Gorman-Rupp Co.
Annual Report 2018

Plain-text annual report

G R C I n t e r n a t i o n a l G r o u p p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 8 A unique integrated cyber compliance company GRC International Group plc Annual Report and Accounts 2018 GRC International Group plc (AIM: GRC) is the holding company for a group of companies providing a range of products and services to address the IT governance, risk management and compliance requirements of organisations, operating a “one-stop shop” that enables our customers to meet current and future commercial requirements and regulatory standards. The Group is based in Ely near Cambridge, England, with offices in Scotland, Ireland, the US, Belgium and the Netherlands. Introduction Strategic Report 1-19 Highlights At a Glance What Sets us Apart? Chairman’s Statement Chief Executive Officer’s Review Our Story so Far Market Overview Our Business Model and Strategy Financial Review Risk Management Key Performance Indicators 1 2 3 4 6 8 10 12 14 16 18 Corporate Governance 20-31 Corporate Governance Statement 20 Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities Financial Statements 32-68 Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity Consolidated Statement of Cash Flows Nature of Operations and General Information Notes to the Financial Statements 22 24 27 30 31 32 38 38 39 40 41 42 51 Forward-looking statements This Annual Report includes statements that are, or may be deemed to be, “forward-looking statements”. These statements are made by the Directors in good faith based on the information available to them up to the time of their approval of this report and such statements should be treated with caution due to the inherent uncertainties, including both economic and business risk factors, underlying any such forward-looking statements. Highlights A transformational year for GRC International Group plc • Significant growth generated by the provision of GDPR1-related services. • Legislation and regulation relating to data protection and cyber security becoming increasingly widespread. • Successful admission to AIM, with £5.04 million raised (before costs). All costs were paid out of working capital. • Progressed our international expansion plan, establishing offices in Scotland, Ireland, the US, Belgium and the Netherlands. • Maintained positive working capital, strengthening our balance sheet. • Strengthened our online presence and web sales business. Financial highlights Revenue £15,688,216 2017: £6,833,303 +130%2 Profit after tax £201,851 2017: £636,292 (68%)2 Operational highlights Total billings5 £16,260,465 2017: £7,412,352 +119%2 Website visits 3,107,019 2017: 1,403,192 +121%2 Profit before tax £355,346 2017: £710,164 (50%)2 Underlying EBITDA4 £1,662,036 2017: £1,068,271 +55%2 Earnings per share (undiluted) 0.40p 2017: £1.27 (69%)2 Billings per month/FTE ratio £7,645 2017: £8,250 (7%) Average FTE headcount 177 2017: 74 +139%2 Website revenue £4,683,489 2017: £1,333,226 +251%2 Basis of preparation GRC International Group plc was incorporated on 27 October 2017. The Company’s first statutory accounting period will be up to 31 March 2019 so there are no Company only financial statements included in this Annual Report. The Company was inserted as the new holding company for the pre-existing IT Governance Group. The consolidated financial results included in this Annual Report have been prepared on a look-through basis, as if the Group always existed in its current form. This is consistent with the approach taken for the historical financial information (“HFI”) in the AIM admission document. 1 General Data Protection Regulation 2 Year-on-year: 2018 compared with 2017 3 Full-time equivalent 4 Underlying EBITDA (Earnings Before Interest, Tax, Depreciation and Amortisation) excludes share-based payment expenses and exceptional costs in relation to the Group’s admission to AIM in March 2018 5 The relationship between billings and revenue is explained on page 18 GRC International Group plc Annual Report and Accounts 2018 1 Financial StatementsCorporate GovernanceStrategic Report At a Glance A cyber compliance company: a unique, integrated alternative to the traditional consultancy firm, publishing house, penetration tester or training provider. What we offer A comprehensive suite of quality services and products Training Classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. Consultancy On-site and remote support to help organisations design and implement data protection, privacy and cyber security policies and procedures. Penetration testing, Payment Card Industry Data Security Standard (PCI DSS) compliance and Cyber Essentials certification and consultancy. Publishing and Distribution The Group sells books, documentation templates and software via its websites, both those it publishes or writes itself and those supplied by third parties. Our customers include BAE Systems, Barclays, HSBC, Next, Inmarsat, Vodafone, Volkswagen, UK national and local government departments, the NHS, Universities, The Bank of England, BBC, US Army, Slaughter & May, Freshfields Bruckhaus Deringer, PwC, Grant Thornton. Where we are • Physical offices: UK, Belgium, the Netherlands, Ireland and the US. • EU website: 11 country websites, with interfaces to all 27 non-UK member states buying from one or another of those websites. 2 GRC International Group plc Annual Report and Accounts 2018 A leading, global, “one-stop shop” supplier of IT governance, risk and compliance products and services delivering great value to clients. GRC: Governance, risk management and compliance Cyber resilience Governance and risk management Data protection compliance, GDPR Cyber security and ISO 27001 IT Governance and COBIT® Service management Risk management PCI DSS ISO 9001, ISO 14001, ISO 45001 Incident response Penetration testing and cyber essentials ITIL® and ISO 20000 BCM and ISO 22301 Project management, PRINCE2® Consultancy and certification Technical security Software tools Books and toolkits Training and qualifications What Sets us Apart? GRC International delivers a comprehensive suite of quality services and products to our diversified and international customer base. We believe GRC operates in a very attractive high-growth market and leverages the broad range of skills and depth of experience provided by our people. Structured according to our five key pillars, our investment case is as follows: A comprehensive suite of quality services and products A diversified and international customer base • A range of both “off-the-shelf” and bespoke solutions to its clients within the IT governance field. • e-learning, publishing, training, certification and consultancy solutions, specifically tailored to an individual organisation’s strategies and needs. • Flexible and cost-effective delivery options to suit our client’s requirements. • Multiple touch points with clients providing opportunities to grow our share of client wallet. • Creation of a compliance “platform” allows opportunity to embed further into client operations. • 70% of revenue growth driven by new customer acquisition with no single client accounting for more than 5% of Group revenues. • In the year ended 31 March 2018, 19% (2017: 19%) of the Group’s billings originated from customers outside of the UK. The Board’s ambition over time is for non-UK revenue to exceed domestic revenue. • Customer base in France, Italy, Spain, Belgium and the Netherlands, plus sales and marketing operations in the USA, Dubai and Singapore. • Significant potential to expand our geographical footprint further. Operating in an attractive, high-growth market Broad range of skills and a depth of experience Proven track record • Strong organic growth in revenue • The Department of Business, • Management team recognised as and profits. Innovation and Skills estimates governance to be the fastest growing area of the cyber security market. leading authorities on IT governance, regulation, systems and certification in the UK. • Senior management team has been active in the field of IT governance, risk and compliance since before 2000. • Experienced multi-discipline consultancy team. • Well-developed marketing and innovative, agile, new product development capability. • Demand for products and services is directly correlated to a market that is experiencing rapid expansion in the volume of information transmitted and stored online. • Global and fragmented market – “one-stop shop” solution a highly attractive proposition. • Opportunities waiting to be grasped: – Less than 25% of UK businesses are GDPR compliant (TrustArc Survey, June 2018). – GDPR compliance less mature elsewhere in the world. – GDPR and e-Privacy requirements apply to all suppliers into the EU. – USA: all financial services institutions in New York must comply with the Department of Financial Services cyber security regulation. Californian equivalent of GDPR now passed into law. – Cyber security is a global business risk issue, where cyber breaches cost money and damage reputations. • In the two years ended 31 March 2018, the Group delivered growth of: – 230% in billings. – 224% in revenue. – 231% in gross profit. • Successful track record in introducing new products and services – 21 new products launched in the past 12 months. • Successfully helped over 500 companies achieve ISO 27001 certification, proving their compliance with one of the world’s most demanding management system standards. GRC International Group plc Annual Report and Accounts 2018 3 Financial StatementsCorporate GovernanceStrategic Report Chairman’s Statement We have a track record of self- financed growth The Group’s strategic ambition is to become an international one-stop shop under the umbrella of governance, regulation and compliance, expanding into other forms of compliance and new jurisdictions. 4 GRC International Group plc Annual Report and Accounts 2018 Introduction This is our first Annual Report as a public company and it is my pleasure to welcome our new shareholders to GRC International Group plc (“GRC”). 2017-18 was a transformational year for the business, culminating in the Company’s successful admission to the London Stock Exchange’s AIM in March 2018. The strong response to the IPO reflected investors’ favourable perceptions of our current operations and excellent prospects. Overview GRC is a “one-stop shop” for cyber security and data compliance products and services based in the UK. The Group’s strategic ambition is to become an international “one-stop shop” under the umbrella of governance, regulation and compliance, expanding into other forms of compliance and new jurisdictions. Market opportunity In a world where cyber security and data protection have escalated in importance, and as the number of high- profile breaches command worldwide concern, global cyber security spend is expected to grow by 68% between 2017 and 2022 (Source: MarketsandMarkets Cyber Security Market Report 2018). The exponential growth in transactions, data and internet-enabled devices will lead to global standards driven by legal, regulatory and commercial requirements. The market for the provision of GRC’s products and services is highly fragmented with no UK providers offering the same portfolio opportunities. The demand is international; there are few, if any, established providers to meet this demand. Financial results GRC performed exceptionally strongly in 2017-18, achieving billings of £16.3 million (growth of 119%), and underlying EBITDA of £1.7 million (growth of 55%). This growth reflected significant progress across all the Group’s divisions, especially the provision of GDPR-related services. The Group’s balance sheet was also strong, with net cash of £5.6 million reflecting the benefit of the gross placing proceeds of £5.0 million (before costs of £1.0 million), which remain unused at present as the cash generative nature of the business has funded the exceptional growth in people and resources. At this stage in the Group’s development, the Board has decided to conserve cash for further expansion and potential acquisitions. Accordingly, no dividend is declared in respect of the 2017-18 results. Billings £16.3m +119% Net cash balance £5.5m People 2017-18 has been a transformational year for GRC, not least in staffing. The number of full-time employees increased from 93 to 262. Our excellent results could not have been achieved without the skill, passion and dedication of our entire staff. On behalf of the Board, I would like to thank them for their efforts during the year. The Board welcomed Ric Piper as a Non-Executive Director on the occasion of our admission to AIM. Ric, a Chartered Accountant, brings a wealth of financial and operational expertise to the Company. Current trading and outlook GRC has enjoyed a strong start to 2018-19, in part due to the 25 May 2018 deadline for the introduction of the EU’s GDPR regime. We have commenced operations in Ireland, the US and Northern Europe, and expect to see an interesting pipeline of possible acquisition targets develop. As a result, the Company is expected to deliver further significant progress in the current financial year to 31 March 2019. All parts of the Group are operating at high intensity and promise an exciting future. Andrew Brode Chairman Our mission and values Our mission is to engage with business executives, senior managers and IT professionals, and to help them: • Protect and secure their intellectual capital. • Comply with relevant regulations. • Thrive as they achieve strategic goals through better IT management. We are dedicated to the following values: • Solving our clients’ real business problems. • Being open and transparent with our clients, partners and other stakeholders. • Being honest, responsible and accountable for the work we do. • Collaborating with our colleagues and stakeholders. • Showing leadership and initiative both within the business and externally. • Delivering results and exceeding our clients’ expectations. • We are distinctive for the range of our skills and the depth of our experience, and work together to deliver great value to our clients. “2017-18 has been a transformational year for GRC.” GRC International Group plc Annual Report and Accounts 2018 5 Financial StatementsCorporate GovernanceStrategic Report Chief Executive Officer’s Review A unique business model within an attractive, high-growth market It gives me great pleasure to report on such a momentous year for GRC International Group plc, in this, our very first Annual Report. “We have significant capability around product innovation, service innovation and speed of deployment.” 6 GRC International Group plc Annual Report and Accounts 2018 Just prior to the close of our financial year, the Group achieved a key strategic milestone and, following a successful IPO, was admitted to the London Stock Exchange’s AIM on 5 March 2018. As I reflect on the year, I am extremely proud of the work we have done and the track record we have built creating and offering a highly comprehensive suite of quality services and products, spanning e-learning, publishing, training, certification and consultancy to customers, as they seek to address a wide range of data protection and cyber security issues. Our admission to trading on AIM gives us even greater opportunity to grow our business in a progressive market that is experiencing rapid expansion on an international scale. We have a unique business model differentiating us from competitors… While we focus relentlessly on each of our bespoke products and services, it isn’t the individual components of our model which give us our competitive advantage but the way that we stitch products and services together to provide bespoke solutions to our customers’ requirements and to ensure they are satisfied regardless of their size, market sector or stage of maturity. We have significant capability around product innovation, service innovation and speed of deployment. Testament to this was our ability to launch a phishing-related e-learning course during the year, from its conceptual idea, and deliver it to the first customer in just five days. Our agility and innovation are essential components of our business model. …and we continue to be well-positioned in an attractive, high-growth market The IT governance, risk and compliance market is growing fast and is becoming a global market. Data protection and cyber crime is international and, therefore, a successful data protection and cyber crime business must operate internationally. In the past year, we have demonstrated our ability to scale up in new countries, through our newly established Irish business (supported by a dedicated sales marketing team and website) to support our EU operations and our office in New York for our US business. We also have offices in Amsterdam and Brussels. I am pleased to report that these operations are becoming established, evidenced by the fact that international revenues grew 131% year-on-year and now form 19% of the Group’s total revenues. We have an ambition that over time international revenue will exceed UK revenue. But, we must always remain one step ahead In the past year, the arrival of GDPR drove significant revenue and cash flow growth allowing GRC to forge itself as one of the market leaders in this space. The level of peak panic purchasing that we saw in the final months leading up to 25 May 2018, the date on which GDPR applied, is unlikely to be repeated. However, growth in the coming year from ongoing compliance requirements with existing legislation, coupled with a new pipeline of regulation, will continue to provide opportunities and the challenge for us is to remain agile and innovative in this fast-paced and evolving market. Our strategy in 2018 and beyond The cybersecurity market is expected to grow from USD 137.85 billion in 2017 to USD 231.94 billion by 2022, at a Compound Annual Growth Rate (“CAGR”) of 11.0% – according to MarketsandMarkets Cyber Security Market Report 2018. As cyber crime and data protection issues become more common and rise in prominence, governments are increasingly legislating to protect against them, thus creating additional compliance burdens for organisations in both private and public sectors and, consequently, expanding the ecosystem in which we operate. Key findings from the research highlight that 20% of companies surveyed believe they now are GDPR compliant – per TrustArc’s GDPR Compliance Status Report July 2018. We expect that following a pause for breath over the summer, the levels of data breach reporting and the application of potentially large fines for non-compliance will drive another wave of billings from organisations recognising the necessity of being compliant. As well as compliance with GDPR, ISO 27001 and other existing regulations, there is a strong pipeline of regulation including the Network and Information Security (“NIS”) Directive and the e-Privacy Directive that will keep compliance at the top of the agenda for many of our clients, both current and potential. We would not be where we are today without the hard work and dedication of our people Of course, none of our achievements this year would have happened without the hard work and dedication of our employees. We value the innovation, accountability, determination, application and pragmatism of our people hugely. The skills and capabilities of our colleagues are vital to our success. I would like to thank them all for their support during this transformative year and for their continued dedication to GRC International’s success. Therefore as we progress, both this year and beyond, we must focus on extending existing services into both our existing markets and new jurisdictions, whilst also developing new services and solutions to deliver to clients, both existing and new. With our successful track record of introducing new products and services – sometimes against very tight timescales – we remain confident in delivering on this pillar of our strategy. In addition to investing organically to grow, we will continue to review suitable acquisition opportunities, businesses that own complementary technology and intellectual property to ours, offering access to new markets or geographies or extending our existing capabilities and product range. We are excited for the future At this point in time, I don’t think anyone can know exactly what the future holds, particularly in the short term, as the data protection and cyber security market continues to grow and evolve. However, we believe this global market provides a wealth of opportunity for us. This is a hugely exciting time for GRC as we move forward as a publicly listed company and work to achieve our vision of being the leading “one-stop shop” supplier of IT governance, risk and compliance products and services globally. Alan Calder Chief Executive Officer “Our admission to trading on AIM gives us even greater opportunity to grow our business in a progressive market that is experiencing rapid expansion on an international scale.” GRC International Group plc Annual Report and Accounts 2018 7 Financial StatementsCorporate GovernanceStrategic Report Our Story so Far How we got here Alan Calder and Steve Watkins become the first people in the UK to successfully implement an Information Security Management System (ISMS) compliant with BS 7799 (the precursor to ISO 27001). Incorporation of IT Governance Ltd. Alan Calder, CEO, became sole shareholder and appointed as Director. 1997 2002 2016 2012 Subsidiary incorporated in Ireland (IT Governance Europe Ltd). Vigilant Software Ltd became a wholly-owned subsidiary of the Group. 2017 2018 Ireland subsidiary commenced trading. 19% of Group revenues were to customers outside the UK. Many of our products and services translated, for the first time, into German, French, Spanish and Italian. Following a reorganisation, a newly incorporated company, GRC International Group plc. GRC International Group became the holding company and admitted to trading on the LSE’s AIM market. US subsidiary incorporated and office opened in New York. In August, first acquisition completed: www.gdpr.co.uk. 8 GRC International Group plc Annual Report and Accounts 2018 e-commerce website launched selling books and documentation toolkits on information security. IT Governance Ltd co-founded Vigilant Software Ltd and subscribed to 50% of the equity. Vigilant developed software program to help organisations assess risks to information and select appropriate controls to reduce risks. First training course delivered in Pakistan. Alan Calder started undertaking consultancy work. 2005 2006 2007 2010 2009 2008 Successful growth of the Consulting division led to the launch of a “penetration testing” service (testing customer data protection and cyber security processes). Software division established, focused on developing software to help organisations assess risks to information and select appropriate controls to reduce risks. The Group acquired control of 80% of Vigilant Software Ltd. Alan Calder started working for IT Governance full time as Executive Chairman. Began providing public training courses on information security management. Steve Watkins began working full time for IT Governance in April 2008. GRC International Group plc Annual Report and Accounts 2018 9 Financial StatementsCorporate GovernanceStrategic Report Market Overview A market driven by legal and regulatory obligations A market driven by legal and regulatory obligations to have in place data protection and cyber security systems and procedures Organisations have legal and regulatory obligations to have in place data protection and cyber security systems and procedures. These laws and regulations often have international reach outside of the countries in which they are enacted. For example, on 25 May 2018 the GDPR applied across all member states of the EU. It also extended the scope of the EU data protection law to all foreign organisations providing services into the EU. It harmonised the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations. GDPR imposes severe penalties of up to 4% of worldwide turnover for non-compliance, meaning many organisations are turning to GRC to become compliant. End-to-end compliance across the supply chain with legal and regulatory obligations further increasing demand for our products and services In addition to laws and regulations, businesses are increasingly required to provide assurance to their customers, regulators and stakeholders that their data protection and cyber security systems are adequate for the current risk environment. Businesses, therefore, require evidence of adequate security from all the entities in their supply chains. For example, the payment card brands, through their acquiring banks, require businesses (and their suppliers) that process payment cards to meet the PCI DSS standard and the UK Government already requires that organisations supplying it directly or indirectly should comply with Cyber Essentials (its own standard). The PwC 2018 Global State of Information Security Survey (“GSISS”) – which contacted 9,500 executives in 122 countries – found: • 44% did not have an overall information security strategy. • 48% did not have an employee security awareness training programme. • 54% did not have an incident response process. GSISS also found that many of the key processes for identifying cyber risks in business systems (including penetration tests, threat assessments, active monitoring of information security, and intelligence and vulnerability assessments) had been adopted by less than half of survey respondents. 10 GRC International Group plc Annual Report and Accounts 2018 We operate in a growing and global market Although it is difficult to confirm the exact size of the global market for GRC’s products and services, there are a number of research reports that indicate the size and growth rate of this market: • The GDPR market is predicted to grow from $907.4 million in 2018 to $2.7 billion by 2023, according to research published by MarketsandMarkets in their report “GDPR Service Market – Global Forecast to 2023”, reflecting a CAGR of 24% during the forecast period. According to this research, the growth will be primarily driven by the implementation of GDPR across the EU from May 2018. • Other growth factors include the generation of massive amounts of data, an increased need for data security and privacy, and demand for more data processing transparency. • TrustArc’s June 2018 research report states that in the UK, only “20% of companies surveyed believe they now are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation.” • Juniper Research published a report in 2017 that estimated that the global cyber security market would be worth $135 billion in 2020. This forecast includes all dedicated cyber security hardware and software purchases, as well as services revenues of managed security service providers. It does not include the wages for in-house cyber security staff used by an organisation. We offer a unique proposition to the market The Board believes that there are no other large companies offering the wide range of products and services that GRC provides either in the UK or elsewhere. The market for these products and services is global and they are provided on a limited basis by a large number of businesses which are either small and/or “reselling” products and/or services provided by other businesses such as those provided by us or are large but providing only a subset of our range offering. “In addition to laws and regulations, businesses are increasingly required to provide assurance to their customers, regulators and stakeholders that their data protection and cyber security systems are adequate.” GRC International Group plc Annual Report and Accounts 2018 11 Financial StatementsCorporate GovernanceStrategic Report Our Business Model and Strategy GRC’s core proposition is built around its ability to position itself as a “one-stop shop” supplier of integrated, high-quality IT governance, risk and compliance products and services to an international customer base. Our services and products broadly fit into three divisions, with the capability to package specific products and services together across divisions to provide a unique solution to a customer’s requirements, regardless of its company size, maturity or sector they operate within. Our business model What we deliver To who How we deliver it The courses range from one to five days in length with typically eight to 20 delegates on each course. Courses and are held at one of the following locations: • Hired premises. • Customers’ premises (for organisations that require training for a number of their employees). • Via live webinars to domestic and international audiences. Advertising and marketing of our training courses is predominantly online, primarily through the use of search engine optimisation. Bookings and sales made as a result of online enquiries are usually via one of the following channels: • Online sale or booking with no human intervention. • Inbound telephone or online enquiries that lead to a booking or sale. • Active sales calls to the organisation making the enquiry. Consultancy We provide on-site and remote support, helping organisations to design and implement data protection and cyber security policies and procedures. Technical services Through this line we provide: • Penetration testing: we carry out an authorised simulated attack on a customer’s IT systems to test the effectiveness of the systems and procedures and to identify any weaknesses. • PCI DSS assessments: organisations are required to have their data protection and cyber security systems tested regularly. • Cyber Essentials certification and consultancy: we provide an accredited certification service through an online portal that helps organisations of all sizes become certified to the UK Government’s Cyber Essentials scheme. The Directors believe that the Group attracts most of its consultancy customers via online searches carried out by the customer, through attendance on training courses, recommendation or as a result of a relationship that developed over a period of time. The materials are sold via its websites. Books We commission authors to write books on subjects, where on the basis of feedback from clients or knowledge of the markets in which the Group operates they believe there will be demand. Documentation templates We create and sells some 37 sets of documentation templates. Software We create and sell software solutions through our subsidiary, Vigilant Software Ltd, including: • vsRisk. • A compliance management tool. • A data flow mapping tool. Training courses related to data protection, cyber security, ISO 27001 certification and related topics. Online training, e-learning courses and examinations that are required to obtain certification. The courses are aimed at various different areas of IT governance and at different skill levels. For example, the ISO 27001 courses range from an introduction to ISO 27001 through to qualifying as a lead implementer or lead auditor. Courses are delivered to both UK-based and international customers. i g n n a r T i The range of consultancy services and products supplied by the Group has grown over the years to meet the demands of customers. Our consultancy services are offered via two offerings: consultancy and technical services. UK and internationally-based customers seeking to become compliant with new and existing legislation, including: • GDPR • ISO 27001 • PCI DSS • e-Privacy Directive y c n a t l u s n o C e r a w t f o s d n a g n h s i l i b u P The Group sells books, documentation templates and software, both those it publishes or writes itself and those supplied by third parties. Most of the books we sell relate to how organisations should manage their IT risk exposures or standards published by various bodies. We currently publish some 145 books and pocket guides to its global customer base. As well as customers just seeking books on subjects they are interested in, we also have customers requiring materials (i.e. templates) to assist them in documenting their IT systems and procedures. 12 GRC International Group plc Annual Report and Accounts 2018 Our strategy Our products and services are designed to help customers protect the data they hold by enabling them to: (i) Understand what their legal, regulatory and commercial obligations are. (ii) Identify the risks to their data protection and cyber security systems and procedures. (iii) Design and put in place systems and procedures to train their management and employees so that the customer can meet their obligations and address the risks identified. (iv) Prepare for, and obtain, certification such as: ISO/IEC 27001; PCI DSS; or Cyber Essentials. As set out on page 3 (What Sets us Apart), our objective is to become a “one-stop shop” global supplier of governance, risk and compliance products and services. The Board believes that the most prominent legal, regulatory and commercial standards relating to these areas will be adopted more widely across the globe. Organisations will need to put in place procedures and practices that will enable them to demonstrate they meet the necessary standards and to continuously test their compliance with the standards. They will require a supplier that is able to comprehensively meet their IT governance needs and the Group believes that there are opportunities for cross-selling services to its existing customers. We have a strong track record of organic growth and intends to continue growing its business in four key ways: 1 Expand existing services in existing markets The Group’s largest business, IT Governance Ltd, has a well-established brand, reflected in the strength of its online market positioning in the UK and globally. Although levels of GDPR activity peaked in May 2018 (when the EU’s GDPR’s regulations became effective), we continue to launch new products and services into the changing and maturing UK market. We also continue to invest in building its infrastructure to support and automate its operations, so that it is more cost-effectively able to service growing numbers of small and medium-sized organisations that require access to appropriate cyber security and data protection products and services. Alongside our increasingly automated internet and website systems, we have significantly grown our account management and business development teams in order to better develop its relationships with medium and large organisations. 2 Expand existing services into new jurisdictions We have established IT Governance-branded operations in Ireland (which will co-ordinate all non-UK pan-EU activities) and the US. Initial operations have been set up in Dubai, for the MENA region, and in Singapore, for the Asia-Pacific region. These are all growth markets for cyber compliance activities, but necessarily it will take some time to establish sizeable, profitable operations across these regions. The strategy is essentially to replicate (but with appropriate adjustments to reflect local cultures and market dynamics) over time and into these new geographies the successful business model and infrastructure that has been tried and tested in the UK. 3 Adding new services to deliver to existing and new clients We continue to evaluate market demand for new services, products and propositions to deliver to both existing and new customers in both existing and new jurisdictions. For example, we are considering expanding our offering from primarily data protection and cyber security training and consultancy in technical security services, into a broader range of GRC- related software areas, and into other GRC areas where organisations need to train their staff so that the organisation can meet related compliance obligations, such as money laundering and anti-bribery. 4 Make selective acquisitions In addition to organic growth, the Group is considering the acquisition of businesses that own complementary technology and intellectual property, offer access to new markets or territories, or extend our existing capabilities and the range of products and services offered to its customers. Subsequent to the year end the Group acquired the domain, web platform, customer list and goodwill of www.gdpr.co.uk from Wonde Ltd. The acquisition was settled by cash consideration of £175,000. GRC International Group plc Annual Report and Accounts 2018 13 Financial StatementsCorporate GovernanceStrategic Report Financial Review I am delighted to report a strong set of results for the year ended 31 March 2018, with double- digit growth in revenue, gross profit and underlying EBITDA. Our ability to offer flexible and cost-effective delivery of high-quality products and services that meet customer requirements, coupled with our success in expanding its geographical footprint in an attractive, high-growth market, have all contributed towards producing these strong results. 14 GRC International Group plc Annual Report and Accounts 2018 Revenue Revenue for the year ended 31 March 2018 was £15.7 million (2017: £6.8 million), up 130%. The Group has four key revenue streams: • Consultancy • Publishing and Distribution • Software • Training Double-digit revenue growth was recorded in three of our four key revenue streams. While revenue from sales of software was down 3% year-on-year to £0.4 million, revenue from Consultancy was up 82% year-on-year to £5.3 million, from Publishing and Distribution up 58% to £1.7 million and from Training division up 237% to £8.4 million. GDPR related services account for a significant proportion of the growth but we have also seen strong performances in other areas of our core business. Gross profit Gross profit was £9.5 million (2017: £4.1 million), up 133%. Gross profit as a percentage of sales remained consistent with prior years at 61% (FY2017: 60%). The stability of the gross profit margin, despite the substantial growth in Group revenue, reflects the nature of the direct cost base and demonstrates the scalability of the business. Operating expenses and exceptional costs Other operating expenses (excluding share-based payment expenses and exceptional costs in relation to the Group’s admission to AIM in March 2018) increased by £5.0 million to £8.4 million, up 148%. Other operating expenses as a percentage of turnover increased from 49% in FY2017 to 53%. This increase represents a concerted effort to invest in marketing, infrastructure and support staff to enhance growth and position GRC for future success, both in the UK and overseas. Exceptional costs were £0.7 million, being all IPO related. In 2017 exceptional costs were nil. Underlying EBITDA Underlying EBITDA (Earnings Before Interest, Tax, Depreciation and Amortisation) excludes share-based payment expenses and exceptional costs in relation to the Group’s admission to AIM in March 2018. Although underlying EBITDA is not a statutory measure, it is considered by the Board to be an important Key Performance Indicator that is helpful to investors. Underlying EBITDA for the year was £1.7 million or 10.6% of revenue (FY2017: £1.1 million and 15.6%) after adding back £0.5 million (FY2017: £0.3 million) of depreciation and amortisation, £0.01 million (FY2017: £nil) of share-based payments and £0.7 million (FY2017: £nil) of exceptional costs. This reduction on prior year is a reflection of our increased operating expenses for the purpose of future investment, as previously explained. As demonstrated by the tables below, the Group’s revenue continues to grow strongly. £ 2015 2016 2017 2018 Year-on-year % 2016 2017 2018 £ 2015 2016 2017 2018 Consultancy 1,658,879 2,010,170 2,897,684 5,273,742 Publishing and Distribution 1,041,054 1,027,378 1,041,843 1,649,060 Consultancy Publishing and Distribution 21% 44% 82% (1%) 1% 58% Software Training Total 222,747 234,098 410,696 399,212 1,541,442 1,576,915 2,483,080 8,366,202 4,464,122 4,848,561 6,833,303 15,688,216 Software Training 5% 75% (3%) 2% 57% 237% Total 9% 41% 130% UK Non-UK 3,366,248 3,912,177 5,525,068 12,669,974 1,097,874 936,384 1,308,235 3,018,242 Non-UK % 25% 19% 19% 19% Dividends At this stage in the Company’s development, the Board has decided to conserve cash for further expansion and potential acquisitions. Accordingly, no dividend is declared in respect of the 2017-18 results. Balance sheet Net current assets were £3.3 million, up from £65,000 at the prior year balance sheet date. Net assets were £5.9 million, up from £1.2 million at the year balance sheet date. Included within the current liabilities balance of £5.0 million (2017: £2.0 million) is deferred income of £1.4 million (2017: £803,000) relating to training and consultancy projects to be delivered after the balance sheet date. Intangible assets The Group’s accounting policy is that only directly attributable staff costs of the technical teams developing the assets are capitalised. No management time is capitalised and neither is any proportion of overheads or borrowing costs. Cash flow and cash The Group’s closing cash position was £5.6 million (FY2017: £0.4 million), including funds raised when the Group admitted to the London Stock Exchange AIM market on 5 March 2018. The Group raised a total of £5.0 million and received £4.8 million, after the deduction of costs at source. We therefore had a net cash inflow for the year of £0.4 million. Chris Hartshorne Finance Director Finance expense Finance expense of £9,400 (2017: £32,000) relates almost entirely to interest on historic term loans and finance leases taken out in the Group’s early stages of growth to support working capital. The balances are now being repaid in line with the repayment schedule. The total value of borrowings at the balance sheet date was £80,000 (FY2017: £162,000). Capital expenditure, depreciation and amortisation During the year in support of the Group’s growth expenditure on tangible assets was £400,000 (2017: £72,000) and on intangible assets £945,000 (2017: £404,000). Depreciation and amortisation have increased by 53% to £500,000 (2017: £326,000). Profit before tax Profit before tax was £355,000 (FY2017: £710,000), after deducting £714,000 of exceptional operating expenses. Taxation The effective tax rate of 43% (2017: 10%) differs from the actual corporation tax rate of 19% (2017: 20%). In the current year, the effective tax rate is driven up by disallowable expenditure in relation to the IPO. Without this disallowable expenditure the effective tax rate would be 13%. The actual effective tax rate of 43% is reduced by a prior year restated amount and would otherwise sit at 64%. During the year, the Group recognised a deferred tax asset of £0.6 million (FY2017: £0.1 million), the majority of which relates to share-based payments. Earnings per share Earnings per share were 0.40 pence (2017: 1.27 pence). Diluted earnings per share were 0.39 pence (2017: 1.26 pence). GRC International Group plc Annual Report and Accounts 2018 15 Financial StatementsCorporate GovernanceStrategic Report Risk Management Our principal risks and uncertainties The Group is exposed to a number of potential risks which may have a material effect on our reputation, financial or operational performance. The Board is aware that the nature and scope of risks can evolve and that there may be further risks to which GRC is exposed. While this list is not intended to be exhaustive, the Directors consider the below to be the principal risks and uncertainties faced by the Group. The Board has overall responsibility for risk management and internal control and is fully supported by the Audit Committee. Risk i c m o n o c E t n e m n o r i v n e Our operations are affected by overall economic conditions in its key geographic markets. The Group could be affected by unforeseen events outside of its control including: • Economic and political events, such as Brexit • Inflation or deflation • Currency exchange fluctuation t n e m n o r i v n e g n i t a r e p O Competition: The Company’s current competitors, or new entrants to the market, particularly the data protection and cyber security market, might bring superior technologies, products or services to the market, or equivalent products or services at a lower price which may have an adverse effect on the Company’s business. Customers: Loss of key customers has the potential to materially impact Group revenue. Compliance environment: Customer activity is to a significant extent driven by their fear of a data breach and the regulatory and commercial consequences thereof. A reduction in external compliance pressure on the Company’s clients may have an adverse effect on the Company’s business. Suppliers: We have a strategic relationship with Xanthos Ltd, a key supplier of digital marketing and website services. If Xanthos Ltd were to withdraw provision of these services, it may have an adverse impact on the business, results of operations and financial condition of the Group. Mitigation While the increasing geographic diversity of GRC provides some mitigation from individual country economic fluctuations, we continue to review and monitor our economic environment and will continue to consult widely to better understand any economic uncertainty and associated impacts. GRC operate on a basis of natural hedging to help minimise exposure to this risk. We believe that the best way to mitigate this risk is to continue to deliver high-quality products and services to our customers. We continually review and monitor competitive activity in all its markets to ensure GRC remains innovative, competitive and attractive in the markets in which we operate. In addition to the above, we seek to balance our exposure to customer dependency across all our geographic markets. We monitor customer demand and, in the event of a reduction in demand, would take steps to reduce delivery capacity and overhead. We maintain a close working and contractual relationship with key suppliers and endeavour to limit those services for which we have a single point of failure. 16 GRC International Group plc Annual Report and Accounts 2018 Risk d n a n o i t a l s i g e L n o i t a u g e r l The markets in which the Group operates are subject to legal and regulatory changes and the emergence of new industry standards. To compete successfully, the Group will need to continue to improve its products and services, and to develop and market new products and services that keep pace with changes in legislation, regulation and commercial practices. n o i s n a p x e l a n o i t a n r e t n I The continued expansion of the Group into new countries brings associated risks. With four offices now located outside the UK, there is a risk that the Group’s growth overseas may result in a reduction in the quality of control and oversight provided by senior management. Factors such as different time zones, languages, regulatory regimes and working cultures may all reduce the efficacy of the oversight provided by senior management. The financial performance of the Group may be impacted by changes to taxation regulation and the repatriation of profits, as the UK begins to leave the EU. Mitigation We monitor developments and proposed changes in Government policies, legislation, regulation and other factors that may impact our business and our customers’ businesses. Our strategy is kept under close review to ensure we respond to any such impact. We have well-developed IT systems, operational controls, comprehensive training and a rigorous compliance monitoring programme in order to maintain adherence to legislation. The Board and senior management review international activity on a regular basis and consider both strategic and operational issues that may impact performance. The Board has full oversight of UK and overseas operations through regular management meetings both remotely and in person. The nature of the Group’s business means that it is exposed to a number or risks associated with information technology which have the potential to cause a significant impact on operational performance, company reputation and financial performance. These risks include: We manage this risk in a number of ways, including external certification to international security standards, such as ISO 27001 and UK standards such as Cyber Essentials Plus. Our GDPR compliance management system is externally audited to comply with BS 10012. • Cyber security breach • Data breach • Reliance on key systems, including defects in software l i a c n h c e t d n a m e t s y S The Company’s future will be greatly influenced by the continued services and performance of its Directors and senior management. Furthermore, failure to recruit and retain skilled personnel at all levels across the business could also have an adverse impact. l e p o e P A business continuity plan is in place to minimise the impact to the business should IT systems fail. The internal IT team assesses vulnerability to potential cyber threats on a regular basis and uses antivirus software to protect the integrity of systems. We also undertake regular penetration testing to assess infrastructure and data security. In the event that an IT incident does occur, back-up facilities are in place to ensure business interruptions are minimised and internal and customer data is protected from corruption or unauthorised use. GRC also has cyber insurance appropriate to its risk profile. We continue to invest in cyber security measures, tools and infrastructure, as well as seeking to develop and upgrade systems in line with the Group’s plans for significant expansion. GRC takes pride in creating a positive and exciting workplace environment, through training, engagement, rewards and values. The Remuneration Committee seeks to ensure that rewards correspond with performance and retention. Also note, the AIM admission has enabled the business to launch share-based incentives to assist in retaining key personnel. Keyman insurance has been put in place in respect of the Chief Executive Officer Alan Calder for £750,000. GRC International Group plc Annual Report and Accounts 2018 17 Financial StatementsCorporate GovernanceStrategic Report Key Performance Indicators (“KPIs”) Billings Billings equate to the total value of invoices raised and cash sales through Group websites. This figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards or revenue recognition. Average FTE headcount While the number of full-time equivalent (“FTE”) employees is not a KPI in itself, the increase does demonstrate the scale of the Group’s growth over the course of the financial year. Monthly billings divided by FTE employees This is an internal target given to the Group’s sales and marketing teams. 18 GRC International Group plc Annual Report and Accounts 2018 Total billings £16,260,465 +119% (£000s) 20,000 15,000 10,000 16,260 7,412 5,000 4,932 0 2016 2017 2018 Average FTE headcount 177 +139% 200 150 100 50 0 177 74 56 2016 2017 2018 Billings per FTE £7,645 (7)% (£) 10,000 8,000 6,000 4,000 2,000 0 7,340 8,250 7,645 2016 2017 2018 Website visits The Group invests significant funds into digital marketing in order to maintain our dominance of certain web search term results. There is a distinct correlation between website visits and sales, however, we remain careful to use the term “correlation” rather than “causation”. Website revenue This equates to debit and credit card sales via the website that turn into cash immediately. This is an important KPI as it is a key driver of the Group’s working capital. Furthermore, the Group refers to website sales trends to estimate the returns generated through digital marketing campaigns and, therefore, how to prioritise these accordingly. Website visits 3,107,019 +121% (000s) 3,500 3,000 2,500 2,000 1,500 1,000 1,403 1,173 3,107 0 2016 2017 2018 Website revenue £4,683,489 +251% (£000s) 5,000 4,000 3,000 2,000 1,000 0 4,683 1,333 705 2016 2017 2018 The Strategic Report was approved by the Board of Directors and signed on its behalf. Alan Calder Director 26 September 2018 GRC International Group plc Annual Report and Accounts 2018 19 Financial StatementsCorporate GovernanceStrategic Report Corporate Governance Statement 20 GRC International Group plc Annual Report and Accounts 2018 Introduction This section of the report sets out GRC International Group plc’s approach to corporate governance and seeks to provide further information on how the Board and its Committees operate. The Directors acknowledge the importance of high standards of corporate governance. Subsequent to the year end the Board has decided to apply the QCA Code (The Corporate Governance Code 2018) as its recognised corporate governance code. In the 2019 Annual Report the Board will report to shareholders on how it complies with the QCA Code and where it departs from the QCA Code, the Board will provide an explanation of the reason(s) for doing so. The role of the Board The Board is collectively responsible for GRC’s performance and meets as often as necessary to effectively conduct its business. The Board is responsible for overseeing the management of the Group and approving the strategic direction of GRC. Composition of the Board and meetings The QCA Code states that a company should have at least two independent Non-Executive Directors. The Board comprises six Directors, four of whom are Executive Directors and two Non-Executive Directors, reflecting a blend of different experiences and backgrounds, as described on pages 22 and 23. GRC International Group plc was incorporated during the year and inserted as a new holding company for the pre-existing IT Governance Group via a share-for-share exchange with IT Governance Ltd. With the exception of Ric Piper, all of the Directors previously held their positions in IT Governance Ltd. Ric Piper was appointed to the Board in February 2018 as an independent Non-Executive Director ahead of the admission to AIM. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM, while at the same time ensuring that no individual (or a small group of individuals) can dominate the Board’s decision making. The Company will appraise the structure of the Board on an ongoing basis. Subsequent to admission to AIM in March 2018, the Board meets regularly to review, formulate and approve the Group’s strategy, budgets, corporate actions and oversee the Group’s progress towards its goals. Board Committees The Board has delegated specific responsibilities to the Audit Committee and the Remuneration Committee, details of which are set out below. Each Committee has written Terms of Reference setting out its duties, authorities and reporting responsibilities which can be obtained from the Company Secretary on application via https://www.grci.group/contact. Andrew BrodeNon-Executive Chairman Audit Committee The Audit Committee has the primary responsibility of monitoring the quality of internal controls to ensure that the financial performance of the Group is properly measured and reported on. It receives and reviews reports from the Group’s management and external auditor relating to the interim and annual accounts and the accounting and internal control systems in use throughout the Group. The Audit Committee will meet not less than three times in each financial year and will have unrestricted access to the Group’s external auditor. Board effectiveness The Board maintains strong relationships with external advisors and has access to advice as required. There is also regular communication between Executive and Non-Executive Directors. In line with its adoption since the year end of the QCA Code as its recognised corporate governance code, in the 2019 Annual Report the Board will report to shareholders on its review of the effectiveness of its performance as a unit, as well as that of its Committees and the individual Directors. The members of the Audit Committee comprise two Non-Executive Directors: Ric Piper (as Chairman) and Andrew Brode. The Corporate Governance Statement was approved by the Board of Directors and signed on its behalf. Andrew Brode Non-Executive Chairman 26 September 2018 More information about this Board Committee can be found in the Audit Committee Report on page 24. Remuneration Committee The Remuneration Committee reviews the performance of the Executive Directors, Chairman of the Board and senior management of the Group and makes recommendations to the Board on matters relating to their remuneration and terms of service. The Remuneration Committee will also make recommendations to the Board on proposals for the granting of share options and other equity incentives pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Remuneration Committee will meet as and when necessary, but at least twice each year. In exercising this role, the Directors have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. The members of the Remuneration Committee include two Non-Executive Directors. The Remuneration Committee will comprise Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Remuneration Committee Report on page 27. GRC International Group plc Annual Report and Accounts 2018 21 Financial StatementsCorporate GovernanceStrategic Report Board of Directors Bringing a broad range of skills and a depth of experience The existing Directors of GRC International Group plc are listed below. The Directors’ Report on page 30 sets out details of the Directors who served during the year ended 31 March 2018. The Board is committed to maintaining high standards of corporate governance. The Company has adopted policies and procedures which reflect the principles of the QCA’s Corporate Governance Guidelines for Smaller Quoted Companies (“QCA Code”) as are appropriate to a Company whose shares are admitted to trading on AIM. Andrew Stephen Brode Alan Philip Calder Christopher John Hartshorne, FCCA Non-Executive Chairman Chief Executive Officer Finance Director Executive Director Chief Information Officer Independent Non-Executive Director Appointment to the Board November 2012 April 2002 April 2017 April 2008 April 2017 February 2018 Key skills and experience In 2012, Andrew acquired an initial shareholding in IT Governance Ltd before later joining the Board as a Non-Executive Director in November 2012. In 2014, Andrew subscribed for further shares in IT Governance Ltd, increasing his shareholding to 22% (of the issued share capital of the Company prior to Admission). Andrew was appointed Non-Executive Chairman of the Company in February 2018. As well as being a Chartered Accountant, Andrew has gained significant leadership experience on the boards of several listed companies. He was Chief Executive of Wolters Kluwer (UK) plc between 1978 and 1990 and Andrew is currently Chairman of RWS Holdings plc and Learning Technologies Group plc. These roles together with his extensive executive experience, ensure he is well placed to lead the Board of GRC International plc effectively. Board Committee membership • Nomination Committee Chair • Audit Committee member • Remuneration Committee member Principal external appointments • Chairman of RWS Holdings plc • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private equity backed media companies 22 GRC International Group plc Annual Report and Accounts 2018 As CEO and founder of IT Governance Ltd, Alan leads the senior team and is responsible for delivering GRC International plc’s strategy. Chris joined the Group in April 2017 as Finance Director. Prior to this, Chris qualified as a Chartered Certified Accountant with Deloitte in 2007 and subsequently worked for PricewaterhouseCoopers. In 2015, Chris joined MM (UK) Limited as Financial Controller before leaving to take up his position with GRC International. Prior to founding IT Governance Ltd in 2002, Alan held a number of roles including the position of CEO of Business Link London City Partners, CEO of Focus Central London, CEO of Wide Learning, the Outsourced Training Company and was Chairman of CEME. Alan graduated from the University of Witwatersrand in 1978 before moving to the UK. Alan has written a number of books about IT management including the definitive compliance guide “IT Governance: An International Guide to Data Security and ISO27001/ISO27002” (co-written with Steve Watkins), which is in its sixth edition and is the basis for the UK Open University’s postgraduate course on information security and “IT Governance – Guidelines for Directors”. With his significant executive experience and expertise in the field of IT governance, risk management and compliance, Alan is well placed to lead the senior team of GRC International plc effectively. Steve joined the Group as a Director in 2008 and In his role as Chief Technology Officer and Chief Ric has over 40 years of experience as a is responsible for managing a number of key Information Officer, Neil is responsible for the Chartered Accountant, including a number customers and for technical issues of the Group. Group’s information technology systems including of senior finance roles at ICI, Citicorp and its websites and Vigilant Software Ltd, the Group’s Logica. He was also Group Finance Director Steve has an impressive track record spanning software development subsidiary. 25 years, including roles at the HM Crown at WS Atkins plc from 1993 to 2002. In the last five years, he has been Chairman of Frontier Prosecution Service Inspectorate, Focus Central Neil was appointed as a Director of IT Governance Resources plc and of Lakehouse plc and a London, Business Link London City Partners and Ltd in 2017 after originally joining IT Governance Non-Executive Director of Electron Technology OCE. He has also, worked as a consultant to Ltd in 2012 as Chief Technology Officer and plc, Precision Midstream plc, and Waterman organisations of all sizes, across all sectors and Chief Information Officer. Prior to this, he held Group Plc. In July 2018, he stepped down from has authored a number of titles relating to data roles at Featurespace (as Chief Technology the boards of Gattaca plc and Turbo Power protection and cyber security. Officer), Cambridge Assessment, Sequel Systems Ltd after 12 and 9 years respectively. Steve’s expertise is further enhanced through his Treasury Services. Business Solutions Limited and Close Brothers role as Chairman of the UK ISO/IEC 27001 User Group and in his role as an ISMS (and SMS) Technical Assessor for UKAS – a role in which he assesses conformity assessment bodies offering ISO 27001 (and ISO 20000-1) accredited certification. He is also the Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security standards, and is a member of other committees responsible for privacy, risk and service management standards. • Nomination Committee member • None • None • None • None • None • Chairman of the UK ISO/IEC 27001 User Group • None • ISMS (& SMS) Technical Assessor for UKAS • Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security standards • Audit Committee Chair • Remuneration Committee Chair • Nomination Committee member • Partner at Restoration Partners • Member of the Financial Reporting Review Panel Appointment to the Board Key skills and experience In 2012, Andrew acquired an initial shareholding in As CEO and founder of IT Governance Ltd, Alan Chris joined the Group in April 2017 as IT Governance Ltd before later joining the Board leads the senior team and is responsible for Finance Director. as a Non-Executive Director in November 2012. delivering GRC International plc’s strategy. In 2014, Andrew subscribed for further shares in Prior to this, Chris qualified as a IT Governance Ltd, increasing his shareholding to Prior to founding IT Governance Ltd in 2002, Alan Chartered Certified Accountant with 22% (of the issued share capital of the Company held a number of roles including the position of Deloitte in 2007 and subsequently worked prior to Admission). Andrew was appointed CEO of Business Link London City Partners, CEO for PricewaterhouseCoopers. In 2015, Non-Executive Chairman of the Company in of Focus Central London, CEO of Wide Learning, Chris joined MM (UK) Limited as Financial February 2018. the Outsourced Training Company and was Chairman of CEME. Controller before leaving to take up his position with GRC International. As well as being a Chartered Accountant, Andrew has gained significant leadership experience on Alan graduated from the University of the boards of several listed companies. He was Witwatersrand in 1978 before moving to the UK. Chief Executive of Wolters Kluwer (UK) plc Alan has written a number of books about IT between 1978 and 1990 and Andrew is currently management including the definitive compliance Chairman of RWS Holdings plc and Learning guide “IT Governance: An International Guide to Technologies Group plc. These roles together with Data Security and ISO27001/ISO27002” (co-written his extensive executive experience, ensure he is with Steve Watkins), which is in its sixth edition and well placed to lead the Board of GRC International is the basis for the UK Open University’s plc effectively. postgraduate course on information security and “IT Governance – Guidelines for Directors”. With his significant executive experience and expertise in the field of IT governance, risk management and compliance, Alan is well placed to lead the senior team of GRC International plc effectively. Board Committee membership • Nomination Committee Chair • Audit Committee member • Remuneration Committee member Principal external appointments • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private equity backed media companies • Chairman of RWS Holdings plc • None • None Non-Executive Chairman Chief Executive Officer Finance Director Executive Director Chief Information Officer Independent Non-Executive Director Stephen George Watkins Neil Roger Acworth Richard John Piper, ACA November 2012 April 2002 April 2017 April 2008 April 2017 February 2018 In his role as Chief Technology Officer and Chief Information Officer, Neil is responsible for the Group’s information technology systems including its websites and Vigilant Software Ltd, the Group’s software development subsidiary. Neil was appointed as a Director of IT Governance Ltd in 2017 after originally joining IT Governance Ltd in 2012 as Chief Technology Officer and Chief Information Officer. Prior to this, he held roles at Featurespace (as Chief Technology Officer), Cambridge Assessment, Sequel Business Solutions Limited and Close Brothers Treasury Services. Ric has over 40 years of experience as a Chartered Accountant, including a number of senior finance roles at ICI, Citicorp and Logica. He was also Group Finance Director at WS Atkins plc from 1993 to 2002. In the last five years, he has been Chairman of Frontier Resources plc and of Lakehouse plc and a Non-Executive Director of Electron Technology plc, Precision Midstream plc, and Waterman Group Plc. In July 2018, he stepped down from the boards of Gattaca plc and Turbo Power Systems Ltd after 12 and 9 years respectively. Steve joined the Group as a Director in 2008 and is responsible for managing a number of key customers and for technical issues of the Group. Steve has an impressive track record spanning 25 years, including roles at the HM Crown Prosecution Service Inspectorate, Focus Central London, Business Link London City Partners and OCE. He has also, worked as a consultant to organisations of all sizes, across all sectors and has authored a number of titles relating to data protection and cyber security. Steve’s expertise is further enhanced through his role as Chairman of the UK ISO/IEC 27001 User Group and in his role as an ISMS (and SMS) Technical Assessor for UKAS – a role in which he assesses conformity assessment bodies offering ISO 27001 (and ISO 20000-1) accredited certification. He is also the Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security standards, and is a member of other committees responsible for privacy, risk and service management standards. • Nomination Committee member • None • None • None • Chairman of the UK ISO/IEC 27001 User Group • ISMS (& SMS) Technical Assessor for UKAS • Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security standards • None • Audit Committee Chair • Remuneration Committee Chair • Nomination Committee member • Partner at Restoration Partners • Member of the Financial Reporting Review Panel GRC International Group plc Annual Report and Accounts 2018 23 Financial StatementsCorporate GovernanceStrategic Report Audit Committee Report Ric Piper Audit Committee Chair Remuneration Committee Chair 24 GRC International Group plc Annual Report and Accounts 2018 I am pleased to present the first report of the Audit Committee (“Committee”) for the period ended 31 March 2018. The Committee was formed as part of the Company’s preparation for admission to the London Stock Exchange’s AIM on 5 March 2018. This report is intended to explain how the Committee has met its responsibilities. Save the appointment since the year end of the independent auditor, from a “business as usual” perspective, there is nothing to bring to your specific attention. As Chair of the Committee, I will be available at the Annual General Meeting (“AGM”) to respond to any questions shareholders may raise on any of the Committee’s activities. Aims and objectives The Committee has responsibility for monitoring the integrity of the annual and interim financial statements and formal announcements relating to the Group’s financial performance, including advising the Board that the Annual Report taken as a whole is fair, balanced and understandable. It reviews significant financial reporting issues and accounting policies and disclosures in financial reports, reviews the effectiveness of the Group’s internal control procedures and risk management systems and considers how the Group’s internal audit requirements shall be satisfied, making recommendations to the Board. It reviews the independent auditor’s audit strategy and implementation plan and its findings in relation to the Annual Report and Interim Financial Statements. The main duties of the Committee are set out in its Terms of Reference which were approved by the Board as part of the Company’s admission to AIM on 5 March 2018 and are available from the Company Secretary on application via https://www.grci.group/contact. Committee membership, meetings and attendance Membership The Committee comprises two Non-Executive Directors: Ric Piper (Chairman of the Committee) and Andrew Brode (Chairman of the Board). Both Andrew Brode and Ric Piper are Chartered Accountants and the Board considered them to have recent and relevant financial experience. More information on Mr Piper and Mr Brode can be found in the Directors’ biographies on pages 22 to 23. The Board considers that the Committee as a whole has competence relevant to the sector in which the Group operates. Meetings and attendance Due to the timing of the Committee’s formation (as noted above), the Committee did not meet during the year. Going forward, it plans to meet at least three times annually. Meetings since the year end have focused on the appointment of the independent auditor and the review of the Annual Report with a recommendation that the Board should approve it. The Chief Executive Officer and the Finance Director are routinely invited to Committee meetings. Since the year end, the Committee met privately with the independent auditor. The Committee Chairman also met privately with the senior statutory auditor Julian Rae outside of the Committee meetings. Operation of the Committee Each year, the Committee will work to a planned programme of activities which are focused on key events in the annual financial reporting cycle and other matters that are considered in accordance with its Terms of Reference. • Internal financial control systems: the Committee reviewed the observations made by the independent auditor, as part of the audit process, and management’s responses and actions. The Committee was satisfied that it was appropriate for the Board to make the statements regarding internal controls included in the Corporate Governance Statement. Compliance reviews, both of financial and operational activities, were satisfactorily completed for the Group’s International Organisation for Standardisation (“ISO”) accreditations. It provides oversight and guidance to contribute to the ongoing good governance of the business, particularly by providing assurance that shareholders’ interests are being properly protected by appropriate financial management, reporting and internal controls. Internal Audit is reported below. The Chairman of the Committee reported to the Board on the Committee’s activities after each meeting, identifying relevant matters requiring communication to the Board and recommendations on the steps to be taken. In addition to the appointment of the independent auditor, the main activities of the Committee since the year end are as follows: • Financial statements: the Committee reviewed the Annual Report. Presentations were made by management and the auditor about the key technical and judgemental matters relevant to the financial statements. • Going concern: the Group continues to prepare its financial statements on a going concern basis, as set out in the accounting policies to the financial statements on page 42. Management produces working capital forecasts on a regular basis. The forecasts are reviewed by the Board, particularly ahead of the publication of interim and annual results. Having reviewed the forecasts as at the date of this report, the Committee concluded that it was appropriate for the Group to continue to prepare its financial statements on a going concern basis. • Taxation: the Group operates under varied tax regimes. The completeness and valuation of provisions to cover the range of potential final determinations by the tax authorities of the Group’s tax positions are the subject of judgement. Further information is set out in note 8 to the financial statements. The provisions held by the Group were reviewed by management as at 31 March 2018. The Committee agreed with management’s assessment of the Group’s tax provisions. The Committee notes that the Group is committed to paying the correct amount of tax and will only undertake transactions that have a genuine commercial purpose. • Fair, balanced and understandable: the content and disclosures made in the Annual Report are subject to a verification exercise by management to ensure that no statement is misleading in the form and context in which it is included, no material facts are omitted which may make any statement of fact or opinion misleading, and implications which might be reasonably drawn from the statement are true. The Committee was satisfied that it was appropriate for the Board to approve the financial statements and that the Annual Report taken as a whole is fair, balanced and understandable such that it allows shareholders to assess the Group’s performance against the Group’s strategy and business model. Significant issues related to the financial statements The Committee reviewed the key judgements applied to a number of significant issues in the preparation of the financial statements. The review included consideration of the following: Revenue recognition and recoverability of accounts receivables The Group has well-developed accounting policies for revenue recognition – see the principal accounting policies section in the financial statements. The Committee receives reports from management and from the independent auditor to ensure that the policies are complied with across the Group. The Board also receives regular reports on the collectability of aged accounts receivables, accrued income and deferred income. On the basis of these reports, the Committee concluded that it was content with the judgements that had been made. Intangibles: accounting As set out in intangibles accounting policy to the financial statements, the Group has significant amortised intangibles. As at 31 March 2018, the Committee agreed the management’s recommendation on capitalisation and that no impairment charge was required. Intangibles impairment assessments (including assumptions about future performance) are undertaken at least annually by management and reviewed by the Board and the Committee. This year, the Committee also considered a number of other matters, including the accounting for and disclosure of exceptional items (see the principal accounting policies section in the financial statements) and accounting for share-based payments. Shareholders’ attention is drawn to the section titled “Respective responsibilities” in the Independent Auditor’s Report on page 32, about specific areas as reported by the independent auditor in order to provide its opinion on the Financial Statements as a whole. GRC International Group plc Annual Report and Accounts 2018 25 Financial StatementsCorporate GovernanceStrategic Report Audit Committee Report continued Independent auditor Audit tender and reappointment The appointment of the independent external auditor is approved by shareholders annually. The independent auditor’s audit of the financial statements is conducted in accordance with International Standards on Auditing (UK and Ireland) (“ISAs”), issued by the Auditing Practices Board. The Committee regularly reviews all fees for non-audit work paid to the independent auditor. There were no fees from Deloitte LLP for non-audit work in the year ended 31 March 2018. The Committee will continue to keep the area of non-audit work under close review, particularly in the context of developing best practice on auditor’s independence. There are no contractual obligations that act to restrict the Committee’s choice of external auditor. Subsequent to the year end, the Board asked the Committee to undertake a competitive tender of the audit. The outcome was that Deloitte LLP was appointed as the Group’s independent auditor, with Julian Rae as the senior statutory auditor. The Committee regulates the appointment of former employees of the independent auditor to positions in the Group. The independent external auditor also operates procedures designed to safeguard its objectivity and independence. These include the periodic rotation of the senior statutory auditor, use of independent concurring partners, use of a technical review panel (where appropriate) and annual independence confirmations by all staff. Since the pre-existing IT Governance Group was small and privately owned, it did not require a statutory audit and so no firm previously held the position of independent auditor. The independent external auditor reports to the Committee on matters including independence and non-audit work, on an annual basis. This year, having considered the effectiveness and performance of the independent auditor, the Committee has recommended to the Board the reappointment of Deloitte LLP as independent auditor of the Company for the next financial year. Services, independence and fees The independent auditor provides the following: • A report to the Committee giving an overview of the results and judgements and observations on the control environment. • An opinion on the truth and fairness of the Group financial statements. The Committee monitors the cost effectiveness of audit and any non-audit work performed by the independent auditor and also considers the potential impact, if any, of this work on independence. It recognises that certain work of a non-audit nature may be best undertaken by the independent auditor as a result of its unique position and knowledge of key areas of the Company. Approval is required, prior to the independent auditor commencing any material non-audit work, in accordance with a Group policy approved by the Committee. Certain work, such as providing bookkeeping services and taxation planning advice, is prohibited. The Committee requires that non-audit fees do not have any material negative impact on Deloitte’s independence. Further, the Committee seeks positive evidence of the independence of the independent auditor through its challenge to management. Risk management and internal control The Group holds weekly Executive Directors’ meetings to discuss all business matters which includes risks and risk mitigation. Depending on the nature of the risk, it is escalated to the Committee and/or Board meetings for review. Internal audit Since the year end, the Group has established an internal audit programme that, going forward, will report into the Committee. Evaluation of the Committee Given the recent formation of the Committee, there was no evaluation of the Committee’s performance. Approval This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Audit Committee 26 GRC International Group plc Annual Report and Accounts 2018 Remuneration Committee Report I am pleased to present the first report of the Remuneration Committee (the “Committee”) for the period ended 31 March 2018. The Committee was formed as part of the Company’s preparation for admission to the London Stock Exchange’s AIM on 5 March 2018. Whilst there is no requirement for companies quoted on AIM to produce a formal Remuneration Report, the Committee prepares this Remuneration Report for information purposes in order to give shareholders, and other users of the financial statements, greater transparency about the way in which the Directors of GRC International Group plc are remunerated. This report sets out the remuneration paid to the Directors for the year ended 31 March 2018 and sets out the remuneration policy for the forthcoming financial year and beyond. We value the views of our shareholders and guidance issued by investor bodies. As Chair of the Committee, I will be available at the AGM to respond to any questions shareholders may raise on any of the Committee’s activities. Aims and objectives The Committee has responsibility for determining the overall remuneration policies and practices within GRC International Group plc, taking into account applicable laws, regulations and the principles of good governance. In particular, the Committee is responsible for: • Setting the remuneration policy for all Executive Directors. • Approving their remuneration packages. • Reviewing the ongoing appropriateness and relevance of the Committee membership, meetings and attendance Membership The Committee comprises two independent Non-Executive Directors: Ric Piper (Chairman of the Committee and independent Non-Executive Director) and Andrew Brode (Chairman of the Board). Meetings and attendance The Remuneration Committee will meet as and when necessary, but at least twice each year. Meetings since the year end have focused on determining the annual bonus scheme for the Executive Directors for 2018-19 and initial consideration of long-term incentive arrangements. The Chief Executive Officer and the Finance Director may attend meetings at the invitation of the Committee but may not be present when their own remuneration is being discussed. Remuneration policy objectives The main objective of the Committee is to ensure that the Company’s policy: • Attracts, motivates and retains executives in order to deliver the Group’s strategic goals and business outputs. • Encourages and supports a high-performance sales and service culture. remuneration policy. • Adheres to the principles of good corporate governance and appropriate risk management. • Aligns executives with the interests of shareholders and other key stakeholders. We remain committed to a remuneration policy that rewards high individual performance to drive strong results. Basic salary The basic salaries of the Group’s Executive Directors will be reviewed on an annual basis. The Committee seeks to establish a basic salary for each position commensurate with the individual’s responsibilities and performance, taking into account comparable salaries for similar companies of a similar size in the same market. • Reviewing and approving the overall remuneration spend (fixed and variable) to ensure that evidence exists to demonstrate that awards have been adjusted where appropriate for risk and will not limit the ability to strengthen the capital base. • Approving the design of, and determining targets for, all performance-related incentive plans operated by the Group and approving the total annual payments made under such plans. • Reviewing the design of all share incentive plans for approval by the Board and shareholders. For plans such as these, the Committee will make recommendations to the Board on proposals for the granting of share options, and other equity incentives, pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Committee’s Terms of Reference were approved by the Board as part of the Company’s Admission to AIM on 5 March 2018 and can be obtained from the Company Secretary on application via https://www.grci.group/contact. In exercising this role, the Directors shall have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. GRC International Group plc Annual Report and Accounts 2018 27 Financial StatementsCorporate GovernanceStrategic Report Remuneration Committee Report continued Directors’ remuneration The remuneration of each of the Directors during the year ended 31 March 2018 has been audited as part of the financial statements and is set out in detail below: Directors remuneration for the year ended 31 March 2018 £000s Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Neil Acworth Ric Piper Directors remuneration for the year ended 31 March 2017 £000s Andrew Brode Alan Calder Stephen Watkins Salary and fees All taxable benefits Annual bonuses Pension Total for the year ended 31 March 2018 – 220 75 105 100 3 – – – – – – – 55 20 27 26 – – 33 – – – – – 308 95 132 126 3 Salary and fees All taxable benefits Annual bonuses Pension Total for the year ended 31 March 2017 – 97 97 – – – – – – – – – – 97 97 The Executive Directors have entered into a service agreement with the Company. Each Director’s appointment will be terminable on six months’ notice given by either party and summarily by the Company in certain limited circumstances. Each Director has given certain non-compete and non-solicitation undertakings which will apply during his engagement and in respect of the period of 12 months post termination. Share-based incentive schemes In order to align the interests of shareholders and employees following admission, the Company has adopted a new employee share option scheme, as further detailed in the Group’s AIM admission document – this can be seen from the Group’s website at https://www.grci.group/investors. Prior to admission to AIM, Options over Shares were granted to three Executive Directors: Chris Hartshorne, Steve Watkins and Neil Acworth. In the case of Steve Watkins and Neil Acworth, this was to replace options granted in the previous unapproved option scheme, and in the case of Chris Hartshorne it was as agreed as part of his offer of employment. At 31 March 2018, Steve Watkins held options over 1,680,000 shares at an exercise price of 0.31429 pence per share (total exercise value £5,280); Neil Acworth held options over 353,920 shares at an exercise price of 12.71474 pence per share (total exercise value £45,000) and Chris Hartshorne held options over 315,000 shares at an exercise price of 42.85714 pence per share (total exercise value £135,000). Options held by Steve Watkins and Neil Acworth had fully vested and were exercisable from the date of admission to AIM, being a direct replacement of already vested options previously held. In the case of Chris Hartshorne, 50% of the options vested and became exercisable from the date of admission to AIM. The remaining 50% had not vested at the year end. Following admission, further options, in addition to those referred to above, were limited to a further 10% of the nominal value of the shares in issue at 6:00 p.m. (London time) on the date which is three business days following Admission. Options granted following Admission are subject to standard performance conditions, as determined and recommended by the Remuneration Committee in accordance with the plan rules. Directors’ shareholding and share interests On 1 February 2018, the Company adopted a new share option plan (Employee Share Scheme), which was subsequently amended on 12 February 2018. The Employee Share Scheme mirrors, as far as possible, the features of the previous unapproved scheme so the options granted to Steve Watkins and Neil Acworth are granted as fully vested and exercisable as their options were fully vested under the old scheme. Share options granted under the Employee Share Scheme are intended to be eligible for qualification as Enterprise Management Incentive share options. Directors’ share interests are set out below: Alan Calder Calder family (including Alan’s shares above) Andrew Brode Steve Watkins Neil Acworth Ric Piper Chris Hartshorne 27,957,311 shares (48.65%) 29,284,028 shares (50.96%) 11,279,800 shares (19.63%) 3,645,543 shares (6.35%) 1,130,080 shares (1.97%) 50,000 shares (0.09%) 11,760 shares (0.02%) On 12 February 2018, Christopher Hartshorne was granted and exercised 2,352 investment options. There have been no changes between 31 March 2018 and the date that this report was signed. 28 GRC International Group plc Annual Report and Accounts 2018 Other benefits Depending on the exact terms of each individual Executive Director’s service contract with GRC International Group plc, they are entitled to a range of benefits including contributions to pension schemes. Evaluation of the Committee Given its recent formation, there was no evaluation of the Committee’s performance. Approval This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Remuneration Committee Non-Executive Directors The Group has two Non-Executive Directors: Andrew Brode, the Chairman and Ric Piper. Both Non-Executive Directors have letters of appointment, initially for a three-year period, to be reviewed annually thereafter. The Non-Executive Directors’ letters of appointment do not provide specifically for any termination payments, although the Group might make payments in lieu of notice. Non-executive fees are determined by the Executive Directors, having regard to the requirement to attract high calibre individuals with the right experience, the time requirements and the responsibilities incumbent on an individual acting as a Non-Executive Director for a company, such as GRC International Group plc, admitted to trading on AIM. The Non- Executive Directors are not eligible for annual discretionary bonuses and do not participate in the Group’s long-term incentive plans. At his request, the Chairman does not receive a Director’s fee or other remuneration. Ric Piper joined the Board in February 2018 on an annual salary of £35,000 per annum, paid monthly in arrears. GRC International Group plc Annual Report and Accounts 2018 29 Financial StatementsCorporate GovernanceStrategic Report Directors’ Report The Directors present their annual report on the affairs of the Group, together with the financial statements and Auditor’s Report, for the year ended 31 March 2018. The Corporate Governance Statement set out on page 20 forms part of this report. Directors The Directors, who served throughout the year are as follows: • Andrew Brode – Non-Executive Chairman, appointed 1 February 2018 Details of significant events since the balance sheet date are contained in note 27 to the financial statements. An indication of likely future developments in the business of the Company are included in the Strategic Report. Information about the use of financial instruments by the Company and its subsidiaries is given in notes 18 and 19 to the financial statements. Dividends The Board has decided not to propose a final dividend and instead will remain focused on investing cash into the Group to generate future growth. Capital structure Details of the authorised and issued share capital, together with details of the movements in the Company’s issued share capital during the year are shown in note 23 to the financial statements. The Company has one class of ordinary shares which carry no right to fixed income. Each share carries the right to one vote at general meetings of the Company. There are no specific restrictions on the size of a holding nor on the transfer of shares, which are both governed by the general provisions of the Articles of Association and prevailing legislation. The Directors are not aware of any agreements between holders of the Company’s shares that may result in restrictions on the transfer of securities or on voting rights. Details of employee share schemes are set out in note 24 to the financial statements. Shares held by the Group plc Employee Benefit Trust abstain from voting. No person has any special rights of control over the Company’s share capital and all issued shares are fully paid. With regard to the appointment and replacement of Directors, the Company is governed by its Articles of Association, the UK Corporate Governance Code, the Companies Act and related legislation. The Articles themselves may be amended by special resolution of the shareholders. The powers of Directors are described in the Main Board Terms of Reference, copies of which are available on request, and the Corporate Governance Statement on page 20. Under its Articles of Association, the Company has authority to issue up to 10% of issued share capital. • Alan Calder – Chief Executive Officer, appointed 27 October 2017 • Christopher Hartshorne – Finance Director, appointed 1 February 2018 • Stephen Watkins – Executive Director, appointed 27 October 2017 • Neil Acworth – Chief Information Officer, appointed 1 February 2018 • Ric Piper – Independent Non-Executive Director, appointed 12 February 2018 Directors’ indemnities The Company has made qualifying third-party indemnity provisions for the benefit of its Directors which were made during the year and remain in force at the date of this report. Disabled employees Applications for employment by disabled persons are always fully considered, bearing in mind the aptitudes of the applicant concerned. In the event of members of staff becoming disabled, every effort is made to ensure that their employment with the Group continues and that appropriate training is arranged. It is the policy of the Group that the training, career development and promotion of disabled persons should, as far as possible, be identical to that of other employees. Employee consultation The Group places considerable value on the involvement of its employees and has continued to keep them informed on matters affecting them as employees and on the various factors affecting the performance of the Group. This is achieved through formal and informal meetings, the Company magazine and a special edition for employees of the annual financial statements. Employee representatives are consulted regularly on a wide range of matters affecting their current and future interests. The employee share scheme has been running successfully since its inception on 12 February 2018. Options can be granted to any employee or Director within the Group. The Board may set performance or time conditions for vesting. The option holder indemnifies the Company against income tax and national insurance. Options are normally exercisable after they have vested. In addition, all employees receive an annual bonus related to the overall profitability of the Group. R&D activity R&D activity is expensed through the income statement as it is incurred. At the point where all relevant recognition criteria are met the expenditure incurred on internally guaranteed intangible fixed assets is capitalised in line with the Group’s accounting policy. The Directors’ Report was approved by the Board of Directors and signed on its behalf. Alan Calder Director 26 September 2018 30 GRC International Group plc Annual Report and Accounts 2018 Statement of Directors’ Responsibilities The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial period. Under that law the Directors have elected to prepare the Group’s Consolidated Financial Statements in accordance with International Financial Reporting Standards (“IFRS”) as adopted by the European Union. Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • select suitable accounting policies and then apply them consistently; The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Group’s transactions and disclose with reasonable accuracy at any time the financial position of the Group, and enable them to ensure that the financial statements comply with the requirements of the Companies Act 2006. They are also responsible for safeguarding the assets of the Group, and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the Annual Report and the financial statements are made available on a website. Financial statements are published on the Group’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Group’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the ongoing integrity of the financial statements contained therein. • make judgements and accounting estimates that are reasonable and prudent; • state whether they have been prepared in accordance with IFRS as adopted by the European Union, subject to any material departures disclosed and explained in the financial statements; and Auditor Each of the persons who is a Director at the date of approval of this annual report confirms that: • so far as the Director is aware, there is no relevant audit information of which the Group’s auditor is unaware; and • the Director has taken all the steps that he/she ought to have • prepare the financial statements on a going concern basis unless it is inappropriate to presume that the Group will continue in business. taken as a Director in order to make himself/herself aware of any relevant audit information and to establish that the Group’s auditor is aware of that information. Deloitte LLP has expressed their willingness to continue in office as auditor and a resolution to reappoint them will be proposed at the forthcoming AGM. GRC International Group plc Annual Report and Accounts 2018 31 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc Opinion In our opinion: • the financial statements of GRC International Group plc and its subsidiaries (the “Group”) give a true and fair view of the state of the Group’s affairs as at 31 March 2018 and of the Group’s profit for the year then ended; and • the financial statements have been properly prepared in accordance with International Financial Reporting Standards (“IFRS”s) as adopted by the European Union. We have audited the financial statements which comprise: • the consolidated income statement; • the consolidated statement of comprehensive income; • the consolidated balance sheet; • the consolidated statements of changes in equity; • the consolidated cash flow statement; • the accounting policies; and • the related notes 1 to 29. The financial reporting framework that has been applied in their preparation is applicable law and IFRSs as adopted by the European Union. Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (“ISAs” (UK)) and applicable law. Our responsibilities under those standards are further described in the auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the Financial Reporting Council’s (the “FRC’s”) Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Summary of our audit approach s The key audit matters that we identified in the current year were: r e t t a m • Revenue recognition. • Capitalisation of internally developed intangible assets. • Accounting for the Group’s IPO transaction. t i d u a y e K y The materiality that we used for the Group financial statements was £180,000 which was determined on the basis of a combination of measures. t i l a i r e t a M i g The scope of our audit was driven by our risk assessment and understanding of the business. This consisted of one component n p o c S subjected to full scope audit, two components subjected to specific audit procedures and one component subjected to analytical procedures at Group level. 32 GRC International Group plc Annual Report and Accounts 2018 Conclusions relating to going concern We are required by ISAs (UK) to report in respect of the following matters where: • the Directors’ use of the going concern basis of accounting in preparation of the We have nothing to report in respect of these matters. financial statements is not appropriate; or • the Directors have not disclosed in the financial statements any identified material uncertainties that may cast significant doubt about the Group’s or the Parent Company’s ability to continue to adopt the going concern basis of accounting for a period of at least 12 months from the date when the financial statements are authorised for issue. Key audit matters Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) that we identified. These matters included those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. Revenue recognition Key audit matter description There is a risk that revenue from consultancy contracts has not been recognised using the percentage of completion method, as required by IAS 18: Revenue. The percentage completion is a judgemental decision made by management as at the reporting date due to status of work completed to date may not be indicative of the percentage of the contract that is actually complete. IAS 18, para 20 states that “when the outcome of a transaction involving the rendering of services can be estimated reliably, revenue associated with the transaction shall be recognised by reference to the stage of completion of the transaction at the end of the reporting period”. Further details are included within the critical accounting judgements in the accounting policies section of the financial statements. How the scope of our audit responded to the key audit matter We have selected a sample of consultancy revenue contracts during the year for testing. For these contracts we have obtained the relevant project tracker and reconciled the value of services provided to the value of revenue recognised within the financial statements. We have traced services provided in the year within the sampled contracts to supporting evidence to evaluate whether the project tracker accurately reflects the work performed by the Group. We have enquired of project managers as to the status of the project, any potential delays or overruns, and the expected remaining duration of the project. Key observations We concluded that the Group has recognised revenue on consultancy projects appropriately. GRC International Group plc Annual Report and Accounts 2018 33 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc continued Capitalisation of internally generated intangible assets Key audit matter description GRC has capitalised £945k of internally generated intangible assets, largely in relation to software and website costs, in the current year in accordance with the capitalisation criteria in IAS 38 “Intangible Assets” (“IAS 38”). Due to the judgements applied in determining whether a product is technically feasible and commercially viable and the complexity of the criteria applied, we consider there to be a key audit matter in relation to development costs being incorrectly capitalised. The carrying values of the capitalised development costs are disclosed in note 11 to the financial statements and the accounting policies section to the financial statements provides details of the critical accounting judgements. How the scope of our audit responded to the key audit matter We assessed management’s accounting treatment of intangible asset capitalisation by testing a sample of additions during the current year, through tracing to supporting evidence and assessing against the relevant criteria for capitalisation per IAS 38. In addition, we challenged management’s view on the technical and commercial viability of the projects, in order for us to form our own conclusion on whether these met the criteria for capitalisation and whether they represented an item which should be expensed. Key observations Based on the audit procedures performed, we concur that management has appropriately applied the principles of IAS 38. Accounting for the Group’s IPO transaction Key audit matter description During the current year the Group listed on AIM following a Group reorganisation. We consider there to be a key audit matter in relation to the relevant accounting for the IPO transaction, including the accounting for the associated costs of the transaction. GRC incurred £959k of related costs, with £245k being capitalised into share premium on the basis that these were directly related costs of issuing the shares. The remaining £714k have been expensed in the Income Statement and identified as being exceptional. The exceptional costs are described in note 3. How the scope of our audit responded to the key audit matter We audited all costs incurred in the transaction through tracing to supporting evidence and assessing these against the criteria for capitalisation to ensure that these had been appropriately accounted for. In addition, we challenged management on their accounting for the transaction by assessing the relevant steps as set out by management for appropriateness in line with accounting standards and the Companies Act 2006. Key observations Based on the audit procedures performed, we concur that management have appropriately accounted for the transaction. 34 GRC International Group plc Annual Report and Accounts 2018 Our application of materiality We define materiality as the magnitude of misstatement in the financial statements that makes it probable that the economic decisions of a reasonably knowledgeable person would be changed or influenced. We use materiality both in planning the scope of our audit work and in evaluating the results of our work. Based on our professional judgement, we determined materiality for the financial statements as a whole as follows: Financial statements Materiality £180,000 Basis for determining materiality Rationale for the benchmark applied Our materiality was determined on the basis of a combination of measures. A combination of revenue and adjusted profit based benchmarks have been selected as the Group remains in the growth phase where significant revenue and expenditure are incurred reflecting the Group’s increased activities. We agreed with the Audit Committee that we would report to the Committee all audit differences in excess of £9k, as well as differences below that threshold that, in our view, warranted reporting on qualitative grounds. We also report to the Audit Committee on disclosure matters that we identified when assessing the overall presentation of the financial statements. GRC International Group plc Annual Report and Accounts 2018 35 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc continued An overview of the scope of our audit Our Group audit was scoped by obtaining an understanding of the Group and its environment, including Group-wide controls, and assessing the risks of material misstatement at the Group level. Based on that assessment, one component was subject to a full scope audit by the Group audit team, two components were subject to specific audit procedures on material account balances, where the extent of our testing was based on our assessment of the risks of material misstatement and of the materiality of the Group’s operation at those businesses. In addition, one component was subject to a review at the Group level based on our assessment of the materiality of the Group’s operations at that component. All components where our Group audit was focused were audited by the Group audit team. The three components subject either to a full audit or specified audit procedures account for 95% of the Group’s revenue, 91% of the Group’s total expenses and 96% of the Group’s net assets. Our audit work for each component was executed at levels of materiality applicable to each individual component which were lower than Group materiality. The component materiality ranges from £72k to £171k. At the parent entity level we also tested the consolidation process and carried out analytical procedures to confirm our conclusion that there were no significant risks of material misstatement of the aggregated financial information of the remaining components not subject to audit or audit of specified account balances. 5% Revenue 9% 3% Total expenses 4% 6% Net assets 95% 88% 90% Full audit scope Specified audit procedures Review at Group level Full audit scope Specified audit procedures Review at Group level Full audit scope Specified audit procedures Review at Group level Other information The Directors are responsible for the other information. The other information comprises the information included in the Annual Report other than the financial statements and our Auditor’s Report thereon. We have nothing to report in respect of these matters. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. Responsibilities of Directors As explained more fully in the Directors’ Responsibilities Statement, the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s ability to continue as a going concern, disclosing as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or to cease operations, or have no realistic alternative but to do so. 36 GRC International Group plc Annual Report and Accounts 2018 Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. A further description of our responsibilities for the audit of the financial statements is located on the FRC’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our Auditor’s Report. Report on other legal and regulatory requirements Opinions on other matters prescribed by our engagement letter In our opinion, based on the work undertaken in the course of the audit: • the information given in the Strategic Report and the Directors’ Report for the financial year for which the financial statements are prepared is consistent with the financial statements; and • the Strategic Report and the Directors’ Report have been prepared in accordance with applicable legal requirements that would apply for financial statements prepared under the Companies Act 2006. In the light of the knowledge and understanding of the Group and or the Parent Company and their environment obtained in the course of the audit, we have not identified any material misstatements in the strategic report or the Directors’ Report. Matters on which we are required to report by exception Adequacy of explanations received and accounting records Under our engagement letter we are required to report to you if, in our opinion: • we have not received all the information and explanations we require for our audit; or • adequate accounting records have not been kept by the Parent Company, or returns adequate for our audit have not been received from branches not visited by us. We have nothing to report in respect of these matters. Directors’ remuneration Under our engagement letter we are also required to report if in our opinion certain disclosures of Directors’ remuneration that are required by the Companies Act 2006, if the financial statements were prepared on this basis, have not been made. We have nothing to report in respect of this matter. Other matter As the subsidiary companies were exempt from audit under section 477 of the Companies Act 2006 in the prior year we have not audited the corresponding amounts for that year. Use of our report This report is made solely to the Company’s members, as a body, in accordance with the requirements under the London Stock Exchange AIM rules for companies to publish annual audited accounts to its shareholders. Our audit work has been undertaken so that we might state to the Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Company and the Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Julian Rae (Senior statutory auditor) For and on behalf of Deloitte LLP Statutory Auditor Cambridge, United Kingdom 26 September 2018 GRC International Group plc Annual Report and Accounts 2018 37 Financial StatementsCorporate GovernanceStrategic Report Consolidated Income Statement For the year ended 31 March Revenue Cost of sales Gross profit Administrative expenses: – Other administrative expenses – Share-based payment charge – Exceptional administrative expenses Total administrative expenses Other operating income Operating profit Finance income Finance costs Profit before taxation Taxation Profit for the financial year Profit for the financial year attributable to: The Group’s equity shareholders Basic earnings per share (pence) Diluted earnings per share (pence) All of the Group’s profit relates to continuing operations. Unaudited 2017 £ 6,833,303 (2,736,743) 4,096,560 (3,380,090) – – (3,380,090) 25,694 742,164 – (32,000) 710,164 (73,872) 636,292 Notes 2018 £ 2 15,688,216 (6,163,690) 9,524,526 (8,384,858) (82,560) (714,251) (9,181,669) 21,875 364,732 516 (9,902) 355,346 (153,495) 201,851 3 4 6 7 8 9 9 201,851 636,292 0.40 0.39 1.27 1.26 The accompanying accounting policies and notes form an integral part of these financial statements. Consolidated Statement of Comprehensive Income For the year ended 31 March Profit for the financial year Other comprehensive income – items that may subsequently be reclassified to profit/loss: Exchange differences on translation of foreign operations Other comprehensive income/(loss) for the financial year, net of tax Total comprehensive income for the financial year The accompanying accounting policies and notes form an integral part of these financial statements. 2018 £ 201,851 1,699 1,699 Unaudited 2017 £ 636,292 (1,020) (1,020) 203,550 635,272 38 GRC International Group plc Annual Report and Accounts 2018 Consolidated Balance Sheet As at 31 March Assets Non-current assets Intangible assets Property, plant and equipment Deferred tax Current assets Inventories Trade and other receivables Cash at bank Current liabilities Trade and other payables Finance lease payables Borrowings Current tax Net current (liabilities)/assets Non-current liabilities Borrowings Finance lease payables Net assets Equity Share capital Share premium Share-based payment reserve Retained earnings Capital redemption reserve Translation reserve Total equity Notes 2018 £ Unaudited 2017 £ Unaudited 2016 £ 11 12 8 13 14 15 16 21 17 17 21 23 1,596,894 424,019 641,165 2,662,078 76,171 2,637,309 5,557,576 8,271,056 (4,636,265) (9,516) (51,366) (301,831) (4,998,978) 3,272,078 1,043,170 132,654 88,444 912,991 112,384 127,316 1,264,268 1,152,691 38,626 1,673,090 413,552 34,575 1,042,164 11,490 2,125,268 1,088,229 (1,828,611) (10,170) (80,031) (141,205) (1,194,162) (4,463) (171,857) (106,205) (2,060,017) (1,476,687) 65,251 (388,458) (28,143) (5,667) (33,810) (82,416) (15,183) (163,009) (4,576) (97,599) (167,585) 5,900,346 1,231,920 596,648 57,463 4,792,828 628,150 421,221 5 679 5,900,346 1,798 1,137,098 – 94,043 1 (1,020) 1,798 1,137,098 – (542,249) 1 – 1,231,920 596,648 The financial statements were approved by the Board of Directors and authorised for issue on 26 September 2018 and were signed on its behalf by: Chris Hartshorne Director Company registration number: 11036180 The accompanying accounting policies and notes form an integral part of these financial statements. GRC International Group plc Annual Report and Accounts 2018 39 Financial StatementsCorporate GovernanceStrategic Report Consolidated Statement of Changes in Equity For the year ended 31 March Total £ 1,231,920 201,851 1,699 203,550 – (951,320) (11,994) – 82,560 545,590 5,040 5,040,000 (245,000) 4,464,876 5,900,346 Total £ 596,648 636,292 (1,020) 635,272 1,231,920 For the year ended 31 March 2018 Balance at 1 April 2017 Profit for the year Foreign exchange difference on consolidation Total comprehensive income for the year Capital reduction Dividends Purchase of own shares Bonus issue Share-based payment expense Deferred tax on share-based payments Shares issued on exercise of share options Shares issued Cost of share issue Share premium £ Share-based payment reserve £ Share capital £ 1,798 – 1,137,098 – Retained earnings £ Translation reserve £ 94,043 201,851 (1,020) – – 1,699 – – – – – – – – (4) 48,457 – – – (1,137,098) – – – – – 12 7,200 – 5,028 5,032,800 (245,000) – – – – – 82,560 545,590 201,851 1,137,098 (951,320) (11,994) (48,457) – – – – – – – – 1,699 – – – – – – – – – – Capital redemption reserve £ 1 – – – – – 4 – – – – – – 4 5 Transactions with owners 55,665 3,655,730 628,150 125,327 At 31 March 2018 57,463 4,792,828 628,150 421,221 679 For the year ended 31 March 2017 (unaudited) Balance at 1 April 2016 Profit for the year Other comprehensive income Total comprehensive income for the year Balance at 31 March 2017 Share capital £ 1,798 – – – Share premium £ 1,137,098 – – Retained earnings £ (542,249) 636,292 – – 636,292 1,798 1,137,098 94,043 Translation reserve £ Capital redemption reserve £ – – (1,020) (1,020) (1,020) 1 – – – 1 The accompanying accounting policies and notes form an integral part of these financial statements. 40 GRC International Group plc Annual Report and Accounts 2018 Consolidated Statement of Cash Flows For the year ended 31 March Cash flow from operating activities Profit before tax Depreciation Amortisation Share-based payment expense Foreign exchange losses Finance income Finance costs Operating cash flows before changes in working capital Increase in inventories Increase in trade and other receivables Increase in trade and other payables Net cash inflow from operating activities Cash flow from investing activities Purchase of intangible assets Purchase of plant and equipment Interest received Net cash outflow in investing activities Net cash flow from financing activities Purchase of own shares Proceeds from issue of shares Costs of share issue Dividends paid Repayment of loans Interest paid Interest on finance leases Capital element of finance lease payments Net cash inflow/(outflow) from financing activities Net increase in cash and cash equivalents Cash and cash equivalents at the beginning of financial year Effects of exchange rate changes Cash and cash equivalents at the end of financial year Comprising Cash at bank The accompanying accounting policies and notes form an integral part of these financial statements. Notes 2018 £ 355,346 108,944 391,550 82,560 41,851 (516) 9,902 989,637 (37,545) (1,529,039) 2,807,653 2,230,706 (945,268) (398,406) 516 (1,343,158) (11,994) 5,045,040 (245,000) (386,500) (80,127) (12,511) (202) (11,929) 4,296,777 5,184,325 413,552 (40,301) 5,557,576 Unaudited 2017 £ 710,164 51,819 274,288 – 7,114 – 32,000 1,075,385 (4,051) (630,926) 634,449 1,074,857 (404,467) (44,890) – (449,357) – – – – (93,979) (28,229) (4,427) (10,885) (137,520) 487,980 (66,294) (8,134) 413,552 15 5,557,576 413,552 GRC International Group plc Annual Report and Accounts 2018 41 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information GRC International Group plc (GRC International Group or the “Company”) is a public limited company limited by shares, incorporated and domiciled in England and Wales. The registered company number is 11036180 and the registered office is Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA. The principal activities of GRC International Group and its subsidiary companies is as a “one-stop shop” for IT governance including books, tools, learning and consultancy services. Principal accounting policies Basis of preparation and consolidation The consolidated financial statements of GRC International Group and entities controlled by the Company (its subsidiaries) (together, the “Group”) for the years presented, has been prepared in accordance with International Financial Reporting Standards (“IFRS”), as adopted by the EU and IFRIC interpretations. The results for the year ended 31 March 2018 include the results of GRC International Group and its subsidiaries; those for the year ended 31 March 2017 include the results of IT Governance Limited and its subsidiaries. The consolidated financial statements for the 2017 comparatives presented in these financial statements are based on the annual statutory accounts for the Group’s subsidiaries which have been lodged with the Registrar of Companies. Those statutory accounts were prepared (with transition disclosures) using FRS 102 for smaller entities. They were previously unaudited, but were subject to review during the Group’s admission process, and have been transitioned to IFRS for consolidation purposes (notes 28 and 29). A subsidiary is a company controlled directly by the Group. Control is achieved where the Group has the power over the investee, rights to variable returns and the ability to use the power to affect the investee’s returns. The addition of GRC International Group to the Group during the year was not accounted for as a business combination, but instead the consolidated accounts are presented as a continuation of the financial statements of the IT Governance Limited Group, adjusted only to reflect the share capital of the new legal parent. Income and expenses of subsidiaries acquired during the year are included in the Consolidated Income Statement from the effective date of control. When necessary, adjustments are made to the financial statements of subsidiaries to bring their accounting policies into line with those used by the Parent Company. All intra-Group transactions, balances, income and expenses are eliminated in full on consolidation. All accounting policies disclosed below apply to the Group for the years presented, unless otherwise explicitly stated. The Group has adopted IFRS for the first time in these financial statements (notes 28 and 29). IFRS is subject to amendment and interpretation by the IASB and the IFRS Interpretations Committee, and there is an ongoing process of review and endorsement by the European Commission. These accounting policies comply with each IFRS that is mandatory for accounting periods ending on 31 March 2018. The consolidated financial statements have been prepared under the historical cost convention. Financial information is presented in British pounds Sterling (£). The Directors of GRC International Group are responsible for the financial information and contents of the consolidated financial statements. Going concern The Group’s capital management policy is to generate positive cash flows from operating activities to finance the Group’s business operations, and where necessary to raise sufficient funding to finance the Group’s future investments and capital projects. The Group raised £5.04 million on 5 March 2018 through admission to AIM. During 2017 and 2018, the Group funded its business operations from operating cash flows which were positive for both years. In prior periods where losses were reported, borrowings provided working capital for the Group. Having reviewed the Group’s forecasts and projections to 31 March 2020 which, taking account of reasonably possible changes in trading performance, show that the Group is able to generate sufficient liquidity to continue in operational existence for the foreseeable future. On this basis,, the Directors believe that the Group will be able to generate sufficient cash through its normal business trading to enable it to continue its operations, and continue to meet, as and when they fall due, its planned and committed liabilities for at least the next 12 months from the date of approval of these financial statements. For this reason, the Directors continue to adopt the going concern basis in preparing the accounts. 42 GRC International Group plc Annual Report and Accounts 2018 IFRS transition The former Group has elected to adopt certain IFRS 1 exemptions from the full retrospective application of IFRS: 1. Exemption from applying IFRS 2 to options granted after 7 November 2002 and vested before the transition date. 2. Exemption in relation to IAS 23 which allows restatement to capitalise borrowing costs to begin only on the transition date, rather than requiring historical records to be recreated. The reconciliation between the previously reported UK GAAP numbers to those presented under IFRS are given in notes 28 and 29. Revenue recognition Revenue comprises revenue recognised in respect of goods and services supplied during the period, and is recognised to the extent that it is probable that the economic benefits will flow to the Group and the revenue can be reliably measured. Revenue is measured as the fair value of the consideration received or receivable, excluding discounts, rebates, value added tax and other sales taxes. The following criteria must also be met before revenue is recognised: Sale of goods Revenue from the sale of goods is recognised when all of the following conditions are satisfied: • the Group has transferred the significant risks and rewards of ownership to the buyer; • the Group retains neither continuing managerial involvement to the degree usually associated with ownership nor effective control over the goods sold; • the amount of revenue can be measured reliably; and • it is probable that the Group will receive the consideration due under the transaction. In the context of physical products (such as books and printed literature) revenue is recognised at the point of dispatch. Revenue for digital products is recognised at the point where the product is made available to the customer. Rendering of services Revenue from a contract to provide services is recognised in the period in which the services are provided in accordance with the stage of completion of the contract when all of the following conditions are satisfied: • the amount of revenue can be measured reliably; • it is probable that the Group will receive the consideration due under the contract; • the stage of completion of the contract at the end of the reporting period can be measured reliably; and • the costs incurred and the costs to complete the contract can be measured reliably. Training course revenue is recognised in full on day one of course delivery. Invoices raised in advance of courses taking place are held on the balance sheet as deferred income. Distance learning revenue is recognised at the date the online course is made available to the customer. Once the course is available to the customer the Group has fulfilled its contractual obligation to deliver. The date the user accesses and uses the course is not relevant. Consultancy revenue is recognised in line with the work being delivered, based on the consultants estimate of the stage of completion. Invoices raised in advance of work being delivered are held on the balance sheet as deferred income. Finance income and costs Interest income and expense is recognised using the effective interest method (the “EIR” method) which calculates the amortised cost of a financial asset or liability and allocates the interest income or expense over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts or payments through the expected life of the financial asset or liability to the net carrying amount of the financial asset or liability. GRC International Group plc Annual Report and Accounts 2018 43 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Intangible assets Acquired intangible assets An intangible asset is recognised if it is probable that the expected future economic benefits that are attributable to the asset will flow to the Group and the cost of the asset can be measured reliably. Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • the development costs can be measured reliably; • the project is technically and commercially feasible; • the Group intends, and has sufficient resources, to complete the project; • the Group has the ability to use or sell the software; and • the software will generate probable future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method, as appropriate, and are treated as changes in accounting estimates. The amortisation expense on intangible assets with finite lives is recognised in the Income Statement as administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the Income Statement when the asset is derecognised. Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Trademarks Software Website costs Marketing tools Courseware Publishing products Consultancy products 10 years 5 years 5 years 3 years 10 years 4 years 10 years Any capitalised internally developed intangible asset that is not yet complete is not amortised but is subject to impairment testing. Subsequent expenditures on the maintenance of computer software are expensed as incurred. 44 GRC International Group plc Annual Report and Accounts 2018 Property, plant and equipment Property, plant and equipment are stated at historical cost less depreciation less any recognised impairment losses. Cost includes expenditure that is directly attributable to the acquisition or construction of these items. Subsequent costs are included in the asset’s carrying amount only when it is probable that future economic benefits associated with the item will flow to the Group and the costs can be measured reliably. All other costs, including repairs and maintenance costs, are charged to the Income Statement in the period in which they are incurred. Depreciation is provided on all property, plant and equipment and is calculated as follows: 10 years straight-line basis Leasehold improvements 25–33% reducing balance basis Computer equipment 25% reducing balance basis Office equipment Depreciation is provided on cost less residual value. The residual value, depreciation methods and useful lives are annually reassessed. Each asset’s estimated useful life has been assessed with regard to its own physical life limitations and to possible future variations in those assessments. Estimates of remaining useful lives are made on a regular basis for all machinery and equipment, with annual reassessments for major items. Changes in estimates are accounted for prospectively. Assets held under finance leases are depreciated over their expected useful lives on the same basis as owned assets. However, when there is no reasonable certainty that ownership will be obtained by the end of the lease term, assets are depreciated over the shorter of the lease term and their useful lives. The gain or loss arising on disposal or scrapping of an asset is determined as the difference between the sales proceeds, net of selling costs, and the carrying amount of the asset and is recognised in the Income Statement. Impairment of non-financial assets At each balance sheet date, the Directors review the carrying amounts of the Group’s non-current assets, to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Directors estimated the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs of disposal and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimated future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. The impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. An impairment loss is recognised as an expense immediately. Where an impairment loss on non-financial assets subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash-generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. Inventory Inventory is stated at the lower of cost and net realisable value, being the estimated selling price less costs to complete and sell. Cost is based on the cost of purchase on a weighted average basis. At the balance sheet date, inventories are assessed for impairment. If inventories are impaired, the carrying amount is reduced to its selling price less costs to complete and sell. The impairment loss is recognised immediately in profit or loss. Cash at bank Cash at bank comprises cash on hand, deposits held at call with banks and other short-term highly liquid investments with original maturities of three months or less from inception. GRC International Group plc Annual Report and Accounts 2018 45 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Financial instruments Financial assets and financial liabilities are recognised when the Group becomes a party to the contractual provisions of the financial instrument. Financial assets and financial liabilities are measured initially at fair value plus transactions costs. Financial assets and financial liabilities are measured subsequently as described below. Financial assets The Group classifies its financial assets as “loans and receivables” and assesses at each balance sheet date whether there is objective evidence that a financial asset or a group of financial assets is impaired. Loans and receivables are non-derivative financial assets with fixed or determinable payments that are not quoted in an active market. They are included in current assets. Trade receivables are recognised initially at fair value and subsequently measured at amortised cost using the EIR method, less provision for impairment. A provision for impairment of trade receivables is established when there is objective evidence that the Group will not be able to collect all amounts due according to the original terms of the receivables. Significant financial difficulty, high probability of bankruptcy or default are considered indicators that the trade receivable is impaired. The amount of the provision is the difference between the asset’s carrying amount and the present value of the estimated future cash flows discounted at the original effective interest rate. The loss is recognised in the Income Statement. When a trade receivable is uncollectible, it is written off against the allowance account for trade receivables. Subsequent recoveries of amounts previously written off are credited to the Income Statement. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and all substantial risks and rewards are transferred. Financial liabilities The Group’s financial liabilities include trade and other payables and borrowings. Where the contractual obligations of financial instruments (including share capital) are equivalent to a similar debt instrument, those financial instruments are classified as financial liabilities. Trade and other payables and borrowings are recognised initially at fair value less transaction costs and subsequently measured at amortised cost using the EIR method. Amortised cost is calculated by taking into account any discount or premium on acquisition and fees or costs that are an integral part of the EIR. The EIR amortisation is included in finance costs in the Income Statement. Loans and borrowings, including bank overdrafts, are classified as current liabilities unless the Group has an unconditional right to defer the settlement of the liability for at least 12 months after the balance sheet date. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. Foreign currency The presentation currency for the Group’s consolidated financial statements is Sterling. Foreign currency transactions by Group companies are recorded in their functional currencies at the exchange rate at the date of the transaction. Monetary assets and liabilities have been translated at rates in effect at the balance sheet date, with any resulting exchange adjustments being charged or credited to the Income Statement, within “administrative expenses”. The Parent Company’s functional currency is Sterling. On consolidation, the assets and liabilities of the subsidiaries with a functional currency other than Sterling are translated into the Group’s presentational currency at the exchange rate at the balance sheet date and the Income Statement items are translated at the average rate for the period. The exchange difference arising on the translation from functional currency to presentational currency of subsidiaries is classified as other comprehensive income and is accumulated within equity as a translation reserve. The balance of the foreign currency translation reserve relating to a subsidiary that is disposed of, or partially disposed of, is recognised in the Income Statement at the time of disposal. Current taxation Current taxation for each taxable entity in the Group is based on the local taxable income at the local statutory tax rate enacted or substantively enacted at the balance sheet date and includes adjustments to tax payable or recoverable in respect of previous periods. 46 GRC International Group plc Annual Report and Accounts 2018 Deferred taxation Deferred taxation is calculated using the liability method, on temporary differences arising between the tax bases of assets and liabilities, and their carrying amounts in the consolidated financial statements. However, if the deferred tax arises from the initial recognition of an asset or liability in a transaction other than a business combination that at the time of the transaction affects neither accounting nor taxable profit or loss, it is not accounted for. No deferred tax is recognised on initial recognition of goodwill or on investment in subsidiaries. Deferred tax is determined using tax rates and laws that have been enacted or substantively enacted by the balance sheet date and are expected to apply when the related deferred tax asset is realised or the deferred tax liability is settled. Deferred tax liabilities are provided in full and are not discounted. Deferred tax assets are recognised to the extent that it is probable that future taxable profits will be available against which the temporary differences can be utilised. Changes in deferred tax assets or liabilities are recognised as a component of tax expense in the Income Statement, except where they relate to items that are charged or credited directly to equity in which case the related deferred tax is also charged or credited directly to equity. Deferred income tax assets and liabilities are offset when there is a legally enforceable right to offset current tax assets against current tax liabilities, and when the deferred income tax assets and liabilities relate to income taxes levied by the same taxation authority on either the same taxable entity or different taxable entities where there is an intention to settle the balances on a net basis. Employment benefits Provision is made in the financial statements for all employee benefits. Liabilities for wages and salaries, including non-monetary benefits and annual leave obliged to be settled within 12 months of the balance sheet date, are recognised in accruals. Contributions to defined contribution pension plans are charged to the Income Statement in the period to which the contributions relate. Leases Leases are classified as finance leases whenever the terms of the lease transfer substantially all the risks and rewards of ownership to the lessee. The interest element of finance lease payments is charged to profit or loss as finance costs over the period of the lease. All other leases are classified as operating leases. Operating lease payments are recognised as an expense on a straight-line basis over the lease term, except where another systematic basis is more representative of the time pattern in which economic benefits from the leased asset are consumed. In the event that lease incentives are received to enter into operating leases, such incentives are recognised as a liability. The aggregate benefit of incentives is recognised as a reduction of rental expense on a straight-line basis, except where another systematic basis is more representative of the time pattern in which economic benefits from the leased asset are consumed. Equity Equity comprises the following: • “Share capital” represents the nominal value of equity shares issued. • “Share premium” represents amounts subscribed for share capital, net of issue costs, in excess of nominal value. • “Share-based payment reserve” represents the accumulated value of share-based payments. • “Retained earnings” represents the accumulated profits and losses attributable to equity shareholders. • “Capital redemption reserve” represents the nominal value of shares repurchased by the Parent Company. • “Translation reserve” represents the exchange differences arising from the translation of the financial statements of subsidiaries into the Group’s presentational currency. Share-based payments Equity-settled share-based payments to employees and Directors are measured at the fair value of the equity instrument. The fair value of the equity-settled transactions with employees and Directors is recognised as an expense over the vesting period. The fair value of the equity instruments are determined at the date of grant, taking into account vesting conditions. The fair value of goods and services received are measured by reference to the fair value of options. The fair values of share options are measured using the Black-Scholes model. The expected life used in the model is adjusted, based on management’s best estimate of the effects of non-transferability, exercise restrictions and behavioural considerations. The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, over the period in which the performance and/or service conditions are fulfilled, ending on the date on which the relevant employees (or other beneficiaries) become fully entitled to the award (the “vesting date”). GRC International Group plc Annual Report and Accounts 2018 47 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Income Statement charge or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period. No expense is recognised for awards that do not ultimately vest, except for awards where vesting is conditional upon a market condition, which are treated as vesting irrespective of whether or not the market condition is satisfied, provided that all other performance and/or service conditions are satisfied. Where the terms of an equity-settled award are modified, the minimum expense recognised is the expense as if the terms had not been modified. An additional expense is recognised for any modification, which increases the total fair value of the share-based payment arrangement, or is otherwise beneficial to the employee as measured at the date of modification. Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award, as described in the previous paragraph. Where an equity-settled award is forfeited, the cumulative charge expensed up to the date of forfeiture is credited to the Income Statement. Segment reporting An operating segment is a component of an entity that engages in business activities from which it may earn revenues and incur expenses (including revenues and expenses related to transactions with other components of the same entity), whose operating results are regularly reviewed by the entity’s Chief Operating Decision Maker to make decisions about resources to be allocated to the segment and assess its performance, and for which discrete financial information is available. The Chief Operating Decision Maker has been identified as the Board of Directors, at which level strategic decisions are made. Details of the Group’s reporting segments are provided in note 1. New and amended IFRSs adopted by the Group The Group has adopted the following standards, amendments to standards and interpretations which are effective for the first time this year. The impact is shown below: New/revised IFRSs Annual Improvements to IFRSs (2014 – 2016 Cycle) Effective date: annual periods beginning on or after 1 January 2017 EU adopted Yes Impact on the Group These amendments clarify the requirements of IFRSs and eliminate inconsistencies within and between standards IAS 7 IAS 12 Disclosure Initiative – Amendments 1 January 2017 Yes Disclosures Recognition of Deferred Tax Assets for Unrealised Losses 1 January 2017 Yes Disclosures 48 GRC International Group plc Annual Report and Accounts 2018 IFRSs in issue but not yet effective At the date of authorisation of the consolidated financial statements, the IASB and IFRS Interpretations Committee have issued standards, interpretations and amendments which are applicable to the Group. Whilst these standards and interpretations are not effective for, and have not been applied in the preparation of, these consolidated financial statements, the following could have a material impact on the Group’s financial statements going forward: New/revised IFRSs IFRS 2 IFRS 9 IFRS 15 Amendments to IFRS 2 Classification and Measurement of Share-based Payment Transactions Financial Instruments: Classification and Measurement Revenue from Contracts with Customers and Clarifications to IFRS 15 Revenue from Contracts with Customers IFRS 16 Leases Annual Improvements to IFRSs 2015 – 2017 Cycle Effective date: annual periods beginning on or after EU adopted 1 January 2018 1 January 2018 1 January 2018 1 January 2019 1 January 2019 Yes Yes Yes Yes No New/revised IFRSs which are not considered to potentially have a material impact on the Group’s financial statements going forwards have been excluded from the above. Management anticipates that all relevant pronouncements will be adopted in the Group’s accounting policies for the first period beginning after the effective date of the pronouncement. New standards, interpretations and amendments not listed below are not expected to have a material impact on the Group’s financial statements. IFRS 9 “Financial Instruments” The new standard for financial instruments (IFRS 9) introduces extensive changes to IAS 39’s guidance on the classification and measurement of financial assets and introduces a new “expected credit loss” model for the impairment of financial assets. IFRS 9 also provides new guidance on the application of hedge accounting. Management has started to assess the impact of IFRS 9 but is not yet in a position to provide quantified information. At this stage, the main area of expected impact is as follows: • the classification and measurement of the Group’s financial assets will need to be reviewed based on the new criteria that considers the assets’ contractual cash flows and the business model in which they are managed. IFRS 15 “Revenue from Contracts with Customers” IFRS 15 presents new requirements for the recognition of revenue, replacing IAS 18 “Revenue”, IAS 11 “Construction Contracts”, and several revenue-related Interpretations. The new standard establishes a control-based revenue recognition model and provides additional guidance in many areas not covered in detail under existing IFRSs, including how to account for arrangements with multiple performance obligations, variable pricing, customer refund rights, supplier repurchase options, and other common complexities. Management is yet to complete its assessment of the impact of the standard and, therefore, is unable to provide quantified information. However, in order to determine the impact, the Group is currently in the process of reviewing all its contracts to ascertain how the new requirements will impact the identification of distinct goods or services and the allocation of consideration to them. IFRS 16 “Leases” IFRS 16 will replace IAS 17 and three related interpretations. It completes the IASB’s long-running project to overhaul lease accounting. Leases will be recorded on the balance sheet in the form of a right-of-use asset and a lease liability. Management is yet to fully assess the impact of the standard and, therefore, is unable to provide quantified information. However, in order to determine the impact, the Group are in the process of: • performing a full review of all agreements to assess whether any additional contracts will now become a lease under IFRS 16’s new definition; • deciding which transitional provision to adopt; either full retrospective application or partial retrospective application (which means comparatives do not need to be restated). The partial application method also provides optional relief from reassessing whether contracts in place are, or contain, a lease, as well as other reliefs. Deciding which of these practical expedients to adopt is important as they are one-off choices; • assessing their current disclosures for operating leases as these are likely to form the basis of the amounts to be capitalised and become right-of-use assets; • determining which optional accounting simplifications apply to their lease portfolio and if they are going to use these exemptions; and • assessing the additional disclosures that will be required. GRC International Group plc Annual Report and Accounts 2018 49 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Significant management judgements in applying accounting policies and key sources of estimation uncertainty The preparation of financial statements in conformity with generally accepted accounting practice requires management to make estimates and judgements that affect the reported amounts of assets and liabilities as well as the disclosure of contingent assets and liabilities at the reporting date and the reported amounts of revenues and expenses during the reporting period. Estimates and judgements are continually evaluated and are based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. Assumptions and accounting estimates are subject to regular review. Any revisions required to accounting estimates are recognised in the period in which the revisions are made including all future periods affected. Significant management judgements The following are significant management judgements in applying the accounting policies of the Group that have the most significant effect on the financial statements. Accounting for replacement share-based payments Subsequent to the restructuring to add GRC International Group as the Parent Company, share options have been issued by GRC to replace the existing vested share options held by certain Directors in IT Governance Limited. As these are a direct replacement of options due to the restructuring, a judgment was made by management not to revalue these replacement options, as a result of which no share-based payment charge has been recognised for the issue of the replacement options. If these were not classified as replacement options a share-based payment charge of £1,381,432 would be required. Capitalisation of internally developed intangible assets Determining whether the recognition requirements for the capitalisation of development costs are met requires judgement. Management considers the criteria set out in IAS 38 in advance of capitalising any projects. After capitalisation, management monitors whether the recognition requirements continue to be met and whether there are any indicators that capitalised costs may be impaired. Should a different judgement be taken, the amounts capitalised may differ from those presented in note 11. Recognition of deferred tax assets The extent to which deferred tax assets can be recognised is based on an assessment of the probability that future taxable income will be available against which the deductible temporary differences and timing differences on capital allowances can be utilised. In addition, significant judgement is required in assessing the impact of any legal or economic limits or uncertainties in various tax jurisdictions. Judgement is also applied in the recognition of deferred tax assets in respect of losses, based on management’s view of the availability of future profits to offset such losses. Estimation uncertainty Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. Recognition of service contract revenues Determining when to recognise revenues from services requires an understanding of both the nature and timing of the services provided and the customers’ pattern of consumption of those services, based on historical experience and knowledge of the market. Management estimate the stage of completion of the service being delivered at each balance sheet date, and consequently the value of revenue reported. 50 GRC International Group plc Annual Report and Accounts 2018 Notes to the Financial Statements 1. Segmental reporting Operating segments For the purposes of segmental reporting, the Group’s Chief Operating Decision Maker (“CODM”) is considered to be the Board of Directors. The Board identifies its operating segments based on the Group’s service lines, which represent the main product and services provided by the Group. Whilst the Board monitors revenue at a service stream level, costs are not separated and accordingly, in the opinion of the Board, the Group operates as a single operating segment. Revenue by geographic destination Revenue across all operating segments is generated from the UK and Ireland but includes overseas sales to other countries: UK Non-UK Information about major customers No customer contributed 10% or more to the Group’s revenue in any period presented. 2. Revenue Revenue is all derived from continuing operations. The analysis of revenue by category: Sale of goods Provision of services Other income Interest on cash deposits Total revenue 3. Exceptional administrative costs Expenses relating to the Group’s AIM admission 4. Operating profit Operating profit is stated after charging: Depreciation of property, plant and equipment Amortisation of intangible fixed assets Auditor’s remuneration: – Fees payable for the audit of the annual accounts Foreign exchange charges Operating lease costs: – buildings – other No non-audit fees were paid to the auditor. 2018 £ 12,666,042 3,022,174 15,688,216 Unaudited 2017 £ 5,525,068 1,308,235 6,833,303 2018 £ 1,646,650 14,041,566 15,688,216 21,875 516 15,710,607 2018 £ 714,251 Unaudited 2017 £ 1,034,520 5,798,783 6,833,303 25,694 – 6,858,997 Unaudited 2017 £ – 2018 £ Unaudited 2017 £ 108,944 391,550 110,000 41,851 111,410 10,170 51,819 274,288 – 7,114 95,688 12,306 GRC International Group plc Annual Report and Accounts 2018 51 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 5. Employees The aggregate payroll costs of the employees were as follows: Staff costs Wages and salaries Social security costs Share-based payment charge Pension costs Average monthly number of persons employed by the Group during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. Details of key management personnel and their remuneration are disclosed within note 25. 6. Finance income Interest on cash deposits 7. Finance costs Interest on overdrafts Interest on loans Interest on finance leases 8. Taxation on ordinary activities Analysis of charge in the year: Corporation tax – current year Foreign tax – current year Deferred tax – current year movement (see deferred tax table opposite) Total tax charge 52 GRC International Group plc Annual Report and Accounts 2018 2018 £ Unaudited 2017 £ 7,275,850 822,837 82,560 35,292 8,216,539 2018 £ 83 94 177 2018 £ 516 2018 £ – 9,700 202 9,902 2018 £ 153,146 1,890 (1,541) 153,495 3,225,165 359,726 – 48,859 3,633,750 Unaudited 2017 £ 20 54 74 Unaudited 2017 £ – Unaudited 2017 £ 3,241 24,332 4,427 32,000 Unaudited 2017 £ 35,000 – 38,872 73,872 8. Taxation on ordinary activities continued Profit before taxation Profit by rate of tax (2018: 19%; 2017: 20%) Fixed asset timing differences Expenses not deductible for tax purposes Deferred tax asset not recognised on EUFT Deferred tax not recognised Adjustments to deferred tax in respect of prior periods Effect of change in tax rate Other movements Prior year restatement Effect of different tax rates of subsidiaries operating in other jurisdictions Total tax Deferred tax in equity Change in estimated excess tax deductions related to share-based payments Total income tax recognised directly in equity 2018 £ 355,346 67,516 1,560 145,930 1,890 – – 192 (2,329) (73,183) 11,919 153,495 2018 £ 545,590 545,590 Unaudited 2017 £ 710,164 142,033 475 67 – (2,662) (66,041) – – – – 73,872 Unaudited 2017 £ – – The Finance Act (No.2) 2015 included a reduction in the rate of corporation tax from 20% to 19% from 1 April 2017 and the Finance Act 2016 included a reduction in the main rate of corporation tax from 19% to 17% from 1 April 2020. These tax law changes received Royal Assent before the balance sheet date and therefore are reflected in the deferred tax position. At the balance sheet date, the Group has the following unused tax losses: Trading losses (UK) Trading losses (Ireland) Non-trading loan relationship deficits 2018 £ – 183,149 2,330 Unaudited 2017 £ 479,994 – 2,826 Unaudited 2016 £ 1,111,096 – 2,826 A deferred tax asset has been recognised in respect of all the tax losses as it is considered probable that there will be future taxable profits available. All losses may be carried forward indefinitely. At the balance sheet date, a deferred tax asset has not been recognised for excess unrelieved foreign tax of £19,848 (2017: £17,957; 2016: £12,960) on the basis that it is not considered probable that there will be future taxable profits available to utilise the double tax relief credit. GRC International Group plc Annual Report and Accounts 2018 53 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 8. Taxation on ordinary activities continued Deferred tax The following are the major deferred tax liabilities and assets recognised by the Group and movements thereon during the current and prior reporting period. Deferred tax assets and liabilities are offset where the Group has a legal enforceable right to do so. At 1 April 2016 Charge/(credit) to profit or loss At 31 March 2017 Charge/(credit) to profit or loss Credit direct to equity Prior year adjustment Effect of change in tax rate: – Income Statement – equity Deferred tax (asset)/liability at 31 March 2018 Fixed asset timing differences £ 168,256 (32,665) 135,591 (51,659) – – 5,438 – Retirement benefit obligations £ Share-based payments £ – (750) (750) (1,068) – – 112 – – – – (14,702) (582,903) – 1,548 61,358 Short term timing differences £ (106,205) (35,000) (141,205) – – (29,635) Tax losses (Ireland) £ – – – (22,894) – – Tax losses (UK) £ (189,367) 107,287 (82,080) 88,590 – – Total £ (127,316) 38,872 (88,444) (1,733) (582,903) (29,635) – – – – (6,906) – 192 61,358 89,370 (1,706) (534,699) (170,840) (22,894) (396) (641,165) 9. Earnings per share Basic earnings per share is based on the profit after tax for the year and the weighted average number of shares in issue during each year. Profit attributable to equity holders of the Group (£) Weighted average number of shares in issue (number) Basic earnings per share (pence) 2018 201,851 50,785,329 0.40 Unaudited 2017 636,292 50,254,905 1.27 Diluted earnings per share is calculated by adjusting the average number of shares in issue during the year to assume conversion of all dilutive potential ordinary shares. Taking the Group’s share options into consideration in respect of the Group’s weighted average number of ordinary shares for the purposes of diluted earnings per share, is as follows: Number of shares Dilutive (potential dilutive) effect of share options (number) Weighted average number of ordinary shares for the purposes of diluted earnings per share (number) Diluted earnings per share (pence) 2018 Unaudited 2017 378,786 51,164,115 0.39 68,340 50,323,245 1.26 54 GRC International Group plc Annual Report and Accounts 2018 10. Subsidiaries Details of the Group’s subsidiaries are as follows: Name of subsidiary and registered office address Principal activity Vigilant Software Limited Software development Place of incorporation and operation England and Wales Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA IT Governance Europe Limited 6th Floor, South Bank House, Barrow Street, Dublin 4, Ireland IT Governance USA Inc. 420 Lexington Avenue, Suite 300, New York, NY 10170, USA Information technology governance services Dormant company Ireland USA IT Governance Europe Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 10515710 IT Governance Consulting Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06145730 IT Governance Franchising Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06188477 IT Governance Publishing Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06082604 IT Governance Sales Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06548978 IT Governance Software Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06408767 IT Governance Training Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 06146546 ITG Certification Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 07421042 ITG Qualifications Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 08646907 ITG Security Testing Limited Dormant company* Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA Company Registration No: 07049209 * Dormant subsidiaries which have taken advantage of the s394A exemption from preparing individual accounts. England and Wales England and Wales England and Wales England and Wales England and Wales England and Wales England and Wales England and Wales England and Wales England and Wales % ownership held by the Group 2018 100% 100% 100% 100% 2017 100% 100% – 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% GRC International Group plc Annual Report and Accounts 2018 55 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 11. Intangible assets Cost At 1 April 2016 Additions At 31 March 2017 Additions Consultancy products £ Marketing tools £ Publishing products £ Courseware £ Software £ 72,097 8,385 80,482 – 40,803 6,084 46,887 15,996 176,494 30,790 207,284 8,217 381,258 971 382,229 70,981 606,660 270,580 877,240 564,042 Website costs £ 288,259 85,908 374,167 284,782 Trademarks £ Total £ 5,262 1,749 7,011 1,250 1,570,833 404,467 1,975,300 945,268 At 31 March 2018 80,482 62,883 215,501 453,210 1,441,282 658,949 8,261 2,920,568 Accumulated depreciation At 1 April 2016 Charge for year At 31 March 2017 Charge for year Foreign exchange movement 14,998 7,291 22,289 7,548 27,202 15,072 42,274 5,189 111,938 27,796 139,734 32,124 89,721 36,099 125,820 41,598 224,118 142,618 366,736 224,440 188,589 44,508 233,097 79,649 – – – (6) – – 1,276 904 2,180 1,002 – 657,842 274,288 932,130 391,550 (6) At 31 March 2018 29,837 47,463 171,858 167,412 591,176 312,746 3,182 1,323,674 Net book value At 31 March 2018 At 31 March 2017 At 1 April 2016 50,645 15,420 43,643 285,798 850,106 346,203 5,079 1,596,894 58,193 57,099 4,613 13,601 67,550 64,556 256,409 510,504 141,070 291,537 382,542 99,670 4,831 3,986 1,043,170 912,991 Amortisation is included within administrative expenses. 12. Property, plant and equipment Cost At 1 April 2016 Additions At 31 March 2017 Additions Foreign exchange movement At 31 March 2018 Accumulated depreciation At 1 April 2016 Charge for year At 31 March 2017 Charge for year Foreign exchange movement At 31 March 2018 Net book value At 31 March 2018 At 31 March 2017 At 31 March 2016 Leasehold improvements £ Computer equipment £ Office equipment £ 32,616 2,253 34,869 53,500 – 196,160 66,227 262,387 322,127 129 16,441 3,609 20,050 24,539 10 Total £ 245,217 72,089 317,306 400,166 139 88,369 584,643 44,599 717,611 11,926 3,829 15,755 7,985 – 110,126 44,059 154,185 95,566 (3) 10,781 3,931 14,712 5,393 (1) 132,833 51,819 184,652 108,944 (4) 23,740 249,748 20,104 293,592 64,629 334,895 24,495 424,019 19,114 20,690 108,202 86,034 5,338 5,660 132,654 112,384 Depreciation is included within administrative expenses. Included within the computer equipment net book values above is £18,509 (2017: £30,012; 2016: £13,290) relating to assets held under finance leases. 56 GRC International Group plc Annual Report and Accounts 2018 13. Inventories Finished goods for resale Amounts of inventories recognised as an expense during the period as cost of sales Amounts of inventories (written back)/impaired during the period 14. Trade and other receivables Trade receivables Director’s loan receivable Other receivables Accrued income Prepayments 2018 £ 76,171 Unaudited 2017 £ Unaudited 2016 £ 38,626 34,575 2018 £ 40,532 2018 £ (5,011) Unaudited 2017 £ 716,232 731,323 45,085 – 180,450 Unaudited 2017 £ 22,532 Unaudited 2017 £ 4,464 Unaudited 2016 £ 198,514 566,494 37,958 137,431 101,767 1,673,090 1,042,164 2018 £ 2,228,899 – 66,427 – 341,983 2,637,309 The Directors consider the carrying value of trade and other receivables is approximate to its fair value. All of the Group’s trade and other receivables have been reviewed for indicators of impairment. The Group suffers a small incidence of credit losses. At 31 March, the Group has certain trade receivables that have not been settled by the contractual due date but are not considered to be impaired. The amounts at 31 March, analysed by the length of time past due, are: Not more than 30 days More than 30 days but not more than 60 days More than 60 days but not more than 90 days More than 90 days 15. Cash and cash equivalents Cash at bank (GBP) Cash at bank (EUR) Cash at bank (USD) Cash at bank (AUD) Cash at bank (other currencies) 2018 £ 420,970 97,141 49,724 74,050 641,885 Unaudited 2017 £ 118,294 19,716 7,720 15,354 161,084 Unaudited 2016 £ 30,625 8,562 69 – 39,256 2018 £ Unaudited 2017 £ Unaudited 2016 £ 5,447,646 17,378 90,653 960 939 5,557,576 378,770 8,272 23,512 2,923 75 413,552 3,038 379 846 6,276 951 11,490 All significant cash and cash equivalents were deposited with major clearing banks with at least an ‘A’ rating. Details of bank overdrafts are given in note 17. GRC International Group plc Annual Report and Accounts 2018 57 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 16. Trade and other payables Amounts falling due within one year: Trade payables Other taxation and social security Other payables Director’s loan payable Deferred income Accruals 17. Borrowings Secured – at amortised cost – Bank overdrafts – Bank loans – Other loans Current Non-current: – 1–2 years – 2–5 years 2018 £ 1,516,315 1,019,555 141,046 – 1,394,946 564,403 4,636,265 Unaudited 2017 £ 355,963 423,408 46,636 – 802,922 199,682 Unaudited 2016 £ 319,109 242,752 53,907 21,824 437,155 119,415 1,828,611 1,194,162 2018 £ Unaudited 2017 £ Unaudited 2016 £ – 2,297 77,212 79,509 51,366 28,143 – 79,509 – 30,246 132,201 77,784 56,610 200,472 162,447 334,866 80,031 171,857 54,273 28,143 80,593 82,416 162,447 334,866 Summary of borrowing arrangements The Group has an overdraft facility which comprised £nil at the end of 2018 (2017: £nil; 2016: £77,784). The facility is uncommitted and secured with fixed and floating charges over the assets of the Group. The Group has a number of loans in issue during the periods presented. These are secured with fixed and floating charges over the assets of the Group and are summarised as follows: 1. HSBC loan agreement – £125,000 in March 2013 over five years at 5.45% interest above the bank’s base rate. 2. Directors’ Pension scheme loan L003 – £40,000 in October 2011 over five years at 3.5% interest. This was repaid during the year ended 31 March 2017. 3. Directors’ Pension scheme loan L004 – £66,000 in October 2012 over five years at 3.5% interest. This was repaid during the year ended 31 March 2018. 4. Funding circle loan 2 – £65,000 in September 2013 over three years at 12.2% APR interest. This was repaid during the year ended 31 March 2017. 5. Funding circle loan 3 – £140,640 in October 2014 over five years at 14.69% APR interest. 6. Directors’ Pension scheme loan – £70,000 in October 2014 over five years at 9.5% APR interest. The loans from the Directors’ pension fund are secured by fixed charges over the registered trademarks. 58 GRC International Group plc Annual Report and Accounts 2018 18. Financial instruments Classification of financial instruments The fair value hierarchy groups financial assets and liabilities into three levels based on the significance of inputs used in measuring the fair value of the financial assets and liabilities. The fair value hierarchy has the following levels: • Level 1: quoted prices (unadjusted) in active markets for identical assets or liabilities; • Level 2: inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices); and • Level 3: inputs for the asset or liability that are not based on observable market data (unobservable inputs). The level within which the financial asset or liability is classified is determined based on the lowest level of significant input to the fair value measurement. The Group does not hold any financial instruments measured at fair value through profit or loss. The tables below set out the Group’s accounting classification of each class of its financial assets and liabilities. Financial assets Trade receivables (note 14) Director’s loan receivable (notes 14, 25) Accrued income (note 14) Cash and cash equivalents (note 15) Loans and receivables 2018 £ 2,228,899 – – 2,228,899 Unaudited 2017 £ 716,232 731,323 – Unaudited 2016 £ 198,514 566,494 137,431 1,447,555 902,439 Cash and cash equivalents 2018 £ Unaudited 2017 £ Unaudited 2016 £ 5,557,576 413,552 11,490 All of the above financial assets’ carrying values are approximate to their fair values, as at each reporting date disclosed. Financial liabilities Trade payables (note 16) Director’s loan payable (note 16, 25) Accruals (note 16) Finance lease payables (note 21) Bank overdrafts (note 17) Bank loans (note 17) Other loans (note 17) Measured at amortised cost 2018 £ Unaudited 2017 £ Unaudited 2016 £ 1,516,315 – 564,403 15,183 – 2,297 77,212 2,175,410 355,963 – 199,682 25,353 – 30,246 132,201 319,109 21,824 119,415 9,039 77,784 56,610 200,472 743,445 804,253 All of the above financial liabilities’ carrying values are considered by management to be approximate to their fair values, as at each reporting date disclosed. GRC International Group plc Annual Report and Accounts 2018 59 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 19. Financial instrument risk exposure and management The Group’s operations expose it to degrees of financial risk that include liquidity risk, credit risk, interest rate risk and foreign currency risk. This note describes the Group’s objectives, policies and process for managing those risks and the methods used to measure them. Further quantitative information in respect of these risks is presented in notes 14 to 20. Credit risk The Group’s credit risk is primarily attributable to its cash balances and trade receivables. In respect of trade and other receivables, the Group is not exposed to any significant credit risk exposure to any single counterparty or any group of counterparties having similar characteristics. Trade receivables consist of a large number of customers in various industries and geographical areas. Based on historical information about customer default rates management consider the credit quality of trade receivables that are not past due or impaired to be good. The credit risk on liquid funds is limited because the third parties are large international banks with a credit rating of at least A. The Group’s total credit risk amounts to the total of the sum of the receivables and cash and cash equivalents. At the 2018 year end, this amounts to £7,786,425 (2017: £1,296,287; 2016: £489,109). Interest rate risk The Group has secured debt consisting of bank overdrafts, bank loans and other loans. The interest on most of the loans (with the exception of the FELM loan repaid during 2014 – 2015 and the HSBC bank loan) is fixed. Variable rate interest applies to the overdraft which is a short-term liability, and therefore interest rate risk is considered to be limited. The interest on the bank loan and the overdraft is variable. Based on year end balances a 1% increase in interest rates would impact profit and equity by £23 (2017: £302). The Group’s only other exposure to interest rate risk is the interest received on the cash held on deposit, which is immaterial. Foreign exchange risk Most of the Group’s transactions are carried out in GBP. Exposures to foreign currency exchange rates arise from the Group’s overseas sales and purchases, which are denominated in a number of currencies, primarily USD, EUR and AUD. Cash balances held in these currencies are relatively immaterial (see note 15) and transactional risk is considered manageable. The Group does not hold material non-domestic balances and currently does not consider it necessary to take any action to mitigate foreign exchange risk due to the immateriality of that risk. Liquidity risk Prudent liquidity risk management includes maintaining sufficient cash balances to ensure the Group can meet liabilities as they fall due, and ensuring adequate working capital using invoice financing arrangements. In managing liquidity risk, the main objective of the Group is, therefore, to ensure that it has the ability to pay all of its liabilities as they fall due. The Group monitors its levels of working capital to ensure that it can meet its debt repayments as they fall due. The table below shows the undiscounted cash flows on the Group’s financial liabilities as at 31 March 2018, 2017 and 2016, on the basis of their earliest possible contractual maturity. At 31 March 2018 Trade payables Accruals Finance lease payables Bank loans Other loans Total £ On demand £ Within 2 months £ Within 2–6 months £ 6–12 months £ 1–2 years £ Greater than 2 years £ 1,516,315 564,403 15,183 62,771 235,256 2,393,928 – – – – – – 1,516,315 – – 4,829 17,221 – 564,403 1,848 9,657 34,441 1,538,365 610,349 – – 8,759 14,485 35,563 58,807 – – 4,576 28,971 63,667 97,214 – – – 4,829 84,364 89,193 60 GRC International Group plc Annual Report and Accounts 2018 19. Financial instrument risk exposure and management continued Unaudited At 31 March 2017 Trade payables Accruals Finance lease payables Bank loans Other loans Unaudited At 31 March 2016 Trade payables Director’s loan payable Accruals Finance lease payables Bank overdrafts Bank loans Other loans Total £ On demand £ 355,963 199,682 25,353 33,801 148,033 762,832 – – – – – – Total £ On demand £ 319,109 21,824 119,415 9,039 77,784 62,772 235,256 845,199 – – – – 77,784 – – 77,784 Within 2 months £ 355,963 – 2,543 4,829 11,612 374,947 Within 2 months £ 319,109 – – – – 4,829 17,221 341,159 Within 2–6 months £ – 199,682 2,543 9,657 23,224 235,106 Within 2–6 months £ – 21,824 119,415 1,848 – 9,657 34,441 187,185 6–12 months £ 1–2 years £ Greater than 2 years £ – – 5,085 14,486 28,832 48,403 – – 9,516 4,829 55,263 69,608 – – 5,666 – 29,102 34,768 6–12 months £ 1–2 years £ Greater than 2 years £ – – – 2,615 – 14,486 35,563 52,664 – – – 4,576 – 28,971 63,667 97,214 – – – – – 4,829 84,364 89,193 20. Capital management The Group’s capital management objectives are: • to ensure the Group’s ability to continue as a going concern; and • to provide long-term returns to shareholders. The Group defines and monitors capital on the basis of the carrying amount of equity plus its outstanding loan notes, less cash and cash equivalents as presented on the face of the balance sheet and as follows: Equity Borrowings (note 17) Less: cash and cash equivalents (note 15) 2018 £ 5,900,346 79,509 (5,557,576) 422,279 Unaudited 2017 £ 1,231,920 162,447 (413,552) Unaudited 2016 £ 596,648 334,866 (11,490) 980,815 920,024 The Board of Directors monitors the level of capital as compared to the Group’s commitments and adjusts the level of capital as is determined to be necessary by issuing new shares or adjusting the level of debt. The Group is not subject to any externally imposed capital requirements. 21. Leasing arrangements Operating leases Operating leases primarily relate to land and buildings, and photocopiers. The Group does not have an option to purchase any of the operating leased assets at the expiry of the lease periods. Payments recognised as an expense are disclosed in note 4. New operating leases were entered into in January 2017 with a term of ten years, including a break clause in 2022, after five years. GRC International Group plc Annual Report and Accounts 2018 61 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 21. Leasing arrangements continued Aggregate future minimum lease payments under non-cancellable operating lease commitments Land and buildings Not later than one year After one year and not later than five years After five years Other Not later than 1 year Finance leases The Group leased certain items of its equipment under finance leases. The Group’s obligations under finance leases are secured by the lessors’ title to the leased assets. Finance lease liabilities minimum lease payments: Not later than one year Later than one year and not later than five years Less: future finance charges Present value of minimum lease payments Finance lease liabilities are included in liabilities: Current Non-current 2018 £ Unaudited 2017 £ Unaudited 2016 £ 124,107 450,136 318,721 892,964 89,107 356,428 445,535 891,070 89,107 – – 89,107 – – 3,561 2018 £ 9,516 6,021 (354) 15,183 2018 £ 9,516 5,667 15,183 Unaudited 2017 £ Unaudited 2016 £ 10,170 15,755 (572) 25,353 4,463 4,884 (308) 9,039 Unaudited 2017 £ Unaudited 2016 £ 10,170 15,183 25,353 4,463 4,576 9,039 22. Retirement benefit plans Benefits from the contributory pension schemes to which the Group contribute are related to the cash value of the funds at retirement dates. The Group is under no obligation to provide any minimum level of benefits. The assets of the schemes are administered by trustees in funds independent of the Group. During the year £33,400 was recognised in the Income Statement in relation to pension contributions (2017: £29,800). As at 31 March 2018, £nil is payable to pension schemes (2017: £nil). 23. Share capital The total allotted share capital of the Company is: Authorised, allotted, issued and fully paid Ordinary shares of £0.001 each Ordinary shares of £0.005 each A Ordinary shares of £0.005 each B Ordinary shares of £0.005 each 62 GRC International Group plc Annual Report and Accounts 2018 2018 Number 57,462,940 Unaudited 2016 Number 214,456 118,166 27,060 359,682 £ 1,072 591 135 1,798 £ 57,463 £ 1,072 591 135 1,798 Unaudited 2017 Number 214,456 118,166 27,060 359,682 23. Share capital continued Issues of shares by IT Governance Limited During the year ended 31 March 2018, prior to the restructuring of the Group to add GRC International Group as the holding company of the Group, shares were issued by IT Governance as follows: Allotments: Ordinary shares of £0.005 each Bonus issue A Ordinary shares of £0.005 each Bonus issue B Ordinary shares of £0.005 each Bonus issue Number Share capital £ Share premium £ Total proceeds £ 5,790,312 28,952 3,170,367 15,852 730,620 9,691,299 3,653 48,457 – – – – – – – – Repurchase of shares by IT Governance Limited During the year, prior to the restructuring to add GRC International Group as the Parent Company of the Group, IT Governance Limited repurchased 745 A ordinary shares for consideration of £11,994. Issues of shares by GRC International Group During the year ended 31 March 2018, further to the restructuring of the Group to add GRC International Group as the holding company of the Group, shares were issued by GRC International Group as follows: Ordinary shares of £0.001 each Allotments: 1 February 2018 – share-for-share issue to add GRC International Group as Parent Company of the Group 12 February 2018 Share split 5 March 2018 Cost of share issue Number Share capital £ Share premium £ Total proceeds £ 10,050,236 2,352 40,210,352 7,200,000 – 50,251 12 – 7,200 – – 5,028 – 5,032,800 (245,000) 50,251 5,040 – 5,040,000 (245,000) 57,462,940 57,463 4,792,828 4,850,291 Rights and obligations GRC Group International GRC Group International has one class of ordinary share. All shares rank pari passu in all respects, and the holders of all shares shall have the right (in particular) to receive notice of, and to attend and vote at, general meetings of the Company. IT Governance Limited The Directors may decide to pay dividends to the holders of each class of share on any basis which, in their sole judgement (acting in good faith), they consider appropriate. The ordinary shares, “A” ordinary shares and “B” ordinary shares in the Company shall otherwise rank pari passu in all respects, and the holders of all shares shall have the right (in particular) to receive notice of and to attend and vote at general meetings of the Company. 24. Share-based payments The Group operates a share option scheme to which the employees of the Group may be invited to participate by the Remuneration Committee. If the options remain unexercised after a period of ten years from the date of grant, the options expire. Options are forfeited if the employee leaves the Group before the options vest. As at 31 March 2017 and 31 March 2016, 12,000 options in IT Governance Limited were exercisable at £0.44 per share, 1,668 options were exercisable at £19.00 per share. The options were to be settled in equity once exercised. All of the options had vested prior to the date of transition to IFRS. IT Governance adopted the exemption from applying IFRS 2 to options granted after 7 November 2002 and vested before the IFRS transition date (note 29). These options have been cancelled during the year following the restructuring of the Group. GRC International Group has issued options during the year, including to the holders of the former options in IT Governance described above as replacement for the cancellation of those options. GRC International Group plc Annual Report and Accounts 2018 63 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 24. Share-based payments continued Details of the number of share options and the weighted average exercise price (“WAEP”) outstanding during the year are as follows: 2018 Outstanding at the beginning of the year (IT Governance) Cancelled Replacement options issued by GRC International Group New options issued in GRC International Group Option numbers and exercise price adjusted following share split Outstanding at the year end Number vested and exercisable at 31 March 2018 Unaudited 2017 Outstanding at the beginning of the year (IT Governance) Issued Outstanding at the year end Number vested and exercisable at 31 March 2017 Number of options 13,668 (13,668) 406,784 65,352 1,888,544 2,360,680 2,203,180 Number of options 13,668 – 13,668 13,668 WAEP £ 2.71 (2.71) 0.12 2.14 (0.32) 0.08 0.06 WAEP £ 2.71 – 2.71 2.71 The fair values of share options issued or extended in the current financial year were calculated using the Black-Scholes model as follows: Date of grant Number granted Share price at date of grant Exercise price Expected volatility Expected life from date of grant (years) Risk free rate Expected dividend yield Fair value/incremental fair value at date of grant Earliest vesting date Expiry date 12 Feb 18 12 Feb 18 12 Feb 18 31,500 £3.50 £2.14 59.93% 5.00 1.14% 0% £69,463 12 Feb 18 12 Feb 28 31,500 £3.50 £2.14 59.93% 5.50 1.14% 0% £71,196 31 Mar 19 12 Feb 28 2,352 £3.50 £2.14 59.93% 5.00 1.14% 0% £5,187 12 Feb 18 12 Feb 28 Expected volatility was determined based on the average historic volatility of a pool of comparable companies’ shares. The expected life used in the model has been adjusted, based on management’s best estimate, for the effects of non-transferability, exercise restrictions and behavioural considerations. The Group recognised total expenses of £82,560 in relation to share options accounted for as equity-settled share-based payment transactions during the year (2017: £nil) in relation to options issued to Directors during the year – these were recognised as expenses in the Income Statement. 25. Related party transactions Key management personnel are identified as the Directors, including non-statutory directors, and their remuneration is disclosed as follows: Remuneration of key management Remuneration Social security costs Share-based payment charge Pension contributions to defined contributions scheme 64 GRC International Group plc Annual Report and Accounts 2018 2018 £ Unaudited 2017 £ 628,250 82,166 82,560 34,479 827,455 107,600 12,610 – 30,172 150,382 25. Related party transactions continued Director loans The Group has short-term receivable and payable loan arrangements with Alan Calder. Balances outstanding at each balance sheet date for these are disclosed in note 14 and 16 respectively. 2017–18 The Group held no balance for the Director Loan Accounts as at 31 March 2018. Dividends of £731,320 were declared to Alan Calder by IT Governance Limited in December 2017 and Alan Calder repaid £3 leaving a balance of £nil at the year end (2017: £731,323). An additional £220,000 was subsequently declared as a final dividend payment from IT Governance Limited to Alan Calder. 2016–17 Alan Calder lent the Group £9,725 during the 2016 financial year. £4,848 was accrued as interest for the year. £1,674 of the payable amount was offset against the Director’s loan receivable during the year. £34,723 was repaid during the year leaving a balance payable at 31 March 2017 of £nil (2016: £21,824). Funds paid out to Alan Calder from the Director’s loan receivable were £166,503. As at 31 March 2017, a balance of £731,323 was outstanding (2016: £566,494). Other related party borrowings transactions are as follows Principal At 1 April 2016 Loans repaid At 31 March 2017 Loans repaid At 31 March 2018 Interest At 1 April 2016 Interest accrued Interest paid At 31 March 2017 Interest accrued Interest paid At 31 March 2018 Directors’ pension scheme £40,000 loan £66,000 loan £70,000 loan Total 5,035 (5,035) – – – – 449 (449) – – – – 24,972 (13,853) 11,119 (11,119) 53,402 (13,130) 40,272 (14,433) 83,409 (32,018) 51,391 (25,552) – 25,839 25,839 – 554 (554) – 97 (97) – – 4,511 (4,511) – 1,775 (1,775) – – 5,514 (5,514) – 1,872 (1,872) – Alan Calder and his wife are the trustees of the IT Governance Pension Fund. All loan notes terms’ are described in note 17. Interest is accounted for on an effective interest basis and included within borrowings on the balance sheet. Other related party transactions are as follows Xanthos Limited is considered a related party entity as Alan Calder is a co-owner of that company with his spouse (who runs the business) and was also a Director of that company until March 2017. Xanthos sub-lets office space from the Group, which comprises the other income received by the Group as disclosed in note 2. Transactions were carried out on an arm’s-length basis. Outstanding amounts due from Xanthos at 31 March 2018 totalled £2,100 (2017: £47). The Group also makes purchases from Xanthos. During the year to 31 March 2018, the Group made purchases totalling £464,052 from Xanthos (2017: £168,689). Outstanding amounts payable to Xanthos at 31 March 2017 totalled £27,709 (2017: £17,339). 26. Ultimate controlling party Alan Calder is considered the ultimate controlling party by virtue of his shareholding in GRC International Group. GRC International Group plc Annual Report and Accounts 2018 65 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 27. Events after the balance sheet date On 1 August 2018, the Group announced the acquisition of the domain, web platform, customer list and goodwill of www.gdpr.co.uk from Wonde Limited. The acquisition will be settled by a total cash consideration of £175,000. The Group will be enhancing the platform by making relevant books, e-learning and Data Protection Officer services available across the www.gdpr.co.uk website during August and the acquisition is expected to provide the Group with additional monthly sales of approximately £10,000. 28. Transition to IFRS This is the first time that the GRC International Group (IT Governance Group for comparative periods) has presented consolidated financial information under IFRS. GRC International Group was incorporated and added as the Parent Company of the Group during the year ended 31 March 2018. Prior to this, IT Governance was the Parent Company of the Group, hence why the comparative periods presented relate to the IT Governance Group. The accounting policies set out above have been applied in preparing the financial information for all periods presented. The opening IFRS balance sheet is as at 1 April 2016. The Group has not previously presented consolidated financial statements, having taken the small companies exemption from the requirement to do so. The previously published financial statements were prepared on the following basis: • For the years ended 31 March 2016 and 2017, the most recent previously published financial statements were prepared (with transition disclosures) using FRS 102 for smaller entities. Consolidated financial statements have been prepared for the Group using the previously published GAAP for reporting period presented, which information forms the starting point for the Group’s transition disclosures below. The conversion to IFRS has led to a number of changes in respect of the descriptions used and wording of accounting policies. The main changes are in respect to the primary statements. The Profit and Loss Account has been replaced with an Income Statement, and the Statement of Recognised Gains and Losses has been replaced with a Statement of Comprehensive Income which presents the result for the year as the total comprehensive income for the year instead of the profit for the year. A Statement of Changes in Equity is presented as a primary statement and provides information on the movements in equity during the financial year. Previously this information was presented as part of the movement in reserves and reconciliations of movement in shareholders’ funds notes. The Group’s Statement of Cash Flows is presented in accordance with IAS 7. Previous GAAP did not include the presentation of a statement of cash flows. The Group has adopted the following IFRS 1 exemptions: i. Exemption from applying IFRS 2 to options granted after 7 November 2002 and vested before the transition date. ii. Exemption in relation to IAS 23 which allows restatement to capitalise borrowing costs to begin only on the transition date, rather than requiring historical records to be re-created. The following notes relate to the numbered adjustments in note 29 below UK GAAP adjustments Derecognition of logo intangible assets and recognition of intangible amortisation for intangible assets not previously amortised. In some years dividends have been historically paid with insufficient distributable reserves being available. As such a UK GAAP adjustment has been made to reclassify these amounts as director’s loan due. Subsequent to the 2017 year end a resolution was passed to cancel the Company’s share premium account thereby creating sufficient distributable reserves to allow historic dividends to be redeclared. The cumulative impact on the profit and loss reserve for the year to 31 March 2017 is £564,820. Associated corporation tax liability due has been recognised net of deferred tax asset on the basis that management have assumed the tax will be fully recovered. 66 GRC International Group plc Annual Report and Accounts 2018 29. Reconciliation of equity and profit/(loss) under UK GAAP to IFRS – voluntary disclosure a) Reconciliation of equity at 31 March 2016 Assets Non-current assets Intangible assets Property, plant and equipment Deferred tax Current assets Inventories Trade and other receivables Cash and cash equivalents Current liabilities Trade and other payables Finance lease payables Borrowings Current tax Net current liabilities Non-current liabilities Borrowings Finance lease payables Net assets Capital and reserves Share capital Share premium Retained earnings Capital redemption reserve Shareholders’ funds 1 Reclassification of intangible assets previously recognised in tangible assets. UK GAAP (FRSSE) £ UK GAAP adjustments £ IFRS adjustments UK GAAP (FRSSE) restated £ 1 £ IFRS £ 1,117,763 230,358 21,111 (322,746) – 106,205 795,017 230,358 127,316 117,974 (117,974) – 1,369,232 (216,541) 1,152,691 34,575 617,344 11,490 – 424,820 – 34,575 1,042,164 11,490 663,409 424,820 1,088,229 (1,194,162) (4,463) (171,857) – – – – (106,205) (1,194,162) (4,463) (171,857) (106,205) (1,370,482) (106,205) (1,476,687) (707,073) 318,615 (388,458) (163,009) (4,576) (167,585) – – – (163,009) (4,576) (167,585) 494,574 102,074 596,648 1,798 1,137,098 (644,323) 1 494,574 – – 102,074 – 102,074 1,798 1,137,098 (542,249) 1 596,648 – – – – – – – – – – – – – – – – – – – – 912,991 112,384 127,316 1,152,691 34,575 1,042,164 11,490 1,088,229 (1,194,162) (4,463) (171,857) (106,205) (1,476,687) (388,458) (163,009) (4,576) (167,585) 596,648 1,798 1,137,098 (542,249) 1 596,648 GRC International Group plc Annual Report and Accounts 2018 67 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 29. Reconciliation of equity and profit/(loss) under UK GAAP to IFRS – voluntary disclosure continued b) Reconciliation of equity at 31 March 2017 UK GAAP (FRSSE) £ UK GAAP adjustments £ IFRS adjustments UK GAAP (FRSSE) restated £ 1 £ IFRS £ 1,270,691 287,676 – (382,543) – 88,444 888,148 287,676 88,444 155,022 (155,022) – 1,558,367 (294,099) 1,264,268 38,626 1,108,270 413,552 – 564,820 – 38,626 1,673,090 413,552 1,560,448 564,820 2,125,268 (1,828,611) (10,170) (80,031) – – – – (141,205) (1,828,611) (10,170) (80,031) (141,205) (1,918,812) (141,205) (2,060,017) (358,364) 423,615 65,251 (82,416) (15,183) (52,761) (150,360) – – 52,761 52,761 (82,416) (15,183) – (97,599) 1,049,643 182,277 1,231,920 1,798 1,137,098 (88,234) 1 (1,020) – – 182,277 – – 1,798 1,137,098 94,043 1 (1,020) 1,049,643 182,277 1,231,920 UK GAAP (FRSSE) £ UK GAAP adjustments £ IFRS adjustments UK GAAP (FRSSE) restated £ 6,833,303 (2,736,743) 4,096,560 (3,320,292) 25,694 801,962 (32,000) 769,962 (73,872) – – 6,833,303 (2,736,743) – (59,798) – (59,798) – (59,798) – 4,096,560 (3,380,090) 25,694 742,164 (32,000) 710,164 (73,872) 696,090 (59,798) 636,292 – – – – – – – – – – – – – – – – – – – – – – 1 £ – – – – – – – – – – 1,043,170 132,654 88,444 1,264,268 38,626 1,673,090 413,552 2,125,268 (1,828,611) (10,170) (80,031) (141,205) (2,060,017) 65,251 (82,416) (15,183) – (97,599) 1,231,920 1,798 1,137,098 94,043 1 (1,020) 1,231,920 IFRS £ 6,833,303 (2,736,743) 4,096,560 (3,380,090) 25,694 742,164 (32,000) 710,164 (73,872) 636,292 Assets Non-current assets Intangible assets Property, plant and equipment Deferred tax Current assets Inventories Trade and other receivables Cash and cash equivalents Current liabilities Trade and other payables Finance lease payables Borrowings Current tax Net current (liabilities)/assets Non-current liabilities Borrowings Finance lease payables Deferred tax Net assets Capital and reserves Share capital Share premium Retained earnings Capital redemption reserve Translation reserve Shareholders’ funds c) Reconciliation of profit for the year ended 31 March 2017 Revenue Cost of sales Gross profit Administrative expenses Other operating income Operating profit Finance costs Profit before taxation Taxation Profit after taxation 1 Reclassification of intangible assets previously recognised in tangible assets. 68 GRC International Group plc Annual Report and Accounts 2018 G R C I n t e r n a t i o n a l G r o u p p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 8 GRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group G R C I n t e r n a t i o n a l G r o u p p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 8

Continue reading text version or see original annual report in PDF format above