if appropriate any potential contractual fine dependent on items (performance obligations) not being delivered/performed. Any assets dedicated to the specific contract are also tested for potential impairment.
The Group determines and presents operating segments based on the information that is provided to the Board, which acts as the Group's chief operating decision maker (CODM) in order to assess performance and to allocate resources.
An operating segment is a component of the Group that engages in business activities from which it may earn revenues and incur expenses, including revenues and expenses that relate to transactions with any of the Group's other components. An operating segment's results are reviewed regularly by the CODM to make decisions about resources to be allocated to the segment and to assess its performance.
The Group reports its business in two key segments: the Assurance division and the Software Resilience division. The two reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they are reported to the CODM. Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide, common management structures, and their relatively homogeneous commercial and strategic market environments. Both of the Group's divisions (segments) are run by a senior executive team; those teams make all decisions on resource allocation, product development, marketing and areas for focus and investment.
Some costs are collected and managed in one location but are actually incurred on behalf of multiple operating segments or reporting segments. These costs are then allocated to the reporting segments. The allocation is based on logical or activity driven cost algorithms. The allocation is necessary to give an accurate picture of the consumption of resources by each reporting segment.
Individually Significant Items are identified as those items that based on their size and nature and/or incidence are assessed to warrant separate disclosure to provide supplementary information to support the understanding of the Group's financial performance. Individually Significant Items typically comprise costs/profits/losses on material acquisitions/disposals/business exits, fundamental reorganisation/ restructuring programmes and other significant one-off events. Individually Significant Items are considered to require separate presentation in the notes to the Financial Statements in order to fairly present the financial performance of the Group.
Transactions in foreign currencies are recorded using the appropriate monthly exchange rate ruling at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies are retranslated using the exchange rate ruling at the Balance Sheet date and the gains or losses on translation are included in the Income Statement.
The assets and liabilities of overseas subsidiaries denominated in foreign currencies are retranslated at the exchange rate ruling at the Balance Sheet date. The income statements of overseas subsidiary undertakings are translated at the weighted average exchange rates for the financial year. Gains and losses arising on the retranslation of overseas subsidiary undertakings are taken to the currency translation reserve. They are released to the Income Statement upon disposal of the subsidiary to which they relate.
Foreign currency differences arising from the translation of qualifying cash flow hedges are recognised in OCI to the extent that the hedges are effective.
The Group holds derivative financial instruments to hedge its foreign currency risk exposures. Derivatives are initially measured at fair value. Subsequent to initial recognition, derivatives are measured at fair value, and changes therein are generally recognised in profit or loss. The Group designates certain derivatives as hedging instruments to hedge the variability in cash flows associated with highly probable forecast transactions arising from changes in foreign exchange rates. At inception of designated hedging relationships, the Group documents the risk management objective and strategy for undertaking the hedge. The Group also documents the economic relationship between the hedged item and the hedging instrument, including whether the changes in cash flows of the hedged item and hedging instrument are expected to offset each other.
When a derivative is designated as a cash flow hedging instrument, the effective portion of changes in the fair value of the derivative is recognised in OCI and accumulated in the hedging reserve. The effective portion of changes in the fair value of the derivative that is recognised in OCI is limited to the cumulative change in fair value of the hedged item, determined on a present value basis, from inception of the hedge. Any ineffective portion of changes in the fair value of the derivative is recognised immediately in profit or loss.
The Group designates only the change in fair value of the spot element of forward exchange contracts as the hedging instrument in cash flow hedging relationships. The change in fair value of the forward element of forward exchange contracts (forward points) is separately accounted for as a cost of hedging and recognised in a costs of hedging reserve within equity.
for the year ended 31 May 2021
When the hedged forecast transaction subsequently results in the recognition of a non-financial item, the amount accumulated in the hedging reserve and the cost of hedging reserve is included directly in the initial cost of the non-financial item when it is recognised.
For all other hedged forecast transactions, the amount accumulated in the hedging reserve and the cost of hedging reserve is reclassified to profit or loss in the same period or periods during which the hedged expected future cash flows affect profit or loss.
If the hedge no longer meets the criteria for hedge accounting or the hedging instrument is sold, expires, is terminated or is exercised, then hedge accounting is discontinued prospectively. When hedge accounting for cash flow hedges is discontinued, the amount that has been accumulated in the hedging reserve remains in equity until, for a hedge of a transaction resulting in the recognition of a non-financial item, it is included in the non-financial item's cost on its initial recognition or, for other cash flow hedges, it is reclassified to profit or loss in the same period or periods as the hedged expected future cash flows affect profit or loss.
If the hedged future cash flows are no longer expected to occur, then the amounts that have been accumulated in the hedging reserve and the cost of hedging reserve are immediately reclassified to profit or loss.
The Group operates a defined contribution pension scheme. The assets of the scheme are kept separate from those of the Group in an independently administered fund. The amount charged as an expense in the Income Statement represents the contributions payable to the scheme in respect of the accounting period.
Short-term employee benefit obligations are measured on an undiscounted basis and are expensed as the related service is provided. A liability is recognised for the amount expected to be paid under short-term cash bonus or profit-sharing plans if the Group has a present legal or constructive obligation to pay this amount as a result of past service provided by the employee and the obligation can be estimated reliably.
Share-based payments in which the Group receives goods or services as consideration for its own equity instruments are accounted for as equity settled share-based payment transactions, regardless of how the equity instruments are obtained by the Group.
The grant date fair value of share-based payment awards granted to employees is recognised as an employee expense, with a corresponding increase in equity, over the period that the employees become unconditionally entitled to the awards. The fair value of the options granted is measured using an option valuation model, taking into account the terms and conditions upon which the options were granted.
The amount recognised as an expense is adjusted to reflect the actual number of awards for which the related service and non-market vesting conditions are expected to be met, such that the amount ultimately recognised as an expense is based on the number of awards that do meet the related service and non-market performance conditions at the vesting date. For share-based payment awards with non-vesting conditions, the grant date fair value of the share-based payment is measured to reflect such conditions and there is no true-up for differences between expected and actual outcomes.
Share-based payment transactions in which the Group receives goods or services by incurring a liability to transfer cash or other assets that is based on the price of the Group's equity instruments are accounted for as cash settled share-based payments. The fair value of the amount payable to employees is recognised as an expense, with a corresponding increase in liabilities, over the period in which the employees become unconditionally entitled to payment. The liability is remeasured at each Balance Sheet date and at settlement date. Any changes in the fair value of the liability are recognised as personnel expense within the Income Statement.
Where the Company grants options over its own shares to the employees of a subsidiary it recognises in its individual Financial Statements, an increase in the cost of investment in that subsidiary equivalent to the equity settled share-based payment charge is recognised in respect of that subsidiary in its consolidated Financial Statements with the corresponding credit being recognised directly in equity.
The Group recognises a liability in the Balance Sheet for any earned but not yet taken holiday entitlement for staff. Earned holiday is calculated on a straight-line basis over a holiday year which can vary by business unit. Taken holiday is based on actually taken holiday. Any movement in the liability between the opening and closing balance in the year is recorded as an employee cost or a reduction in employee costs in the Income Statement in the year.
Borrowings are recognised initially at fair value less attributable transaction costs. Subsequent to initial recognition, borrowings are stated at amortised cost with any difference between cost and redemption value being recognised in the Income Statement over the period of the borrowings on an effective interest basis.
Finance costs are recognised within the Income Statement in the year in which they are incurred.
Provisions are determined by discounting the expected future cash flows at a pre-tax rate that reflects current market assessments of the time value of money and the risks specific to the liability. The unwinding of the discount is recognised as finance cost.
Taxation on the profit or loss for the year comprises current and deferred taxation. Taxation is recognised in the Income Statement except to the extent that it relates to items recognised directly in equity, in which case it is recognised in equity.
Current tax is the expected tax payable or receivable on the taxable income or loss for the year, using tax rates enacted or substantively enacted at the Balance Sheet date, and any adjustment to tax payable in respect of previous years.
Deferred tax is provided on temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and the amounts used for taxation purposes. The following temporary differences are not provided for: the initial recognition of goodwill; the initial recognition of assets or liabilities that affect neither accounting nor taxable profit other than in a business combination; and differences relating to investments in subsidiaries to the extent that they will probably not reverse in the foreseeable future. The amount of deferred tax provided is based on the expected manner of realisation or settlement of the carrying amount of assets and liabilities, using tax rates enacted or substantively enacted at the Balance Sheet date. A deferred tax asset is recognised only to the extent that it is probable that future taxable profits will be available against which the temporary difference can be utilised.
R&D tax credits are recognised for the UK tax jurisdiction within administrative expenses and within income tax for the US tax jurisdiction.
Where the Company enters into financial guarantee contracts to guarantee the indebtedness of other companies within the Group, the Company considers these to be insurance arrangements and accounts for them as such. In this respect the Company treats the guarantee contract as a contingent liability until such time as it becomes probable that the Company will be required to make a payment under the guarantee.
Cash and cash equivalents comprise cash in hand and deposits repayable on demand. Bank overdrafts that are repayable on demand form part of the Group's cash management and are included as a component of cash and cash equivalents for the purpose only of the Statement of Cash Flows.
NCC Group plc shares held by the Group are deducted from equity as "treasury shares" and are recognised at cost. Consideration received for the sale of such shares is also recognised in equity, with any difference between the proceeds from sale and the original cost being taken to reserves. No gain or loss is recognised in the Income Statement on the purchase, sale, issue or cancellation of equity shares.
The preparation of Financial Statements requires management to exercise judgement in applying the Group's accounting policies. Different judgements would have the potential to change the reported outcome of an accounting transaction or Statement of Financial Position. It also requires the use of estimates that affect the reported amounts of assets, liabilities, income and expenses. Actual results may differ from these estimates. Estimates and underlying assumptions are reviewed on an ongoing basis, with changes recognised in the period in which the estimates are revised and in any future periods affected. The table below shows those areas of critical accounting judgements and estimates that the Directors consider material and that could reasonably change significantly in the next year.
| Accounting area | Accounting judgement? |
Accounting estimate? |
|---|---|---|
| Carrying value of goodwill | No | Yes |
| Control of IPM Software Resilience business | Yes | No |
| Recognition of research and development tax credits | No | Yes |
| Intangible assets – cloud-based software and development costs | Yes | No |
Information about critical accounting judgements made in applying accounting policies that have the most significant effects on the amounts recognised in the consolidated Financial Statements are as follows.
A key judgement in the year ended 31 May 2021 is the acquisition date for the purchase of the IPM Software Resilience business. Management considers shareholder approval of the transaction constitutes a change in control and therefore the date of shareholder approval is considered to be the acquisition date for the transaction.
Shareholder approval was granted on 1 June 2021 and the IPM Software Resilience business will be consolidated into the Group results from that date.
When the Group incurs customisation and configuration costs, as part of a service agreement, judgement is also required in assessing whether the Group has control over the resources defined in the arrangement. Management has considered the IFRS Interpretations Committee (IFRIC) agenda decision in April 2021 on the clarification of accounting in relation to these costs. The costs expensed amount to £5.1m (2020: £7.9m). See further details in Notes 12 and 34 in relation to a prior year restatement.
Development activities involve a plan or design for the production of new or substantially improved products or processes. Judgement is required in determining whether the project is technically and commercially feasible; judgement is required in assessing the future economic benefit and viability of the project.
Such judgements are inherently subjective and can have a material impact on determining whether such costs should be capitalised.
for the year ended 31 May 2021
Information about estimation uncertainties that have a significant risk of resulting in a material adjustment to the carrying values of assets and liabilities within the next financial year is addressed below.
Whilst every effort is made to ensure that such estimates and assumptions are reasonable, by their nature they are uncertain, and as such changes in estimates and assumptions may have a material impact. Estimates and assumptions used in the preparation of the Financial Statements are continually reviewed and revised as necessary at each reporting date.
The Group has significant balances relating to goodwill at 31 May 2021 as a result of acquisitions of businesses in previous years. The carrying value of goodwill at 31 May 2021 is £182.9m (2020: £193.1m). Goodwill balances are tested annually for impairment. Tests for impairment are primarily based on the calculation of a value in use for each CGU.
This involves the preparation of discounted cash flow projections, which require significant estimates of both future operating cash flows and an appropriate risk-adjusted discount rate.
The commercial viability of individually capitalised development project costs is also part of the overall assessment of carrying values.
Future cash flow estimates are based on two critical estimates: the rate of revenue growth and the discount rate, particularly in relation to the Europe Assurance CGU which is the most sensitive to movements in estimates.
The calculation of an appropriate discount rate to apply to the future cash flow estimate is itself an estimate. While some aspects of discount rate calculations can be more mechanical in nature (such as using the 30 year gilt yield as a proxy for the risk free rate) others, such as entity or sector-specific risk adjustments, rely more on management estimates. The discount rate is also a key component in assessing the terminal value which is often an important part of any valuation.
Sensitivity analysis on what are regarded as reasonably possible changes is provided in Note 12.
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be uncertainty. The most significant source of uncertainty arises from claims for US research and development (R&D) tax credits relating to historical periods. Uncertainty arises as a result of a degree of uncertainty concerning the interpretation of US legislation and because the statute of limitations has not expired. The basis on which the Group has claimed R&D tax credits involves a technical assessment of which party bears the economic risk in any research contracts entered into with third parties. This assessment is a key estimate. It is considered "probable" that the US taxation authority would accept the uncertain tax treatment in relation to the utilised tax credits recognised.
For the periods ending 31 May 2017 to 31 May 2021, the aggregate net current tax benefit included in the Income Statement relating to the R&D US tax credits is £2.7m (2020: £4.3m). The gross deferred tax asset relating to the R&D US tax credits is £1.0m (2020: £0.8m), although due to the uncertainty we have made a provision of £0.6m (2020: £0.8m) against this asset. The aggregate gross amount of US R&D tax credits recognised amounts to £8.2m (2020: £5.1m) and we have made a provision of £5.1m (2020: £0.8m) against this gross position.
It is considered reasonably possible that the outcome relating to historical claims ranges from a potential increase of tax credits of £5.1m to a potential reduction of £3.1m.
Some aspects of the Group's revenue are derived from relatively long-term fixed price contracts. On this basis, estimation uncertainty is disclosed in relation to one contract:
The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined terms under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not intended to be a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the current year results and comparative periods where provided.
This presentation is also consistent with the way that financial performance is measured by management and reported to the Board, and the basis of financial measures for senior management's compensation schemes, and provides supplementary information that assists the user in understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure that the Annual Report and Accounts give a fair, balanced and understandable view of the Group's performance, cash flows and financial position. IAS 1 'Presentation of Financial Statements' requires the separate presentation of items that are material in nature or scale in order to allow the user of the accounts to understand underlying business performance.
As discussed in the prior year Annual Report and in accordance with FRC guidelines, the Group no longer presents a Consolidated Income Statement showing adjusting items separately. In the prior year, the Group disclosed adjusting items of £10.2m relating to amortisation of acquisition intangibles (2020: £8.8m) and share-based payments (2020: £1.4m) as a separate column on the face of the Consolidated Income Statement. This is no longer disclosed in this way to simplify the Group's results. However, as the Group manages internally its performance at an adjusted operating profit level (before amortisation of acquisition intangibles, share-based payments and Individually Significant Items), which management believes better represents the underlying trading of the business, this information is still disclosed as an APM within this Annual Report. This APM is reconciled to statutory operating profit, together with the consequently Adjusted basic EPS (before amortisation of acquisition intangibles, share-based payments and Individually Significant Items and tax effect thereon) to statutory basic EPS.
This change has removed the following adjusted measures from the Group's narrative reporting and disclosures:
Following this revision to APMs, the Group has the following APMs/non-statutory measures:
These measures provide supplementary information that assists the user to understand the financial performance, position and trends of the Group. Further detail is included within the glossary of terms to this Annual Report which provides supplementary information that assists the user in understanding theses APMs/non-statutory measures.
The Group reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account constant foreign exchange rates year on year. This involves translating comparative numbers to current year rates for comparability to enable a growth factor to be calculated. In addition, the Group also reports these regions on a local currency basis to demonstrate the revenue performance on a local basis. As these measures are not statutory revenue numbers, management consider these to be APMs.
The calculation of Adjusted EBITDA and Adjusted operating profit is set out below:
| 2021 £m |
2020 (restated) 2 £m |
|
|---|---|---|
| Operating profit | 17.3 | 12.6 |
| Depreciation of property, plant and equipment | 4.4 | 5.8 |
| Depreciation of right-of-use assets | 5.9 | 6.0 |
| Amortisation of customer contracts and relationships (acquired intangibles) | 6.4 | 8.8 |
| Amortisation of software and development costs | 3.0 | 3.0 |
| Individually Significant Items (Note 5) | 12.7 | 7.9 |
| Share-based payments charge (Note 26) | 2.8 | 1.4 |
| Adjusted EBITDA | 52.5 | 45.5 |
| Depreciation and amortisation (excluding amortisation charged on acquired intangibles) | (13.3) | (14.8) |
| Adjusted operating profit | 39.2 | 30.7 |
for the year ended 31 May 2021
Net cash/(debt)
The calculation of net cash/(debt) is set out below:
| 2021 £m |
2020 £m |
|
|---|---|---|
| Cash and cash equivalents (Note 24) | 116.5 | 95.0 |
| Borrowings (Note 24) | (33.2) | (99.2) |
| Net cash/(debt) excluding lease liabilities | 83.3 | (4.2) |
| Lease liabilities | (34.4) | (38.2) |
| Net cash/(debt) | 48.9 | (42.4) |
The calculation of the cash conversion ratio is set out below:
| 2021 £m |
2020 (restated) 2 £m |
|
|---|---|---|
| Cash generated from operating activities before interest and taxation (A) | 46.3 | 46.8 |
| Adjusted EBITDA (B) | 52.5 | 45.5 |
| Cash conversion ratio (%) (A)/(B) | 88.2% | 102.9% |
The Group is organised into the following two (2020: two) reportable segments: Assurance and Software Resilience. The two reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they are reported to the chief operating decision maker (CODM) for the purposes of IFRS 8 'Operating Segments', which is considered to be the Board of Directors of NCC Group plc. Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide, common management structures, and their relatively homogeneous commercial and strategic market environments. Performance is measured based on reporting segment profit, which comprises Adjusted operating profit 1 and adjusting items are not allocated to business segments. . Interest and tax are also not allocated to business segments and there are no intra-segment sales.
| Assurance | Software Resilience |
Central and head office |
Group | |
|---|---|---|---|---|
| Segmental analysis 2021 | £m | £m | £m | £m |
| Revenue | 233.9 | 36.6 | – | 270.5 |
| Cost of sales | (149.5) | (10.4) | – | (159.9) |
| Gross profit | 84.4 | 26.2 | – | 110.6 |
| Gross margin % | 36.1% | 71.6% | – | 40.9% |
| General administrative expenses allocated | (45.4) | (9.5) | (3.2) | (58.1) |
| Adjusted EBITDA 1 | 39.0 | 16.7 | (3.2) | 52.5 |
| Depreciation and amortisation | (9.4) | (0.7) | (3.2) | (13.3) |
| Adjusted operating profit 1 | 29.6 | 16.0 | (6.4) | 39.2 |
| Individually Significant Items (Note 5) | – | – | (12.7) | (12.7) |
| Amortisation of acquired intangibles | – | – | (6.4) | (6.4) |
| Share-based payments | – | – | (2.8) | (2.8) |
| Operating profit | 29.6 | 16.0 | (28.3) | 17.3 |
| Segmental analysis 2020 (restated) 2 | Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
|---|---|---|---|---|
| Revenue | 226.2 | 37.5 | – | 263.7 |
| Cost of sales | (149.3) | (10.0) | – | (159.3) |
| Gross profit | 76.9 | 27.5 | – | 104.4 |
| Gross margin % | 34.0% | 73.3% | – | 39.6% |
| General administrative expenses allocated | (43.9) | (10.0) | (5.0) | (58.9) |
| Adjusted EBITDA 1 | 33.0 | 17.5 | (5.0) | 45.5 |
| Depreciation and amortisation | (10.7) | (0.6) | (3.5) | (14.8) |
| Adjusted operating profit 1 | 22.3 | 16.9 | (8.5) | 30.7 |
| Individually Significant Items (Note 5) | – | – | (7.9) | (7.9) |
| Amortisation of acquired intangibles | – | – | (8.8) | (8.8) |
| Share-based payments | – | – | (1.4) | (1.4) |
| Operating profit | 22.3 | 16.9 | (26.6) | 12.6 |
| Segmental analysis 2021 | Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
|---|---|---|---|---|
| Additions to non-current assets | 6.0 | – | 2.1 | 8.1 |
| Reportable segment assets | 69.3 | 13.5 | 349.5 | 432.3 |
| Reportable segment liabilities | (94.9) | (4.5) | (66.7) | (166.1) |
| Segmental analysis 2020 (restated) 2 | Assurance £m |
Software Resilience £m |
Central and head office £m |
Group £m |
|---|---|---|---|---|
| Additions to non-current assets | 4.7 | 0.2 | 12.3 | 17.2 |
| Reportable segment assets | 88.0 | 18.4 | 330.8 | 437.2 |
| Reportable segment liabilities | (73.9) | (14.5) | (142.9) | (231.3) |
The Central and head office cost centre is not considered to be a separate operating segment nor part of any other operating segment as it does not generate any revenues. Included within Central and head office are assets and liabilities not specifically allocated to the reporting segments and include investments, head office tangible and intangible assets, deferred tax assets and liabilities, right-of-use assets and associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions. Central and head office assets and liabilities are disclosed to allow a reconciliation back to the Group's assets and liabilities.
During the year, management has amended its segment disclosure to reflect the way the performance of the business is reported to the CODM and managed. The performance of the APAC region was previously included within Europe and APAC. For the year ended 31 May 2021, the APAC region is now included together with the UK segment until it becomes such a size that warrants separate reporting to the CODM. In addition, with the continuing growth and formation of a European division we have changed geographical segments in line with how this information is reported to the Board and managed today and have represented prior year figures on a like-for-like basis.
The net book value of non-current assets is analysed geographically as follows:
| 2020 | ||
|---|---|---|
| 2021 | (restated) 2 | |
| £m | £m | |
| UK and APAC | 172.0 | 188.3 |
| North America | 60.5 | 68.6 |
| Europe | 9.0 | 10.4 |
| Total non-current assets | 241.5 | 267.3 |
for the year ended 31 May 2021
Revenue is disaggregated by primary geographical market, by category and timing of revenue recognition as follows:
| Assurance £m |
Software Resilience £m |
2021 Total £m |
Assurance £m |
Software Resilience £m |
2020 Total £m |
|
|---|---|---|---|---|---|---|
| Revenue by originating country | ||||||
| UK and APAC | 102.7 | 25.2 | 127.9 | 98.8 | 25.9 | 124.7 |
| North America | 82.7 | 7.3 | 90.0 | 82.4 | 7.8 | 90.2 |
| Europe | 48.5 | 4.1 | 52.6 | 45.0 | 3.8 | 48.8 |
| Total revenue | 233.9 | 36.6 | 270.5 | 226.2 | 37.5 | 263.7 |
| Assurance £m |
Software Resilience £m |
2021 Total £m |
Assurance £m |
Software Resilience £m |
2020 Total £m |
|
| Revenue by category | ||||||
| Services | 228.3 | 36.6 | 264.9 | 215.7 | 37.5 | 253.2 |
| Products | 5.6 | – | 5.6 | 10.5 | – | 10.5 |
| Total revenue | 233.9 | 36.6 | 270.5 | 226.2 | 37.5 | 263.7 |
| Timing of revenue recognition | ||||||
| Services and products transferred over time | 47.9 | 24.0 | 71.9 | 41.4 | 25.7 | 67.1 |
| Services and products transferred at a point in time | 186.0 | 12.6 | 198.6 | 184.8 | 11.8 | 196.6 |
| Total revenue | 233.9 | 36.6 | 270.5 | 226.2 | 37.5 | 263.7 |
There are no customer contracts in either 2021 or 2020 which account for more than 10% of segment revenue.
The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently unusual in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately identified and excluded from adjusted results (as explained in Note 3).
| Individually Significant Items (ISIs) | 2021 £m |
2020 (restated) 2 £m |
|---|---|---|
| Cloud configuration and customisation costs | 5.1 | 7.9 |
| Costs directly attributable to the acquisition of the IPM Software Resilience business | 7.6 | – |
| Total ISIs | 12.7 | 7.9 |
These costs relate to the material spend previously capitalised in relation to the Group's Securing Growth Together digital transformation programme that have now been expensed following the adoption of the IFRIC agenda decision. The costs meet the Group's policy for ISIs. See Note 34 for further details in relation to the prior year restatement.
These costs are directly attributable to the material acquisition of the IPM Software Resilience business (see Note 35) and are therefore considered to meet the Group's policy for ISIs. The nature of the costs includes legal, accountancy, due diligence and other advisory services.
| 2021 | 2020 (restated) 2 |
|
|---|---|---|
| Continuing activities | £m | £m |
| Profit before taxation is stated after charging/(crediting): | ||
| Amounts receivable by auditor and its associates in respect of: | ||
| Audit of these Financial Statements | 0.7 | 0.4 |
| Audit of Financial Statements of subsidiaries pursuant to legislation | 0.1 | 0.1 |
| Total audit 4 | 0.8 | 0.5 |
| Amortisation of development costs (Note 12) | 2.0 | 2.0 |
| Amortisation of software costs (after the adoption of the IFRIC agenda decision on cloud configuration and customisation costs) (Note 12) |
1.0 | 1.0 |
| Amortisation of acquired intangibles (Note 12) | 6.4 | 8.8 |
| Depreciation of property, plant and equipment (Note 13) | 4.4 | 5.8 |
| Depreciation of right-of-use assets (Note 14) | 5.9 | 6.0 |
| Impairment of right-of-use assets (Note 14) | – | 1.1 |
| Costs directly attributable to the acquisition of the IPM Software Resilience business (included within ISIs) (Note 5) | 7.6 | – |
| Cloud configuration and customisation costs (Note 5) | 5.1 | 7.9 |
| Credit losses recognised on financial assets | 0.8 | 0.7 |
| Cost of inventories recognised as an expense | 1.1 | 0.5 |
| Foreign exchange losses | 1.5 | – |
| Lease rental costs charged: | ||
| – Hire of property, plant and equipment 5 | 0.1 | 0.5 |
| Research and development expenditure | 0.5 | 0.6 |
| Profit on disposal of intangible assets | (0.5) | – |
| Profit on disposal of right-of-use assets | (0.2) | (0.1) |
| Loss on sale of property, plant and equipment | 0.2 | – |
4 The only non-audit service provided by the auditor was for the interim review at 30 November 2020, for which the fee was £75,000 (2020: £50,000).
5 The charge to the Income Statement in respect of lease rental costs relates entirely to short-term leases for which the Group has taken the exemption allowed from applying the principles of IFRS 16.
Directors' emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of 2021 were £2.2m (2020: £1.6m). Employer contributions to pensions for Executive Directors for qualifying periods were £nil (2020: £50,000). The Company provided pension payments in lieu of pension contributions for two Executive Directors during the year ended 31 May 2021 amounting to £50,000. The aggregate net value of share awards granted to the Directors in the period was £0.7m (2020: £0.7m). The net value has been calculated by reference to the closing mid-market price of the Company's shares on the day before the date of grant. During the year, 104,526 share options were exercised by Directors (2020: nil) and their gain on exercise of share options was £88,000 (2020: £nil).
The average monthly number of persons employed by the Group during the year, including Directors, is analysed by category as follows:
| Number of employees | ||
|---|---|---|
| 2021 | 2020 | |
| Operational | 1,523 | 1,518 |
| Administration | 374 | 355 |
| Total | 1,897 | 1,873 |
| The aggregate payroll costs of these persons were as follows: | ||
| 2021 £m |
2020 £m |
|
| Wages and salaries | 152.5 | 148.4 |
| Total payroll costs | 174.3 | 170.1 |
|---|---|---|
| Other pension costs (Note 31) | 5.3 | 5.6 |
| Social security costs | 13.7 | 14.7 |
| Share-based payments (Note 26) | 2.8 | 1.4 |
| Wages and salaries | 152.5 | 148.4 |
for the year ended 31 May 2021
| Finance costs | 2.5 | 3.0 |
|---|---|---|
| Interest expense on lease liabilities | 1.2 | 1.2 |
| Interest payable on bank loans and overdrafts | 1.3 | 1.8 |
| 2021 £m |
2020 £m |
The above finance costs relate entirely to liabilities not at fair value through profit or loss.
| 2021 | 2020 (restated) 2 |
|
|---|---|---|
| £m | £m | |
| Current tax expense | ||
| Current year | (0.8) | 2.0 |
| Adjustment to tax expense in respect of prior periods | (0.4) | (0.6) |
| Impact of prior year US R&D tax credits | 2.7 | – |
| Foreign tax | 4.3 | 4.4 |
| Total current tax | 5.8 | 5.8 |
| Deferred tax expense | ||
| Origination and reversal of temporary differences | (0.7) | (2.7) |
| Movement in tax rate | 0.4 | (0.3) |
| Recognition of previously unrecognised deductible timing differences | – | (0.4) |
| Impact of prior year US R&D tax credits | (0.8) | 0.5 |
| Adjustment to tax expense in respect of prior periods | 0.1 | 0.3 |
| Total deferred tax | (1.0) | (2.6) |
| Tax expense on continuing operations | 4.8 | 3.2 |
| 2021 £m |
2020 (restated) 2 £m |
|
|---|---|---|
| Profit before taxation | 14.8 | 9.6 |
| Current tax using the UK corporation tax rate of 19% (2020: 19%) | 2.8 | 1.8 |
| Effects of: | ||
| Items not (assessable)/deductible for tax purposes | (0.5) | 0.9 |
| Adjustment to tax charge in respect of prior periods | (0.3) | (0.3) |
| Impact of prior year US R&D tax credits | 1.9 | 0.5 |
| Impact of current year US R&D tax credits | (0.3) | – |
| Differences between overseas tax rates | 0.7 | 0.9 |
| Movements in temporary differences not recognised | 0.1 | (0.3) |
| Movement in tax rate | 0.4 | (0.3) |
| Total tax expense | 4.8 | 3.2 |
Current and deferred tax recognised directly in equity was a credit of £0.3m (2020: £nil).
In the March 2021 budget the UK government announced that legislation will be introduced in the Finance Bill 2021 to increase the main rate of UK corporation tax from 19% to 25%, effective 1 April 2023. This rate was substantively enacted on 24 May 2021 and therefore the deferred tax balances as at 31 May 2021 are generally measured at a rate of 25%.
During the year, the Group has reviewed its accounting policy to align with IFRIC guidance issued in April 2021 in relation to Software-as-a-Service (SaaS) costs previously capitalised; following this review certain costs previously capitalised in relation to cloud-based arrangements have been expensed and amortisation charged on those assets has been reversed. This had the impact on the UK tax charge in the prior year of £1.2m. See Note 34 for further details on this prior year restatement.
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to historical periods. Uncertainty arises as a result of a degree of uncertainty concerning interpretation of US legislation and because the statute of limitations has not expired. For the periods ending 31 May 2017 to 31 May 2021, the aggregate net current tax benefit to the Income Statement relating to the US R&D tax credits is £2.7m (2020: £4.3m). The gross deferred tax asset relating to the US R&D tax credits is £1.0m (2020: £0.8m), although due to the uncertainty we have made a partial provision of £0.6m (2020: £0.8m) against this asset. The aggregate gross amount of US R&D tax credits recognised amounts to £8.2m (2020: £5.1m) and we have made a provision of £5.1m (2020: £0.8m) against this gross position.
| 2021 | 2020 | |
|---|---|---|
| £m | £m | |
| Dividends paid and recognised in the year | 13.0 | 12.9 |
| Dividends per share paid and recognised in the year | 4.65p | 4.65p |
| Dividends per share proposed but not recognised in the year | 3.15p | 3.15p |
The proposed final dividend for the year ended 31 May 2021 of 3.15p per ordinary share on approximately 309.8m ordinary shares (approximately £10m) was approved by the Board on 14 September 2021 and will be recommended to shareholders at the AGM on 4 November 2021. The dividend has not been included as a liability as at 31 May 2021. The payment of this dividend will not have any tax consequences for the Group.
Earnings per ordinary share are shown on a statutory and an adjusted basis to assist in the understanding of the performance of the Group.
| 2020 | ||
|---|---|---|
| 2021 | (restated) 2 | |
| £m | £m | |
| Statutory earnings (A) | 10.0 | 6.4 |
| Number | Number | |
| of shares | of shares | |
| m | m | |
| Basic weighted average number of shares in issue (C) | 281.2 | 278.0 |
| Dilutive effect of share options | 1.5 | 2.5 |
| Diluted weighted average shares in issue (D) | 282.7 | 280.5 |
For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the period during which the options are outstanding.
| 2020 | ||
|---|---|---|
| 2021 | (restated) 2 | |
| Pence | Pence | |
| Earnings per ordinary share | ||
| Basic (A/C) | 3.6 | 2.3 |
| Diluted (A/D) | 3.5 | 2.3 |
for the year ended 31 May 2021
Adjusted basic EPS 1 is reconciled as follows:
| 2021 £m |
2020 (restated) 2 £m |
|
|---|---|---|
| Statutory earnings (A) | 10.0 | 6.4 |
| Amortisation of acquired intangibles | 6.4 | 8.8 |
| Share-based payments | 2.8 | 1.4 |
| Individually Significant Items (see Note 5) | 12.7 | 7.9 |
| Tax effect of above items | (5.1) | (3.4) |
| Adjusted earnings (B) | 26.8 | 21.1 |
| 2021 Pence |
2020 (restated) 2 Pence |
|
| Adjusted earnings per ordinary share | ||
| Basic (B/C) | 9.5 | 7.6 |
| Diluted (B/D) | 9.5 | 7.5 |
| Goodwill £m |
Software £m |
Development costs £m |
Customer contracts and relationships £m |
Intangibles subtotal £m |
Total £m |
|
|---|---|---|---|---|---|---|
| Cost | ||||||
| At 1 June 2019 – restated 2 | 255.6 | 20.7 | 12.7 | 87.1 | 120.5 | 376.1 |
| Additions – restated 2 | – | 1.0 | 1.3 | – | 2.3 | 2.3 |
| Transfers | – | 0.2 | (0.2) | – | – | – |
| Disposals | – | (9.1) | (2.3) | – | (11.4) | (11.4) |
| Effects of movements in exchange rates | 3.7 | – | – | 1.1 | 1.1 | 4.8 |
| At 31 May 2020 – restated 2 | 259.3 | 12.8 | 11.5 | 88.2 | 112.5 | 371.8 |
| Additions | – | 1.7 | 0.6 | – | 2.3 | 2.3 |
| Disposals | (10.2) | – | – | (13.0) | (13.0) | (23.2) |
| Effects of movements in exchange rates | (10.2) | – | (0.4) | (2.1) | (2.5) | (12.7) |
| At 31 May 2021 | 238.9 | 14.5 | 11.7 | 73.1 | 99.3 | 338.2 |
| Accumulated amortisation | ||||||
| At 1 June 2019 – restated 2 | (66.2) | (18.9) | (7.5) | (55.8) | (82.2) | (148.4) |
| Charge for year – restated 2 | – | (1.0) | (2.0) | (8.8) | (11.8) | (11.8) |
| Disposals | – | 9.1 | 2.3 | – | 11.4 | 11.4 |
| Effects of movements in exchange rates | – | – | (0.1) | (0.8) | (0.9) | (0.9) |
| At 31 May 2020 – restated 2 | (66.2) | (10.8) | (7.3) | (65.4) | (83.5) | (149.7) |
| Charge for year | – | (1.0) | (2.0) | (6.4) | (9.4) | (9.4) |
| Disposals | 10.2 | – | – | 13.0 | 13.0 | 23.2 |
| Effects of movements in exchange rates | – | – | 0.3 | 1.3 | 1.6 | 1.6 |
| At 31 May 2021 | (56.0) | (11.8) | (9.0) | (57.5) | (78.3) | (134.3) |
| Net book value | ||||||
| At 31 May 2021 | 182.9 | 2.7 | 2.7 | 15.6 | 21.0 | 203.9 |
| At 31 May 2020 – restated 2 | 193.1 | 2.0 | 4.2 | 22.8 | 29.0 | 222.1 |
Development costs are capitalised in accordance with IAS 38 development criteria. For this reason, these are not regarded as realised losses.
During the year, the Group has reviewed its accounting policy to align with IFRIC guidance issued in April 2021 in relation to Software-as-a-Service (SaaS) costs previously capitalised; following this review of costs previously capitalised for the year ended 31 May 2020 of £7.9m relating to cloud-based arrangements have now been expensed and amortisation of £1.4m charged on those assets has been reversed. Consequentially, the net impact on operating profit for the year ended 31 May 2020 is £6.5m. In addition, costs of £0.2m have been reclassified to prepayments. For the year ended 31 May 2019, the Group identified £3.6m of costs previously capitalised under cloud computing arrangements that should be expensed and £0.1m of amortisation was charged, which is to be reversed. See Note 34 for further details on this prior year restatement.
Goodwill and intangible assets are allocated to CGUs in order to be assessed for potential impairment. CGUs are defined by accounting standards as the lowest level of asset groupings that generate separately identifiable cash inflows that are not dependent on other CGUs. The Directors have reviewed the continuing applicability of the judgements made in the prior year in determining the CGUs within the Group and in allocating goodwill to these CGUs. The assessment of CGUs is a key accounting judgement as set out in Note 2 of the consolidated Financial Statements.
During the year, the Group revised its CGUs as follows:
The CGUs and the allocation of goodwill to those CGUs are shown below:
| Goodwill 2021 |
Goodwill* 2020 |
|
|---|---|---|
| Cash generating units | £m | £m |
| UK Software Resilience | 22.9 | 22.9 |
| North America Software Resilience | 7.5 | 8.7 |
| Europe Software Resilience | 7.2 | 7.5 |
| Total Software Resilience | 37.6 | 39.1 |
| UK and APAC Assurance | 44.2 | 47.3 |
| North America Assurance | 36.4 | 42.4 |
| Europe Assurance | 64.7 | 64.3 |
| Total Assurance | 145.3 | 154.0 |
| Total Group | 182.9 | 193.1 |
* The prior year comparative figures have been re-presented to reflect the change in CGUs in the year described above.
Goodwill is tested for impairment annually at the level of the CGU to which it is allocated. In each of the tests carried out as at 31 May 2021, the recoverable amount of the CGUs concerned was measured on a value in use basis (VIU). VIU represents the present value of the future cash flows that are expected to be generated by the CGU to which the goodwill is allocated.
Capitalised development and software costs are included in the CGU asset bases when performing the impairment review. Capitalised development projects and software intangible assets are also considered, on an asset-by-asset basis, for impairment where there are indicators of impairment. During the year, management carried out a detailed review of the capitalised product portfolio and, based on cash flow projections for the respective projects, concluded that no impairment was required.
VIU calculations are an area of material management estimation as set out in Note 2 to the consolidated Financial Statements. These calculations require the use of estimates, specifically: pre-tax cash flow projections; long-term growth rates; and a pre-tax discount rate. Further detail in relation to these key assumptions used in the Group's goodwill annual impairment review is as follows:
for the year ended 31 May 2021
Pre-tax cash flow projections are based on the Group's budget for the forthcoming financial year and longer-term three year strategic plans to 2024. The budget and three year strategic plan are compiled by the business unit management teams using a detailed, bottom-up process with respect to revenue, margin and overheads, taking into account factors specific to that business unit as well as wider economic factors such as industry growth expectations and the impact of Covid-19.
The Group's revenue forecasts are developed using the most reliable data available, such as the size of the existing contract base and details of confirmed orders, as well as assumptions over key operational inputs to underpin the forecast for each revenue stream. The combined effect of these individual assumptions on the overall growth rate assumed for each area of the business is then compared to management's experience of growth and the industry's expected growth rate.
For cost forecasts, the majority of which are people related, headcount changes are forecast for delivery and sales staff in order that there are sufficient resources to support the forecasted required revenue delivery capacity as well as to deliver against sales targets, whilst also factoring in payroll inflation expectations. Overhead costs are also forecast using a bottom-up process.
Forecasts go through a detailed review process and are subject to challenge at each stage of review, including by the Executive Committee. Ultimately the forecasts are approved by the Board.
Assumptions have then been applied for expected revenue, margin growth, overheads and Adjusted EBITDA¹ for the subsequent two years from the end of 2024. Adjusted EBITDA¹ is considered a proxy for operating cash flow before changes in working capital. Pre-tax cash flow projections also include assumptions on working capital and capital expenditure requirements for each CGU.
These assumptions are based on management's experience of growth and knowledge of the industry sectors, markets and the Group's internal opportunities for growth and margin enhancement. The projections beyond five years into perpetuity use an estimated long-term growth rate. Management has taken into account the impact of Covid-19 in formulating the above assumptions, and the underlying uncertainty of Covid-19 has been reflected in the assumptions underpinning the cash flow forecasts for each CGU rather than the pre-tax discount rates used in the impairment test.
Forecast working capital and capital expenditure included within the pre-tax cash flow projections are based on management's expectations of future expenditure required to support the Group and current run rate requirements.
The revenue growth rate is considered a critical estimate by management. Revenue growth is considered to be the most critical estimate, rather than Adjusted EBITDA 1 growth which was used in the prior year, due to the Group's relatively stable overhead base and high operating leverage. The table below summarises the cumulative average growth rate (CAGR) assumed for revenue over the five year forecast period to 2026 for each CGU:
| Revenue CAGR (%) 2021 |
Revenue CAGR (%) 2020 |
|
|---|---|---|
| UK Software Resilience | 5.8 | 5.5 |
| North America Software Resilience | 12.3 | 1.2 |
| Europe Software Resilience | 11.4 | 5.1 |
| UK and APAC Assurance | 9.0 | 8.3 |
| North America Assurance | 10.4 | 8.3 |
| Europe Assurance | 11.7 | 13.1 |
The revenue % growth for Europe Assurance is considered by management to be appropriate for the specific industry to which the CGU operates. Management has considered available external market data in determining the revenue growth rates over the five year forecast period.
To forecast growth beyond the detailed cash flows into perpetuity, a long-term average growth rate ranging between 1.5 and 1.7% (2020: between 1.9 and 2.5%) has been used based on the specific geography of the CGU, as shown in the table below. This range represents management's best estimate of a long-term annual growth rate aligned to an assessment of long-term GDP growth rates. A higher sector-specific growth rate would be a valid alternative estimate. A different set of assumptions may be more appropriate in future years dependent on changes in the macro-economic environment. These rates are not greater than the published International Monetary Fund average growth rates in gross domestic product for the next five year period in each relevant territory in which the CGUs operate.
| Growth rate | Growth rate | |
|---|---|---|
| (%) 2021 |
(%) 2020 |
|
| UK Software Resilience | 1.7 | 1.9 |
| North America Software Resilience | 1.6 | 2.5 |
| Europe Software Resilience | 1.5 | 1.9 |
| UK and APAC Assurance | 1.7 | 1.9 |
| North America Assurance | 1.6 | 2.5 |
| Europe Assurance | 1.5 | 1.9 |
Discount rates can change relatively quickly for reasons both inside and outside of management's control. Those outside management's direct control or influence include changes in the Group's Beta, changes in risk free rates of return and changes in Equity Risk Premia.
The discount rates are determined using a capital asset pricing model and reflect current market interest rates, relevant equity and size risk premiums and the risks specific to the CGU concerned. On this basis, specific discount rates are used for each CGU in the VIU calculation and the rates reflect management's assessment on the level of relative risk in each respective CGU. The table below summarises the pre-tax discount rates used for each CGU:
| Pre-tax | Pre-tax | |
|---|---|---|
| discount rate | discount rate | |
| (%) | (%) | |
| 2021 | 2020 | |
| UK Software Resilience | 12.9 | 15.4 |
| North America Software Resilience | 15.3 | 13.5 |
| Europe Software Resilience | 13.6 | 13.6 |
| UK and APAC Assurance | 13.0 | 11.6 |
| North America Assurance | 14.2 | 13.5 |
| Europe Assurance | 13.7 | 12.7 |
Sensitivity analysis has been performed in respect of certain scenarios where management considers a reasonably possible change in key assumptions could occur. The following key assumptions are considered to carry the greatest level of sensitivity to forecasts:
With the exception of the Europe Assurance CGU, the outcome of applying sensitivity analysis in respect of the above inputs indicated that there is no reasonably possible scenario in which the carrying value of goodwill would be considered impaired. With respect to the Europe Assurance CGU, management has considered the impact of Covid-19 on the challenging growth targets for this CGU and believes a reasonably possible change in the key assumptions of a 1.7% pts reduction in the revenue CAGR or a 1% pts increase in the discount rate would significantly reduce the headroom or give rise to an impairment. The impact of these changes in assumptions is illustrated in the table below, together with the change in each assumption that would result in the VIU falling below the carrying amount.
It is noted that, whilst a 1.7% pts reduction in the revenue CAGR would give rise to a potential impairment of goodwill, it is expected that any such deterioration in expected growth rates would also lead to a reduction in expected future costs. This expected future cost reduction has not been factored into the calculations illustrated below.
| Europe Assurance | ||
|---|---|---|
| Sensitivity analysis £m | 31 May 2021 | 31 May 2020 |
| Carrying value of assets (goodwill, development and software costs, right-of-use assets) | 76.9 | 72.9 |
| Total VIU | 95.1 | 92.3 |
| Surplus over carrying value of assets | 18.2 | 19.4 |
| Assumptions used in VIU calculation: | ||
| Five year CAGR | 11.7% | 13.1% |
| Impact of reduction of 1.7% pts to five year revenue CAGR on VIU | (43.4) | N/A |
| Change required in five year revenue CAGR % for VIU to fall below carrying value | 0.7% | 0.7% |
| Pre-tax discount rate | 13.7% | 12.7% |
| Impact of 1% pts increase in pre-tax discount rate on VIU | (7.9) | (8.1) |
| Change required in pre-tax discount rate for VIU to fall below carrying value | 2.6% | 2.5% |
| Impact of both 1.7% pts reduction to revenue CAGR and 1% pts increase in pre-tax discount rate on VIU | (47.6) | N/A |
for the year ended 31 May 2021
| Computer equipment £m |
Fixtures, fittings and equipment £m |
Motor vehicles £m |
Total £m |
|
|---|---|---|---|---|
| Cost | ||||
| At 1 June 2019 | 19.6 | 21.1 | 0.2 | 40.9 |
| Additions | 2.9 | (0.1) | – | 2.8 |
| Disposals | (2.8) | (0.3) | (0.1) | (3.2) |
| Movement in foreign exchange rates | – | 0.3 | – | 0.3 |
| At 31 May 2020 | 19.7 | 21.0 | 0.1 | 40.8 |
| Additions | 1.8 | 0.9 | – | 2.7 |
| Disposals | (0.1) | (3.6) | – | (3.7) |
| Movement in foreign exchange rates | (0.6) | (1.0) | – | (1.6) |
| At 31 May 2021 | 20.8 | 17.3 | 0.1 | 38.2 |
| Depreciation | ||||
| At 1 June 2019 | (14.6) | (9.3) | (0.1) | (24.0) |
| Charge for year | (3.0) | (2.8) | – | (5.8) |
| Disposals | 2.6 | 0.6 | – | 3.2 |
| Movement in foreign exchange rates | (0.3) | – | – | (0.3) |
| At 31 May 2020 | (15.3) | (11.5) | (0.1) | (26.9) |
| Charge for year | (2.8) | (1.6) | – | (4.4) |
| Disposals | 0.2 | 3.3 | – | 3.5 |
| Movement in foreign exchange rates | 0.4 | 0.7 | – | 1.1 |
| At 31 May 2021 | (17.5) | (9.1) | (0.1) | (26.7) |
| Net book value | ||||
| At 31 May 2020 | 4.4 | 9.5 | – | 13.9 |
| At 31 May 2021 | 3.3 | 8.2 | – | 11.5 |
| Land and buildings £m |
Motor vehicles £m |
Total £m |
|
|---|---|---|---|
| Cost | |||
| At 1 June 2019 | 24.6 | 1.9 | 26.5 |
| Additions | 11.0 | 1.1 | 12.1 |
| Disposals | (2.8) | – | (2.8) |
| At 31 May 2020 | 32.8 | 3.0 | 35.8 |
| Additions | 3.1 | – | 3.1 |
| Reclassifications from provisions | (1.4) | – | (1.4) |
| Disposals | (0.7) | – | (0.7) |
| At 31 May 2021 | 33.8 | 3.0 | 36.8 |
| Depreciation | |||
| At 1 June 2019 | – | – | – |
| Charge for year | (4.9) | (1.1) | (6.0) |
| Impairment charge | (1.1) | – | (1.1) |
| At 31 May 2020 | (6.0) | (1.1) | (7.1) |
| Charge for year | (4.8) | (1.1) | (5.9) |
| At 31 May 2021 | (10.8) | (2.2) | (13.0) |
| Net book value | |||
| At 31 May 2020 | 26.8 | 1.9 | 28.7 |
| At 31 May 2021 | 23.0 | 0.8 | 23.8 |
The impairment charge of £1.1m in the prior year relates to leased properties which are not currently occupied by the Group, which have been tested for impairment separately rather than within the CGU impairment tests. The impairment charge is based on the estimated recoverable amount of the right-of-use asset at the assumed date of disposal or termination of the lease, which is considered to be £nil.
| Group 2021 £m |
Group 2020 £m |
|
|---|---|---|
| Interest in unlisted shares | 0.3 | 0.3 |
The investment in unlisted shares relates to a 3.35% ordinary shareholding in an unlisted company acquired as part of the Accumuli acquisition. The investment's carrying value at acquisition date was considered appropriate to use as the fair value. The Directors consider there has been no change in the year.
| Group | Group | |
|---|---|---|
| 2021 | 2020 | |
| £m | £m | |
| Goods for resale | 1.1 | 0.9 |
The Group holds stock of certain critical components for key customers in relation to our own product sales (as opposed to third party products). The carrying value of inventory is expected to be recovered or settled within one year. There have been no write-downs of inventory in the year (2020: £nil).
for the year ended 31 May 2021
| Group 2021 £m |
Group 2020 (restated) 2 £m |
Company 2021 £m |
Company 2020 £m |
|
|---|---|---|---|---|
| Current | ||||
| Trade receivables | 35.2 | 41.6 | – | – |
| Prepayments | 8.7 | 10.8 | – | – |
| Deferred contract costs | – | 2.1 | – | – |
| Other receivables | 1.9 | 0.9 | – | – |
| Contract assets – accrued income | 22.9 | 18.0 | – | – |
| Non-current | ||||
| Amounts owed by Group undertakings | – | – | 162.6 | 142.0 |
| Total | 68.7 | 73.4 | 162.6 | 142.0 |
| Disclosed as follows: | ||||
| Current assets | 68.7 | 73.4 | – | – |
| Non-current assets | – | – | 162.6 | 142.0 |
| 68.7 | 73.4 | 162.6 | 142.0 |
The carrying value of trade and other receivables classified at amortised cost approximates fair value.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the customer in relation to a long-term onerous contract (see Note 21). No impairment charge has been recognised during the year.
No credit losses have been recognised in respect of amounts owed by Group undertakings (Parent Company only) in the year (2020: £nil) since they are not considered material.
Amounts owed by Group undertakings in the Parent Company Balance Sheet have been disclosed as repayable after more than one year. Although these are repayable on demand, the disclosure as non-current is based on management's expectation of the timing of repayment.
The ageing of trade receivables and other receivables at the end of the reporting period was:
| Group | Gross 2021 £m |
Expected credit losses 2021 £m |
Net 2021 £m |
Gross 2020 £m |
Expected credit losses 2020 £m |
Net 2020 £m |
|---|---|---|---|---|---|---|
| Trade receivables: | ||||||
| Not past due | 24.3 | (0.1) | 24.2 | 19.6 | – | 19.6 |
| Past due 0–30 days | 6.6 | (0.1) | 6.5 | 14.4 | (0.1) | 14.3 |
| Past due 31–90 days | 3.7 | (0.1) | 3.6 | 6.5 | (0.2) | 6.3 |
| Past due more than 90 days | 2.3 | (1.4) | 0.9 | 3.6 | (2.2) | 1.4 |
| 36.9 | (1.7) | 35.2 | 44.1 | (2.5) | 41.6 | |
| Other receivables: | ||||||
| Not past due | 1.9 | – | 1.9 | 0.9 | – | 0.9 |
| Contract assets: | ||||||
| Not past due | 23.1 | (0.2) | 22.9 | 18.0 | – | 18.0 |
| Total | 61.9 | (1.9) | 60.0 | 63.0 | (2.5) | 60.5 |
The Company had no trade receivables (2020: £nil).
The standard period for credit sales varies from 30 days to 60 days. Trade receivables which are over 30 days past due are considered to be credit impaired. The Group assesses creditworthiness of all trade debts on an ongoing basis providing for expected credit losses in line with IFRS 9. The Group has considered credit risk rating grades; these are based on the ageing categories above. Covid-19 has not had a material impact on the collection of trade receivables, and consequently has not materially impacted our forward looking estimates for expected credit losses. New customers are subject to stringent credit checks.
The movement in the expected credit losses of trade and other receivables is as follows:
| Group | Group | |
|---|---|---|
| 2021 | 2020 | |
| £m | £m | |
| Balance at 1 June | (2.5) | (1.8) |
| Released/(charged) to the Income Statement | 0.8 | (0.7) |
| Balance at 31 May | (1.7) | (2.5) |
Deferred tax assets and liabilities on the Consolidated Statement of Financial Position are offset in accordance with IAS 12. A summary of this, offset with significant jurisdictions, is shown below:
| Asset/(liability) | UK £m |
US £m |
Netherlands £m |
Denmark £m |
Total £m |
|---|---|---|---|---|---|
| Plant and equipment | 0.6 | – | 0.3 | – | 0.9 |
| Short-term temporary differences | 0.1 | 4.5 | 0.2 | – | 4.8 |
| IFRS 16 assets/liabilities | 0.3 | 0.2 | – | – | 0.5 |
| Intangible assets | (1.7) | (3.9) | (1.9) | – | (7.5) |
| Share-based payments | 0.7 | 0.7 | 0.2 | – | 1.6 |
| Tax losses | – | – | – | 0.5 | 0.5 |
| Deferred tax asset/(liability) | – | 1.5 | (1.2) | 0.5 | 0.8 |
| Analysed as follows: | |||||
| Non-current assets | – | 1.5 | – | 0.5 | 2.0 |
| Non-current liabilities | – | – | (1.2) | – | (1.2) |
| 2020 (restated) 2 | |||||
|---|---|---|---|---|---|
| Asset/(liability) | UK £m |
US £m |
Netherlands £m |
Denmark £m |
Total £m |
| Plant and equipment | 0.4 | 0.1 | 0.4 | – | 0.9 |
| Short-term temporary differences | 0.1 | 6.0 | – | – | 6.1 |
| IFRS 16 assets/liabilities | 0.3 | 0.2 | 0.1 | – | 0.6 |
| Intangible assets | (1.8) | (4.6) | (2.7) | – | (9.1) |
| Share-based payments | 0.2 | 0.2 | 0.1 | – | 0.5 |
| Tax losses | – | – | – | 0.4 | 0.4 |
| Deferred tax (liability)/asset | (0.8) | 1.9 | (2.1) | 0.4 | (0.6) |
| Analysed as follows: | |||||
| Non-current assets | – | 1.9 | – | 0.4 | 2.3 |
| Non-current liabilities | (0.8) | – | (2.1) | – | (2.9) |
for the year ended 31 May 2021
Movement in deferred tax during the year:
| 1 June 2020 (restated) 2 £m |
Recognised in income £m |
Exchange differences £m |
Recognised in equity £m |
Adjustment to opening reserves £m |
31 May 2021 £m |
|
|---|---|---|---|---|---|---|
| Plant and equipment | 0.9 | – | – | – | – | 0.9 |
| Short-term temporary differences | 6.1 | (0.8) | (0.5) | – | – | 4.8 |
| IFRS 16 assets/liabilities | 0.5 | – | – | – | – | 0.5 |
| Intangible assets | (9.0) | 0.8 | 0.7 | – | – | (7.5) |
| Share-based payments | 0.5 | 0.9 | (0.1) | 0.3 | – | 1.6 |
| Tax losses | 0.4 | 0.1 | – | – | – | 0.5 |
| Total | (0.6) | 1.0 | 0.1 | 0.3 | – | 0.8 |
| 1 June 2019 (restated) 2 £m |
Recognised in income £m |
Exchange differences £m |
Recognised in equity £m |
Adjustment to opening reserves £m |
31 May 2020 £m |
|
|---|---|---|---|---|---|---|
| Plant and equipment | 0.4 | 0.5 | – | – | – | 0.9 |
| Short-term temporary differences | 5.1 | 0.8 | 0.2 | – | – | 6.1 |
| IFRS 16 assets/liabilities | – | – | – | – | 0.5 | 0.5 |
| Intangible assets | (10.2) | 1.4 | (0.2) | – | – | (9.0) |
| Share-based payments | 0.6 | (0.1) | – | – | – | 0.5 |
| Tax losses | 0.4 | – | – | – | – | 0.4 |
| Total | (3.7) | 2.6 | – | – | 0.5 | (0.6) |
The Group has recognised a deferred tax asset of £0.5m (2020: £0.4m) on tax losses as management considers it probable that future taxable profits will be available against which it can be utilised. The Group has not recognised a deferred tax asset on £25.6m (2020: £13.9m) of tax losses carried forward in the UK (£21.8m), Australia (£2.8m), North America (£0.5m) and Singapore (£0.3m) due to current uncertainties over their future recoverability (and in the case of the UK and North America because of specific legislative restrictions). A deferred tax asset of £1.0m (2020: £0.8m) in respect of R&D tax claims submitted in North America has been partially provided against due to uncertainty with regard to recoverability; an amount of £0.6m has been provided (2020: £0.8m).
No deferred tax liability is recognised on temporary differences of £0.2m (2020: £0.3m) relating to the unremitted earnings of overseas subsidiaries as the Group is able to control the timing of the reversal of these temporary differences and it is probable that they will not reverse in the foreseeable future.
| Group 2021 £m |
Group 2020 £m |
Company 2021 £m |
Company 2020 £m |
|
|---|---|---|---|---|
| Trade payables | 3.3 | 10.8 | – | – |
| Non-trade payables | 7.9 | 11.7 | – | – |
| Accruals | 34.0 | 23.9 | – | – |
| Amounts owed to Group companies | – | – | 13.5 | 13.0 |
| Total | 45.2 | 46.4 | 13.5 | 13.0 |
The carrying value of trade and other payables classified as financial liabilities measured at amortised cost approximates fair value.
| At 31 May 2021 | 31.6 | 2.8 | 34.4 |
|---|---|---|---|
| Interest expense | 1.1 | 0.1 | 1.2 |
| Lease payments | (5.9) | (1.3) | (7.2) |
| Disposals | (0.9) | – | (0.9) |
| Additions | 1.3 | 1.8 | 3.1 |
| At 1 June 2020 | 36.0 | 2.2 | 38.2 |
| Interest expense | 1.1 | 0.1 | 1.2 |
| Lease payments | (5.4) | (1.1) | (6.5) |
| Disposals | (2.9) | – | (2.9) |
| Additions | 9.6 | 1.1 | 10.7 |
| At 1 June 2019 | 33.6 | 2.1 | 35.7 |
| Land and buildings £m |
Motor vehicles £m |
Total £m |
Analysed as follows:
| 2021 £m |
2020 £m |
|
|---|---|---|
| Current | 5.1 | 5.3 |
| Non-current | 29.3 | 32.9 |
| The maturity of lease liabilities is as follows: | ||
| 2021 £m |
2020 £m |
|
| Less than one year | 5.1 | 5.3 |
| Two to five years | 15.8 | 15.7 |
| More than five years | 13.5 | 17.2 |
| Total lease liabilities | 34.4 | 38.2 |
The total cash outflow for leases in the year was £7.3m (2020: £7.0m), which consists of £7.2m (2020: £6.5m) lease payments disclosed above and £0.1m (2020: £0.5m) lease payments charged to the Income Statement in respect of short-term leases.
The Group has used its incremental borrowing rate of 3.3% (2020: 3.3%) as the discount rate for the calculation of the lease liabilities.
Some leases contain break clauses or extension options to provide operational flexibility. Potential future undiscounted lease payments not included in the reasonably certain lease term, and hence not included in lease liabilities, total £4.0m (2020: £4.0m).
for the year ended 31 May 2021
| Lease | Loss-making | Onerous | Other | ||
|---|---|---|---|---|---|
| incentives £m |
contracts £m |
property costs £m |
provisions £m |
Total £m |
|
| Balance as at 31 May 2019 and 1 June 2019 | 4.1 | – | 4.1 | – | 8.2 |
| Provision transferred to right-of-use assets on implementation of IFRS 16 | (4.1) | – | (2.6) | – | (6.7) |
| Provisions created in the year | – | 0.2 | 2.1 | 0.6 | 2.9 |
| Provisions utilised during the year | – | – | (0.7) | – | (0.7) |
| Balance as at 31 May 2020 and 1 June 2020 | – | 0.2 | 2.9 | 0.6 | 3.7 |
| Reclassification to right-of-use assets | – | – | (1.4) | – | (1.4) |
| Reclassification | – | 1.7 | – | – | 1.7 |
| Provisions created in the year | – | 1.9 | 1.0 | – | 2.9 |
| Provisions utilised during the year | – | (2.7) | (0.8) | (0.4) | (3.9) |
| Balance as at 31 May 2021 | – | 1.1 | 1.7 | 0.2 | 3.0 |
| Analysed as follows (2021): | |||||
| Current | – | 1.1 | 1.1 | 0.2 | 2.4 |
| Non-current | – | – | 0.6 | – | 0.6 |
| Analysed as follows (2020): | |||||
| Current | – | 0.2 | 1.2 | 0.6 | 2.0 |
| Non-current | – | – | 1.7 | – | 1.7 |
The lease incentives provision represents capital contributions towards fit-out costs and rent-free incentives. In the prior year on the implementation of IFRS 16, the opening provision of £4.1m has been transferred and offset against the associated right-of-use assets.
The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply contracts and is expected to be completed in 2022. During the year, revenue has been recognised in relation to this long-term contract of £1.8m.
The onerous property costs provision relates to vacant premises in Reading and unused floors in the Manchester head office building. In the prior year on the implementation of IFRS 16, the opening provision of £2.6m relating to the onerous rent costs has been transferred and offset against the associated right-of-use asset. The provision of £1.7m (2020: £2.9m) at 31 May 2021 includes £1.2m (2020: £2.5m) of non-rent costs relating to the onerous properties including service charges and insurance and also the estimated costs of disposing or terminating these leases which includes rent incentives, renovation costs and letting fees. The provision at 31 May 2021 also includes estimated dilapidations liabilities of £0.5m (2020: £0.4m) relating to the Group's leased premises. Both of these provisions are expected to unwind over the period of the relevant leases (2021–2034).
Other provisions of £0.2m (2020: £0.6m) include reorganisation costs to which the Group was committed at the Balance Sheet date and are expected to be incurred within the next financial year.
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred revenue is analysed as follows and is considered a contract liability:
| Group 2021 £m |
Group 2020 £m |
|
|---|---|---|
| Analysed as follows: | ||
| Current | 43.6 | 39.5 |
| Non-current | 0.7 | 1.4 |
| 44.3 | 40.9 |
Revenue recognised in the year ended 31 May 2021 that was included in the contract liability at 1 June 2020 amounted to £39.5m (2020: £35.3m).
The Group has taken advantage of the IFRS 15 practical expedient not to disclose when revenue will unwind for all contracts less than 12 months in length. The increase in deferred revenue in the year is due to the growth of the Assurance division.
The following table provides information about receivables, contract assets and contract liabilities from contracts with customers.
| Note | Group 2021 £m |
Group 2020 £m |
|
|---|---|---|---|
| Receivables, which are included in trade and other receivables | 17 | 35.2 | 41.6 |
| Contract assets – accrued income | 17 | 22.9 | 18.0 |
| Contract costs – costs to obtain | 17 | 0.4 | 0.4 |
| Contract costs – costs to fulfil an onerous contract | 17 | – | 2.1 |
| Contract liabilities – deferred income | 22 | (44.3) | (40.9) |
Receivables represent invoiced services usually payable within 30 days whereby performance obligations have been satisfied.
Accrued income represents the Group's rights to consideration for work completed but not billed at the reporting date. Remaining balances are transferred to receivables when the rights become unconditional. Credit losses of £0.1m (2020: £nil) have been recognised in respect of contract assets. The increase in accrued income in the year is due to the growth of the Assurance division.
The contract assets were not impacted by any impairment charge. The contract assets are transferred to receivables when the rights become unconditional. This usually occurs when the Group issues an invoice to the customer. Invoices usually become payable within 30 days.
The contract costs to obtain of £0.4m (2020: £0.4m) represent incremental sales commissions to obtain specific contracts.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the customer in relation to a long-term onerous contract.
Contract liabilities primarily relate to advanced consideration received from customers, for which revenue is recognised over time in line with the respective performance obligation.
No information is provided about remaining performance obligations at 31 May 2021 or at 31 May 2020 that have an original expected duration of one year or less, as allowed by IFRS 15.
for the year ended 31 May 2021
Cash and cash equivalents
| Cash at bank and in hand | 116.5 | 95.0 | 0.6 | 6.8 |
|---|---|---|---|---|
| £m | £m | £m | £m | |
| 2021 | 2020 | 2021 | 2020 | |
| Group | Group | Company | Company | |
| Cash and cash equivalents comprise: |
Borrowings are analysed as follows:
| Maturity | Group 2021 £m |
Group 2020 £m |
Company 2021 £m |
Company 2020 £m |
|
|---|---|---|---|---|---|
| Non-current liabilities: | |||||
| Revolving credit facility | 2024 | 33.2 | 99.2 | – | – |
| Total borrowings | 33.2 | 99.2 | – | – | |
| The maturity profile is as follows: | |||||
| Group 2021 £m |
Group 2020 £m |
Company 2021 £m |
Company 2020 £m |
||
| Less than one year | – | – | – | – |
| 33.2 | 99.2 | – | – |
|---|---|---|---|
| 33.2 | 99.2 | – | – |
In June 2019, the Group renegotiated its previous term loan and multi-currency revolving credit facilities into a new fully revolving credit facility (RCF) of £100m with a new five year term up to June 2024, on similar terms (pricing and covenants). The interest payable on drawn down funds ranges from 0.9% to 2.0% above LIBOR subject to the Group's leverage (net debt 1 to Adjusted EBITDA¹) ratio. Under the new arrangements, the Group can request an additional accordion facility to increase the total size of the revolving credit facility by up to £75m. The Group is required to comply with financial covenants for leverage (net debt 1 to Adjusted EBITDA 1), interest cover (Adjusted EBITDA 1 to interest charge) and provisions relating to guarantor coverage such that guarantors must exceed a prescribed threshold of the Group's gross assets and Adjusted EBITDA 1. Covenants are tested bi-annually at 31 May and 30 November each year. Arrangement fees incurred of £1.0m are being amortised over the term. Since the new facility is on broadly similar pricing terms to the previous facility, the refinancing has been accounted for as a non-substantial modification with no gain or loss arising on modification.
On 12 May 2021, the Group entered into a new Term Loan Facility Agreement. The facility made available under the Facility Agreement (the 'Term Facility') is a \$70m amortising term loan facility, to fund the acquisition of the IPM Software Resilience business. The rate of interest on each loan under the Term Facility is the percentage rate per annum which is equal to the aggregate of a compounded rate based on the secured overnight financing rate (SOFR) administered by the Federal Reserve Bank of New York and the margin (based on a leverage ratchet varying from 1.40% to 2.65% per annum). The Term Facility is repaid in annual instalments of \$23.3m on each of 10 June 2022 and 10 June 2023, with a final instalment of \$23.4m payable on 10 June 2024. Arrangement fees incurred of £0.3m will be amortised over the term. The Term Facility Agreement also contains financial covenants relating to leverage and interest cover and provisions relating to guarantor coverage consistent with the RCF.
The RCF is drawn in short to medium-term tranches of debt that are repayable within 12 months of draw-down. These tranches of debt can be rolled over provided certain conditions are met, including compliance with all loan terms. The Group considers that it is highly unlikely it would not be in compliance and therefore be unable to exercise its right to roll over the debt. The Directors therefore believe that the Group has the ability and the intent to roll over the drawn RCF amounts when due and consequently has presented the RCF as a non-current liability.
As at 31 May 2021, the Group had committed bank facilities of £149.3m (2020: £100.0m), of which £33.8m (2020: £100.0m) had been drawn under these facilities, leaving £115.5m (2020: £nil) of undrawn facilities. Unamortised arrangement fees of £0.6m (2020: £0.8m) have been offset against the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2021 of £33.2m (2020: £99.2m).
The fair value of borrowings is not materially different to its amortised cost.
Loans and borrowings
| Group 2021 |
Group 2020 |
Company 2021 |
Company 2020 |
|
|---|---|---|---|---|
| £m | £m | £m | £m | |
| Non-current | ||||
| Variable rate: | ||||
| Revolving credit facility | (33.2) | (99.2) | – | – |
| Bank term loan | – | – | – | – |
| (33.2) | (99.2) | – | – | |
| Current | ||||
| Variable rate: | ||||
| Bank term loan | – | – | – | – |
| – | – | – | – | |
| Total loans and borrowings (excluding lease liabilities) | (33.2) | (99.2) | – | – |
| Cash | 116.5 | 95.0 | 0.6 | 6.8 |
| Net cash/(debt 1) (excluding lease liabilities) | 83.3 | (4.2) | 0.6 | 6.8 |
| Non-current | ||||
| Lease liabilities | (29.3) | (32.9) | – | – |
| Current | ||||
| Lease liabilities | (5.1) | (5.3) | – | – |
| Net cash/(debt 1) | 48.9 | (42.4) | 0.6 | 6.8 |
| Reconciliation of movements in liabilities to cash flows arising from financing activities | ||||
| Group | 2021 £m |
2020 £m |
||
| Revolving credit facility/bank term loan: | ||||
| Drawdown on facility | 12.0 | 44.3 | ||
| Repayment of facility | (72.4) | – | ||
| Transaction costs | – | (1.0) | ||
| Release of deferred arrangement fees | 0.2 | 0.2 | ||
| Foreign exchange movement | (5.8) | 0.6 | ||
| Movement in borrowings | (66.0) | 44.1 | ||
| IFRS 16 lease liability: | ||||
| IFRS 16 transition adjustment | – | 35.7 | ||
| New leases entered into | 3.1 | 10.7 | ||
| Leases terminated | (0.9) | (2.9) | ||
| Principal element of lease payments | (6.0) | (5.3) | ||
| Interest element of lease payments | (1.2) | (1.2) | ||
| Interest cost (non-cash) | 1.2 | 1.2 | ||
| Movement in lease liabilities | (3.8) | 38.2 | ||
The Group has exposure to the following risks from its use of financial instruments:
The Board has overall responsibility for establishing appropriate management of exposure to risk. The Audit Committee oversees how management identifies and addresses risks to the Group.
for the year ended 31 May 2021
The Board's policy is to maintain a strong capital base so as to maintain investor, creditor and market confidence and to sustain future development of the business.
The Group monitors capital on the basis of the gearing ratio. This ratio is calculated as net cash/(debt) 1 divided by total capital. Net cash/(debt) 1 is calculated as total borrowings as shown in the Consolidated Balance Sheet, less cash and cash equivalents. Total capital is calculated as equity, as shown in the Consolidated Balance Sheet, plus net debt 1. As at 31 May 2021 the Group's gearing ratio was (45.5)% (2020: 1.9%).
All instruments utilised by the Company and Group are for financing purposes. The financial management and treasury activities of the Group are controlled centrally for all operations with local finance teams responsible for day-to-day banking activities.
As at 31 May 2021 the Group and Company had no other financial instruments other than those disclosed below. In addition, no embedded derivatives have been identified. There have been no transfers between levels in the year.
The following table presents the Group's financial assets and liabilities that are measured at fair value by level of fair value hierarchy:
Borrowings are held at amortised cost which is considered to equate to fair value. All other assets and liabilities are held at either fair value or their carrying value which approximates to fair value.
| 2021 | 2020 | ||||||
|---|---|---|---|---|---|---|---|
| Level 1 £m |
Level 2 £m |
Level 3 £m |
Level 1 £m |
Level 2 £m |
Level 3 £m |
||
| Financial assets at fair value through profit or loss | – | 0.3 | – | – | 0.3 | – | |
| Derivative financial instruments – cash flow hedge | – | (0.8) | – | – | – | – | |
| Total financial instruments | – | (0.5) | – | – | 0.3 | – |
Credit risk is the risk of financial loss to the Group if a customer or counterparty to a financial instrument fails to meet its contractual obligations and arises principally from the Group's receivables from customers. The Group's exposure to credit risk is influenced mainly by the individual characteristics of each customer.
The carrying value of financial assets represents the maximum credit exposure. The maximum exposure to credit risk at the reporting date was:
| Group 2021 £m |
Group 2020 £m |
Company 2021 £m |
Company 2020 £m |
|
|---|---|---|---|---|
| Trade receivables | 35.2 | 41.6 | – | – |
| Other receivables | 1.9 | 0.9 | – | – |
| Accrued income | 22.9 | 18.0 | – | – |
| Cash and cash equivalents | 116.5 | 95.0 | 0.6 | 6.8 |
| Total | 176.5 | 155.5 | 0.6 | 6.8 |
The maximum exposure to credit risk for trade receivables and other receivables at the reporting date by geographic region was:
| Debtors by geographical segment | Group 2021 £m |
Group 2020 (restated) 2 £m |
Company 2021 £m |
Company 2020 £m |
|---|---|---|---|---|
| UK and APAC * | 17.0 | 21.9 | – | – |
| North America | 11.0 | 13.5 | – | – |
| Europe | 9.1 | 7.1 | – | – |
| Total | 37.1 | 42.5 | – | – |
* With the continuing growth and formation of a European division we have changed geographical segments in line with how this information is reported to the Board and managed on an ongoing basis and have restated prior year figures on a like-for-like basis. The APAC division was previously included within the segment Europe and APAC.
The maximum exposure to credit risk at the reporting date by business segment was:
| Debtors by business segment | Group 2021 £m |
Group 2020 £m |
Company 2021 £m |
Company 2020 £m |
|---|---|---|---|---|
| Assurance | 30.0 | 35.4 | – | – |
| Software Resilience | 7.1 | 7.1 | – | – |
| Total | 37.1 | 42.5 | – | – |
The trade receivables of the Group typically comprise many amounts due from a large number of customers and represent a spread of industry sectors. The largest amount due from a single customer at the reporting date represented 3.9% (2020: 9.2%) of total Group receivables. The prior year figure is considered to be exceptionally high due to a high value of sales in the latter part of the year ended 31 May 2020 which were substantially settled by cash receipts. All of the Group's cash is held with financial institutions of high credit rating.
The provisions in respect of trade receivables are used to record expected credit losses. The Group has dedicated credit control teams which regularly review customer debt balances to assess the risk of recovery.
Liquidity risk is the risk that the Group will not be able to meet its financial obligations as they fall due. The Group manages and minimises liquidity risk by using global cash management solutions and actively monitoring both actual and projected cash outflows to ensure that it will have sufficient liquidity to meet its liabilities when due and have headroom to provide against unforeseen obligations.
In response to Covid-19, the Group has undertaken regular detailed reviews of both the potential short-term effects of the pandemic on working capital and the longer-term forecast liquidity position. Cash collections have remained strong and, though the Group took advantage of governmental tax payment deferrals during the year, these have been unwound as at 31 May 2021. Longer term, the Group has assessed its liquidity forecast as part of the viability assessment and its ability to continue trading as a going concern. For further detail on the Group's assessment of liquidity risk refer to the Viability Statement on page 48.
The following are the contractual maturities of financial liabilities, including interest payments, of the Group:
| At 31 May 2021 | Carrying amount £m |
Contractual cash flows £m |
<1 year £m |
1–2 years £m |
2+ years £m |
5+ years £m |
|---|---|---|---|---|---|---|
| Borrowings | (33.2) | (34.7) | (0.3) | (0.3) | (34.1) | – |
| Lease liabilities | (34.4) | (39.6) | (6.3) | (5.7) | (12.8) | (14.8) |
| Trade and other payables | (45.2) | (45.2) | (45.2) | – | – | – |
| At 31 May 2020 | ||||||
| Borrowings | (99.2) | (104.4) | (1.1) | (1.1) | (102.2) | – |
| Lease liabilities | (38.2) | (44.8) | (6.4) | (5.6) | (13.5) | (19.3) |
| Trade and other payables | (46.4) | (46.4) | (46.4) | – | – | – |
The contractual cash flows for borrowings disclosed above relate to the Group's RCF facility, which terminates in June 2024. The contractual cash flows include an estimate of the interest payable based on the assumption that the facility was fully drawn at £100m, and is calculated based on SONIA plus a margin of 0.9% based on the current leverage ratio.
The Group is exposed to currency risk on sales, purchases, cash and borrowings that are denominated in a currency other than the respective functional and presentational currency of the Group. The Group's management reviews the size and probable timing of settlement of all financial assets and liabilities denominated in foreign currencies. The Group's exposure to currency risk is as follows:
| 2021 | 2020 | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Sterling £m |
EUR £m |
USD £m |
Other £m |
Total £m |
Sterling £m |
EUR £m |
USD £m |
Other £m |
Total £m |
|
| Trade receivables | 14.8 | 9.1 | 10.4 | 0.9 | 35.2 | 16.9 | 5.0 | 17.6 | 2.1 | 41.6 |
| Other receivables | 0.8 | – | 0.6 | 0.5 | 1.9 | 0.7 | – | – | 0.2 | 0.9 |
| Cash and cash equivalents | 85.0 | 16.1 | 7.3 | 8.1 | 116.5 | 30.3 | 17.7 | 40.0 | 7.0 | 95.0 |
| Borrowings | (30.4) | – | (2.8) | – | (33.2) | (49.9) | – | (49.3) | – | (99.2) |
| Lease liabilities | (21.5) | (2.1) | (8.6) | (2.2) | (34.4) | (24.2) | (2.5) | (10.6) | (0.9) | (38.2) |
| Trade and other payables | (27.3) | (7.6) | (6.9) | (3.4) | (45.2) | (20.9) | (13.2) | (9.0) | (3.3) | (46.4) |
| Total | 21.4 | 15.5 | – | 3.9 | 40.8 | (47.1) | 7.0 | (11.3) | 5.1 | (46.3) |
for the year ended 31 May 2021
A change in exchange rate of 10% would have an impact of £15.2m (2020: £14.8m) on revenue, £2.7m (2020: £1.9m) on operating profit, £8.1m (2020: £7.9m) on net assets and £0.3m (2020: £4.9m) on borrowings.
The Group's risk management policy is to hedge foreign currency exposure in respect of significant material transactions that may arise from time to time. At 31 May 2021, the Group had entered into one cash flow hedge in respect of funds to be used as part of the acquisition of the IPM Software Resilience business. The Group uses forward exchange contracts to hedge its currency risk, which are short term in nature to match the maturity of the hedged item. These contracts are generally designated as cash flow hedges.
The Group designates the spot element of forward foreign exchange contracts to hedge its currency risk and applies a hedge ratio of 1:1. The forward elements of forward exchange contracts are excluded from the designation of the hedging instrument and are separately accounted for as a cost of hedging, which is recognised in equity in a cost of hedging reserve. The Group's policy is for the critical terms of the forward exchange contracts to align with the hedged item.
The Group determines the existence of an economic relationship between the hedging instrument and hedged item based on the currency, amount and timing of their respective cash flows. Given the short-term nature of these hedges there is limited risk of ineffectiveness.
At 31 May 2021, the Group held the following instruments to hedge exposures to changes in foreign currency rates, all of which were due to mature within one month of the Balance Sheet date.
| Forward exchange contracts | 2021 £m |
2020 £m |
|---|---|---|
| Net exposure (£m) | 70.7 | – |
| Average GBP:USD forward contract rate | 1.402205 | – |
The Group and Company finance their operations through a combination of retained profits and bank borrowings. The Group borrows and invests surplus cash at floating rates of interest based upon bank base rate. The cash and cash equivalents of the Group and Company at the end of the financial year were as follows:
| 2021 | 2020 | |
|---|---|---|
| Group | £m | £m |
| Sterling denominated financial assets | 85.0 | 30.3 |
| Euro denominated financial assets | 16.1 | 17.7 |
| US Dollar denominated financial assets | 7.3 | 40.0 |
| Other denominated financial assets | 8.1 | 7.0 |
| Total | 116.5 | 95.0 |
The financial assets and liabilities of the Company at the end of the financial year were as follows:
| Company | 2021 £m |
2020 £m |
|---|---|---|
| Financial assets | ||
| Sterling denominated financial assets | 0.6 | 6.8 |
| Amounts owed by Group undertakings | 162.6 | 142.0 |
| Total | 163.2 | 148.8 |
| Financial liabilities | ||
| Amounts owed to Group undertakings | 13.5 | 13.0 |
| Total | 13.5 | 13.0 |
A change of 100 basis points in interest rates would result in a difference in annual pre-tax profit of £0.3m (2020: £1.0m). The Directors do not consider that the LIBOR reform will impact the Group significantly in the medium term, apart from a change in the benchmark used within the Group's borrowing facilities.
The financial liabilities of the Group and their maturity profile are as follows:
| 2021 | 2020 | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Sterling £m |
EUR £m |
USD £m |
Other £m |
Total £m |
Sterling £m |
EUR £m |
USD £m |
Other £m |
Total £m |
|
| Less than one year | (29.5) | (8.4) | (8.3) | (4.1) | (50.3) | (23.6) | (14.1) | (10.4) | (3.6) | (51.7) |
| Two to five years | (39.8) | (1.2) | (8.4) | (1.5) | (50.9) | (57.9) | (1.5) | (55.0) | (0.5) | (114.9) |
| More than five years | (10.0) | – | (1.6) | – | (11.6) | (13.5) | (0.1) | (3.5) | (0.1) | (17.2) |
| Total | (79.3) | (9.6) | (18.3) | (5.6) | (112.8) | (95.0) | (15.7) | (68.9) | (4.2) | (183.8) |
The Company has a number of share option schemes under which options to subscribe for the Company's shares have been granted to Directors and employees, details of which are illustrated in the tables below. Expected term of options represents the period over which the fair value calculations are based. The share-based payment charge for the year was £2.8m (2020: £1.4m) of which £2.3m (2020: £1.3m) related to equity settled payments and £0.5m (2020: £0.1m) to cash settled payments. The share-based payments charge increased during the year due to the introduction of new schemes in the year with a higher fair value than historical schemes that have reached maturity in the current year.
Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than 10% per annum. Options granted in September 2019 do not have any performance criteria.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| July 2012 | 7 years | July 2015–July 2022 | £1.36 | 58,812 |
| August 2018 | 7 years | August 2021–August 2028 | £2.20 | 49,995 |
| August 2018 | 7 years | August 2021–August 2028 | £2.20 | 18,180 |
| September 2019 | 7 years | September 2022–September 2029 | £1.79 | 363,106 |
The Company operates sharesave schemes, which are available to all employees based in the UK, the Netherlands, Denmark, Spain and Australia, and full-time Executive Directors of the Company and its subsidiaries who have worked for a qualifying period.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| August 2017 | 3 years | October 2020–March 2021 | £1.56 | 17,352 |
| March 2018 | 3 years | May 2021–October 2021 | £1.58 | 4,488 |
| August 2018 | 3 years | October 2021–March 2022 | £1.75 | 372,284 |
| March 2019 | 3 years | May 2022–October 2022 | £0.99 | 290,598 |
| March 2020 | 3 years | May 2023–October 2023 | £1.84 | 641,870 |
| March 2020 | 3 years | May 2023–October 2023 | £1.84 | 324,827 |
| May 2021 | 3 years | July 2023–December 2023 | £2.15 | 194,391 |
| May 2021 | 3 years | July 2023–December 2023 | £2.15 | 1,053,110 |
The Company operates a stock purchase plan, which is available to all US-based employees who have worked for a qualifying period. All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at year end.
| Date of grant | Expected term of options |
Exercisable in |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| February 2020 | 1 year | February 2021 | £1.93 | 439,735 |
| May 2021 | 1 year | May 2022 | £2.15 | 249,580 |
for the year ended 31 May 2021
Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the three years following their grant is greater than 10% per annum.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| August 2018 | 7 years | August 2021–August 2028 | £2.22 | 9,016 |
| September 2019 | 7 years | September 2022–September 2029 | £1.82 | 65,928 |
Options granted on or after November 2017 have three separate vesting conditions as set out below:
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| August 2018 | 3 years | June 2021–August 2021 | £nil * | 860,611 |
| September 2019 | 3 years | June 2022–August 2022 | £nil * 1,129,172 | |
| March 2020 | 3 years | June 2022–August 2022 | £nil * | 194,116 |
| May 2021 | 3 years | June 2023–August 2023 | £nil | 682,427 |
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:
The options are to be settled in equity.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| August 2018 | 3 years | June 2021–August 2021 | £0.01 | 227,501 |
| September 2019 | 3 years | June 2022–August 2022 | £0.01 | 639,465 |
| May 2021 | 3 years | June 2023–August 2023 | £0.01 | 138,554 |
The vesting condition for the award of RSPs relate to colleagues remaining with the Group for a certain period of time, namely two years to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| 28 May 2021 | 2/3 years | 50% exercisable August 2022 to August 2031, 50% exercisable August 2023 to August 2031 |
Nil (£0.01 in the US and Canada) |
1,200,000 |
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| September 2019 | 2 years | June 2021–August 2029 | £nil * | 61,694 |
| May 2021 | 2 years | August 2022–April 2031 | £nil | 18,937 |
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
Phantom schemes are used to allow the grant of LTIPs to members of the Executive Committee based in certain overseas locations at a time when the Group's option scheme rules were not structured to allow overseas grants. The vesting conditions for the award of the phantom schemes, related to options granted in August 2016, relate to growth in the Group's EPS over the performance period. If growth is equal to 25% or more per annum then 100% of the award will vest. If, however, growth is less than 10% per annum, none of the award will vest. Between these two points, vesting is determined on a straight-line basis.
Options granted in October 2017 and November 2017 have three separate vesting conditions as set out below:
Options granted in September 2019 do not have any performance criteria.
| Date of grant | Expected term of options |
Exercisable between |
Exercise price |
2021 Number outstanding |
|---|---|---|---|---|
| October 2017 | 3 years | June 2020–October 2021 | £nil * | 113,120 |
| November 2017 | 3 years | June 2020–November 2021 | £nil * | 8,189 |
| September 2019 | 3 years | September 2022–September 2023 | £nil * | 67,036 |
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date of grant. The fair value is spread over the period during which the employee becomes unconditionally entitled to the award, adjusted to reflect actual and expected levels of vesting. Black Scholes and binomial models have been used to calculate the fair values of options on their grant date for all options issued after 7 November 2002, which had not vested by 1 January 2005.
The assumptions used in the model are illustrated in the table below:
| Grant date | Fair value at measurement date |
Exercise price | Expected volatility |
Option expected term |
Risk free interest rate |
|
|---|---|---|---|---|---|---|
| CSOP scheme | July 2012–September 2019 | £0.35–£0.63 | £1.36–£2.20 | 35.0–48.0% | 7 years | 0.35–2.75% |
| Sharesave scheme | August 2017–May 2021 | £0.67–£0.88 | £0.99–£2.15 | 39.7–53.2% | 3 years | 0.50–2.20% |
| ESPP scheme | February 2020–May 2021 | £0.55–£0.68 | £1.93–£2.15 | 37.60% | 1 year | 0.50% |
| ISO scheme | August 2018–September 2019 | £0.54–£0.65 | £1.82–£2.22 | 40.7–48.4% | 7 years | 0.38–1.50% |
| LTIP scheme | November 2017–May 2021 | £1.61–£2.87 | £nil * | 37.4–51.5% | 3 years | 0.21–2.00% |
| RSU scheme | August 2018–May 2021 | £1.60–£2.87 | £nil *–£0.01 | 47.6–51.5% | 3 years | 0.32–2.00% |
| RSP scheme | May 2021 | £2.85 | £nil * | N/A | 10 years | N/A |
| Deferred shares | September 2019–May 2021 | £1.84–£2.91 | £nil * | 40.4–55.0% | 2 years | 0.35–1.50% |
| Phantom schemes | October 2017–September 2019 | £1.84–£2.75 | £nil * | 31.0–47.6% | 3 years | 1.81–1.96% |
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
The expected volatility has been based on an evaluation of the historical volatility of the Company's share price, particularly over the historical period commensurate with the expected term. The expected term of the instruments has been based on historical experience and general option holder behaviour. For the options granted in the year ended 31 May 2021, dividend yield assumed at the time of option grant is 2.5% (2020: 2.7%).
for the year ended 31 May 2021
Reconciliation of outstanding share options
The options outstanding at 31 May 2021 have an exercise price in the range of £nil to £2.22 (2020: £nil to £2.22) and a weighted average contractual life of three years (2020: three years).
The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share awards during the year:
| 2021 No ('000) |
2021 WAEP |
2020 No ('000) |
2020 WAEP |
|
|---|---|---|---|---|
| Outstanding at 1 June | 8,995 | £0.83 | 7,326 | £1.01 |
| Granted during the year | 3,537 | £0.91 | 4,438 | £0.88 |
| Exercised during the year | (1,821) | £0.88 | (1,098) | £1.35 |
| Forfeited in the year | (1,217) | £0.59 | (1,671) | £1.39 |
| Outstanding at 31 May | 9,494 | £0.79 | 8,995 | £0.83 |
| Exercisable at end of year | 363 | £1.13 | 385 | £0.99 |
| Scheme | Number of instruments as at 1 June 2020 |
Instruments granted during the year |
Options exercised in the year |
Forfeitures in the year |
Number of instruments as at 31 May 2021 |
|---|---|---|---|---|---|
| CSOP schemes | 543,584 | – | (22,056) | (31,435) | 490,093 |
| Sharesave/SAYE schemes | 3,363,817 | 1,247,501 (1,297,852) | (414,546) 2,898,920 | ||
| ESPP schemes | 439,735 | 249,580 | – | – | 689,315 |
| ISO schemes | 91,426 | – | – | (16,482) | 74,944 |
| LTIP schemes | 3,173,813 | 682,427 | (381,414) | (608,500) 2,866,326 | |
| RSU schemes | 1,122,146 | 138,554 | (108,945) | (146,235) 1,005,520 | |
| RSP scheme | – | 1,200,000 | – | – | 1,200,000 |
| Deferred shares | 72,687 | 18,937 | (10,993) | – | 80,631 |
| Phantom schemes | 188,345 | – | – | – | 188,345 |
| 8,995,553 | 3,536,999 (1,821,260) | (1,217,198) 9,494,094 |
The liability for the cash settled share-based payments at 31 May 2021 was £0.5m (2020: £0.3m).
| Allotted, called up and fully paid | 2021 Number of shares |
2020 Number of shares |
2021 £m |
2020 £m |
|---|---|---|---|---|
| Ordinary shares of 1p each at the beginning of the year | 278,909,171 | 277,830,625 | 2.8 | 2.8 |
| Ordinary shares of 1p each issued in the year | 30,046,874 | 1,078,546 | 0.3 | – |
| Ordinary shares of 1p each at the end of the year | 308,956,045 | 278,909,171 | 3.1 | 2.8 |
During the year, 2,140,474 (2020: 1,078,546) new ordinary shares of 1p were issued as a result of the exercise of share options. The proceeds of £2.4m (2020: £1.1m) were credited to the share premium account.
During the year, 27,906,400 (2020: nil) new ordinary shares of 1p were issued as part of funding the acquisition of the IPM Software Resilience business. Of the gross proceeds of £72.6m, £72.3m (2020: £nil) were credited to the share premium account net of issue costs of £2.4m. See Note 35 for further details.
As at 31 May 2021, no shares were held in treasury (2020: nil).
The share premium account records the difference between the nominal amount of shares issued and the fair value of the consideration received. The share premium account may be used for certain purposes specified by UK law, including to write off expenses incurred on any issue of shares and to pay fully paid bonus shares. The share premium account is not distributable but may be reduced by special resolution of the Company's ordinary shareholders and with court approval.
The hedging reserve comprises the effective portion of the cumulative net change in the fair value of hedging instruments used in cash flow hedges pending subsequent recognition in profit or loss or directly included in the initial cost or other carrying amount of a non-financial asset or non-financial liability.
The merger reserve arose in 2015 from the acquisition of Accumuli plc through a share-for-share exchange in part consideration for the business.
The results of overseas operations are translated at the average foreign exchange rates for the year, and their balance sheets are translated at the rates prevailing at the Balance Sheet date. Exchange differences arising on the translation of opening net assets and results of overseas operations are recognised in the currency translation reserve. All other exchange differences are included in the Income Statement.
Retained earnings for the Group are made up of accumulated reserves.
For the Company, retained earnings are made up of accumulated reserves and are considered distributable reserves.
The profit for the year dealt with in the accounts of the Parent Company was £25.0m (2020: £6.0m).
Non-cancellable lease rental costs are payable as follows:
| 2021 | 2020 | |||
|---|---|---|---|---|
| Land and buildings £m |
Other £m |
Land and buildings £m |
Other £m |
|
| Within one year or less | – | – | 0.1 | – |
The lease commitments disclosed above represent short-term (less than one year) leases only, for which the Group has taken the exemption from accounting for under IFRS 16.
There are no contingent liabilities not provided for at the end of the financial year (2020: £nil). Similarly, there are no contingent assets (2020: £nil).
The Group operates a defined contribution pension scheme that is open to all eligible employees. The pension cost charge for the year represents contributions payable by the Group to the fund and amounted to £5.3m (2020: £5.6m).
For the Company, the pension cost charge for the year represents contributions payable by the Company to the fund and amounted to £nil (2020: £nil).
The Group's key management personnel comprise the Directors of the Group. Details of the remuneration paid to key management personnel are as follows:
| Group | 2021 £m |
2020 £m |
|---|---|---|
| Salary costs (including bonus) | 1.8 | 1.3 |
| Share-based payments | 0.4 | 0.2 |
| Total | 2.2 | 1.5 |
There were no other related party transactions during the year.
for the year ended 31 May 2021
| Company | Shares in Group undertakings £m |
|---|---|
| At 1 June 2019 | 75.2 |
| Increase in subsidiary investment for share-based charges | 3.1 |
| At 31 May 2020 | 78.3 |
| Increase in subsidiary investment for share-based charges | 2.8 |
| Investment in subsidiary undertakings | 70.7 |
| At 31 May 2021 | 151.8 |
On 26 May 2021, the Company acquired 70,700,000 ordinary shares of £0.01 in NCC Group Holdings Limited for a consideration of £70,700,000. Fixed asset investments are recognised at cost.
The undertakings in which the Company has a 100% interest at 31 May 2021 are as follows:
| Subsidiary undertakings | Country of incorporation | Principal activity | Registered office |
|---|---|---|---|
| NCC Group Holdings Limited | England and Wales | Holding company | XYZ Building, 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ (XYZ) |
| NCC Group (Solutions) Limited | England and Wales | Holding company | XYZ 1 |
| NCC Group Corporate Limited | England and Wales | Corporate cost centre | XYZ 1 |
| NCC Group Finance Limited | England and Wales | Financing company | XYZ 1 |
| The National Computing Centre Limited | England and Wales | Dormant | XYZ 1 |
| NCC Group Software Resilience Limited | England and Wales | Holding company | XYZ 1 |
| NCC Group Software Resilience (UK) Limited |
England and Wales | Holding company | XYZ 1 |
| NCC Services Limited | England and Wales | Software Resilience and central/ head office costs |
XYZ 1 |
| NCC Group Escrow Limited | England and Wales | Dormant | XYZ 1 |
| NCC Group Software Resilience (Europe) BV |
Netherlands | Holding company | Van Heuven Goedhartlaan 13A, 1181LE Amstelveen, the Netherlands |
| NCC Group GmbH | Germany | Software Resilience | c/o Deloitte Legal Rechtsanwaltsgesellschaft mbH, Rosenheimer Platz 6, 81669, Munich, Bavaria, Germany |
| NCC Group Escrow Europe BV | Netherlands | Software Resilience | Van Heuven Goedhartlaan 13A, 1181LE Amstelveen, the Netherlands |
| NCC Group Escrow Europe (Switzerland) AG |
Switzerland | Software Resilience | Ibelweg 18A, 6300 Zug, Switzerland |
| NCC Group Software Resilience (MEA-APAC) Limited |
England and Wales | Holding company | XYZ 1 |
| NCC Group FZ-LLC | United Arab Emirates |
Software Resilience | Office 30, Building 16, Dubai Internet City, Dubai, UAE |
| NCC Group Cyber Security Limited | England and Wales | Holding company | XYZ 1 |
| NCC Group Cyber Security (UK) Limited | England and Wales | Holding company | XYZ 1 |
| NCC Group Security Services Limited | England and Wales | Assurance | XYZ 1 |
| NCC Group Audit Limited | England and Wales | Assurance | XYZ 1 |
| ArmstrongAdams Limited | England and Wales | Assurance | XYZ 1 |
| NCC Group Signify Solutions Limited | England and Wales | Assurance | XYZ 1 |
| NCC Group Accumuli Security Limited | England and Wales | Assurance | XYZ 1 |
| Subsidiary undertakings | Country of incorporation | Principal activity | Registered office |
|---|---|---|---|
| NCC Group Cyber Security (Europe) BV | Netherlands | Holding company | Van Heuven Goedhartlaan 13A, 1181LE Amstelveen, the Netherlands |
| NCC Group A/S | Denmark | Assurance | 2nd Floor, Svanevej 12, DK–2400 København NV, Denmark |
| NCC Group UAB | Lithuania | Assurance | Vilnius, Jogailos st. 9, Lithuania |
| NCC Group Security Services Espana SLU |
Spain | Assurance | Calle Serrano Galvache, 56, Edificio Abedul, 4a planta, 28033 Madrid, Spain |
| Cyber Assurance Sweden AB | Sweden | Assurance | c/o Advokatfirman Delphi, P.O. Box 1432, 111 84 Stockholm |
| Fox-IT Holding B.V. | Netherlands | Holding company | Olof Palmestraat 6, 2616 LM Delft, the Netherlands (Fox-IT 3) |
| Fox-IT Group B.V. | Netherlands | Holding company | Fox-IT 3 |
| Fox-IT B.V. | Netherlands | Assurance | Fox-IT 3 |
| Fox-IT Operations B.V. | Netherlands | Assurance | Fox-IT 3 |
| Fox Crypto B.V. | Netherlands | Assurance | Fox-IT 3 |
| NCC Group Cyber Security (APAC) Limited | England and Wales | Holding company | XYZ 1 |
| NCC Group Pte Limited | Singapore | Assurance | 20 Collyer Quay, #19-03, Singapore (049319) |
| NCC Group Pty Limited | Australia | Assurance | Level 13, 92 Pitt Street, Sydney NSW 2000, Australia |
| NCC Group Japan KK | Japan | Assurance | Level 18, Yesibu Garden Place Tower, 4-20-3 Ebisu Shibuya-Ku, Tokyo |
| NCC Group (Americas) Inc. | USA | Holding company | 650 California Street, Suite 2950, San Francisco, CA 94108, USA (North America HQ 2) |
| NCC Group, LLC | USA | Software Resilience and central/head office costs |
North America HQ 2 |
| NCC Group Cyber Security (Americas), LLC | USA | Holding company | North America HQ 2 |
| NCC Group Security Services, Inc. | USA | Assurance | North America HQ 2 |
| NCC Group Secure Registrar, Inc. | USA | Domain services | North America HQ 2 |
| NCC Group Domain Services, Inc. | USA | Domain services | North America HQ 2 |
| NCC Group Security Services Corporation | Canada | Assurance | 2800 Park Place, 666 Burrard Street, Vancouver, BC V6C 2Z7, Canada |
| Payment Software Company, Inc. | USA | Assurance | North America HQ 2 |
| Payment Software Company Limited | England and Wales | Assurance | XYZ 1 |
| NCC Group Software Resilience (Americas), LLC |
USA | Holding company | North America HQ 2 |
| NCC Group Escrow Associates, LLC | USA | Software Resilience | North America HQ 2 |
| NCC Group Software Resilience (NA), LLC | USA | Software Resilience | North America HQ 2 |
The undertakings in which the Company holds less than a 100% interest at the year end are as follows:
| Undertaking | % interest | Country of incorporation | Principal activity |
|---|---|---|---|
| Deposit AB | 24% | Sweden | Software Resilience |
The Directors consider the above ownership structure and no Board representation give rise to no significant influence over the undertaking. Accordingly, the undertaking has not been consolidated.
1 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ.
2 650 California Street, Suite 2950, San Francisco, CA 94108, USA.
3 Olof Palmestraat 6, 2616 LM Delft, the Netherlands.
for the year ended 31 May 2021
In April 2021, the IFRS Interpretations Committee (IFRIC) published an agenda decision on the clarification of accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) as follows:
Due to the nature of this agenda decision and the level of spend incurred in relation to the Group's Securing Growth Together digital transformation programme, the Group's accounting policy in relation to such customisation and configuration costs has been reviewed and changed to align with the IFRIC guidance issued in relation to Software-as-a-Service (SaaS) costs previously capitalised. The restatement represents a non-cash adjustment.
The revision to the accounting policy has been accounted for retrospectively resulting in a prior year restatement.
The Group identified £17.8m additions made in the years ending 31 May 2019 and 31 May 2020 in relation to software and development costs. £7.9m of these costs capitalised for the year ended 31 May 2020 related to cloud computing arrangements that should be expensed after the consideration of the IFRIC guidance and a further £3.6m for the year ended 31 May 2019. In relation to the year ended 31 May 2020 assets, £1.4m of amortisation was charged, which is to be reversed. A further £0.2m of costs capitalised are to be reclassified to prepayments.
These costs give rise to a reduction in the tax charge for the year ended 31 May 2020 of £1.2m and a corresponding increase in the Group's deferred tax asset.
The affected financial statement line items are as follows:
| 31 May 2020 (previously |
31 May 2020 | ||
|---|---|---|---|
| 31 May 2020 | reported) £m |
Restatement £m |
(restated) £m |
| Income Statement impact | |||
| Depreciation and amortisation | (25.0) | 1.4 | (23.6) |
| Individually Significant Items – expense cloud configuration and customisation costs previously capitalised | – | (7.9) | (7.9) |
| Operating profit | 19.1 | (6.5) | 12.6 |
| Profit before taxation | 16.1 | (6.5) | 9.6 |
| Taxation | (4.4) | 1.2 | (3.2) |
| Profit for the year | 11.7 | (5.3) | 6.4 |
| Basic EPS | 4.2p | (1.9p) | 2.3p |
| Diluted EPS | 4.2p | (1.9p) | 2.3p |
| Balance Sheet impact | |||
| Expense cloud configuration and customisation costs previously capitalised | – | (11.5) | (11.5) |
| Amounts reclassified to prepayments in relation to cloud computing arrangements (restated) | – | (0.2) | (0.2) |
| Reversal of amortisation on cloud configuration and customisation costs previously capitalised | – | 1.5 | 1.5 |
| Other intangible assets | 39.2 | (10.2) | 29.0 |
| Deferred tax assets | 0.5 | 1.8 | 2.3 |
| Total non-current assets | 275.7 | (8.4) | 267.3 |
| Trade and other receivables | 73.2 | 0.2 | 73.4 |
| Current assets | 169.7 | 0.2 | 169.9 |
| Net assets | 214.1 | (8.2) | 205.9 |
| Retained earnings | (13.8) | (8.2) | (22.0) |
| Total equity | 214.1 | (8.2) | 205.9 |
| 31 May 2020 | 31 May 2020 (previously reported) £m |
Restatement £m |
31 May 2020 (restated) £m |
|---|---|---|---|
| Cash Flow Statement impact | |||
| Profit for the year | 11.7 | (5.3) | 6.4 |
| Amortisation of software and development costs | 4.4 | (1.4) | 3.0 |
| Income tax expense | 4.4 | (1.2) | 3.2 |
| Net cash generated from operating activities | 47.1 | (7.9) | 39.2 |
| Software and development expenditure | (10.4) | 7.9 | (2.5) |
| Net cash used in investing activities | (13.2) | 7.9 | (5.3) |
| Net increase in cash and cash equivalents | 60.1 | – | 60.1 |
A third Balance Sheet has been presented in accordance with IAS 1 to illustrate the impact in the opening Balance Sheet for the prior financial year. The Group identified that £3.6m of costs previously capitalised under cloud computing arrangements that should be expensed and £0.1m of amortisation was charged, which is to be reversed.
These additional costs give rise to a reduction in the tax charge for the year of £0.6m and a corresponding increase in the deferred tax asset.
The opening Balance Sheet of the prior year has accordingly been restated to correct for these, as shown below. Balances at 1 June 2019 are those disclosed after the application of IFRS16 which was adjusted prospectively on inception. The affected financial statement line items are as follows:
| 1 June 2019 | 1 June 2019 (previously reported) £m |
Restatement £m |
1 June 2019 (restated) £m |
|---|---|---|---|
| Balance Sheet impact | |||
| Other intangible assets | 41.8 | (3.5) | 38.3 |
| Deferred tax assets | 1.6 | 0.6 | 2.2 |
| Total non-current assets | 276.5 | (2.9) | 273.6 |
| Net assets | 208.8 | (2.9) | 205.9 |
| Retained earnings | (14.0) | (2.9) | (16.9) |
| Total equity | 208.8 | (2.9) | 205.9 |
for the year ended 31 May 2021
On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially all of the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain exclusively related to the IPM business. The primary reasons for the business combination are to:
Management considers shareholder approval of the transaction constitutes a change in control and therefore the date of shareholder approval is considered to be the acquisition date for the transaction. Shareholder approval was granted on 1 June 2021 and the IPM Software Resilience business will be consolidated into the Group results from that date (see Note 2).
Details of assets acquired that are subject to provisional fair value adjustments will be reported for the year ended 31 May 2022. The acquisition for a total consideration of \$220m was funded through an equity gross placing of £72.6m (see Note 27) on 17 May 2021 combined with a new three year \$70m term loan (see Note 24) and the remaining \$98.2m funded via existing cash balances and our revolving credit facility. The term loan was entered into on 12 May 2021 but not drawn down until 2 June 2021.
Costs directly attributable to the acquisition of the IPM business totalling £7.6m have been expensed during the year (see Note 5). Issue costs of £2.4m were incurred as part of the equity placing and have been credited to the share premium account (see Note 27).
APMs are the way that financial performance is measured by management and reported to the Board, and the basis of financial measures for senior management's compensation schemes, and provide supplementary information that assists the user in understanding the underlying trading results.
| APM | Closest equivalent IFRS measure |
Adjustments to reconcile to IFRS measure |
Note reference for reconciliation |
Definition, purpose and considerations made by the Directors |
|---|---|---|---|---|
| Income Statement measures: | ||||
| Adjusted operating profit |
Operating profit or loss |
Operating profit or loss before amortisation of acquired intangibles, |
3 | Represents operating profit before amortisation of acquired intangibles, share-based payments and Individually Significant Items. |
| share-based payments and Individually Significant Items |
This measure is to allow the user to understand the Group's underlying financial performance as measured by management, reported to the Board and used as a financial measure in senior management's compensation schemes. |
|||
| The Directors consider amortisation of acquired intangibles is a non-cash accounting charge inherently linked to losses associated with historical acquisitions of businesses. |
||||
| The Directors consider share-based payments to be an adjusting item on the basis that fair values are volatile due to movements in share price, which may not be reflective of the underlying performance of the Group. |
||||
| Individually Significant Items are items that are considered unusual by nature or scale, and are of such significance that separate disclosure is relevant to understanding the Group's financial performance and therefore requires separate presentation in the Financial Statements in order to fairly present the financial performance of the Group. |
||||
| Adjusted earnings before interest, tax, |
Operating profit or loss |
Operating profit or loss, before adjusting items, depreciation and |
3 | Represents operating profit before adjusting items, depreciation and amortisation to assist in the understanding of the Group's performance. |
| depreciation and amortisation (Adjusted EBITDA) |
amortisation, finance costs and taxation |
Adjusted EBITDA is disclosed as this is a measure widely used by various stakeholders and used by the Group to measure the cash conversion ratio. |
||
| Adjusted basic EPS |
Statutory basic Statutory basic EPS before EPS amortisation of acquired intangibles, share-based |
11 | Represents basic EPS before amortisation of acquired intangibles, share-based payments and Individually Significant Items. |
|
| payments, Individually Significant Items and the tax effect thereon |
This measure is to allow the user to understand the Group's underlying financial performance as measured by management, reported to the Board and used as a financial measure in senior management's compensation schemes. |
|||
| See further details above in relation to amortisation of acquired intangibles and share-based payments. |
| APM | Closest equivalent IFRS measure |
Adjustments to reconcile to IFRS measure |
Note reference for reconciliation |
Definition, purpose and considerations made by the Directors |
|---|---|---|---|---|
| Balance Sheet measure: | ||||
| Net cash/(debt) excluding lease liabilities |
Total borrowings (excluding lease liabilities) offset by cash and cash equivalents |
3 | Represents total borrowings (excluding lease liabilities) offset by cash and cash equivalents. It is a useful measure of the progress in generating cash, strengthening of the Group Balance Sheet position, overall net indebtedness and gearing on a like-for-like basis. |
|
| Net cash/(debt), when compared to available borrowing facilities, also gives an indication of available financial resources to fund potential future business investment decisions and/or potential acquisitions. |
||||
| Net cash/(debt) | Total borrowings (including lease liabilities) offset by cash and cash equivalents |
3 | Represents total borrowings (including lease liabilities) offset by cash and cash equivalents. It is a useful measure of the progress in generating cash, strengthening of the Group Balance Sheet position, overall net indebtedness and gearing including lease liabilities. |
|
| Net cash/(debt), when compared to available borrowing facilities, also gives an indication of available financial resources to fund potential future business investment decisions and/or potential acquisitions. |
||||
| Cash flow measure: | ||||
| Cash conversion ratio |
Ratio % of net cash flow from operating activities before interest and tax divided by operating profit |
Ratio % of net cash flow from operating activities before interest and tax divided by EBITDA |
3 | The cash conversion ratio is a measure of how effectively operating profit is converted into cash and effectively highlights both non-cash accounting items within operating profit and also movements in working capital. It is calculated as net cash flow from operating activities before interest and taxation (as disclosed on the face of the Cash Flow Statement) divided by EBITDA for continued and discontinued activities. |
| The cash conversion ratio is a measure widely used by various stakeholders and hence is disclosed to show the quality of cash generation and also to allow comparison to other similar companies. |
The Group also reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account constant foreign exchange rates year on year. This involves translating comparative numbers to current year rates for comparability to enable a growth factor to be calculated. In addition, the Group also reports these regions on a local currency basis to demonstrate the revenue performance on a local basis. As these measures are not statutory revenue numbers, management considers these to be APMs.
| Other terms | Definition and usage | ||
|---|---|---|---|
| Code | Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how companies should be governed, applicable to UK-listed companies including NCC Group plc. |
||
| Adjusted | Any result described as adjusted excludes the impact of Individually Significant Items, and any tax on any of these items. |
||
| Adjusted earnings | Adjusted earnings is defined as statutory earnings before amortisation of acquisition intangibles, Individually Significant Items and the share-based payments charge, net of the tax effect of these items. |
||
| Adjusted operating profit margin 1 | Calculated as Adjusted operating profit divided by revenue from continuing activities. | ||
| AGM | Annual General Meeting of shareholders of the Company held each year to consider ordinary and special business as provided in the Notice of AGM. |
||
| Alternative Performance Measure (APM) |
An Alternative Performance Measure (which is denoted in each case or use thereof by a footnote) is a non-GAAP performance metric used by management either internally or externally to present management's view of the underlying business performance. They are not superior to GAAP-based measures and are simply an alternative way of looking at performance. See Note 3 for further information. |
||
| Board | The Board of Directors of the Company (for more information see pages 74 and 75). | ||
| Cash conversion ratio 1 | Calculated as cash generated from operating activities before interest and taxation divided by Adjusted EBITDA 1, expressed as a percentage. |
||
| CDO | Cyber Defence Operations. | ||
| CEO | Chief Executive Officer. | ||
| CFO | Chief Financial Officer. | ||
| CISO | Chief Information Security Officer. | ||
| Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual Company, or to NCC Group plc and its subsidiaries collectively. |
|||
| CPO | Chief People Officer. | ||
| CTO | Chief Technology Officer. | ||
| Directors/Executive Directors/ Non-Executive Directors |
The Directors/Executive Directors and Non-Executive Directors of the Company whose names are set out on pages 74 and 75 of this report. |
||
| EBIT | Earnings before interest and tax. | ||
| EBIT margin % | EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue. | ||
| EBITDA | Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit before Individually Significant Items and adding back depreciation and amortisation charged. |
||
| EBITDA margin % | EBITDA divided by revenue. | ||
| EPS | Earnings per share. Profit for the year attributable to equity shareholders of the Parent allocated to each ordinary share. |
||
| FCA | Financial Conduct Authority. | ||
| Financial year | For NCC Group this is an accounting year ending on 31 May. | ||
| FRC | Financial Reporting Council. | ||
| Free cash flow | Net cash from operating activities less net capital expenditure. | ||
| FRS | A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC). |
| Other terms | Definition and usage | ||
|---|---|---|---|
| Gross profit | Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads that are supporting the business as a whole as opposed to a specific revenue item. |
||
| Gross margin %/GM % | Calculated as gross profit divided by revenue from continuing activities. | ||
| HMRC | Her Majesty's Revenue & Customs, the tax collecting authority of the UK. | ||
| IAS or IFRS | An International Accounting Standard or International Financial Reporting Standard, as issued by the International Accounting Standards Board (IASB). IFRS is also used as the term to describe international generally accepted accounting principles as a whole. Financial Statements are prepared in accordance with IFRS as adopted by the EU. |
||
| Individually Significant Items | Items that the Directors consider to be material in nature, scale or frequency of occurrence that need to be excluded when calculating some non-GAAP performance measures in order to allow users of the Financial Statements to gain a full understanding of the underlying business performance. See Note 5 for further information. |
||
| KPMG | The Company's external auditor, KPMG LLP. | ||
| LTIP | Long Term Incentive Plan established to align the interests of senior and Executive management with those of shareholders. The plan is formally known as the NCC Group Long Term Incentive Plan 2013 (approved by shareholders in 2013). |
||
| MD | Managing Director. | ||
| MDR | Managed Detection and Response. | ||
| Net debt 1 | Total borrowings offset by cash and cash equivalents. | ||
| Ordinary shares | Voting shares entitling the holder to part ownership of a company. | ||
| SAYE/Sharesave | Save As You Earn, being a tax efficient scheme to encourage colleague share ownership. | ||
| Software Resilience | Software Resilience represents our Escrow resilience services. | ||
| Subsidiary | A company or other entity that is controlled by NCC Group. | ||
| TSC | Technical Security Consulting. | ||
| TSR Total shareholder return, which is share price growth plus dividends reinvested (where applicable) over a specified period of time, divided by the share price at the start of the period. |
190 NCC Group plc — Annual report and accounts for the year ended 31 May 2021
| Chris Stone | – | Non-Executive Chair |
|---|---|---|
| Adam Palser | – | Chief Executive Officer |
| Tim Kowalski | – | Chief Financial Officer and Company Secretary |
| Chris Batterham | – | Senior Independent Non-Executive Director |
| Jonathan Brooks | – | Independent Non-Executive Director |
| Mike Ettling | – | Independent Non-Executive Director |
| Jennifer Duvalier | – | Independent Non-Executive Director |
Tim Kowalski
XYZ Building 2 Hardman Boulevard Spinningfields Manchester M3 3AQ
4627044
Registered in England and Wales
Jefferies International Limited 100 Bishopsgate London EC2N 4JL
Moor House 120 London Wall London EC2Y 5ET
KPMG LLP 1 St Peter's Square Manchester M2 3AE
DLA Piper UK LLP 1 St Peter's Square Manchester M2 3DE
HSBC UK Bank plc 2nd Floor 4 Hardman Square Spinningfields
Manchester M3 3EB
1 Hardman Boulevard Manchester M3 3AQ
8–10 Moorgate London EC2R 6DA
Equiniti Aspect House Spencer Road Lancing West Sussex BN99 6DA
| Ex-dividend date | 14 October 2021 |
|---|---|
| Record date | 15 October 2021 |
| AGM | 4 November 2021 |
| Dividend payment date | 12 November 2021 |
| 2022 half year end | 30 November 2021 |
| 2022 interim statement | 3 February 2022 |
| 2022 year end | 31 May 2022 |
| 2022 year end trading pre-close statement | June 2022 |
| 2022 preliminary year end statement | July 2022 |
| These dates are provisional and may be subject to change. | |
NCC Group plc's commitment to environmental stewardship is reflected in this Annual Report.
The material is derived from sustainable resources and is FSC® certified. Printed in the UK by Geoff Neal. Both the mill and the printer are certified to ISO 14001 (Environmental Management System) and ISO 9001 (Quality Management System).
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.