The GMC, as mandated by the Board, maintains a Group-wide system of internal control to manage signiﬁcant Group risks. This system, which has been operating throughout the year and to the date of this report, supports the Board in discharging its responsibility for ensuring that the wide range of risks associated with the Group's diverse international operations is effectively managed in support of the creation and preservation of shareholder wealth. Where appropriate, necessary action has been or is being taken to remedy any failings or weaknesses identiﬁed from review of the effectiveness of the internal control system, including the lessons learned from the acquisition and development of the Amapá system.
The system of internal control, which is embedded in all key operations, provides reasonable rather than absolute assurance that the Group's business objectives will be achieved within the risk tolerance levels deﬁned by the Board. Regular management reporting, which provides a balanced assessment of key risks and controls, is an important component of Board assurance. In addition, certain Board committees focus on speciﬁc risks such as safety and capital investment and provide assurance to the Board on those matters. The chief ﬁnancial ofﬁcers provide conﬁrmation, on a six-monthly basis, that ﬁnancial and accounting control frameworks have operated satisfactorily. The Board also receives assurance from the Audit Committee, which derives its information, in part, from regular internal audit reports on risk and internal control throughout the Group and external audit reporting. The Group's internal audit function has a formal collaboration process in place with the external auditors to ensure efﬁcient coverage of internal controls. The Anglo American internal audit function is responsible for providing independent assurance to executive management and the Board on the effectiveness of the risk management process throughout the Group.
Anglo American seeks to have a sound system of internal control, based on the Group's policies and guidelines, in all material associates and joint ventures. In those companies that are independently managed, as well as joint ventures, the directors who are represented on these organisations' boards seek assurance that signiﬁcant risks are being managed.
The Board's policy on risk management encompasses all signiﬁcant business risks to the Group, including ﬁnancial, operational and compliance risk, which could undermine the achievement of business objectives. This system of risk management is designed so that the different businesses are able to tailor and adapt their risk management processes to suit their speciﬁc circumstances. This ﬂexible approach has the commitment of the Group's senior management. There is clear accountability for risk management, which is a key performance area of line managers throughout the Group. The requisite risk and control capability is assured through Board challenge and appropriate management selection and skills development. Managers are supported in giving effect to their risk responsibilities through policies and guidelines on risk and control management. Support through facilitated risk assessments is provided by a central team responsible for ensuring a robust process is implemented for risk management. During 2009, over 100 separate risk assessment workshops were conducted reviewing risk in business unit strategies, risks to achieving mine plans, risks in capital projects and risks to key change programmes. The results of these risk assessments were reported to senior management and the Audit Committee. The process of risk management is designed to identify internal and external threats to the business and to assist management in prioritising their response to those risks. Continuous monitoring of risk and control processes, across headline risk areas and other business-speciﬁc risk areas, provides the basis for regular and exception reporting to business management and boards, ExCo, the Audit Committee and the Board.
Some of the headline risk areas, which have been elaborated upon in the financial review are:
The risk assessment and reporting criteria are designed to provide the Board with a consistent, Group-wide perspective of the key risks. The reports to the Board, which are submitted at least every six months, include an assessment of the likelihood and impact of risks materialising, as well as risk mitigation initiatives and their effectiveness.
In conducting its annual review of the effectiveness of risk management, the Board considers the key ﬁndings from the ongoing monitoring and reporting processes, management assertions and independent assurance reports. The Board also takes account of material changes and trends in the risk proﬁle and considers whether the control system, including reporting, adequately supports the Board in achieving its risk management objectives.
During the course of the year the Board considered the Group's responsiveness to changes within its business environment. The Board is satisﬁed that there is an ongoing process, which has been operational during the year, and up to the date of approval of the Annual Report, for identifying, evaluating and managing the signiﬁcant risks faced by the Group. This includes social, environmental and ethical risks as highlighted in the Disclosure Guidelines on Socially Responsible Investment issued by the Association of British Insurers. A detailed report on social, environmental and ethical issues is included in the Company's Report to Society 2009.
The Board is required to present a balanced and understandable assessment of Anglo American's ﬁnancial position and prospects. Such assessment is provided in the Chairman's and Chief executive's statements and the Operating and ﬁnancial review of this Annual Report. The respective responsibilities of the directors and external auditors are set out in the Statement of directors' responsibilities, Responsibility statements and the Independent auditors' report. As referred to in the Directors' report, the directors have expressed their view that Anglo American's business is a going concern.
The Group has had in place for a number of years a whistleblowing programme in all its managed operations. The programme, which is monitored by the Audit Committee, is designed to enable employees, customers, suppliers, managers or other stakeholders, on a conﬁdential basis, to raise concerns in cases where conduct is deemed to be contrary to our values. It may include:
The programme makes available a selection of telephonic, e-mail, web-based and surface mail communication channels to any person in the world who has information about unethical practice in Anglo American and its managed operations. The multilingual communication facilities are operated by independent service providers who remove all indications from information received as to the identity of the callers before submission to designated persons in the Group.
During 2009, 313 reports were received via the global 'Speakup' facility, covering a broad spectrum of concerns, including ethical, criminal, supplier relationships, health and safety, and human resource-type issues. Reports received were kept strictly conﬁdential and were referred to appropriate line managers within the Group for resolution. Where appropriate, action was taken to address the issues raised. The reports are analysed and monitored to ensure the process is effective.