Gorman-Rupp Co.
Annual Report 2019

Plain-text annual report

G R C I n t e r n a t i o n a l G r o u p p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 9 A unique integrated cyber compliance company GRC International Group plc Annual Report and Accounts 2019 Page Title at start:Content Section at start: Introduction GRC International Group plc (AIM: GRC) is the holding company for a group of companies providing a range of products and services to address the IT governance, risk management and compliance requirements of organisations, operating a “one-stop shop” that enables our customers to meet current and future commercial requirements and regulatory standards. The Group is based in Ely near Cambridge, England, with offices in Scotland, Ireland, the US, Belgium and the Netherlands. Introduction Strategic Report 1-21 Highlights At a Glance Our Value Proposition Chairman’s Statement Chief Executive Officer’s Review Our Story so Far Market Overview Our Business Model and Strategy Financial Review Risk Management Key Performance Indicators Corporate Governance 22-37 Corporate Governance Statement Application of the QCA Code Board of Directors Audit Committee Report Remuneration Committee Report Directors’ Report Statement of Directors’ Responsibilities Financial Statements 38-84 Independent Auditor’s Report Consolidated Income Statement Consolidated Statement of Comprehensive Income Consolidated Balance Sheet Consolidated Statement of Changes in Equity Consolidated Statement of Cash Flows Nature of Operations and General Information Notes to the Financial Statements Company Balance Sheet Company Statement of Changes in Equity Notes to the Company Financial Statements 1 2 3 4 6 8 10 12 15 18 20 22 24 28 30 33 36 37 38 43 43 44 45 46 47 59 77 78 79 Forward-looking statements This Annual Report includes statements that are, or may be deemed to be, “forward-looking statements”. These statements are made by the Directors in good faith based on the information available to them up to the time of their approval of this report and such statements should be treated with caution due to the inherent uncertainties, including both economic and business risk factors, underlying any such forward-looking statements. Page Title at start:Content Section at start Highlights A year of strategic development for GRC International Group plc • Proceeds raised from our admission to trading on AIM in March 2018 used to accelerate our strategy to become a leading “one stop shop“ global supplier of IT governance, risk and compliance products and services • Considerable investment into building the infrastructure and management structures of the core business to facilitate future growth • Two acquisitions (DQM Group Holdings Ltd in March 2019 and www.gdpr.co.uk in August 2018) • Sustained growth in the Group’s range of cyber security products and services • Extensive new product and service development across all business divisions, continuing the Group’s track record in being sufficiently agile to meet customer requirements Financial highlights Revenue (£’000) £15,849 2018: £15,688 +1%1 Underlying EBITDA (£’000) £(4,336) 2018: £1,6622 (343%)1 Profit/(loss) before tax (£’000) £(5,365) 2018: £355 (1,610%)1 Profit/(loss) after tax (£’000) £(5,395) 2018: £202 (2,773%)1 Earnings per share (undiluted) (9.30)p 2018: 0.40p (2,425%)1 Operational highlights Total billings3 (£’000) £15,833 2018: £16,260 (3%)1 Website visits (‘000) 4,902 2018: 3,107 +58%1 Average FTE headcount 270 2018: 177 53%1 Website revenue (£’000) £3,374 2018: £4,683 (28%)1 Billings per month per FTE £4,881 2018: £7,465 (36%)1 Net customer additions4 3,300 2018: 1,000 +330%1 1 Year-on-year: 2019 compared with 2018 2 Underlying EBITDA (“Earnings Before Interest, Tax, Depreciation, Amortisation“) excludes share-based payment expenses and exceptional costs in relation to acquisitions made in the year 3 The relationship between billings and revenue is explained on page 20 4. Excluding customers acquired from DQM Group Holdings Ltd GRC International Group plc Annual Report and Accounts 2019 1 Financial StatementsCorporate GovernanceStrategic Report At a Glance A comprehensive suite of quality services and products A leading, global, “one-stop shop” supplier of IT governance, risk and compliance products and services delivering great value to clients. Our products and services broadly fit into four divisions (Training, Consultancy, Publishing and Distribution, and Software), with the capability to package specific products and services together across divisions to provide a unique solution to our customers’ requirements, regardless of company size, maturity or business sector. What we offer A comprehensive suite of quality services and products Training Classroom- and web-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. Consultancy On-site and remote support to help organisations design and implement data protection, privacy and cyber security policies and procedures. Penetration testing, Payment Card Industry Data Security Standard (“PCI DSS“) compliance and Cyber Essentials certification and consultancy. Publishing and Distribution Books, documentation templates and software sold via the Group’s websites, both those GRC publishes or writes itself and those supplied by third parties. Software Software solutions created and sold by the Group including a range of “software-as-a- service” products such as e-learning, risk assessment and data flow mapping tools, data seeding and watermarking solutions. Our customers include BAE Systems, Barclays, BBC, BT, Carlsberg, Dominoes, Freshfields Bruckhaus Deringer, Grant Thornton, Halfords, HSBC, John Lewis, Kubota, National Health Service, Next, Inmarsat, Royal Mail, Slaughter & May, Thames Water, The Bank of England, UK national and local government departments, Vodafone, Volkswagen, US Army, PwC. Where we are • Physical offices: UK, Belgium, Netherlands, Ireland and the United States. • EU website: 11 country websites, with interfaces to all 27 non-UK member states buying from one or another of those websites. 2 GRC International Group plc Annual Report and Accounts 2019 A leading, global, ‘one-stop shop” supplier of IT governance, risk and compliance products and services delivering great value to clients. GRC: Governance, risk management and compliance Cyber resilience Governance and risk management Data protection compliance, GDPR Cyber security and ISO 27001 IT Governance and COBIT® Service management Risk management PCI DSS ISO 9001, ISO 14001, ISO 45001 Incident response Penetration testing and cyber essentials ITIL® and ISO 20000 BCM and ISO 22301 Project management, PRINCE2® Consultancy and certification Technical security Software tools Books and toolkits Training and qualifications Our Value Proposition Working at the forefront of a market driven by the need for cyber compliance and protection, GRC International is focused on addressing clients’ IT governance, risk management and compliance requirements through its comprehensive suite of high-quality products and services. Underpinning our success are five core competitive advantages which set us apart. Operating in an attractive, high-growth market • Demand for products and services is directly correlated to a market that is experiencing rapid expansion in the volume of privacy and cyber security demand. • The Department of Business, Innovation and Skills estimates governance to be the fastest growing area of the cyber security market. • In a global and fragmented market, GRC International’s “one-stop shop” solution offers a highly attractive proposition. A comprehensive suite of high- quality services and products A high-quality, diversified and international customer base • A broad range of both “off-the-shelf” • Customer base spanning multiple and bespoke solutions for clients seeking to address their IT governance, risk management and compliance requirements. jurisdictions, including France, Italy, Spain, Belgium and the Netherlands, plus sales and marketing operations in the US. • Our e-learning, publishing, training, • Significant potential to expand our certification and consultancy solutions can be tailored specifically to each client’s unique strategies and requirements. • Cost-effective and flexible delivery options to suit our clients’ needs. geographic footprint further. • Blue-chip client base including Carlsberg, Domino’s, Kubota and Vodafone and a variety of other household names. • No single client accounting for more • A dominant digital marketing than 3% of Group revenues. presence, a strong, recognised brand and a well-established e-commerce offering that brings significant volumes of new customers. • Extensive cross-selling and upselling opportunities owing to multiple touch points with clients and complementary offerings. • A consultancy and professional services team with widely-recognised skills and competences in privacy and cyber security. • The creation of a compliance “platform” provides the opportunity to embed further into client operations. • In the year ended 31 March 2019, 17% (2018: 19%) of the Group’s billings originated from customers outside of the UK. The Board’s ambition over time is for non-UK revenue to exceed domestic revenue. An experienced management team with a clear strategy, supported by a dynamic and engaged talent pool • Management team widely recognised as leading authorities on IT governance, regulation, systems and certification in the UK and globally. • Senior management team has been active in the field of IT governance, risk and compliance for more than 20 years. • Experienced multi-discipline consultancy team. • An innovative and agile workforce, with strong product development and customer account management capabilities. • Clear aim to invest in business development and new client solutions. GRC International Group plc Annual Report and Accounts 2019 3 • A clearly addressable market: Proven track record • Cyber security is a global business risk issue, where cyber breaches have strong financial and reputational implications. • The global cyber security market is predicted to be worth USD 282.3 billion by 2024, equating to a CAGR of 11.1% between 2018 and 2024 (according to VynZ Research). • GDPR and e-Privacy requirements apply to all suppliers into the EU. • US: all financial services institutions in New York must comply with the Department of Financial Services cyber security regulation. Californian equivalent of GDPR now passed into law. • Strong organic growth in the Group’s core business of cyber security related products and services. • In the two years ended 31 March 2019, the Group delivered growth of: • 114% in billings • 173% in revenue • 150% in gross profit • Successful track record in introducing new products and services – many new products launched in the past 12 months. • Successfully helped over 500 companies achieve ISO 27001 certification, proving their compliance with one of the world’s most demanding management system standards. Financial StatementsCorporate GovernanceStrategic Report Chairman’s Statement We have a track record of self- financed growth The Group’s strategic ambition is to become an international “one-stop shop” under the umbrella of governance, regulation and compliance, expanding into other forms of compliance and new jurisdictions. 4 GRC International Group plc Annual Report and Accounts 2019 Overview I am pleased to introduce GRC International’s Annual Report for the year ended 31 March 2019; the second Annual Report since our admission to the London Stock Exchange’s AIM market in March 2018. GRC International is a “one-stop shop” for cyber security and data compliance products and services, based in the UK but servicing clients across the globe. The Group’s strategic ambition is to become an international “one-stop shop”, expanding into other forms of compliance and new jurisdictions, with non-UK revenue ultimately exceeding domestic revenue. I am pleased with the strategic progress we made in FY19, as we used the proceeds from our admission on AIM to invest in strengthening our core business and broaden our offering. We also made two strategic acquisitions during the year, of www.GDPR.co.uk and of DQM, and expanded our geographic footprint through the opening of offices in Europe and the US. Performance It has been a challenging year for the Group. The first part of the year was characterised by a notable build-up to GDPR implementation in May 2018, with its attendant boost to revenues as companies brought forward spend to make themselves compliant. As expected, this unwound dramatically from Q2 onwards, a period where we also faced tough GDPR-driven comparators from the prior year. Whilst we expected to see a slow-down in GDPR-related client spend following initial implementation of the regulation, we were surprised to see UK-based management teams, especially those of companies that had not made themselves compliant by the deadline, be so complacent when it was clear that fines for non-compliance were on their way. There was a sense that GDPR was akin to the “Millennium Bug”, something that a big fuss was being made of, but that would soon fade away not to be talked of again. However, GDPR is very much here to stay; in time it will be viewed more like health and safety, something that will become increasingly intertwined with core business practices that management teams will have to address in order to be successful and maintain a favourable reputation. We had expected initial GDPR-related fines to emerge during the financial year and for this to spur something of a “second wave” of companies looking to make themselves compliant. This did not materialise during FY19, but we are encouraged to see two significant fines levied by the Information Commissioner’s Office against global businesses in recent weeks. This has put GDPR back in the news and back on businesses radars. In this context, we are pleased to have delivered a solid revenue performance for the year as a whole, with Group revenues up 1% to £15.8 million, and with double-digit revenue growth being recorded in two of our four key revenue streams. The Group ended the period with net cash of £0.1 million, reflecting the considerable investment we made during the year into building the infrastructure and management structures of the core business to facilitate future growth. Revenue £15.8m +1% Our mission and values Our mission is to engage with business executives, senior managers and IT professionals, and to help them: • Protect and secure their intellectual capital. • Comply with relevant regulations. • Thrive as they achieve strategic goals through better IT management. We are dedicated to the following values: • Solving our clients’ real business problems. • Being open and transparent with our clients, partners and other stakeholders. • Being honest, responsible and accountable for the work we do. • Collaborating with our colleagues and stakeholders. • Showing leadership and initiative both within the business and externally. • Delivering results and exceeding our clients’ expectations. • Being distinctive through the range of our skills and the depth of our experience. • Delivering great value to our clients. As the Group continues to develop, the Board has decided to conserve cash for current working capital requirements, further expansion and potential acquisitions. Therefore, no dividend is declared in respect of the 2018/19 results. Further to the announcement on 22 July 2019, the Group continues to hold constructive discussions regarding the deferred consideration due to the vendors (and existing management team) of DQM. The Board is considering a range of options to fund the cash element of the deferred consideration. Further details in relation to this material uncertainty are set out in the Financial Review section of this announcement and reference to this is made in the Independent Auditor’s report. Market opportunity There is no doubt that the delay in the levying of fines noted above has slowed down the Group’s delivery of its strategy. Nevertheless, I firmly believe that, aside from e-commerce, cyber security and GDPR are two of the fastest growing business sectors. Hacking is becoming more and more sophisticated and therefore suitably compliant defences will become an increasingly hot topic. Regulatory compliance is a powerful driver of new business. While we continue to address the demand for cyber security in the UK market, there are also undoubtedly excellent opportunities in both the US and Europe which the Group has already begun to tap into and I believe these markets hold good potential for the Group. People The early part of FY19 saw us scale up headcount in order to service the GDPR-related revenue surge. We scaled down resources, particularly in our GDPR training and toolkit businesses, as the GDPR-related surge subsided faster than expected. We ended the year with 184 full-time employees and a cost structure that more accurately reflects the current level of demand. Without doubt, GRC International would not be able to deliver the quality and service we offer our clients without the dedication, passion and skill of our entire staff. On behalf of the Board, I would like to thank them for their hard work over the past year. Outlook When GRC International was admitted to trading on AIM in March 2018, its strategy was clear: to grow organically in a highly fragmented, global market and to accelerate its growth through selective acquisitions. That strategy remains unchanged. As already noted, GDPR-related work slowed down more markedly than anticipated in the second half of FY19 and GDPR-related fines, that would precipitate a second wave of companies seeking to make themselves compliant, took longer than expected to appear. However, we have now seen the first major fines emerge and, like health and safety, we expect to see renewed focus from UK companies. We begin the new financial year with optimism. FY19 has been a tough year for the Group, but we are confident that we operate in the right markets, markets that are global and are set to continue to grow significantly over the medium- and long-term, and have invested to strengthen and broaden the GRC International offering. We look forward to advancing our strategy and delivering a return to profitable growth in the current financial year. Andrew Brode Chairman GRC International Group plc Annual Report and Accounts 2019 5 Financial StatementsCorporate GovernanceStrategic Report Chief Executive Officer’s Review FY19 has been a year of investment, strategic development and evolution for GRC International. We have worked intensely throughout the year to strengthen our core business platform for future growth, enabling us to accelerate our strategy to become a leading “one-stop shop” global supplier of IT governance, risk and compliance products and services. 6 GRC International Group plc Annual Report and Accounts 2019 The year to 31 March 2019 (“FY19”) has been a year of investment, strategic development and significant change for GRC International. We have had to scale back a very successful GDPR business to reflect falling demand, while working intensely to strengthen our core cyber security business and our infrastructure platform to support future growth. Our ambition to become a leading “one-stop shop” global supplier of IT governance, risk and compliance products and services is undimmed. In spite of a backdrop of ongoing political and economic uncertainty, it is clear that our admission to trading on AIM in March 2018 has enabled us to grasp significant growth opportunities in the areas of software, e-learning and GRCI law in a fast-growing global market. The overall performance of the Group in FY19 was mixed. As we noted in our Interim Results in December 2018, Q1 was characterised by a surge in billings associated with the implementation of the EU General Data Protection Regulation (“GDPR”), as companies brought forward spend in order to be compliant ahead of the 25 May 2018 deadline. This GDPR-related spend declined significantly in Q2, faster than expected, as we moved past the implementation deadline. We had expected to see the advent of GDPR-related fines and regulatory action from the Information Commissioner’s Office (“ICO”) in H2, and for this to spur a second bout of GDPR-related client spend. These did not materialise in FY19 and, as a result, the decline in GDPR-related spend continued throughout the second half of the financial year. It is not yet clear whether or not the recent large fines levied by the Information Commissioner’s office have halted this decline. Cyber security-focused products and services, which remain at the core of our business, continued to grow strongly throughout the year. While this is, in part, due to the data security aspects of GDPR, government legislation and a growing pressure for clients to demonstrate their cyber resilience also underpinned the strong growth observed in this area. The resulting loss for the year is partly attributable to the fall-off in GDPR demand and partly to the significant levels of investment in new offerings, geographies, people and infrastructure we made during the year. Our year-end net cash position of £0.1 million was ahead of the Board’s expectations. We have worked hard over the past 12 months to build a more focused, structured and broader platform to service clients and, in line with our strategy communicated at the time of our admission to trading on AIM, we have successfully accelerated the launch of new product and service offerings, expanded existing services into new jurisdictions, and made two highly complementary and value-accretive acquisitions. This is testament to GRC International’s inherent nimbleness in developing new products and solutions swiftly to service all clients’ cyber security and data protection needs. Utilising the skill and deep industry knowledge of our management team to identify emerging trends in the market and consequent client needs, it is one of our key competitive advantages. Furthermore, we continue to be the only organisation in the market that can deploy a full suite of services to help clients respond to proliferating cyber security threats. Product and service development remains at the heart of what we do and is fundamental to our business model. The market we operate in changes very quickly and we are agile in launching new products and services on a regular basis. We successfully launched many new products and services in FY19, including broadening our range of e-Learning training courses, and launching an anti-phishing training course as well as distance learning courses on topical subjects (e.g. GDPR). We have also published 20 of our books as audiobooks to improve their accessibility further, making us the only GRC publisher to provide such audio books. We have invested significantly in new and existing businesses, most notably Cyber Essentials, Vigilant Software, GRC e-Learning and GRCI Law. Through GRCI Law, we provide a suite of GDPR - related services, including privacy-as-a-service, and that business is growing quickly. Cyber Essentials, GRC e-Learning and Vigilant Software are coming together into a Software-as-a-Service division that generates high-margin recurring revenue to a growing range of clients across a broad range of sectors and geographies. We also expanded our geographic reach during the year, launching offices in Europe and the US. These businesses are still in their early stages and we are pleased with the number of opportunities presented in these jurisdictions. Combined with our strengthened geographical footprint, this “on-the-ground” delivery capability has enabled us to win significant international contracts for blue-chip clients such as Kubota. Just prior to the year end, in March 2019, we acquired DQM, a provider of data consulting and technology solutions. In August 2018, we also acquired the domain, web platform, customer list and goodwill of www.gdpr.co.uk. This asset purchase has enabled us to provide a combination of legal, training and GDPR products to the UK’s education sector and is performing in line with the Board’s expectations. It has been a challenging year for the Group. The exceptional performance of FY18 was driven primarily by the implementation of GDPR, where our ability to rapidly develop and launch offerings to service customer requirements saw us profitably grasp the opportunities presented. As mentioned earlier, while we continued to feel the benefits of this into early FY19, the surge in demand then moderated in Q2 and dropped further in the second half of the financial year, resulting in a drop-off in revenues, including in comparison to the strong levels of revenue recorded in the second half of the prior year. Over the period, to capitalise on the surge in GDPR demand, we scaled up resources and increased headcount as fast as we could. Following implementation in May 2018, as demand subsided at a faster rate than our estimates, we scaled down our GDPR training, toolkit and consultancy businesses in line with demand. It is worth noting, however, that as we continue to grow, we expect to increase headcount incrementally in this part of the business. The IT governance, risk and compliance market continues to be driven by a mounting pressure on companies to have in place data protection, privacy and cyber security systems and procedures. It is this fundamental trend – one that we see globally – that is driving the performance of our cyber security related products and services. Given the prevailing economic and political uncertainty in the wider economy, we are closely monitoring macroeconomic developments for any events that could impact the IT governance, risk and compliance market. While we, like many others, would welcome greater political and economic certainty, we believe that we are well-positioned to respond to events and capitalise on changes in our markets. The first quarter of FY20 continued to reflect the ongoing political and economic turbulence and our GDPR business continued to be affected by the absence of systematic enforcement action. The Company did not return to profitability in the first quarter of FY20, as it had hoped. The growth in cyber security demand means that trading in the second quarter has been more encouraging. We remain optimistic about the year ahead and believe we are well-placed to serve the growing, and global, cyber security market. In FY20, we intend to evolve our business model further to better service clients and enable us to grow margin accretive, recurring revenues. The new structure will see the Group deliver offerings through three core divisions: Software-as-a-Service, Professional Services and e-Commerce. The fundamentals of our strategy remain unchanged, with investment in our product and service offerings, across both new and existing jurisdictions, coupled with continued growth in cyber security demand, driving profitable growth for our shareholders. There are encouraging signs of sustainable future growth stemming from new products and services, the signing of annual and multi-year contracts of a recurring revenue nature, and strategic progress being made overseas. We are confident that, since admission to AIM in March 2018, we have built GRC International into a stronger, broader and more focused business, increasingly well-positioned to service our clients’ ever- evolving cyber security needs. FY19 was a challenging year for us, but also one of development and evolution; we look to FY20 and beyond with confidence. Alan Calder Chief Executive Officer GRC International Group plc Annual Report and Accounts 2019 7 Financial StatementsCorporate GovernanceStrategic Report Our Story so Far How we got here Alan Calder and Steve Watkins become the first people in the UK to successfully implement an Information Security Management System (“ISMS“) compliant with BS 7799 (the precursor to ISO 27001). Incorporation of IT Governance Ltd. Alan Calder, CEO, becomes sole shareholder and appointed as Director. 1997 2002 2016 2012 Subsidiary incorporated in Ireland (“IT Governance Europe Ltd“). Vigilant Software Ltd becomes a wholly-owned subsidiary of the Group. 2017 2018 Ireland subsidiary commences trading. 19% of Group revenues come from customers outside the UK. Many of our products and services translated, for the first time, into German, French, Spanish and Italian. Following a reorganisation, a newly incorporated company, GRC International Group plc created. GRC International Group becomes the holding Company and is admitted to trading on the LSE’s AIM market. US subsidiary incorporated and office opened in New York. In August, first acquisition completed: www.gdpr.co.uk 8 GRC International Group plc Annual Report and Accounts 2019 IT Governance Ltd co-founds Vigilant Software Ltd and subscribes to 50% of the equity. Vigilant develops software programme to help organisations assess risks to information and select appropriate controls to reduce risks. First training course delivered in Pakistan. Alan Calder starts undertaking consultancy work. e-commerce website launched selling books and documentation toolkits on information security. 2005 2006 2007 2010 2009 2008 The Group acquires control of 80% of Vigilant Software Ltd. Alan Calder starts working for IT Governance full time as Executive Chairman. Begins providing public training courses on information security management. Steve Watkins begins working full time for IT Governance in April 2008. Successful growth of the Consulting division leads to the launch of a “penetration testing” service (testing customer data protection and cyber security processes). Software division established, focused on developing software to help organisations assess risks to information and select appropriate controls to reduce risks. 2019 Acquisition of DQM Group Holdings Ltd, a provider of data consulting and technology solutions. GRC International Group plc Annual Report and Accounts 2019 9 Financial StatementsCorporate GovernanceStrategic Report Market Overview A global market driven by the growing volume and scale of cyber security threats The market for cyber security solutions and services is driven predominantly by the rising number of cyber-attacks, globally, which are becoming increasingly sophisticated, coupled with increased demand for data security and privacy and increased demand for data processing transparency. ‘The Cost of Cybercrime Study 2019’, developed jointly by Accenture and The Ponemon Institute, reported that the average number of security breaches per organisation increased by 11% in 2018 to 145 breaches (up from 130 in the previous year) and an increase of 65% over the past five years. Increased technology-enablement and digitalisation are driving companies to rely heavily on digitally-stored information, which is shared in vast quantities both internally and externally. This is increasing the opportunity for data to fall victim to a cyber-attack, resulting in potentially devastating impacts to an organisation’s bottom line and reputation. The Accenture- Ponemon Institute’s “Cost of Cybercrime Study 2019” also reports the average cost of cybercrime to be up 12% year-on-year to USD $13.0 million, an increase of 72% over the past five years. Companies around the world are, however, now recognising the criticality of taking action and, in the UK alone, 59% of companies sought information or guidance on cyber security from outside their organisation in the past year (UK Government Cyber Security Breaches Survey 2019). Furthermore, the Ernst & Young 2018-19 Global Information Security Survey (“GISS“) – which analyses findings from 1,400 C-suite leaders and information security and IT executives/managers around the world – reported: • 53% have seen an increase in their budget this year. • 51% are spending more on cyber analytics. • 65% foresee an increase in their budget next year. • Many organisations are currently outsourcing cyber security functions, including functions of their security operations centres. End-to-end compliance across the supply chain with legal and regulatory obligations further increasing demand for our products and services Organisations have legal and regulatory obligations to have in place data protection and cyber security systems and procedures. These laws and regulations (for example, GDPR) often have international reach outside of the countries in which they are enacted. The Board continues to believe that the most prominent legal, regulatory and commercial standards relating to these areas will continue to be adopted more widely across the globe. Organisations will need to implement procedures and practices that will enable them to demonstrate their compliance with the standards. In order to achieve this, organisations will require a supplier that is able to successfully meet all their IT governance needs and GRC International believes there are significant opportunities for upselling and cross-selling services to its existing customers. In addition to laws and regulations, companies are increasingly required to provide assurance to their customers, regulators and stakeholders that their data protection and cyber security systems are adequate for the current risk environment. Businesses, therefore, require evidence of adequate security from all the entities in their supply chains. For example, the payment card brands, through their acquiring banks, require businesses (and their suppliers) that process payment cards to meet the Payment Card Industry Data Security Standard (“PCI DSS“) and the UK Government already requires that organisations supplying it directly or indirectly should comply with Cyber Essentials (its own standard). 10 GRC International Group plc Annual Report and Accounts 2019 We operate in a growing and global market Due to the “one stop shop” nature of GRC International’s business, it is difficult to confirm the exact size of the global market for the Group’s products and services. However, there are a number of research reports that indicate the size and growth rate of this market: • The global cyber security market is predicted to be worth USD 282.3 billion by 2024, equating to a CAGR of 11.1% between 2018 and 2024 (according to VynZ Research). • Cyber security Ventures predicts cybercrime will continue rising and cost businesses globally more than $6 trillion annually by 2021. • Average number of security breaches in 2018: 145, up 11% year-on-year (Accenture-Ponemon Institute Cost of Cybercrime Study 2019). • Average cost of cybercrime in 2018: USD $13.0 million, up 12% year-on-year (Accenture-Ponemon Institute Cost of Cybercrime Study 2019). GRC International offers a unique proposition to the market In response to market trends in cyber security, there is a rising number of consultancies, including the six major accountancy firms, who now offer cyber security services. However, the Board maintains that there are no other companies offering the wide range of products and services that GRC International provides, either in the UK or elsewhere. Furthermore, the Board believes that no other company is able to offer a bespoke solution for clients seeking to address their IT governance, risk management and compliance requirements. “The global cyber security market is predicted to be worth USD 282.3 billion by 2024, equating to a CAGR of 11.1% between 2018 and 2024 (according to VynZ Research).” GRC International Group plc Annual Report and Accounts 2019 11 Financial StatementsCorporate GovernanceStrategic Report Our Business Model and Strategy GRC International’s core proposition is built around its ability to position itself as a “one-stop shop” supplier of integrated, high- quality IT governance, risk and compliance products and services to a diversified and international customer base. Our products and services broadly fit into four divisions, with the capability to package specific products and services together across divisions to provide a unique solution to a customer’s requirements, regardless of its company size, maturity or sector they operate within. Our business model What we deliver To who How we deliver it Training courses related to data protection, cyber security, ISO 27001 certification and related topics. Online training, e-learning courses and examinations that are required to obtain certification. The courses are aimed at various different areas of IT governance and at different skill levels. For example, the ISO 27001 courses range from an introduction to ISO 27001 through to qualifying as a lead implementer or lead auditor. The courses range from one to five days in length with typically eight to 20 delegates on each course. Courses and are held at one of the following locations: • Hired premises. • Customers’ premises (for organisations that require training for a number of their employees). • Via live webinars to domestic and international audiences. Courses are delivered to both UK-based and international customers. Advertising and marketing of our training courses is predominantly online, primarily through the use of search engine optimisation. Bookings and sales made as a result of online enquiries are usually via one of the following channels: • Online sale or booking with no human intervention. • Inbound telephone or online enquiries that lead to a booking or sale. • Active sales calls to the organisation making the enquiry. The range of consultancy services and products supplied by the Group has grown over the years to meet the demands of customers. Our two consultancy service offerings are: Consultancy and Technical services. UK and internationally-based customers seeking compliance with new and existing legislation, including: • GDPR • ISO 27001 • PCI DSS • e-Privacy Directive Consultancy We provide on-site and remote support, helping organisations to design and implement data protection and cyber security policies and procedures. Furthermore, many clients seek legal advice from our GDPR implementation consultants and, rather than refer them to their own lawyers, through GRCI law, we provide specialist legal advice. Technical services Through this line we provide: • Penetration testing: we carry out an authorised simulated attack on a customer’s IT systems to test the effectiveness of the systems and procedures and to identify any weaknesses. • PCI DSS assessments: in line with requirements, we regularly test organisations’ data protection and cyber security systems tested regularly. • Cyber Essentials certification and consultancy: we provide an accredited certification service through an online portal that helps organisations of all sizes become certified to the UK Government’s Cyber Essentials scheme. The Directors believe that the Group attracts most of its consultancy customers via online searches carried out by the customer, through attendance on training courses, recommendation or as a result of a relationship that developed over a period of time. The Group sells books and documentation templates, both those it publishes or writes itself and those supplied by third parties. Most of the books we sell relate to how organisations should manage their IT risk exposures or standards published by various bodies. We currently publish some 145 books and pocket guides to our global customer base. As well as customers just seeking books on subjects they are interested in, we also have customers requiring materials (i.e. templates) to assist them in documenting their IT systems and procedures. The materials are sold via the Group’s websites. Books We commission authors to write books on subjects, where on the basis of feedback from clients or knowledge of the markets in which the Group operates, they believe there will be demand. Documentation templates We create and sell some 37 sets of documentation templates. i g n n a r T i i s e c v r e S l a n o i s s e f o r P i g n h s i l b u P e r a w t f o S The Group creates and sells software solutions, including a range of “software-as-a-service” products such as e-learning, risk assessment and data flow mapping tools, data seeding and watermarking solutions. 12 GRC International Group plc Annual Report and Accounts 2019 Our software solutions are sold to both UK-based and international customers. We create and sell software solutions through our subsidiary, Vigilant Software Ltd, including: • vsRisk (provides a program for identifying and recording management decisions relating to the information security risk levels within an organisation). • A compliance management tool. • A data flow mapping tool Our strategy Our products and services are designed to help customers protect the data they hold by enabling them to: (i) (ii) (iii) design and implement systems and processes to train their management and employees so that the customer can meet their understand what their legal, regulatory and commercial obligations are; identify the risks to their data protection and cyber security systems and procedures; obligations and address the risks identified; and (iv) prepare for, and obtain, certification such as: ISO/IEC 27001; PCI DSS; or Cyber Essentials. As set out on page 3 (Our Value Proposition), our objective is to become a “one-stop shop” global supplier of governance, risk and compliance products and services. We have four strategic priorities to enable us to become a “one-stop shop” global supplier of IT governance, risk and compliance products and services. Our four strategic priorities: Delivering against our strategy 1. Expand existing services in existing markets The Group’s largest business, IT Governance Ltd, has a well- established brand, reflected in the strength of its online market positioning in the UK and globally. We focus on launching new products and services into the changing and maturing market, both within the UK and internationally. We also continue to invest in building IT Governance Ltd’s infrastructure to support and automate its operations, so that it is more cost-effectively able to service growing numbers of small and medium-sized organisations that require access to appropriate cyber security and data protection products and services. We have invested significantly in three of our existing businesses during FY19: • Vigilant Software - an existing subsidiary with a risk assessment tool. We have significantly improved the underlying cyber compliance platform and developed a suite of GDPR-related software tools which, together or individually, are used by organisations to automate key parts of their GDPR compliance activity and can be linked with the risk assessment tool to provide management with an integrated compliance and cyber risk view. This also has a software-as-a-service (“SaaS“) business model. The Co-op is the first organisation to take all the modules. Alongside our increasingly automated internet and website systems, we have significantly grown our account management and business development teams in order to better develop our relationships with medium and large organisations. • GRC e-Learning – in order to foster its growth, we moved our learning activity out of IT Governance UK and created a separate business for it. We developed a bespoke Learning Management System and established an offer that makes it easy for clients to deploy off-the-shelf staff awareness training, as well as custom- built products. Carlsberg is a significant customer of our e-learning business. • GRCI Law - many of our clients seek legal advice from our GDPR implementation consultants and, rather than refer them to their own lawyers, we set up GRCI Law to provide specialist legal advice. The Company operates within the UK’s legal framework, does not deal with litigation or property transactions, and focuses primarily on fixed-price, privacy-related advice. GRCI Law now also manages 50 Data Protection Officer (“DPO“) as service contracts, including for companies such as Dominos. 2. Expand existing services into new jurisdictions The Company intends to roll out its ‘tried and tested’, successful business model and infrastructure into new jurisdictions, but with appropriate adjustments to reflect local cultures and market dynamics. While we expect it to take some time to establish sizeable, profitable operations across these regions, these are all identified as clear growth markets for cyber compliance activities. We have established IT Governance-branded operations in Ireland (Drogheda, Eire) which coordinates all non-UK pan-EU activities, and in the US (New York). All these businesses are performing well and have led to significant contract wins, including Kubota and Microsoft. GRC International Group plc Annual Report and Accounts 2019 13 Financial StatementsCorporate GovernanceStrategic Report Our Business Model and Strategy continued Our strategy Our four strategic priorities: Delivering against our strategy 3. Adding new services to deliver to existing and new clients We continue to evaluate market demand for new services, products and propositions to deliver to both existing and new customers in both existing and new jurisdictions. For example, we are considering expanding our offering from primarily data protection and cyber security training and consultancy in technical security services, into a broader range of GRC-related software areas, and into other GRC areas where organisations need to train their staff so that the organisation can meet related compliance obligations, such as money laundering and anti-bribery. reflect market changes) Product development is fundamental to what we do. The market changes very quickly and we are agile in launching new products and services on a regular basis. We have successfully launched many new products and services in the year ended 31 March 2019, including: • e-Learning staff awareness training courses • Anti-phishing training course (updated on a quarterly basis to • Learning management system • Distance learning courses on key topics (e.g. GDPR) • Converted 20 of our pre-existing book titles into audio books to 4. Make selective acquisitions In addition to organic growth, the Group continues to scan the environment for businesses that own complementary technology and intellectual property, offer access to new markets or territories, or extend our existing capabilities and the range of products and services offered to its customers. improve accessibility • Subscription version of our toolkit business • New templates for our template business • Cyber security hotline • Cyber “instant-response” service • Data flow mapping tool • Data protection impact assessment tool • GDPR manager to deal with breach reporting, gap analysis and supply chain management In August 2018, the Group acquired the domain, web platform, customer list and goodwill of www.gdpr.co.uk from Wonde Ltd. The Group has enhanced the platform by offering relevant books, e-Learning and Data Protection Officer services available across www.gdpr.co.uk. In March 2019, the Group acquired DQM Group Holdings Limited, a provider of data consulting and technology solutions. This acquisition will extend the Group’s existing offering to include high margin, data governance services; add market share to the Group, by introducing additional household name clients with on-going contracts; provide cross-selling and upselling opportunities; and provide strategic opportunities and additional sector crossover. 14 GRC International Group plc Annual Report and Accounts 2019 Financial Review I am pleased to report a set of results for the year ended 31 March 2019 that demonstrates solid performance in revenue generation compared to a prior year that included a significant one-off flurry of customer activity in the lead up to GDPR implementation. We see promising signs of sustainable future growth such as revenues being generated from new products and services, the signing of annual and multi-year contracts of a recurring revenue nature, and strategic progress being made overseas, albeit delivering a net loss for the period. This Group loss is largely attributable to a number of significant investments made into new business lines and investment in people and infrastructure. The beginning of the financial year included the tail end of the GDPR peak, which had been a significant driver of much of the prior year growth. As referenced in our interim results statement in December 2018, the Board had always anticipated a decline in demand for GDPR-related products and services in the period immediately following the deadline date for compliance (being 25 May 2018) and we invested heavily to broaden our existing cyber security offering and overseas delivery capabilities. The immediate drop-off in GDPR-related revenue, which happened faster than expected and in parallel to the significant investment in our cyber security offering and overseas delivery capabilities, resulted in a net loss for the financial year overall, which consisted of a very profitable April and May, followed by several months of significant investment and restructuring, before a return to profitability within the final quarter of the financial year. Revenue Revenue for the year ended 31 March 2019 was up 1% to £15.8 million (2018: £15.7 million). The Group has four key revenue streams: • Consultancy • Publishing and Distribution • Software • Training Double-digit revenue growth was recorded in two of our four key revenue streams; revenue from Consultancy was up 37% year-on- year to £7.2 million, from Publishing and Distribution down 19% to £1.3 million and from Training down 31% to £5.8 million. Revenue from Software sales was up 279% year-on-year to £1.5 million, which indicates the strategic direction of travel for the Group. We hope to see further significant growth in this division as we move towards recurring revenue and SaaS (“Software-as-a-Service“) type products and services. Significant revenue growth in the year ended 31 March 2018 was largely driven by GDPR-related products and services, as our customers endeavoured to make themselves compliant ahead of the legislation coming into effect on 25 May 2018. Following its implementation, revenues in Q2 2019 declined on a year-on-year basis as the effect of our customers bringing forward their GDPR-related spending unwound and as we lapped tough comparators from the GDPR build-up which had begun in Q2 2018. If the one-off effect on revenues caused by GDPR implementation is stripped out, we are encouraged to see the underlying performance in our core cyber security business continue on a steady growth trajectory. Our 2019 revenues are significantly ahead of 2017 – which in many ways is a more comparable year, and in line with 2018, even without much of the one-off GDPR peak. GRC International Group plc Annual Report and Accounts 2019 15 Financial StatementsCorporate GovernanceStrategic Report Financial Review continued As demonstrated by the tables below, the Group’s overall revenue has grown strongly over a three-year period. £ 2017 2018 2019 Period-on-period % 2018 vs 2017 2019 vs 2018 £ 2017 2018 2019 UK Non-UK 5,525,068 12,666,042 12,886,471 1,308,235 3,022,174 2,962,095 Non-UK % 19% 19% 19% Gross profit Gross profit was down 10% to £8.6 million (2018: £9.5 million). Gross profit as a percentage of sales reduced to 54% (2018: 61%). The reduction in the year-on-year percentage reflects a fall in sales from some very high margin products and services that benefited from the peak leading up to the GDPR legislation being implemented. The post-25 May 2018 trading environment also resulted in lower levels of utilisation within the GDPR consultancy team. During the second half of the year, the Group scaled back the size of this team and restructured the staffing model to better reflect the rapidly changing environment and to focus more strongly on the growth areas of the business, namely our cyber security offering. Gross margin in the fourth quarter was significantly up on the year as a whole and in the final month of the year was back in line with the levels experienced in 2017 and 2018. Operating expenses Other operating expenses (excluding share-based payment expenses and exceptional costs) increased by £5.3 million to £13.7 million, up 63% (2018: £8.4 million). In our interim results statement, we referenced the heavy investment in setting up and supporting a number of new businesses and business lines and the considerable investment made into building the infrastructure and management structures of the core business that will act as a platform for future growth, with the expectation of developing a sustainably profitable Group for the future. This investment period continued into the second half of the year but, as expected, tailed off as the period progressed due to projects reaching a natural end and headcount restructuring programmes taking effect. Operating expenses in the second half of the year reduced by £0.7 million to £6.5 million, compared to £7.2 million in the first six months. Underlying EBITDA Underlying EBITDA (Earnings Before Interest, Tax, Depreciation and Amortisation) excludes share-based payment expenses and exceptional costs. Although underlying EBITDA is not a statutory measure, it is considered by the Board to be an important Key Performance Indicator that is helpful to investors. The Board considers this to be an important measure of underlying business performance as it removes the impact of non-cash accounting adjustments as well as non-operating charges and credits. Underlying EBITDA for the year ended 31 March 2019 was a loss of £4.3 million, (27.2)% of revenue (2018: profit of £1.7 million, 10.6% of revenue). 16 GRC International Group plc Annual Report and Accounts 2019 Consultancy 2,897,684 5,273,742 7,227,588 Publishing and Distribution 1,041,843 1,649,060 1,337,205 Software Training Total 410,696 399,212 1,513,212 2,483,080 8,366,202 5,770,561 6,833,303 15,688,216 15,848,566 Consultancy Publishing and Distribution Software Training 58% (19)% (3)% 279% 237% (31)% 82% 37% £’000 Operating (loss)/profit Depreciation Amortisation Exceptional costs Share-based payments Underlying EBITDA Total 130% 1% FY 2018 365 109 392 714 83 1,663 FY 2019 (5,357) 183 611 164 63 (4,336) Finance expense The net finance expense of £7,000 (2018: £9,000) relates almost entirely to interest on historic term loans and finance leases taken out in the Group’s early stages of growth to support working capital. The Group is repaying the balances in line with the repayment schedule. The total value of borrowings and finance leases at the balance sheet date was £34,000 (2018: £95,000). (Loss)/Profit before tax Loss before tax was £5.4 million (2018: £0.4 million profit before tax). Normalised loss before tax (defined as loss before tax excluding share-based payment expenses and exceptional costs) was £5.1 million (2018: £1.2 million profit). Taxation A tax charge of £29,000 (2018: £153,000) is recognised despite the accounting loss. The effective tax rate is driven up by disallowable expenditure in relation to the acquisition. Earnings per share Loss per share was (9.30) pence (2018: Earnings 0.40 pence). Statement of financial position Net current liabilities at period end were £5.5 million, down from net current assets of £3.3 million at 31 March 2018. Net assets were £7.4 million, up from £5.9 million at 31 March 2018. Included within the current liabilities balance of £9.1 million (31 March 2018: £5.0 million) is a deferred income balance of £1.0 million (31 March 2018: £1.4 million), relating to training and consultancy projects due to be delivered after the statement of financial position date. The reduction from prior year is a result of presentational differences brought about by the Group’s adoption of IFRS 15, resulting in a deferred income balance of £0.5 million being offset against trade receivables (31 March 2018: £nil). The overall shift from net current assets to net current liabilities is due to the reduction in cash as set out in the “cash flow and cash” section below. Current liabilities also include a £3.7 million deferred consideration payment relating to the acquisition of DQM (31 March 2018: £nil). Intangible assets The Group’s accounting policy is that only directly attributable staff costs of the technical teams developing the assets are capitalised. Additions of £2.3 million (excluding assets acquired as a result of the purchase of DQM) largely relate to software development (£1.4 million) and development of the Group’s e-commerce website (£0.7 million). In March 2019, the Group acquired the entire share capital of DQM. In accordance with IFRS 3, the cost of the acquisition has been allocated to DQM’s identifiable assets and liabilities, with the difference between the fair value of these and the purchase consideration recognised as Goodwill. Cash flow, cash and facilities The Group’s closing cash position net of bank overdraft was £0.1 million (31 March 2018: £5.6 million). In March 2018, the Group raised £5.0 million (£4.0 million net of costs) as a result of its successful admission to AIM, with the intention of investing into new businesses in the UK and overseas and also into the core business to create a strong platform for future growth. The funds raised account for much of the cash on the balance sheet at 31 March 2018. During the year ended 31 March 2019, the Group invested £2.3 million into the purchase of intangible fixed assets (2018: £0.9 million), settled the initial cash consideration due on the acquisition of DQM in the amount of £3.5 million (£2.5 million of which was allocated to intangible assets acquired) and invested £0.2 million (2018: £0.4 million) into the purchase of tangible fixed assets. To fund the business acquisitions, in March 2019 the Group raised £5.0 million (£4.8 million net of costs) by way of a placing. The net cash outflow from operating activities of £4.7 million is from supporting the working capital cycle of new start-up businesses in the Group alongside a restructuring of the core business to focus on delivering a broader cyber security offering and provide a solid platform for sustainable future growth. The Group has banking facilities to provide adequate headroom for unforeseen working capital requirements by way of a short term bank overdraft facility and an invoice discounting facility that was inherited as part of the acquisition of DQM. In addition, the unsecured loan facility provided to the Company by Andrew Brode for the amount of £700,000 at an interest rate of 5% above the Bank of England base rate to provide additional working capital has been extended by one year and will be available to the Company until at least 31 December 2020 and shall automatically renew for a further 12 months unless terminated by either party. As Mr Brode is a Director of the Company, the loan is deemed to be a related party transaction pursuant to rule 13 of the AIM Rules for Companies. The Board of GRC International, excluding Mr Brode, having consulted with Grant Thornton as the Company’s Nominated Advisor, considers the terms of this transaction to be fair and reasonable so far as the Company’s shareholders are concerned. Going concern The Group’s forecasts assume revenue growth into 2020 and beyond, and the cost base of the Group is based on this assumption. However, there is an inherent level of uncertainty associated with timing and quantum of revenue forecasting due to the rapidly changing environment, which may impact the Group’s ability to generate sufficient positive cash flow if revenue falls below the Board’s expectations and if it were not possible to reduce costs in line with this. However, the Group’s cost base is flexible and can be scaled to reflect market demand. The Group has certain non-operating cash requirements. The most significant of these is the deferred consideration due to the vendors (and existing management team) of DQM that was acquired by the Group at the end of the financial year, as announced on 11 February 2019. Under the sale and purchase agreement (the ’Agreement“), further consideration (’Deferred Consideration“) is due to the vendors of DQM based on the financial statements for the financial year ended 28 February 2019 (’Earn-out Accounts“). DQM’s financial performance was better than originally expected and the final amount of Deferred Consideration is consequently expected to be in the region of £3.7 million, slightly ahead of the top range of the £2.5 – £3.5 million announced on 11 February 2019. Under the Agreement, the Deferred Consideration is intended to be satisfied through cash expected to be in the region of £2.2 million (as to 60% of the Deferred Consideration) and the issue of Ordinary Shares (as to 40% of the Deferred Consideration and based on an issue price per Ordinary Share of 116.5 pence) within five business days of completion of the audit of DQM’s Earn-out Accounts. In advance of the Deferred Consideration falling due, the Group is presently holding constructive discussions with the vendors of DQM, who are mainly Group employees, about the settlement of that balance. In order to settle the Deferred Consideration, the Group is considering a range of options which includes, but is not limited to, adjusting the balance of consideration between cash and shares and exploring the feasibility of a payment schedule in order to enable the Group to satisfy the cash element of the Deferred Consideration that will fall due within 12 months of the balance sheet date. The Group is also considering different potential funding options, including but not limited to debt and equity, from existing and other potential investors, along with the possible sale of DQM. If this cannot be concluded in a satisfactory manner, the Parent Company would need to raise additional funding, with no guarantee that such funding would be secured. Although no agreement has yet been reached, the Board believes that it is in the interests of all parties to agree a deal that maintains the strength of the Group balance sheet and the Group’s ability to trade. However, the Directors’ ability to renegotiate the Deferred Consideration on terms satisfactory to the Group, or otherwise fund the liability for the Deferred Consideration, cannot be predicted with certainty. In light of the above, the Directors have identified a material uncertainty that may cause significant doubt over the Group’s ability to continue as a going concern for the foreseeable future and reference to this material uncertainty is made in the Auditor’s report to the audited financial statements on page 38. The financial statements do not include the adjustments that would result if the Group was unable to continue as a going concern. Capital structure The issued share capital at 31 March 2019 was 64,484,172 ordinary shares of £0.001 each. During the year, GRC International Group plc issued 5,000,000 placing shares and 2,021,232 consideration shares in connection with the acquisition of DQM Group. There were no share options granted in the year to 31 March 2019, and the total number of unexercised share options at 31 March 2019 was 2,460,680 (31 March 2018: 2,348,920). Risks and uncertainties The Board continuously assesses and monitors the key risks of the business. The key risks that could affect the Group’s performance, and the factors which mitigate these risks, are set on pages 18 to 19. The one exception being an additional point regarding liquidity risk and the Group’s recognition of the need to regularly review and monitor the Group’s financing. Further information is provided above under “Cash flow, cash and facilities”. Chris Hartshorne Finance Director GRC International Group plc Annual Report and Accounts 2019 17 Financial StatementsCorporate GovernanceStrategic Report Risk Management Our principal risks and uncertainties The Group is exposed to a number of potential risks which may have a material effect on our reputation, financial or operational performance. The Board is aware that the nature and scope of risks can evolve and that there may be further risks to which GRC International is exposed. While this list is not intended to be exhaustive, the Directors consider the below to be the principal risks and uncertainties faced by the Group. The Board has overall responsibility for risk management and internal control and is fully supported by the Audit Committee. Risk i c m o n o c E t n e m n o r i v n e t n e m n o r i v n e g n i t a r e p O d n a n o i t a l s i g e L n o i t a u g e r l Mitigation Our operations are affected by overall economic conditions in its key geographic markets. The Group could be affected by unforeseen events outside of its control including: • Economic and political events, such as Brexit • Inflation or deflation • Currency exchange fluctuation While the increasing geographic diversity of GRC provides some mitigation from individual country economic fluctuations, we continue to review and monitor our economic environment and will continue to consult widely to better understand any economic uncertainty and associated impacts. GRC operates on a basis of natural hedging to help minimise exposure to this risk. Competition: The Company’s current competitors, or new entrants to the market, particularly the data protection and cyber security market, might bring superior technologies, products or services to the market, or equivalent products or services at a lower price which may have an adverse effect on the Company’s business. Customers: Loss of key customers has the potential to materially impact Group revenue. Compliance environment: Customer activity is to a significant extent driven by their fear of a data or cyber security breach and the regulatory and commercial consequences thereof. A reduction in external compliance pressure on the Company’s clients may have an adverse effect on the Company’s business. Suppliers: We have a strategic relationship with Xanthos Ltd, a key supplier of digital marketing and website services, and a related party. If Xanthos Ltd were to withdraw provision of these services, it may have an adverse impact on the business, results of operations and financial condition of the Group. The markets in which the Group operates are subject to legal and regulatory changes and the emergence of new industry standards. To compete successfully, the Group will need to continue to improve its products and services, and to develop and market new products and services that keep pace with changes in legislation, regulation and commercial practices. We believe that the best way to mitigate this risk is to continue to deliver and maintain high-quality products and services to our customers. We continually review and monitor competitive activity in all our markets to ensure GRC remains innovative, competitive and attractive in the markets in which we operate. In addition to the above, we seek to balance our exposure to customer dependency across all our geographic markets. We monitor customer demand and, in the event of a reduction in demand, would take steps to reduce delivery capacity and overhead. We maintain a close-working and contractual relationship with key suppliers and endeavour to limit those services for which we have a single point of failure. We monitor developments and proposed changes in Government policies, legislation, regulation and other factors that may impact our business and our customers’ businesses. Our strategy is kept under close review to ensure we respond to any such impact. We have well-developed IT systems, operational controls, comprehensive training and a rigorous compliance monitoring programme in order to maintain adherence to legislation. 18 GRC International Group plc Annual Report and Accounts 2019 Risk n o i s n a p x e l a n o i t a n r e t n I l i a c n h c e t d n a m e t s y S The continued expansion of the Group into new countries brings associated risks. With a number of offices located outside the UK, there is a risk that the Group’s growth overseas may result in a reduction in the quality of control and oversight provided by senior management. Factors such as different time zones, languages, regulatory regimes and working cultures may all reduce the efficacy of the oversight provided by senior management. The financial performance of the Group may be impacted by changes to taxation regulation and the repatriation of profits, as the UK begins to leave the EU. Mitigation The Board and senior management review international activity on a regular basis and consider both strategic and operational issues that may impact performance. The Board has full oversight of UK and overseas operations through regular management meetings both remotely and in person. The nature of the Group’s business means that it is exposed to a number or risks associated with information technology which have the potential to cause a significant impact on operational performance, Company reputation and financial performance. These risks include: We manage this risk in a number of ways, including external certification to international security standards, such as ISO/IEC 27001 and UK standards such as Cyber Essentials Plus. Our GDPR compliance management system is externally audited to comply with BS 10012. • Cyber security breach • Data breach • Reliance on key systems, including defects in software A business continuity plan is in place to minimise the impact to the business should IT systems fail. The internal IT team assesses risks associated with potential cyber threats on a regular basis and uses antivirus software, amongst other controls, to protect the integrity of systems. We also undertake regular penetration testing to assess infrastructure and data security. In the event that an IT incident does occur, back-up facilities are in place to ensure business interruptions are minimised and internal and customer data is protected from corruption or unauthorised access. GRC also has cyber insurance appropriate to its risk profile. We continue to invest in cyber security measures, tools and infrastructure, as well as seeking to develop and upgrade systems in line with the Group’s plans for significant expansion. The Company’s future will be greatly influenced by the continued services and performance of its Directors and senior management. Furthermore, failure to recruit and retain skilled personnel at all levels across the business could also have an adverse impact. l e p o e P GRC takes pride in creating a positive and exciting workplace environment, through training, engagement, rewards and values. The Remuneration Committee seeks to ensure that rewards correspond with performance and retention. Keyman insurance has been put in place in respect of the Chief Executive Officer Alan Calder for £750,000. s e i t i l i c a f k n a B y t i d u q i i l d n a With a strategy for the Group of significant growth, including further international expansion, the Board recognises the importance of regular review and monitoring of the Group’s financing. The Group maintains regular and transparent dialogue with its facility lenders to ensure it is aware of developments in the business and reviews the level of facilities required with it based on Group’s forecasts. The Group maintains a short term bank overdraft facility and has an unsecured loan facility provided by Andrew Brode to provide additional working capital. The Group only has a limited forward order book for its services, creating unpredictability in revenues and cash hence impacting on the level of liquidity. Further details are included on page 17 of this Annual Report and in note 1 of the financial statements. The Board receives weekly and monthly information to enable it to consider the Group’s short and medium-term performance. If performance is not in line with forecast, the Group has a number of mitigating actions that could be implemented. GRC International Group plc Annual Report and Accounts 2019 19 Financial StatementsCorporate GovernanceStrategic Report Key Performance Indicators Billings Billings equate to the total value of invoices raised and cash sales through Group websites. This figure does not take account of accrued or deferred income adjustments that are required to comply with accounting standards or revenue recognition. Average FTE headcount While the number of full-time equivalent (“FTE“) employees is not a KPI in itself, the increase does demonstrate the scale of the Group’s growth over the course of the financial year. Monthly billings divided by FTE employees This is an internal target given to the Group’s sales and marketing teams. 20 GRC International Group plc Annual Report and Accounts 2019 Total billings £15,833,388 (3)% (£000s) 20,000 15,000 10,000 7,412 5,000 4,932 16,260 15,833 0 2016 2017 2018 2019 Average FTE headcount 270 53% FTE as at 31 March 2019: 184 FTE as at 31 March 2018: 250 300 250 200 150 100 50 0 270 177 74 56 2016 2017 2018 2019 Billings per FTE £4,881 (35)% (£) 10,000 8,000 7,340 8,250 7,465 6,000 4,000 2,000 0 4,881 2016 2017 2018 2019 Website visits The Group invests significant funds into digital marketing in order to maintain our dominance of certain web search term results. There is a distinct correlation between website visits and sales, however, we remain careful to use the term “correlation” rather than “causation”. Website revenue This equates to debit and credit card sales via the website that turn into cash immediately. This is an important KPI as it is a key driver of the Group’s working capital. Furthermore, the Group refers to website sales trends to estimate the returns generated through digital marketing campaigns and, therefore, how to prioritise these accordingly. The Strategic Report was approved by the Board of Directors and signed on its behalf Alan Calder Director 25 September 2019 Website visits 4,902,488 +58% (000s) 5,000 4,000 3,000 2,000 1,000 0 4,902 3,107 1,173 1,403 2016 2017 2018 2019 Website revenue £3,374,256 (28)% (£000s) 5,000 4,000 3,000 2,000 4,683 3,374 1,000 751 1,333 0 2016 2017 2018 2019 GRC International Group plc Annual Report and Accounts 2019 21 Financial StatementsCorporate GovernanceStrategic Report Corporate Governance Statement Andrew Brode Non-Executive Chairman 22 GRC International Group plc Annual Report and Accounts 2019 On behalf of the Board of Directors, I am pleased to introduce the Group’s Corporate Governance Statement for the year ended 31 March 2019. Introduction This statement of the report sets out GRC International Group plc’s approach to corporate governance and intends to provide information on how the Board and its Committees operate. As a Board, we take corporate governance very seriously, and I will continue to ensure that we maintain high standards throughout my tenure. As a Company whose shares are traded on the AIM market of the London Stock Exchange, GRC International has chosen to monitor and report its compliance with the Quoted Companies Alliance (“QCA”) Corporate Governance Code (“the Code”) and its Statement of Compliance with the same can be found on the Company website (https://www.grci.group/corporate-governance). Further information is provided in the table on pages 24-27. This report seeks to inform shareholders about how it complies with the QCA Code and where it departs from the QCA Code, the Board will provide an explanation of the reason(s) for doing so. The role of the Board The Board is collectively responsible for GRC International’s performance and creating value for shareholders. The Board meets as often as required to effectively conduct its business. The Board is responsible for overseeing the management of the Group and approving the strategic direction of GRC International. Composition of the Board and meetings The QCA Code states that a company should have at least two independent Non-Executive Directors. The Board comprises six Directors; four Executive Directors and two independent Non Executive Directors, reflecting a blend of different experiences and backgrounds, as set out on pages 28 and 29. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board meets regularly to review, formulate and approve the Group’s strategy, budgets, corporate actions and oversee the Group’s progress towards its goals. The Company will continue to appraise the structure of the Board on an ongoing basis. Nomination Committee No nomination committee has been established. Instead, decision- making on matters of nomination and succession will be retained with the Board as a whole. This approach is considered appropriate considering the small size of the Board and is believed to enable all Board members to take an active involvement in the consideration of Board candidates and to support the Chair in matters of nomination and succession. Board effectiveness In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The evaluation for the year ended 31 March 2019 was conducted on 19 July 2019 and was carried out by the Board, led by the Chairman. In addition to the annual evaluation exercise, there remains an ongoing dialogue within the Board to ensure that it operates effectively and that any matters raised are addressed in a timely manner. The Board maintains strong relationships with external advisers and has access to advice as required. The performance of the Executive Directors is reviewed annually by the Remuneration Committee in conjunction with their annual pay review and the payment of bonuses. The Corporate Governance Statement was approved by the Board of Directors and signed on its behalf. Andrew Brode Non-Executive Chairman 25 September 2019 The table below sets out the Directors’ attendance at scheduled Board meetings during the period ended 31 March 2019, against the number of meetings each Board member was eligible to attend: Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Neil Acworth Ric Piper 8/8 8/8 8/8 7/8 8/8 8/8 At each Board meeting, the Directors follow a formal agenda, which is circulated in advance by the Company Secretary. Board Committees The Board has delegated specific responsibilities to the Audit Committee and the Remuneration Committee, details of which are set out below. Each Committee has written Terms of Reference setting out its duties, authorities and reporting responsibilities which can be obtained from the Company Secretary on application via https://www.grci.group/contact. Audit Committee The Audit Committee has the responsibility of reviewing and reporting to the Board on the Group’s financial reporting, internal control and risk management systems, the independence and effectiveness of the external auditor and the effectiveness of the Internal Audit function. The Audit Committee meets no less than three times in each financial year and has unrestricted access to the Group’s external auditor. The members of the Audit Committee comprise two Non-Executive Directors: Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Audit Committee Report on pages 30 to 32. Remuneration Committee The Remuneration Committee reviews the performance of the Executive Directors, Chairman of the Board and senior management of the Group and makes recommendations to the Board on matters relating to their remuneration and terms of service. The Remuneration Committee also makes recommendations to the Board on proposals for the granting of share options and other equity incentives pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Remuneration Committee meets as and when necessary, but at least twice each year. In exercising this role, the Directors have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. The members of the Remuneration Committee include two Non-Executive Directors. The Remuneration Committee will comprise Ric Piper (as Chairman) and Andrew Brode. More information about this Board Committee can be found in the Remuneration Committee Report on pages 33 to 35. GRC International Group plc Annual Report and Accounts 2019 23 Financial StatementsCorporate GovernanceStrategic Report Application of the QCA Code The QCA Code sets out ten principles which should be applied by companies which have adopted it as their corporate governance code. These are listed below, together with a short explanation of how the Company applies them. Governance principle Compliant Explanation Establish a strategy and business model which promote long-term value for shareholders. Yes The Board is committed to delivering long-term value for GRC International’s shareholders. The Group’s business model and strategy is explained fully within the Strategic Report on pages 12 to 14. Seek to understand and meet shareholder needs and expectations. Yes Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 18 to 19. The Board attaches great importance to communication with all of GRC International’s shareholders. We encourage all our shareholders to attend our AGM, which provides a forum and time for shareholders’ questions and open discussions. Furthermore, feedback from investors is obtained through direct interaction with the Chief Executive Officer and Finance Director at meetings following its interim full-year results, and certain other ad-hoc meetings that take place during the year. There is a regular dialogue with shareholders through the medium of the Company’s corporate broker, Dowgate Capital Ltd. The voting record at the Company’s general meetings is monitored and we are pleased that all resolutions proposed so far have been passed by shareholders (with a great majority being passed by 100% of attending votes). Take into account wider stakeholder and social responsibilities and their implications for long-term success Yes As an international Company, GRC International places significant importance on understanding and respecting different cultural and social values within the international realm in which it operates. The Group has adopted policies to encourage an open and transparent corporate culture, including policies addressing anti-slavery, anti-bribery and whistleblowing. We continue to adopt new policies and monitor existing policies on an ongoing basis. 24 GRC International Group plc Annual Report and Accounts 2019 Governance principle Compliant Explanation Embed effective risk management, considering both opportunities and threats, throughout the organisation. Yes The Board is responsible for ensuring the Group has an effective and sound system of internal controls, designed to manage risk, ensure the achievement business objectives and provide reasonable assurance against material misstatements and loss. The Board, with the advice of the Audit Committee, has reviewed the effectiveness of the systems of internal control for the year to 31 March 2019. The board receives a comprehensive monthly and quarterly suite of reports which covers: • Financial performance against budget and prior year at a Group and entity level; • Balance sheets; and • Cash flows; The board also reviews and sets the budget for the year and all capital expenditure of any materiality. In addition to these financial controls the board receives regularly a pack of Key Performance Indicators which highlight but not limited to: • Website Visitor Volume • Total Pipeline • Total Opportunities • Total Billings • Total FTE’s • Billings per FTE • EBITDA per FTE • Gross Payroll • Gross Payroll : Total Billings • Billings by Region • Billings of Top 25 Customers • Revenue by Class • Revenue by Customer Type The above reporting formats, taken together with the close involvement of the executive operational directors and senior management in the day to day activities of the company, produce what is, in the board’s view, an appropriate control environment. The board however acknowledges that, as risks change and the group gains in size, controls must change to reflect the changed operational characteristics of the group. The Group does not consider it necessary to have a separate financial internal audit function due to the Group’s size and its centralised administrative function but keeps this need under review. The Company receives regular feedback from its external auditors on the effectiveness of its internal controls and aims to implement any improvements identified. The Group also operates a Management Systems Internal Audit function which covers numerous aspects of the business including the finance function. Details of the principal risks and uncertainties which the Board considers to be associated with the Group’s activities, together with the mitigating actions which are being pursued in relation to them, are set out on pages 18 to 19. GRC International Group plc Annual Report and Accounts 2019 25 Financial StatementsCorporate GovernanceStrategic Report Application of the QCA Code continued Governance principle Compliant Explanation The Board is responsible for taking all major strategic decisions and also addressing any significant operational matters. In addition, the Board reviews the risk profile of the Group and ensures that an adequate system of internal control is in place. The Board has a formal schedule of matters reserved for its approval and is supported by the Audit and Remuneration Committees. All Directors are required to devote sufficient time to carry out their role. The Board believes that the current composition of the Board brings a desirable range of skills and experience in light of the Company’s challenges and opportunities following admission to AIM in March 2018, while simultaneously ensuring that no individual or group can dominate the Board’s decision making. The structure of the Board is designed to ensure that the Board focuses on the strategic direction of the Group, monitoring its performance, governance, risk and control issues. The Board has considered Mr Brode’s independance and, not withstanding his shareholding in the Company and his position as a debt provider, the Board considers that Mr Brode is of independant mind in regards to his inetractions with the Company. The composition and experience of the Board is shown on pages 28 to 29 of the Annual Report. The GRCI Board have, in their opinion, an appropriate balance of sector, financial and public market skills and experience, as well as an appropriate balance of personal qualities including gender balance and capabilities to successfully execute the Group’s strategy. The Board fully supports and funds any training, formally or otherwise, that is required by any individual Board member so as to ensure that their knowledge and experience remains relevant and effective. The Directors receive briefings at Board meetings on regulatory and other issues relevant to the Group and its business sector and may attend external courses to assist in their professional development. A summary of the skills and experience of each Board member is included in their biographies on pages 28 to 29 of the Annual Report. In line with the requirements of the QCA Code, an annual evaluation process is undertaken which considers the effectiveness of the Board, its Committees and individual Directors. This review identifies areas for improvement, informs training plans for Directors and identifies areas of knowledge, expertise or diversity which should be considered in the Group’s succession plans. The process of Board evaluation is a continuous one as the Board communicate regularly as group, picking up on matters where a particular Director’s time and efforts should be focused. Both the Chairman and the CEO hold regular one-to-one conversations with other members of the Board, with the Finance Director also communicating regularly with the Chairman of the Audit Committee. The Board is considered to be operating effectively and appropriately for the size and complexity of the Group. Maintain the Board as a well-functioning, balanced team led by the Chair. Yes Ensure that between them the Directors have the necessary up-to-date experience, skills and capabilities. Yes Evaluate Board performance based on clear and relevant objectives, seeking continuous improvement. Yes 26 GRC International Group plc Annual Report and Accounts 2019 Governance principle Compliant Explanation Promote a corporate culture that is based on ethical values and behaviours. Yes Maintain governance structures and processes that are fit for purpose and support good decision-making by the Board. Yes Communicate how the Company is governed and is performing by maintaining a dialogue with shareholders and other relevant stakeholders. Yes The Board believes that the promotion of a corporate culture based on sound ethical values and behaviours is essential to creating a workplace environment that allows people to flourish and this will contribute to enhancing shareholder value. Each Director places great importance on demonstrating ethical behaviours, both during the decision-making process, and in the implementation and communication of strategic decisions. Senior managers are also encouraged to lead by example in the promotion of ethical values and behaviours. So far as possible, we ensure that these values are visible through our recruitment process, internal communications and management style, corporate reports and external announcements. Our values are set out on page 5. The Board meets regularly throughout the year to consider strategy, performance and the framework of internal controls. A scheduled meeting calendar is arranged as far in advance as possible, and ad-hoc meetings are held in person or by telephone when it is necessary for the Board to discuss specific issues. To enable the Board to discharge its duties, the Directors receive appropriate and timely information. A formal agenda and briefing papers are distributed to the Directors in advance of each Board meeting. The Directors have access to the advice and services of the Finance Director and Company Secretary, who is responsible for ensuring that the Board procedures are followed, and that applicable rules and regulations are complied with. The Board reviews its governance structures regularly to ensure they are fit for purpose and will carry out a review of the terms of the Audit and Remuneration Committees during financial year 2020. Further details on our governance structure and the role of our Board Committees are set out on pages 22 to 23. The Board attaches great importance to communication with shareholders. Regular communication is maintained with our shareholders primarily through: • our Annual General Meeting; • our website (www.grci.group/); • meetings and conversations between the Chief Executive Officer and shareholders, both on an ad-hoc basis, and following publication of the interim and final results; and • Company announcements. Our Group website (www.grci.group/) sets out details of the Group and its activities, regulatory announcements and Company press releases, Annual Reports, half-year reports, notices of general meetings and information required by the AIM Rules for companies and the QCA Code. The “Investors“section of the Group website includes a dedicated “Corporate Governance” section, where our annual Corporate Governance Statements can be found (www.grci.group/corporate-governance). GRC International Group plc Annual Report and Accounts 2019 27 Financial StatementsCorporate GovernanceStrategic Report Board of Directors Bringing a broad range of skills and a depth of experience The existing Directors of GRC International Group plc are listed below. The Directors’ Report on page 36 sets out details of the Directors who served during the year ended 31 March 2019. The Board is committed to maintaining high standards of corporate governance. The Company has adopted policies and procedures which reflect the principles of the QCA’s Corporate Governance Guidelines for Smaller Quoted Companies (“QCA Code“) as are appropriate to a Company whose shares are admitted to trading on AIM. Andrew Stephen Brode Non-Executive Chairman Alan Philip Calder Chief Executive Officer Christopher John Hartshorne, FCCA Finance Director Appointment to the Board November 2012 April 2002 April 2017 April 2008 April 2017 February 2018 As CEO and founder of IT Governance Ltd, Alan leads the senior team and is responsible for delivering GRC International plc’s strategy. Chris joined the Group in April 2017 as Finance Director. Prior to this, Chris qualified as a Chartered Certified Accountant with Deloitte in 2007 and subsequently worked for PwC. In 2015, Chris joined MM (UK) Limited as Financial Controller before leaving to take up his position with GRC International. Prior to founding IT Governance Ltd in 2002, Alan held a number of roles including the position of CEO of Business Link London City Partners, CEO of Focus Central London, CEO of Wide Learning, the Outsourced Training Company and was Chairman of CEME. Alan graduated from the University of Witwatersrand in 1978 before moving to the UK. Alan has written a number of books about IT management including the definitive compliance guide “IT Governance: An International Guide to Data Security and ISO27001/ISO27002” (co-written with Steve Watkins), which is in its sixth edition and is the basis for the UK Open University’s postgraduate course on information security and “IT Governance – Guidelines for Directors”. With his significant executive experience and expertise in the field of IT governance, risk management and compliance, Alan is well placed to lead the senior team of GRC International plc effectively. Steve joined the Group as a Director in 2008 and In his role as Chief Technology Officer and Chief Ric has over 40 years of experience as a Chartered is responsible for managing a number of key Information Officer, Neil is responsible for the Accountant, including a number of senior finance customers and for technical issues of the Group. Group’s information technology systems including roles at ICI, Citicorp and Logica. He was also its websites and Vigilant Software Ltd, the Group’s Group Finance Director at WS Atkins plc from 1993 Steve has an impressive track record spanning software development subsidiary. 25 years, including roles at the HM Crown to 2002. Ric is a Non-Executive Director of Elektron Technology plc and advises a number of Prosecution Service Inspectorate, Focus Central Neil was appointed as a Director of IT Governance businesses in the Engineering and Technology London, Business Link London City Partners and Ltd in 2017 after originally joining IT Governance sectors. He was a Member of the Financial OCE. He has also, worked as a consultant to Ltd in 2012 as Chief Technology Officer and Reporting Review Panel for 10 years until May 2019. organisations of all sizes, across all sectors and has Chief Information Officer. Prior to this, he held authored a number of titles relating to data roles at Featurespace (as Chief Technology protection and cyber security. Officer), Cambridge Assessment, Sequel Business Solutions Limited and Close Brothers Steve’s expertise is further enhanced through his Treasury Services. role as Chairman of the UK ISO/IEC 27001 User Group and in his role as an ISMS (and IT SMS) Technical Assessor for UKAS – a role in which he assesses conformity assessment bodies offering ISO 27001 (and ISO 20000-1) accredited certification. He is also the Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security and privacy standards, and is a member of other committees responsible for risk and service management standards. • Nomination Committee member • None • None • None • None • None • Chairman of the UK ISO/IEC 27001 User Group • None • ISMS (& SMS) Technical Assessor for UKAS • Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security and privacy standards • Audit Committee Chair • Remuneration Committee Chair • Nomination Committee member • Partner at Restoration Partners • Senior NED at Elektron Technology plc Key skills and experience In 2012, Andrew acquired an initial shareholding in IT Governance Ltd before later joining the Board as a Non-Executive Director in November 2012. In 2014, Andrew subscribed for further shares in IT Governance Ltd, increasing his shareholding to 22% (of the issued share capital of the Company prior to Admission). Andrew was appointed Non-Executive Chairman of the Company in February 2018. As well as being a Chartered Accountant, Andrew has gained significant leadership experience on the boards of several listed companies. He was Chief Executive of Wolters Kluwer (UK) plc between 1978 and 1990 and Andrew is currently Chairman of RWS Holdings plc and Learning Technologies Group plc. These roles together with his extensive executive experience, ensure he is well placed to lead the Board of GRC International plc effectively. Board Committee membership • Nomination Committee Chair • Audit Committee member • Remuneration Committee member Principal external appointments • Chairman of RWS Holdings plc • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private equity backed media companies 28 GRC International Group plc Annual Report and Accounts 2019 Appointment to the Board Key skills and experience In 2012, Andrew acquired an initial shareholding in As CEO and founder of IT Governance Ltd, Chris joined the Group in April 2017 IT Governance Ltd before later joining the Board Alan leads the senior team and is responsible for as Finance Director. as a Non-Executive Director in November 2012. delivering GRC International plc’s strategy. In 2014, Andrew subscribed for further shares in Prior to this, Chris qualified as a Chartered IT Governance Ltd, increasing his shareholding to Prior to founding IT Governance Ltd in 2002, Certified Accountant with Deloitte 22% (of the issued share capital of the Company Alan held a number of roles including the position in 2007 and subsequently worked for PwC. prior to Admission). Andrew was appointed of CEO of Business Link London City Partners, In 2015, Chris joined MM (UK) Limited as Financial Non-Executive Chairman of the Company in CEO of Focus Central London, CEO of Wide Controller before leaving to take up his position February 2018. Learning, the Outsourced Training Company and with GRC International. was Chairman of CEME. As well as being a Chartered Accountant, Andrew has gained significant leadership experience on Alan graduated from the University of the boards of several listed companies. He was Witwatersrand in 1978 before moving to the UK. Chief Executive of Wolters Kluwer (UK) plc Alan has written a number of books about IT between 1978 and 1990 and Andrew is currently management including the definitive compliance Chairman of RWS Holdings plc and Learning guide “IT Governance: An International Guide to Technologies Group plc. These roles together with Data Security and ISO27001/ISO27002” (co-written his extensive executive experience, ensure he is with Steve Watkins), which is in its sixth edition well placed to lead the Board of GRC International and is the basis for the UK Open University’s plc effectively. postgraduate course on information security and “IT Governance – Guidelines for Directors”. With his significant executive experience and expertise in the field of IT governance, risk management and compliance, Alan is well placed to lead the senior team of GRC International plc effectively. Board Committee membership • Nomination Committee Chair • Audit Committee member • Remuneration Committee member Principal external appointments • Chairman of RWS Holdings plc • Chairman of Learning Technologies Group plc • Non-Executive Director of a number of private equity backed media companies November 2012 April 2002 April 2017 April 2008 April 2017 February 2018 Stephen George Watkins Executive Director Neil Roger Acworth Chief Information Officer Richard John Piper, ACA Independent Non-Executive Director In his role as Chief Technology Officer and Chief Information Officer, Neil is responsible for the Group’s information technology systems including its websites and Vigilant Software Ltd, the Group’s software development subsidiary. Neil was appointed as a Director of IT Governance Ltd in 2017 after originally joining IT Governance Ltd in 2012 as Chief Technology Officer and Chief Information Officer. Prior to this, he held roles at Featurespace (as Chief Technology Officer), Cambridge Assessment, Sequel Business Solutions Limited and Close Brothers Treasury Services. Ric has over 40 years of experience as a Chartered Accountant, including a number of senior finance roles at ICI, Citicorp and Logica. He was also Group Finance Director at WS Atkins plc from 1993 to 2002. Ric is a Non-Executive Director of Elektron Technology plc and advises a number of businesses in the Engineering and Technology sectors. He was a Member of the Financial Reporting Review Panel for 10 years until May 2019. Steve joined the Group as a Director in 2008 and is responsible for managing a number of key customers and for technical issues of the Group. Steve has an impressive track record spanning 25 years, including roles at the HM Crown Prosecution Service Inspectorate, Focus Central London, Business Link London City Partners and OCE. He has also, worked as a consultant to organisations of all sizes, across all sectors and has authored a number of titles relating to data protection and cyber security. Steve’s expertise is further enhanced through his role as Chairman of the UK ISO/IEC 27001 User Group and in his role as an ISMS (and IT SMS) Technical Assessor for UKAS – a role in which he assesses conformity assessment bodies offering ISO 27001 (and ISO 20000-1) accredited certification. He is also the Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security and privacy standards, and is a member of other committees responsible for risk and service management standards. • Nomination Committee member • None • None • None • None • Chairman of the UK ISO/IEC 27001 User Group • ISMS (& SMS) Technical Assessor for UKAS • Chair of IST/33 which is responsible for UK contributions to ISO 27001, ISO 27002 and other cyber security and privacy standards • None • None • Audit Committee Chair • Remuneration Committee Chair • Nomination Committee member • Partner at Restoration Partners • Senior NED at Elektron Technology plc GRC International Group plc Annual Report and Accounts 2019 29 Financial StatementsCorporate GovernanceStrategic Report Audit Committee Report Ric Piper Audit Committee Chair Remuneration Committee Chair 30 GRC International Group plc Annual Report and Accounts 2019 As Chairman of the Audit Committee, I am pleased to present this report of the Audit Committee (“Committee“) for the year ended 31 March 2019. This report is intended to explain how the Committee has met its responsibilities. Save the appointment since the year end of a new independent auditor (BDO LLP) and the material uncertainty related to going concern in the Independent auditor’s report on page 38, from a “business as usual” perspective, there is nothing to bring to your specific attention. I will be available at the Annual General Meeting (“AGM“) to respond to any questions shareholders may raise on any of the Committee’s activities. Aims and objectives The Committee has responsibility for monitoring the integrity of the annual and interim financial statements and formal announcements relating to the Group’s financial performance, including advising the Board that the Annual Report is fair, balanced and understandable. It reviews significant financial reporting issues and accounting policies and disclosures in financial reports, the effectiveness of the Group’s internal control procedures and risk management systems and considers how the Group’s internal audit requirements shall be satisfied, making recommendations to the Board. It reviews the independent auditor’s audit strategy and implementation plan and its findings in relation to the Annual Report and Interim Financial Statements. The main duties of the Committee are set out in its Terms of Reference which are available from the Company Secretary on application via https://www.grci.group/contact. Committee membership, meetings and attendance Membership Throughout the year ended 31 March 2019, and since the year end to the date of this Report, the Committee comprised two Non- Executive Directors: • Ric Piper (Chairman of the Committee and independent Non- Executive Director); and • Andrew Brode (Chairman of the Board). Both Andrew Brode and Ric Piper are Chartered Accountants and the Board considers them to have recent and relevant financial experience. Further information on Mr Piper and Mr Brode can be found in the Directors’ biographies on pages 28 to 29. The Board considers that the Committee as a whole has competence relevant to the sector in which the Group operates. Meetings and attendance The Audit Committee met 3 times during the year ended 31 March 2019, including 1 meeting related to the appointment of BDO LLP as external auditor. The Chief Executive Officer and the Finance Director are also routinely invited to Committee meetings. The attendance at the Audit Committee meetings is set out in the following table: Andrew Brode Ric Piper 3/3 3/3 Since the year end, the Committee met privately with the independent auditor. Ric Piper, the Committee Chairman also met privately with the senior statutory auditor, Tim Neathercoat, outside of the Committee meetings. Operation of the Committee Each year, the Committee works to a planned programme of activities which are focused on key events in the annual financial reporting cycle and other matters that are considered in accordance with its Terms of Reference. It provides oversight and guidance to contribute to the ongoing good governance of the business, particularly by providing assurance that shareholders’ interests are being properly protected by appropriate financial management, reporting and internal controls. In addition to the appointment of the new independent auditor, the main activities of the Committee in the year ended 31 March 2019 are as follows: • Financial statements: The Committee reviewed the Annual Report. Presentations were made by management and the auditor about the key technical and judgemental matters relevant to the financial statements. • Acquisition of Data Quality Management Group Limited (“DQM“): On 1 March 2019 shareholders approved the acquisition of DQM. The Committee has reviewed the accounting for the acquisition. Further information is set out in note 29 to the financial statements. • Taxation: The Group operates under varied tax regimes. The completeness and valuation of provisions to cover the range of potential final determinations by the tax authorities of the Group’s tax positions are the subject of judgement. Further information is set out in note 7 to the financial statements. The provisions held by the Group were reviewed by management as at 31 March 2019. The Committee agreed with management’s assessment of the Group’s tax provisions. The Committee notes that the Group is committed to paying the correct amount of tax and will only undertake transactions that have a genuine commercial purpose. • Fair, balanced and understandable: The content and disclosures made in the Annual Report are subject to a verification exercise by management to ensure that no statement is misleading in the form and context in which it is included, no material facts are omitted which may make any statement of fact or opinion misleading, and implications which might be reasonably drawn from the statement are true. The Committee was satisfied that it was appropriate for the Board to approve the financial statements and that the Annual Report taken as a whole is fair, balanced and understandable such that it allows shareholders to assess the Group’s performance against the Group’s strategy and business model. • Internal financial control systems: The Committee reviewed the observations made by the independent auditor, as part of the audit process, and management’s responses and actions. The Committee was satisfied that it was appropriate for the Board to make the statements regarding internal controls included in the Corporate Governance Statement. Compliance reviews, both of financial and operational activities, were satisfactorily completed for the Group’s International Organisation for Standardisation (“ISO“) accreditations. Internal Audit is reported below. The Chairman of the Committee reported to the Board on the Committee’s activities after each meeting, identifying relevant matters requiring communication to the Board and recommendations on the steps to be taken. Significant issues related to the financial statements The Committee reviewed the key judgements applied to a number of significant issues in the preparation of the financial statements. The review included consideration of the following: Revenue recognition and recoverability of accounts receivables The Group has well-developed accounting policies for revenue recognition – see the principal accounting policies section in the financial statements. The Committee receives reports from management and from the independent auditor to ensure that the policies are complied with across the Group. The Committee considered the adoption of IFRS 15, the new revenue recognition standard, and its potential impact on the accounting methodology. In addition, it renewed and approved a detailed paper on the impact of IFRS 15. The Board also receives regular reports on the collectability of aged accounts receivables, accrued income and deferred income. On the basis of these reports, the Committee concluded that it was content with the judgements that had been made. Intangibles: accounting As set out in intangibles accounting policy to the financial statements, the Group has significant amortised intangibles. As at 31 March 2019, the Committee agreed the management’s recommendation on capitalisation (including the accounting for the acquisition of DQM) and that no impairment charge was required. Intangibles impairment assessments (including assumptions about future performance) are carried out at least annually by management and reviewed by the Board and the Committee. Going concern The Group continues to prepare its financial statements on a going concern basis, as set out in the accounting policies to the financial statements on page 47. Management produces working capital forecasts on a regular basis. The forecasts are reviewed by the Board, particularly ahead of the publication of interim and annual results. Having reviewed the forecasts as at the date of this report, the Committee concluded that it was appropriate for the Group to continue to prepare its financial statements on a going concern basis. Shareholder attention is drawn to the material uncertainty related to going concern in the Independent auditor’s report on page 38. This year, the Committee also considered several other matters, including the accounting for and disclosure of exceptional items (see the principal accounting policies section in the financial statements) and accounting for share-based payments. Shareholders’ attention is drawn to the sections titled “Responsibilities of Directors” and “Auditor’s responsibilities for the audit of the financial statements”in the Independent Auditor’s Report on page 42, about specific areas as reported by the independent auditor in order to provide its opinion on the Financial Statements as a whole. GRC International Group plc Annual Report and Accounts 2019 31 Financial StatementsCorporate GovernanceStrategic Report The Committee regulates the appointment of former employees of the independent auditor to positions in the Group. The independent external auditor also operates procedures designed to safeguard its objectivity and independence. These include the periodic rotation of the senior statutory auditor, use of independent concurring partners, use of a technical review panel (where appropriate) and annual independence confirmations by all staff. The independent auditor reports to the Committee on matters including independence and non-audit work, on an annual basis. Risk management and internal control The Group holds weekly Executive Directors’ meetings to discuss all business matters which includes risks and risk mitigation. Depending on the nature of the risk, it is escalated to the Committee and/or Board meetings for review. The Group’s principal risks and uncertainties and the Board’s approach to mitigation are set out on pages 18 and 19 of the Annual Report. Internal audit During the year, the internal audit function reported to the Committee. There are no matters to report to shareholders. The Board is satisfied that there are no significant weaknesses in these systems and that the Group’s internal controls are operating effectively. Evaluation of the Committee There are no matters to report to shareholders. Approval This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Audit Committee Audit Committee Report continued Independent auditor The appointment of the independent auditor is approved by shareholders annually. The independent auditor’s audit of the financial statements is conducted in accordance with International Standards on Auditing (UK and Ireland) (“ISAs“), issued by the Auditing Practices Board. There are no contractual obligations that act to restrict the Committee’s choice of external auditor. Subsequent to the Annual General Meeting at which shareholders approved the re-appointment of Deloitte LLP as the Group’s independent auditor, and as requested by the Board, the Committee considered the appointment of a new independent auditor for the year ended 31 March 2019. The Board accepted the Committee’s recommendation that BDO LLP be appointed as the Group’s independent auditor, with Tim Neathercoat as the senior statutory auditor. This year, having considered the effectiveness and performance of the independent auditor, the Committee has recommended to the Board the appointment of BDO LLP as independent auditor of the Company for the next financial year. Services, independence and fees The independent auditor provides the following: • A report to the Committee giving an overview of the results and judgements and observations on the control environment. • An opinion on the truth and fairness of the Group financial statements. The Committee monitors the cost effectiveness of audit and any non-audit work performed by the independent auditor and also considers the potential impact, if any, of this work on independence. It recognises that certain work of a non-audit nature may be best undertaken by the independent auditor as a result of its unique position and knowledge of key areas of the Company. Approval is required, prior to the independent auditor commencing any material non-audit work, in accordance with a Group policy approved by the Committee. Certain work, such as providing bookkeeping services and taxation planning advice, is prohibited. The Committee requires that non-audit fees do not have any material negative impact on BDO’s independence. Further, the Committee seeks positive evidence of the independence of the independent auditor through its challenge to management. The Committee regularly reviews all fees for non-audit work paid to the independent auditor. There were no fees from BDO LLP for non-audit work in the year ended 31 March 2019. The Committee will continue to keep the area of non-audit work under close review, particularly in the context of developing best practice on auditor’s independence. 32 GRC International Group plc Annual Report and Accounts 2019 Remuneration Committee Report On behalf of the Board, I am pleased to present the Directors’ Remuneration Report for the year ended 31 March 2019. This report is intended to explain how the Remuneration Committee (the “Committee”) has met its responsibilities. Whilst there is no requirement for companies quoted on AIM to produce a formal Remuneration Report, the Committee prepares this Remuneration Report for information purposes in order to give shareholders, and other users of the financial statements, greater transparency about the way in which the Directors of GRC International Group plc are remunerated. Committee membership, meetings and attendance Membership The Committee comprises two Non-Executive Directors: • Ric Piper (Chairman of the Committee and independent Non-Executive Director); and • Andrew Brode (Chairman of the Board). This report sets out the remuneration paid to the Directors for the year ended 31 March 2019 and sets out the remuneration policy for the forthcoming financial year and beyond. The Chief Executive Officer and the Finance Director only attend meetings by invitation from the Committee, but may not be present when their own remuneration is being discussed. We value the views of our shareholders and guidance issued by investor bodies. As Chair of the Committee, I will be available at the AGM to respond to any questions shareholders may raise on any of the Committee’s activities. Meetings and attendance The Remuneration Committee met 2 times during the year ended 31 March 2019. The attendance at the Remuneration Committee meetings is set out in the following table. Aims and objectives The Committee has responsibility for determining the overall remuneration policies and practices within GRC International Group plc, taking into account applicable laws, regulations and the principles of good governance. In particular, the Committee is responsible for: • Setting the remuneration policy for all Executive Directors. • Approving their remuneration packages. • Reviewing the ongoing appropriateness and relevance of the remuneration policy. • Reviewing and approving the overall remuneration spend (fixed and variable) to ensure that evidence exists to demonstrate that awards have been adjusted where appropriate for risk and will not limit the ability to strengthen the capital base. • Approving the design of, and determining targets for, all performance-related incentive plans operated by the Group and approving the total annual payments made under such plans. • Reviewing the design of all share incentive plans for approval by the Board and shareholders. For plans such as these, the Committee will make recommendations to the Board on proposals for the granting of share options, and other equity incentives, pursuant to any employee share option scheme or equity incentive plans in operation from time to time. The Committee’s Terms of Reference can be obtained from the Company Secretary on application via https://www.grci.group/contact. In exercising their roles, the Directors shall have regard to the recommendations put forward in the QCA Code and, where appropriate, the QCA Remuneration Committee Guide and associated guidance. Andrew Brode Ric Piper 2/2 2/2 Meetings since the year end have focused on determining the annual bonus scheme for the Executive Directors for the year to 31 March 2020 and initial consideration of long-term incentive arrangements. Remuneration policy objectives The main objective of the Committee is to ensure that the Company’s policy: • Attracts, motivates and retains executives in order to deliver the Group’s strategic goals and business outputs. • Encourages and supports a high-performance sales and service culture. • Adheres to the principles of good corporate governance and appropriate risk management. • Aligns executives with the interests of shareholders and other key stakeholders. We remain committed to a remuneration policy that rewards high individual performance to drive strong results. Basic salary The basic salaries of the Group’s Executive Directors will be reviewed on an annual basis. The Committee seeks to establish a basic salary for each position commensurate with the individual’s responsibilities and performance, taking into account comparable salaries for similar companies of a similar size in the same market. GRC International Group plc Annual Report and Accounts 2019 33 Financial StatementsCorporate GovernanceStrategic Report Remuneration Committee Report continued Directors’ remuneration The remuneration of each of the Directors during the year ended 31 March 2019 has been audited as part of the financial statements and is set out in detail below: Directors remuneration for the year ended 31 March 2019 £000s Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Neil Acworth Ric Piper Directors remuneration for the year ended 31 March 2018 £000s Andrew Brode Alan Calder Christopher Hartshorne Stephen Watkins Neil Acworth Ric Piper – appointed 12 February 2018 Salary and fees All taxable benefits Annual bonuses Pension – 220 105 115 110 35 – – – – – – – – – – – – – 33 1 1 1 – Salary and fees All taxable benefits Annual bonuses Pension – 220 75 105 100 3 – – – – – – – 55 20 27 26 – – 33 – – – – Total for the year ended 31 March 2019 – 253 106 116 111 35 Total for the year ended 31 March 2018 – 308 95 132 126 3 The Executive Directors have entered into a service agreement with the Company. Each Director’s appointment will be terminable on six months’ notice given by either party and summarily by the Company in certain limited circumstances. Each Director has given certain non-compete and non-solicitation undertakings which will apply during his engagement and in respect of the period of 12 months post termination. Following admission, further options, in addition to those referred to above, were limited to a further 10% of the nominal value of the shares in issue at 6:00 p.m. (London time) on the date which is three business days following Admission. Options granted following Admission are subject to standard performance conditions, as determined and recommended by the Remuneration Committee in accordance with the plan rules. Share-based incentive schemes In order to align the interests of shareholders and employees following admission, the Company adopted a new employee share option scheme, as further detailed in the Group’s AIM admission document which is available on the Group’s website at https://www.grci.group/investors. Share options held at 31 March 2019 are set out below: Steve Watkins Neil Acworth Chris Hartshorne Exercise price (pence per share) Total exercise value Shares 1,680,000 353,920 315,000 0.31429 12.71474 42.85714 £5,280 £45,000 £135,000 Options held by Steve Watkins and Neil Acworth had fully vested and were exercisable from the date of admission to AIM, being a direct replacement of already vested options previously held. In the case of Chris Hartshorne, 50% of the options vested and became exercisable from the date of admission to AIM. The remaining 50% had not vested at the year end. Directors’ share interests are set out below: Alan Calder Calder family (including Alan’s shares above) Andrew Brode Steve Watkins Neil Acworth Ric Piper Chris Hartshorne 27,957,311 shares (43.36%) 29,184,068 shares (45.26%) 11,279,800 shares (17.49%) 3,645,543 shares (5.65%) 1,130,080 shares (1.75%) 50,000 shares (0.08%) 11,760 shares (0.02%) On 10 April 2019, ITG Pension Fund, a self-invested personal pension scheme for the benefit of Alan Calder and his wife, purchased 3,500 ordinary shares. Other benefits Depending on the exact terms of each individual Executive Director’s service contract with GRC International Group plc, they are entitled to a range of benefits including contributions to pension schemes. 34 GRC International Group plc Annual Report and Accounts 2019 Non-Executive Directors The Group has two Non-Executive Directors: Andrew Brode, the Chairman and Ric Piper. Both Non-Executive Directors have letters of appointment, initially for a three-year period, to be reviewed annually thereafter. The Non-Executive Directors’ letters of appointment do not provide specifically for any termination payments, although the Group might make payments in lieu of notice. Non-Executive Director fees are determined by the Executive Directors, having regard to the requirement to attract high calibre individuals with the right experience, the time requirements and the responsibilities incumbent on an individual acting as a Non-Executive Director for a company, such as GRC International Group plc, admitted to trading on AIM. The Non-Executive Directors are not eligible for annual discretionary bonuses and do not participate in the Group’s long-term incentive plans. At his request, the Chairman does not receive a Director’s fee or other remuneration. Ric Piper receives an annual salary of £35,000, paid monthly in arrears. Evaluation of the Committee There is nothing to report to shareholders. Approval This report was approved by the Committee, on behalf of the Board, and signed on its behalf by: Ric Piper Chair of the Remuneration Committee GRC International Group plc Annual Report and Accounts 2019 35 Financial StatementsCorporate GovernanceStrategic Report Directors’ Report The Directors present their annual report on the affairs of the Group, together with the financial statements and Auditor’s Report, for the year ended 31 March 2019. The Corporate Governance Statement set out on pages 22 and 23 forms part of this report. There have been no significant events since the balance sheet date. An indication of likely future developments in the business of the Company are included in the Strategic Report. Directors The Directors, who served throughout the year, are as follows: • Andrew Brode – Non-Executive Chairman • Alan Calder – Chief Executive Officer • Christopher Hartshorne – Finance Director • Stephen Watkins – Executive Director • Neil Acworth – Chief Information Officer • Ric Piper – Independent Non-Executive Director Information about the use of financial instruments by the Company and its subsidiaries is given in notes 19 and 20 to the financial statements. Dividends The Board has decided not to propose a final dividend and instead will remain focused on investing cash into the Group to generate future growth. Capital structure Details of the authorised and issued share capital, together with details of the movements in the Company’s issued share capital during the year are shown in note 25 to the financial statements. The Company has one class of ordinary shares which carry no right to fixed income. Each share carries the right to one vote at general meetings of the Company. There are no specific restrictions on the size of a holding nor on the transfer of shares, which are both governed by the general provisions of the Articles of Association and prevailing legislation. The Directors are not aware of any agreements between holders of the Company’s shares that may result in restrictions on the transfer of securities or on voting rights. Details of employee share schemes are set out in note 26 to the financial statements. Shares held by the Group plc Employee Benefit Trust abstain from voting. No person has any special rights of control over the Company’s share capital and all issued shares are fully paid. With regard to the appointment and replacement of Directors, the Company is governed by its Articles of Association, the UK Corporate Governance Code, the Companies Act and related legislation. The Articles themselves may be amended by special resolution of the shareholders. The powers of Directors are described in the Main Board Terms of Reference, copies of which are available on request, and the Corporate Governance Statement on pages 22 and 23. Under its Articles of Association, the Company has authority to issue up to 10% of issued share capital. Directors’ indemnities The Company has made qualifying third-party indemnity provisions for the benefit of its Directors which were made during the year and remain in force at the date of this report. Disabled employees Applications for employment by disabled persons are always fully considered, bearing in mind the aptitudes of the applicant concerned. In the event of members of staff becoming disabled, every effort is made to ensure that their employment with the Group continues and that appropriate training is arranged. It is the policy of the Group that the training, career development and promotion of disabled persons should, as far as possible, be identical to that of other employees. Employee consultation The Group places considerable value on the involvement of its employees and has continued to keep them informed on matters affecting them as employees and on the various factors affecting the performance of the Group. This is achieved through formal and informal meetings, the Company magazine and a special edition for employees of the annual financial statements. Employee representatives are consulted regularly on a wide range of matters affecting their current and future interests. The employee share scheme has been running successfully since its inception on 12 February 2018. Options can be granted to any employee or Director within the Group. The Board may set performance or time conditions for vesting. The option holder indemnifies the Company against income tax and national insurance. Options are normally exercisable after they have vested. In addition, all employees receive an annual bonus related to the overall profitability of the Group. R&D activity Research activity is expensed through the income statement as it is incurred. At the point where all relevant recognition criteria are met the expenditure incurred on internally guaranteed intangible fixed assets, where relevent to development activity, is capitalised in line with the Group’s accounting policy. The Directors’ Report was approved by the Board of Directors and signed on its behalf. Alan Calder Director 25 September 2019 36 GRC International Group plc Annual Report and Accounts 2019 Statement of Directors’ Responsibilities The Directors are responsible for preparing the Annual Report and the financial statements in accordance with applicable law and regulations. Company law requires the Directors to prepare financial statements for each financial period. Under that law the Directors have elected to prepare the Group’s Consolidated Financial Statements in accordance with International Financial Reporting Standards (“IFRS”) as adopted by the European Union and the Company’s Financial Statements in accordance with United Kingdom generally accepted accounting practice (United Kingdom accounting standards and applicable law). Under company law the Directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and Company and of the profit or loss of the Group for that period. The Directors are also required to prepare financial statements in accordance with the rules of the London Stock Exchange for companies trading securities on the AIM. In preparing these financial statements, the Directors are required to: • select suitable accounting policies and then apply them consistently; • make judgements and accounting estimates that are reasonable and prudent; • state whether they have been prepared in accordance with IFRS as adopted by the European Union, subject to any material departures disclosed and explained in the financial statements; and The Directors are responsible for keeping adequate accounting records that are sufficient to show and explain the Company’s transactions and disclose with reasonable accuracy at any time the financial position of the Company, and enable them to ensure that the financial statements comply with the requirements of the Companies Act 2006. They are also responsible for safeguarding the assets of the Group, and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The Directors are responsible for ensuring the Annual Report and the financial statements are made available on a website. Financial statements are published on the Group’s website in accordance with legislation in the United Kingdom governing the preparation and dissemination of financial statements, which may vary from legislation in other jurisdictions. The maintenance and integrity of the Group’s website is the responsibility of the Directors. The Directors’ responsibility also extends to the ongoing integrity of the financial statements contained therein. Auditor Each of the persons who is a Director at the date of approval of this annual report confirms that: • so far as the Director is aware, there is no relevant audit information of which the Group’s auditor is unaware; and • the Director has taken all the steps that he/she ought to have taken as a Director in order to make himself/herself aware of any relevant audit information and to establish that the Group’s auditor is aware of that information. • prepare the financial statements on a going concern basis unless it is inappropriate to presume that the Group will continue in business. BDO LLP has expressed their willingness to continue in office as auditor and a resolution to reappoint them will be proposed at the forthcoming AGM. GRC International Group plc Annual Report and Accounts 2019 37 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc Opinion We have audited the financial statements of GRC International Group Plc (the ‘Parent Company’) and its subsidiaries (the ‘Group’) for the year ended 31 March 2019 which comprise the Consolidated Income Statement, the Consolidated Balance Sheet, the Consolidated Statements of Changes in Equity, the Consolidated Statement of Cash Flows, the Company Balance Sheet and the notes to the Consolidated and Parent Company financial statements, including a summary of significant accounting policies. The financial reporting framework that has been applied in the preparation of the Group financial statements is applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union. The financial reporting framework that has been applied in the preparation of the Parent Company financial statements is applicable law and United Kingdom Accounting Standards, including Financial Reporting Standard 101 Reduced Disclosure Framework (United Kingdom Generally Accepted Accounting Practice). In our opinion: • the financial statements give a true and fair view of the state of the Group’s and of the Parent Company’s affairs as at 31 March 2019 and of the Group’s loss for the year then ended; • the Group financial statements have been properly prepared in accordance with IFRSs as adopted by the European Union; • the Parent Company financial statements have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice; and • the financial statements have been prepared in accordance with the requirements of the Companies Act 2006. Basis for opinion We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the Group and the Parent Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard as applied to listed entities, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Material uncertainty related to going concern We draw attention to note 1 to the Group and Parent Company financial statements which describes how the ability of the Group and Parent Company to continue as a going concern is reliant on the Parent Company’s ability to successfully renegotiate the payment terms for the deferred consideration due to the vendors of DQM. If this cannot be concluded in a satisfactory manner, the Parent Company would need to raise additional funding, with no guarantee such funding would be secured. These events indicate a material uncertainty exists that may cast significant doubt on the Group and Parent Company’s ability to continue as a going concern. Our opinion is not modified in respect of this matter. Given the conditions and uncertainties noted above, we considered the Group’s and Parent Company’s ability to discharge the deferred consideration liability and its consequent impact on the ability of the Group and Parent Company to continue as a going concern to be a key audit matter. In respect of the matters discussed above and the underlying ability of the Group to generate sufficient cash flows to meet its requirements over the foreseeable future, we have performed the following work as part of our audit: • we examined the agreements with the vendors of DQM to gain an understanding of the terms of the deferred consideration and compared this with the resources available to the Group and Company to finance the liability; • we gained an understanding of the Directors’ plans and status of negotiations which are in progress with the vendors of DQM; • In terms of forecast trading, our work comprised a number of procedures consisting of making enquiries of senior management of the Group, testing arithmetic accuracy of forecast information, considering the extent of available working capital credit facilities and their sufficiency over the remaining months in 2019 and throughout 2020, and challenging through consideration of other possible scenarios the key assumptions made by management as to the future performance of the business over this period; • We compared forecast financial performance to historical financial information to determine the likely performance of the Group under different scenarios of revenues and costs; • Where cost reductions have been assumed by management to address reasonably possible reductions in revenue, we ensured that the timing delay before the cost saving was realised was appropriate along with the quantum of the ongoing cost saving being accurate; and • We also considered the appropriateness of the disclosures made in notes 1 and 2 to the financial statements, ensuring these set out a clear explanation of the Directors’ view of the materiality uncertainty present. 38 GRC International Group plc Annual Report and Accounts 2019 Key audit matters Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period and include the most significant assessed risks of material misstatement (whether or not due to fraud) we identified, including those which had the greatest effect on the overall audit strategy, the allocation of resources in the audit and directing the efforts of the engagement team. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. In addition to the matter described in the Material Uncertainty Related to Going Concern section, we have determined the matters described below to be key audit matters. Revenue recognition Key Audit Matter The Group’s accounting policy for revenue recognition is disclosed in note 1 and the financial statements disclose further detail concerning the Group’s revenues in note 2. The Group’s revenue of £15.8m (2018: £15.7m) is generated from a number of different streams. We evaluated in our planning the risks we expected would be present across revenue as a whole, as well as the risks specific to each stream. We considered that a significant risk of material misstatement existed in all revenue streams. We formed this assessment having considered the susceptibility of the financial statements to fraud risks and we identified that the risk was most likely to present itself in the Consultancy and Software revenue streams in the non-deferral of revenues invoiced pre year end but earned post year end, because of the nature of the Group’s contracts and invoicing arrangements. We also identified a significant risk that a material misstatement may be present in any revenue stream through other manual journal adjustments being recorded in revenue. Whilst considered less susceptible to errors of judgement, we also considered cut off in other revenue streams such as in Learning, Publishing/Distribution to pose a significant risk of material misstatement. Additionally, we identified a risk of non-compliance with the requirements of IFRS 15 Revenue from Contracts with Customers, which was a newly-implemented accounting pronouncement in the year ended 31 March 2019. Management has disclosed the effects of the transition in note 1. How we addressed the matter in our audit Our procedures across revenues as a whole included testing of supporting documentation including contracts, records of delivery or performance from sources outside the entity or from systems separate to the Group’s accounting systems. Our work was planned to ensure we tested both information in the accounting system as well as outside of the accounting system in such a way as to ensure that revenues both existed and were complete, and where appropriate the relevant proportion of amounts invoiced prior to the year end were deferred in to future periods where performance obligations had not been fully satisfied. For each stream we performed cut off testing, agreeing relevant documentation as set out above to ledger entries, based on a representative sample of revenues invoiced pre-year end and post-year end. Using data interrogation software, we conducted a targeted procedure on journal entries posted to revenue to enable us to examine these entries and seek further supporting documentation where necessary. We assessed whether the revenue recognition policies adopted by the Group comply with accounting standards. This was particularly relevant in our consideration of IFRS 15 transition. In this area we examined management’s analysis of transition differences and formed our own independent view, challenging management on the presentation of revenues earned from certain services. We ensured the policy had been applied consistently across the Group notwithstanding the diversity of invoicing systems and patterns across the revenue streams. Key observations Nothing has come to our attention as a result of performing the above procedures that causes us to believe that material misstatement is present in respect of revenue recognition. GRC International Group plc Annual Report and Accounts 2019 39 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc continued Acquisition of Data Quality Management Group Limited See accounting policy at note 1 and the acquisition disclosures at note 29. Key Audit Matter We identified a significant risk in the accounting for the DQM acquisition. It was a complex transaction to account for primarily because of the composition of the consideration payable to the vendors as set out in management’s disclosure at note 19, and also because of the complexities inherent in identifying, valuing and then estimating the useful lives of the intangible assets acquired. The risk of material misstatement arose both due to the above complexities as well as the use of management judgements in the allocation of value to assets acquired, which may affect future amortisation. We also considered the associated accounting for deferred tax and the uniformity of the acquired business’ accounting policies with those of the Group to be part of the risk identified. How we addressed the matter in our audit We used valuations specialists in order to assist with our interrogation of the model used to calculate the value of the acquired intangible assets. Our scrutiny of the calculations included consideration of the types of assets acquired in the light of our knowledge and understanding of DQM, the accuracy of the earn-out accounts, the suitability of the discount rate used in the valuation, the application of additional risk premia and the profile of future cash flows. We considered the work performed on management’s behalf by its external experts on the accounting policies of DQM and challenged management on areas where the acquired business’ accounting policies may differ from the Group’s policies. We further recalculated the associated deferred tax liability arising on the acquired intangibles. We tested the accuracy of the earn out valuation by reperforming the calculation by reference to the underlying share purchase agreement and management calculations of the applicable performance benchmark. Key observations Nothing has come to our attention as a result of performing the above procedures that causes us to believe that material misstatement is present in respect of the accounting for the acquisition of DQM. Our application of materiality We apply the concept of materiality both in planning and performing our audit, and in evaluating the effect of misstatements. For planning, we consider materiality to be the magnitude by which misstatements, including omissions, could influence the economic decisions of reasonable users that are taken on the basis of the financial statements. In order to reduce to an appropriately low level the probability that any misstatements exceed materiality, we use a lower materiality level, performance materiality, to determine the extent of testing needed. Importantly, misstatements below these levels will not necessarily be evaluated as immaterial as we also take into account the nature of identified misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements as a whole. Level of materiality applied and rationale We considered revenue to be the most appropriate performance measure for the basis of materiality in respect of the audit of the Group as this measure reflects the Group’s volume of business, which is a critical driver for the Group at this stage in its life cycle. Using this benchmark, we set materiality at £233,500, being 1.5% of revenue. Materiality in respect of the audit of the Parent Company has been set at £200,000, based on 2% of total assets, capped at 85% of Group materiality. Performance materiality was set at 62.5% of materiality for both the Group and Parent Company audits. In setting the level of performance materiality, we considered a number of factors including the expected total value of known and likely misstatements and the extent of to which we expected to use sampling in our audit approach. 40 GRC International Group plc Annual Report and Accounts 2019 Component materiality We set materiality for each significant component of the Group (being the UK trading subsidiary and parent undertaking) at a level commensurate with the component’s own revenues, again adopting 1.5% of subsidiary revenues as our benchmark. As the majority of the Group’s business is conducted through one subsidiary, IT Governance Limited, we ensured materiality in that subsidiary was capped at a level lower than Group materiality to ensure that if aggregated, misstatements that may be detected in more than one subsidiary would be unlikely to be material to the Group financial statements. In the audit of each component, we further applied a performance materiality level of 65% of the component materiality level of £200,000 to our testing to ensure that the risk of errors exceeding component materiality was appropriately mitigated. Agreement with the Audit Committee We agreed with the Audit Committee that we would report to the Committee all audit differences individually in excess of £5,800. We also agreed to report differences below this threshold that, in our view, warranted reporting on qualitative grounds. An overview of the scope of our audit We identified two significant components in the Group. Excluding dormant subsidiaries, we assessed seven group companies (five UK subsidiaries and two overseas subsidiaries) as non-significant components on the grounds of their size and assessed risk of material misstatement to the Group financial statements. We performed targeted audit procedures on one overseas non-significant component according to our assessment of audit risk across the Group, as well as analytical procedures on the remaining non-significant components. The Group audit team was responsible for the component audits of all significant components and the procedures performed in relation to non-significant components. The coverage we obtained over the Group’s loss before tax, revenue and total assets is summarised as follows: 10% Revenue 90% 10% Loss before tax 90% 14% Total assets 86% Full audit scope Analytical and other procedures at Group level Full audit scope Analytical and other procedures at Group level Full audit scope Analytical and other procedures at Group level Other information The Directors are responsible for the other information. The other information comprises the information included in the annual report, other than the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether there is a material misstatement in the financial statements or a material misstatement of the other information. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Opinions on other matters prescribed by the Companies Act 2006 In our opinion, based on the work undertaken in the course of the audit: • the information given in the strategic report and the Directors’ report for the financial year for which the financial statements are prepared is consistent with the financial statements; and • the strategic report and the Directors’ report have been prepared in accordance with applicable legal requirements. GRC International Group plc Annual Report and Accounts 2019 41 Financial StatementsCorporate GovernanceStrategic Report Independent Auditor’s Report to the Members of GRC International Group plc continued Matters on which we are required to report by exception In the light of the knowledge and understanding of the Group and the Parent Company and its environment obtained in the course of the audit, we have not identified material misstatements in the strategic report or the Directors’ report. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion: • adequate accounting records have not been kept, or returns adequate for our audit have not been received from branches not visited by us; or • the Parent Company financial statements are not in agreement with the accounting records and returns; or • certain disclosures of Directors’ remuneration specified by law are not made; or • we have not received all the information and explanations we require for our audit. Responsibilities of Directors As explained more fully in the Directors’ responsibilities statement set out on page 37, the Directors are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the Directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the Directors are responsible for assessing the Group’s and the Parent Company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Directors either intend to liquidate the Group or the Parent Company or to cease operations, or have no realistic alternative but to do so. Auditor’s responsibilities for the audit of the financial statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s website: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. Use of our report This report is made solely to the Parent Company’s members, as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the Parent Company’s members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the Parent Company and the Parent Company’s members as a body, for our audit work, for this report, or for the opinions we have formed. Tim Neathercoat (Senior Statutory Auditor) For and on behalf of BDO LLP, Statutory Auditor London 25 September 2019 BDO LLP is a limited liability partnership registered in England and Wales (with registered number OC305127). 42 GRC International Group plc Annual Report and Accounts 2019 Consolidated Income Statement For the year ended 31 March Revenue Cost of sales Gross profit Administrative expenses: – Other administrative expenses – Share-based payment charge – Exceptional administrative expenses Total administrative expenses Other operating income Operating (loss)/profit Net finance costs Share of post-tax loss of equity accounted joint ventures (Loss)/profit before taxation Taxation (Loss)/profit for the financial year (Loss)/profit for the financial year attributable to: Equity shareholders of the parent Basic (loss)/earnings per share (pence) Diluted (loss)/earnings per share (pence) Notes 2019 £ 2018 £ 2 15,848,566 (7,295,039) 15,688,216 (6,163,690) 8,553,527 9,524,526 (13,715,750) (63,285) (164,149) 3 (13,943,184) 32,425 (5,357,232) (7,470) (746) (5,365,448) (29,157) (5,394,605) (8,384,858) (82,560) (714,251) (9,181,669) 21,875 364,732 (9,386) – 355,346 (153,495) 201,851 (5,394,605) 201,851 (9.30) (9.30) 0.40 0.39 4 6 13 7 8 8 All of the Group’s loss (2018: profit) relates to continuing operations. The accompanying accounting policies and notes form an integral part of these financial statements. Consolidated Statement of Comprehensive Income For the year ended 31 March (Loss)/profit for the year Other comprehensive (loss)/income – items that may subsequently be reclassified to profit/loss: Exchange differences on translation of foreign operations Other comprehensive (loss)/income for the financial year, net of tax Total comprehensive (loss)/income for the financial year Total comprehensive (loss)/income to equity shareholders of the parent The accompanying accounting policies and notes form an integral part of these financial statements. 2019 £ 2018 £ (5,394,605) 201,851 (7,618) (7,618) (5,402,223) (5,402,223) 1,699 1,699 203,550 203,550 GRC International Group plc Annual Report and Accounts 2019 43 Financial StatementsCorporate GovernanceStrategic Report Consolidated Balance Sheet as at 31 March Assets Non-current assets Goodwill Intangible assets Property, plant and equipment Investments in equity-accounted joint ventures Deferred tax asset Current assets Inventories Trade and other receivables Cash at bank Current liabilities Trade and other payables Borrowings Deferred consideration Finance lease payables Current tax Net current (liabilities)/assets Non-current liabilities Borrowings Finance lease payables Deferred tax liability Net assets Equity Share capital Share premium Merger reserve Share-based payment reserve Capital redemption reserve Translation reserve (Accumulated deficit)/retained earnings Total equity Notes 2019 £ 2018 £ 10 11 12 13 7 14 15 16 17 18 19 22 7 18 22 7 24 6,693,234 5,760,273 488,678 10,041 143,893 13,096,119 64,242 2,903,953 639,202 3,607,397 – 1,596,894 424,019 – 641,165 2,662,078 76,171 2,637,309 5,557,576 8,271,056 (4,367,219) (520,554) (3,747,025) (5,667) (433,677) (4,636,265) (51,366) – (9,516) (301,831) (9,074,142) (4,998,978) (5,466,745) 3,272,078 – – (273,301) (273,301) (28,143) (5,667) – (33,810) 7,356,073 5,900,346 64,484 9,587,828 2,352,714 440,139 5 (6,939) (5,082,158) 57,463 4,792,828 – 628,150 5 679 421,221 7,356,073 5,900,346 The financial statements were approved by the Board of Directors and authorised for issue on 25 September 2019 and were signed its behalf by: Chris Hartshorne Director Company registration number: 11036180 The accompanying accounting policies and notes form an integral part of these financial statements. 44 GRC International Group plc Annual Report and Accounts 2019 Consolidated Statement of Changes in Equity For the year ended 31 March For the year ended 31 March 2019 Balance at 1 April 2018 Adjustment on initial application of IFRS 15 Adjusted Balance at 1 April 2018 Loss for the year Foreign exchange difference on consolidation Total comprehensive loss for the year Share-based payment expense Deferred tax on share-based payments Shares issued Cost of share issue Share capital £ Share premium £ 57,463 4,792,828 – – 57,463 4,792,828 – – – – – – – – – – 7,021 4,995,000 2,352,714 – (200,000) – – – – Merger reserve £ Share-based payment reserve £ (Accumulated deficit)/ retained earnings £ Translation reserve £ Capital redemption reserve £ Total £ – – – – – 628,150 421,221 – (108,774) 628,150 312,447 – (5,394,605) – – – (5,394,605) – – – – 63,285 (251,296) – – 679 – 679 – (7,618) (7,618) – – – – 5 5,900,346 – (108,774) 5 5,791,572 – (5,394,605) – (7,618) – (5,402,223) 63,285 – – (251,296) – 7,354,735 (200,000) – Transactions with owners 7,021 4,795,000 2,352,714 (188,011) – – – 6,966,724 At 31 March 2019 64,484 9,587,828 2,352,714 440,139 (5,082,158) (6,939) 5 7,356,073 For the year ended 31 March 2018 Balance at 1 April 2017 Profit for the year Foreign exchange difference on consolidation Total comprehensive income for the year Capital reduction Dividends Purchase of own shares Bonus issue Share-based payment expense Deferred tax on share-based payments Shares issued on exercise of share options Shares issued Cost of share issue Transaction with owners At 31 March 2018 Share capital £ 1,798 – – – – (4) 48,457 – – 12 7,200 – Share premium £ Share-based payment reserve £ 1,137,098 – – – (1,137,098) – – – – – 5,028 5,032,800 (245,000) – – – – – – – – 82,560 545,590 – – – Retained earnings £ 94,043 201,851 – 201,851 1,137,098 (951,320) (11,994) (48,457) – – – – – 55,665 3,655,730 628,150 125,327 57,463 4,792,828 628,150 421,221 Translation reserve £ (1,020) – 1,699 1,699 – – – – – – – – – – 679 Capital redemption reserve £ 1 – – – – – 4 – – – – – – 4 5 Total £ 1,231,920 201,851 1,699 203,550 – (951,320) (11,994) – 82,560 545,590 5,040 5,040,000 (245,000) 4,464,876 5,900,346 The accompanying accounting policies and notes form an integral part of these financial statements. GRC International Group plc Annual Report and Accounts 2019 45 Financial StatementsCorporate GovernanceStrategic Report Consolidated Statement of Cash Flows For the year ended 31 March 2019 £ 2018 £ (5,365,448) 183,351 611,220 63,285 (5,329) 746 (2,137) 9,607 (4,504,705) 11,930 498,266 (660,067) 355,346 108,944 391,550 82,560 41,851 – (516) 9,902 989,637 (37,545) (1,529,039) 2,807,653 (4,654,576) 2,230,706 (2,512,937) (2,288,768) (234,229) 7,522 (10,995) 2,137 – (945,268) (398,406) – – 516 (5,037,270) (1,343,158) – 5,000,000 (200,000) (450,000) – (51,366) (9,385) (222) (7,555) 4,281,472 (5,410,374) 5,557,576 (411) 146,791 (11,994) 5,045,040 (245,000) – (386,500) (80,127) (12,511) (202) (11,929) 4,296,777 5,184,325 413,552 (40,301) 5,557,576 16 18 639,202 (492,411) 146,791 5,557,576 – 5,557,576 Cash flows from operating activities (Loss)/profit before tax Depreciation Amortisation Share-based payment expense Foreign exchange (gains)/losses Share of post-tax profits of equity accounted joint ventures Finance income Finance costs Operating cash flows before changes in working capital Decrease/(increase) in inventories Decrease/(increase) in trade and other receivables (Decrease)/increase in trade and other payables Net cash (outflow)/inflow from operating activities Cash flows from investing activities Acquisition of subsidiary, net of cash acquired Purchase of intangible assets Purchase of plant and equipment Sale of plant and equipment Acquisition of joint venture investment Interest received Net cash outflow from investing activities Net cash flows from financing activities Purchase of own shares Proceeds from issue of shares Costs of share issue Repayment of acquired consideration liability Dividends paid Repayment of loans Interest paid Interest on finance leases Capital element of finance lease payments Net cash inflow from financing activities Net (decrease)/increase in cash and cash equivalents Cash and cash equivalents at beginning of financial year Effects of exchange rate changes on cash and cash equivalents Cash and cash equivalents at end of financial year Comprising Cash at bank Bank overdraft Cash at bank The accompanying accounting policies and notes for form an integral part of the financial statements. 46 GRC International Group plc Annual Report and Accounts 2019 Nature of Operations and General Information GRC International Group plc (GRC International Group or ‘the Company’) is a public limited company limited by shares, incorporated and domiciled in England and Wales. The registered company number is 11036180 and the registered office is Unit 3 Clive Court, Bartholemew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA. The principal activities of GRC International Group plc and its subsidiary companies (together, the “Group”) are those of a one-stop shop for IT Governance including books, tools, learning and consultancy services. Principal Accounting Policies Basis of preparation and consolidation The consolidated financial statements of GRC International Group plc and entities controlled by the Company (its subsidiaries) for the years presented has been prepared in accordance with International Financial Reporting Standards (“IFRS”), as adopted by the EU, and IFRIC interpretations. The results for the year ended 31 March 2019 and 31 March 2018 include the results of GRC International Group plc and its subsidiaries. A subsidiary is a company controlled directly by the Group. Control is achieved where the Group has the power over the investee, rights to variable returns and the ability to use the power to affect the investee’s returns. GRC International Group plc was incorporated on 27 October 2017. The Company’s first statutory accounting period is the period up to 31 March 2019, the Company only financial statements included in this Annual Report are for the period from incorporation to 31 March 2019. During the period to 31 March 2018 the Company was inserted as the new holding company for the pre-existing IT Governance Group. The consolidated financial results included in this Annual Report for 31 March 2018 have been prepared on a look-through basis, as if the Group always existed in its current form. This was consistent with the approach taken for the historical financial information (“HFI”) in the AIM admission document. Income and expenses of subsidiaries acquired during the year are included in the Consolidated Income Statement from the effective date of control. When necessary, adjustments are made to the financial statements of subsidiaries to bring their accounting policies into line with those used by the Parent Company. All intra-Group transactions, balances, income and expenses are eliminated in full on consolidation. All accounting policies disclosed below apply to the Group for the years presented, unless otherwise explicitly stated. IFRS is subject to amendment and interpretation by the IASB and the IFRS Interpretations Committee, and there is an on-going process of review and endorsement by the European Commission. These accounting policies comply with each IFRS that is mandatory for accounting periods ending on 31 March 2019. The consolidated financial statements have been prepared on a historical cost basis, except for the measurement of the deferred consideration which is carried as its fair value. The principal accounting policies adopted are set out below. Financial Information is presented in British pounds sterling (£). The Directors of GRC International Group are responsible for the financial information and contents of the consolidated financial statements. Going concern The Group’s capital management policy is to generate positive cash flows from operating activities to finance the Group’s business operations, and where necessary to raise sufficient funding to finance the Group’s future investments and capital projects. The Group has recorded a loss for the year of £5,394,605 (2018: profit of £201,851) and at 31 March 2019, its current liabilities exceeded its current assets by £4,495,723 (2018: excess of current assets over current liabilities of £4,667,024) (excluding deferred revenues). Notwithstanding this and the material uncertainty described below, the directors consider it appropriate to prepare the financial statements on a going concern basis. The key considerations relating to this judgement are described below. The Group has banking facilities to provide adequate headroom for unforeseen working capital requirements by way of a short term bank overdraft facility and an invoice discounting facility that was inherited as part of the acquisition of DQM. In addition, Andrew Brode has provided to the Company an unsecured loan facility for the amount of £700,000 at an interest rate of 5 per cent. above the Bank of England Base rate to provide additional working capital. The facility will be available to the Company until at least 31 December 2020 and shall automatically renew for a further 12 months unless terminated by either party. GRC International Group plc Annual Report and Accounts 2019 47 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued The Group’s forecasts assume revenue growth into 2020 and beyond, and the cost base of the Group is based on this assumption. However, there is an inherent level of uncertainty associated with timing and quantum of revenue forecasting due to the rapidly changing environment, which may impact the Group’s ability to generate sufficient positive cashflow if revenue falls below the Board’s expectations and it is not possible to reduce costs in line with this. However, the Group’s cost base is flexible and can be scaled to reflect market demand. The Group has certain non-operating cash requirements. The most significant of these is the deferred consideration due to the vendors (and existing management team) of DQM Holdings Limited (“DQM”) that was acquired by the Group at the end of the financial year, as announced on 11 February 2019. Under the sale and purchase agreement (the “Agreement”), further consideration (“Deferred Consideration”) is due to the vendors of DQM based on financial statements for the financial year ended 28 February 2019 (“Earn-out Accounts”). DQM’s financial performance was better than originally expected and the final amount of Deferred Consideration is consequently expected to be in the region of £3.7 million, slightly ahead of the top range of the £2.5 - £3.5 million announced on 11 February 2019. Under the Agreement, the Deferred Consideration is intended to be satisfied through cash (as to 60 per cent. of the Deferred Consideration) and the issue of Ordinary Shares (as to 40 per cent. of the Deferred Consideration and based on an issue price per Ordinary Share of 116.5 pence) within five business days of completion of the audit of DQM’s Earn Out Accounts. In advance of the Deferred Consideration falling due, the Group is presently holding constructive discussions with the vendors of DQM, who are mainly Group employees, about the settlement of that balance. In order to settle the Deferred Consideration the Group is considering a range of options which includes, but is not limited to, adjusting the balance of consideration between cash and shares and exploring the feasibility of a payment schedule in order to enable the Group to satisfy the cash element of the Deferred Consideration that will fall due within 12 months of the balance sheet date. The Group is also considering different potential funding options, including but not limited to debt and equity, from existing and other potential investors, along with the possible sale of DQM. If this cannot be concluded in a satisfactory manner, the Parent Company would need to raise additional funding, with no guarantee such funding would be secured. Although no agreement has yet been reached, the Board believes that it is in the interests of all parties to agree a deal that maintains the strength of the Group balance sheet and the Group’s ability to trade. However, the Directors’ ability to renegotiate the Deferred Consideration on terms satisfactory to the Group, or otherwise fund the liability for the Deferred Consideration, cannot be predicted with certainty. In light of the above, the directors have identified a material uncertainty that may cast significant doubt over the Group’s ability to continue as a going concern for the foreseeable future. The financial statements do not include the adjustments that would result if the Group was unable to continue as a going concern. Revenue The Group often enters into transactions involving a range of the Group’s products and services, for example for the delivery of consultancy, training, software and related after-sales service. In all cases, the total transaction price for a contract is allocated net of discounts amongst the various performance obligations based on their relative stand-alone selling prices. The transaction price for a contract excludes any amounts collected on behalf of third parties. Revenue is recognised either at a point in time or over time, when the Group satisfies performance obligations by transferring the promised goods or services to its customer. The Group recognises contract liabilities for consideration received in respect of unsatisfied performance obligations and reports these amounts as deferred income in the statement of financial position. Similarly, if the Group satisfies a performance obligation before it receives the consideration, the Group recognises either a contract asset or a receivable in its statement of financial position, depending on whether something other than the passage of time is required before the consideration is due. In practice, contract assets rarely arise due to the timing of invoices raised under the terms of the Group’s contracts. All material contracts which span a financial reporting period will be reviewed on an individual basis with the 5-step application of IFRS 15 applied based upon the type of product sold. 48 GRC International Group plc Annual Report and Accounts 2019 The type of products and range of services sold across the Group fall within the following four revenue streams: • Consultancy • Publishing/Distribution • Learning • Software To determine whether to recognise revenue, the Group follows a 5-step process: 1. Identifying the contract with a customer 2. Identifying the performance obligations 3. Determining the transaction price 4. Allocating the transaction price to the performance obligations 5. Recognising revenue when/as performance obligation(s) are satisfied. The following chart summarises how the 5-step process is applied for each of the four revenue streams: Products and services Nature, timing of satisfaction of performance obligations and significant payment terms Consultancy – On-site and remote support consulting services, helping organisations to design and implement data protection and cyber security policies and procedures. The Group recognises revenue over time as the services in the contract are performed, generally based on the consultants estimate of the progress of the work. Revenue from consultancy services which are either a performance obligation within a larger arrangement or are sold on a stand-alone basis is generally recognised over time where the Group agrees to provide labour hours/days. Contracts state a broad list of activities that the services may include. The contracts state daily/hourly rates and estimated amounts to be billed. Contracts state that IT Governance will not exceed the total amount without prior written approval. In cases where contracts are structured on a time basis, the variable amount of the consideration due will be estimated. Where the performance obligations within an agreement are considered to represent services that are substantially the same, these will form a single performance obligation with labour days/hours representing the progress measure. Several contracts define the only obligation as support for customer led projects, and again in these cases it will be considered that there is one performance obligation with labour hours being the progress measure. Revenue shall be recognised over a time, when the Group’s performance does not create an asset with an alternative use to the Group and the entity has an enforceable right for performance completed to date. This is true for all services provided on a time basis. The Group also has an enforceable right for payment for work completed to date. The Group recognises revenue at the point in time when control of the asset is transferred to the customer. The product becomes under the control of the customer when the book/software/toolkit is delivered to them. This is when the customer has legal title to the asset or has physical possession of the asset. For the sale of physical softcopy books and CD-ROMs, revenue is recognised when the goods are delivered. Where a product with a subscription or licence is sold on behalf of a third party the revenue is recognised straight away as the obligation to fulfil the contract lies with the third party and not the Group. The full cost of the product sold by the Group in respect of a third-party sale is charged to the Income Statement when the revenue is recognised. Publishing/ Distribution – The Group sells books, documentation templates and software via its websites, both that it publishes or writes itself, and also supplied by third parties. The Group also creates and sells sets of documentation templates that are used by customers to assist them to document IT systems and procedures. GRC International Group plc Annual Report and Accounts 2019 49 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Products and services Nature, timing of satisfaction of performance obligations and significant payment terms Learning – The Group sells “in person” classroom-based training courses related to data protection, cyber security, ISO 27001 certification and related topics. The courses range from one to five days in length and are held at hired premises. The Group also provides courses at customers’ premises for organisations that require training for a number of their employees. The courses are aimed at various different areas of IT governance and at different skill levels. Software – The Group creates and sells software solutions. Maintenance and support (M&S) arrangements are usually sold on a standalone basis as a renewal of an existing arrangement with arrangement usually running over a 12-month period. Generally, the first time M&S is sold is when the customer initially buys the software. There are no material rights to consider in connection with renewal options. Revenue is recognised on ‘Classroom Based Training Courses’ and ‘Online Training Courses’ when the customer obtains control. The product becomes under the control of the customer when they attend the first day of the Training Course. Revenue is recognised on ‘Distance Learning Based Training Courses when the Customer gains control. The product becomes under the control of the customer at the date the online course is made available to them. Once the course is made available the Group has fulfilled its contractual obligation to deliver. The date the user accesses and uses the course is not considered relevant. Revenue is recognised on ‘e-Learning Courses’ dependent on the type of service provided. ‘e-Learning’ is split into four types. • eLearning Hosting Services – An additional annual fee for LMS (Learning Management System) hosting of the eLearning courses. Customers are not obliged to but can buy our standard ‘off-the-shelf’ ‘Hosting’ area. All hosted client courses will be hosted on our LMS. Each client will be given their own space, which can be branded with their logo and company colours. The eLearning course files hosted on our LMS will be the same for all clients, and each client will have a space in the course layout to add any extra information they need, such as documents, links and contact details. Revenue is recognised on ‘eLearning Hosting Services’ over time as the customer has access to the hosting area. Revenue is then pro-rated equally over the period (normally 12 months) to which the service relates. • Revenue is recognised on ‘eLearning courses’ when the customer obtains control. The course becomes under the control of the customer when the online course is made available to access. • eLearning Set Up Costs – Organisations/customers can contract the Group to ‘Customise’ the eLearning courses to their organisation’s specifications (i.e. Company Logo/Branding etc.). Revenue is recognised on ‘eLearning Set Up Costs’ when the customer obtains control of the course material. The product becomes under the control of the customer when the online courses are made available to access. • eLearning Training – Organisations/customers can contract the Group to provide training for the eLearning courses. This is a one-off fee and the Training is a pre-agreed number of hours or days as requested by the customer. Revenue is recognised on ‘eLearning Training’ when the customer gains control. The product comes under the control of the customer on the first day of the Training Course. Revenue from the sale of software for a fixed fee is recognised when or as the Group gives access to the customer to download the software. Software revenue recognition. Performance obligations are satisfied at a point in time when the Group has a right to payment for the software, the customer has legal right to use the software under the terms of the software licence agreement, and the Group has physically transferred the software to the customer. These criteria are all met at the point in time that the Group transfer the software which takes place. The Group does not undertake activities which significantly affect the intellectual property post-delivery of the software which would prevent revenue being recognised at a point in time. The Group does not provide free Maintenance and Support type services as part of the licencing arrangements. Revenue from the sale of Maintenance and Support arrangements are always sold on a standalone basis or as a renewal of an existing arrangement usually running over a 12 month period. The technical support and software updates are distinct. This is because the customer can benefit from the licence with or without the Maintenance and Support contract. Technical support: the customer benefits from the technical support as that support is provided. The contracted support period is generally 12 months, so the customer obtains the benefit over the 12-month period. Accordingly, it is appropriate to recognise revenue over a 12-month period. Software updates: all software updates are unspecified within Maintenance and support arrangements with updates being made as and when available. The customer will continue to receive updates during the Maintenance and support period and accordingly will benefit from the updates as they are provided. Accordingly, it is appropriate to recognise revenue over a 12-month period. 50 GRC International Group plc Annual Report and Accounts 2019 Finance income and costs Interest income and expense is recognised using the effective interest method which calculates the amortised cost of a financial asset or liability and allocates the interest income or expense over the relevant period. The effective interest rate is the rate that exactly discounts estimated future cash receipts or payments through the expected life of the financial asset or liability to the net carrying amount of the financial asset or liability. Goodwill Goodwill arising on business combinations is reviewed and tested on an annual basis or more frequently if there is indication that goodwill might be impaired. Goodwill is allocated to CGU’s, which are determined as the lowest level of detail available for the assets to generate cash inflows relating to goodwill. Goodwill represents the future economic benefits arising from business combinations which are not individually identified and separately recognised. Goodwill is initially measured as the excess of the aggregate of the consideration transferred and the fair value of non-controlling interest over the net identifiable assets acquired and liabilities assumed. If the consideration is lower than the fair value of the net assets of the subsidiary acquired, the difference is recognised in profit or loss. Goodwill is carried at cost less any accumulated impairment losses until disposal or termination of the previous acquired business when the profit or loss on disposal or termination will be calculated after charging the gross amount at current exchange rates of any such goodwill through the income statement. Intangible assets Acquired intangible assets An intangible asset is recognised if it is probable that the expected future economic benefits that are attributable to the asset will flow to the Group and the cost of the asset can be measured reliably. Internally developed intangible assets Expenditure on research activities is recognised as an expense as incurred. Costs that are directly attributable to a project’s development phase are recognised as intangible assets, provided they meet the following recognition requirements: • the development costs can be measured reliably; • the project is technically and commercially feasible; • the Group intends to and has sufficient resources to complete the project; • the Group has the ability to use or sell the software; and • the software will probably generate future economic benefits. Development costs not meeting these criteria for capitalisation are expensed as incurred. Directly attributable costs include an apportionment of employee costs incurred on internal development assets. Internal development assets include software, website costs, courseware, marketing tools, consultancy products and publishing products. Subsequent measurement The useful lives of all intangible assets are assessed as finite. Intangible assets with finite lives are amortised over the useful economic life and assessed for impairment whenever there is an indication that the intangible asset may be impaired. The amortisation period and the amortisation method for an intangible asset with a finite useful life are reviewed at least at the end of each reporting period. Changes in the expected useful life or the expected pattern of consumption of future economic benefits embodied in the asset are accounted for by changing the amortisation period or method prospectively. The amortisation expense on intangible assets with finite lives is recognised in the income statement as administrative expenses. Gains or losses arising from derecognition of an intangible asset are measured as the difference between the net disposal proceeds and the carrying amount of the asset and are recognised in the income statement when the asset is derecognised. GRC International Group plc Annual Report and Accounts 2019 51 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Amortisation is calculated on a straight-line basis over the estimated useful life of the asset as follows: Trademarks Software Website costs Marketing tools Courseware Publishing products Consultancy products Customer relationships 10 years 5 years 5 – 10 years 3 years 10 years 4 years 10 years 12 years Customer relationships Acquired customer relationships comprise principally of existing customer relationships which may give rise to future orders (customer relationships). Acquired customer relationships are recognised at fair value at the acquisition date and have a finite useful life of 12 years. Customer relationships are amortised in line with the expected cashflows. Acquired customer relationships are stated at cost less accumulated amortisation and impairment. Any capitalised internally developed intangible asset that is not yet complete is not amortised but is subject to impairment testing. Subsequent expenditures on the maintenance of computer software are expensed as incurred. Property, plant and equipment Property, plant and equipment are stated at historical cost less depreciation less any recognised impairment losses. Cost includes expenditure that is directly attributable to the acquisition or construction of these items. Subsequent costs are included in the asset’s carrying amount only when it is probable that future economic benefits associated with the item will flow to the Group and the costs can be measured reliably. All other costs, including repairs and maintenance costs, are charged to the Income Statement in the period in which they are incurred. Depreciation is provided on all property, plant and equipment and is calculated as follows: Leasehold improvements Computer equipment Office equipment 10 years straight line basis 25 – 33% reducing balance basis 25% reducing balance basis Depreciation is provided on cost less residual value. The residual value, depreciation methods and useful lives are annually reassessed. Each asset’s estimated useful life has been assessed with regard to its own physical life limitations and to possible future variations in those assessments. Estimates of remaining useful lives are made on a regular basis for all machinery and equipment, with annual reassessments for major items. Changes in estimates are accounted for prospectively. Assets held under finance leases are depreciated over their expected useful lives on the same basis as owned assets. However, when there is no reasonable certainty that ownership will be obtained by the end of the lease term, assets are depreciated over the shorter of the lease term and their useful lives. The gain or loss arising on disposal or scrapping of an asset is determined as the difference between the sales proceeds, net of selling costs, and the carrying amount of the asset and is recognised in the Income Statement. Impairment of non-financial assets For the purposes of impairment testing, goodwill is allocated to each of the Group’s cash-generating units that is expected to benefit from the synergies of the combination. Each unit to which goodwill is allocated represents the lowest level within the Group that independent cash flows are monitored. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. At each balance sheet date, the Directors review the carrying amounts of the Group’s non-current assets, other than goodwill, to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Directors estimated the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs of disposal and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimated future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. The impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. 52 GRC International Group plc Annual Report and Accounts 2019 An impairment loss is recognised as an expense immediately. An impairment loss recognised for goodwill is not reversed in subsequent periods. Where an impairment loss on non-financial assets subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash-generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. Inventory Inventory is stated at the lower of cost and net realisable value, being the estimated selling price less costs to complete and sell. Cost is based on the cost of purchase on a weighted average basis. At the balance sheet date, inventories are assessed for impairment. If inventories are impaired, the carrying amount is reduced to its selling price less costs to complete and sell. The impairment loss is recognised immediately in profit or loss. Cash at bank Cash at bank comprise cash on hand, deposits held at call with banks and other short-term highly liquid investments with original maturities of three months or less from inception. Financial instruments Financial assets and financial liabilities are recognised when the Group becomes a party to the contractual provisions of the financial instrument. Financial assets and financial liabilities are measured initially at fair value plus transactions costs. Financial assets and financial liabilities are measured subsequently as described below. Financial instruments Recognition and derecognition Financial assets and financial liabilities are recognised when the Group becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets, other than those designated and effective as hedging instruments, are classified into the following categories: amortised cost • fair value through profit or loss (FVTPL). • fair value through other comprehensive income (FVOCI). In the periods presented the Group does not have any financial assets categorised as either FVTPL or FVOCI. The classification is determined by both: • the entity’s business model for managing the financial asset. • the contractual cash flow characteristics of the financial asset. All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. Subsequent measurement of financial assets Financial assets at amortised cost Financial assets are measured at amortised cost if the assets meet the following conditions (and are not designated as FVTPL): • they are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows. • the contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding. GRC International Group plc Annual Report and Accounts 2019 53 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Group’s cash and cash equivalents, trade and most other receivables fall into this category of financial instruments. Impairment of financial assets IFRS 9’s impairment requirements use forward-looking information to recognise expected credit losses – the ‘expected credit loss (ECL) model’. Instruments within the scope of these requirements included loans and other debt-type financial assets measured at amortised cost, trade receivables, contract assets recognised and measured under IFRS 15 and loan commitments and some financial guarantee contracts (for the issuer) that are not measured at fair value through profit or loss. The Group considers a broader range of information when assessing credit risk and measuring expected credit losses, including past events, current conditions, reasonable and supportable forecasts that affect the expected collectability of the future cash flows of the instrument. In applying this forward-looking approach, a distinction is made between: • financial instruments that have not deteriorated significantly in credit quality since initial recognition or that have low credit risk (‘Stage 1’) and • financial instruments that have deteriorated significantly in credit quality since initial recognition and whose credit risk is not low (‘Stage 2’). ‘Stage 3’ would cover financial assets that have objective evidence of impairment at the reporting date. ‘12-month expected credit losses’ are recognised for the first category while ‘lifetime expected credit losses’ are recognised for the second category. Measurement of the expected credit losses is determined by a probability-weighted estimate of credit losses over the expected life of the financial instrument. Trade and other receivables and contract assets The Group makes use of a simplified approach in accounting for trade receivables as well as contract assets and records the loss allowance as lifetime expected credit losses. These are the expected shortfalls in contractual cash flows, considering the potential for default at any point during the life of the financial instrument. In calculating, the Group uses its historical experience, external indicators and forward- looking information to calculate the expected credit losses using a provision matrix. The Group assess impairment of trade receivables on a collective basis and as they possess shared credit risk characteristics they have been grouped based on the days past due. Refer to Note 15 for further details. Classification and measurement of financial liabilities The Group’s financial liabilities include trade and other payables, borrowings and deferred consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Group designated a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. Borrowings Borrowings, including bank overdrafts, are classified as current liabilities unless the Group has an unconditional right to defer the settlement of the liability for at least 12 months after the balance sheet date. Deferred Consideration Deferred consideration is recognised at fair value at the acquisition date and subsequently at FVTPL. Changes in deferred consideration arising from additional information, obtained within one year of the acquisition date, about facts or circumstances that existed at the acquisition date, are recognised as an adjustment to goodwill. Foreign currency The presentation currency for the Group’s consolidated financial statements is Sterling. Foreign currency transactions by Group companies are recorded in their functional currencies at the exchange rate at the date of the transaction. Monetary assets and liabilities have been translated at rates in effect at the balance sheet date, with any resulting exchange adjustments being charged or credited to the Income Statement, within administrative expenses. 54 GRC International Group plc Annual Report and Accounts 2019 On consolidation the assets and liabilities of the subsidiaries with a functional currency other than Sterling are translated into the Group’s presentational currency at the exchange rate at the balance sheet date and the Income Statement items are translated at the average rate for the period. The exchange difference arising on the translation from functional currency to presentational currency of subsidiaries is classified as other comprehensive income and is accumulated within equity as a translation reserve. The balance of the foreign currency translation reserve relating to a subsidiary that is disposed of, or partially disposed of, is recognised in the Income Statement at the time of disposal. Current taxation Current taxation for each taxable entity in the Group is based on the local taxable income at the local statutory tax rate enacted or substantively enacted at the balance sheet date and includes adjustments to tax payable or recoverable in respect of previous periods. Deferred taxation Deferred taxation is calculated using the liability method, on temporary differences arising between the tax bases of assets and liabilities and their carrying amounts in the consolidated financial statements. However, if the deferred tax arises from the initial recognition of an asset or liability in a transaction other than a business combination that at the time of the transaction affects neither accounting nor taxable profit or loss, it is not accounted for. No deferred tax is recognised on initial recognition of goodwill or on investment in subsidiaries. Deferred tax is determined using tax rates and laws that have been enacted or substantively enacted by the balance sheet date and are expected to apply when the related deferred tax asset is realised or the deferred tax liability is settled. Deferred tax liabilities are provided in full, and are not discounted. Deferred tax assets are recognised to the extent that it is probable that future taxable profits will be available against which the temporary differences can be utilised. Changes in deferred tax assets or liabilities are recognised as a component of tax expense in the Income Statement, except where they relate to items that are charged or credited directly to equity in which case the related deferred tax is also charged or credited directly to equity. Deferred income tax assets and liabilities are offset when there is a legally enforceable right to offset current tax assets against current tax liabilities and when the deferred income tax assets and liabilities relate to income taxes levied by the same taxation authority on either the same taxable entity or different taxable entities where there is an intention to settle the balances on a net basis. Employment benefits Provision is made in the financial statements for all employee benefits. Liabilities for wages and salaries, including non-monetary benefits and annual leave obliged to be settled within 12 months of the balance sheet date, are recognised in accruals. Contributions to defined contribution pension plans are charged to the Income Statement in the period to which the contributions relate. Leases Leases are classified as finance leases whenever the terms of the lease transfer substantially all the risks and rewards of ownership to the lessee. The interest element of finance lease payments is charged to profit or loss as finance costs over the period of the lease. All other leases are classified as operating leases. Operating lease payments are recognised as an expense on a straight-line basis over the lease term, except where another systematic basis is more representative of the time pattern in which economic benefits from the leased asset are consumed. In the event that lease incentives are received to enter into operating leases, such incentives are recognised as a liability. The aggregate benefit of incentives is recognised as a reduction of rental expense on a straight-line basis, except where another systematic basis is more representative of the time pattern in which economic benefits from the leased asset are consumed. Equity Equity comprises the following: • “Share capital” represents the nominal value of equity shares issued. • “Share premium” represents amounts subscribed for share capital, net of issue costs, in excess of nominal value. • “Merger Reserve” represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued in circumstances where the merger relief provisions of the Companies Act 2006 apply. • “Share-based payment reserve” represents the accumulated value of share-based payments. • “Retained earnings” represents the accumulated profits and losses attributable to equity shareholders. • “Capital redemption reserve” represents the nominal value of shares repurchased by the Parent Company. • “Translation reserve” represents the exchange differences arising from the translation of the financial statements of subsidiaries into the Group’s presentational currency. GRC International Group plc Annual Report and Accounts 2019 55 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Share-based payments Equity-settled share-based payments to employees and Directors are measured at the fair value of the equity instrument. The fair value of the equity-settled transactions with employees and Directors is recognised as an expense over the vesting period. The fair value of the equity instruments is determined at the date of grant, taking into account vesting conditions. The fair value of goods and services received are measured by reference to the fair value of options. The fair values of share options are measured using the Black Scholes model. The expected life used in the model is adjusted, based on management’s best estimate of the effects of non-transferability, exercise restrictions and behavioural considerations. The cost of equity-settled transactions is recognised, together with a corresponding increase in equity, over the period in which the performance and/or service conditions are fulfilled, ending on the date on which the relevant employees become fully entitled to the award (the “vesting date”). The cumulative expense recognised for equity-settled transactions at each reporting date until the vesting date reflects the extent to which the vesting period has expired and the Group’s best estimate of the number of equity instruments that will ultimately vest. The Income Statement charge or credit for a period represents the movement in cumulative expense recognised as at the beginning and end of that period. No expense is recognised for awards that do not ultimately vest, except for awards where vesting is conditional upon a market condition, which are treated as vesting irrespective of whether or not the market condition is satisfied, provided that all other performance and/or service conditions are satisfied. Where the terms of an equity-settled award are modified, the minimum expense recognised is the expense as if the terms had not been modified. An additional expense is recognised for any modification which increases the total fair value of the share-based payment arrangement, or is otherwise beneficial to the employee as measured at the date of modification. Where an equity-settled award is cancelled, it is treated as if it had vested on the date of cancellation, and any expense not yet recognised for the award is recognised immediately. However, if a new award is substituted for the cancelled award, and designated as a replacement award on the date that it is granted, the cancelled and new awards are treated as if they were a modification of the original award, as described in the previous paragraph. Where an equity-settled award is forfeited, the cumulative charge expensed up to the date of forfeiture is credited to the Income Statement. Segment reporting An operating segment is a component of an entity that engages in business activities from which it may earn revenues and incur expenses (including revenues and expenses related to transactions with other components of the same entity), whose operating results are regularly reviewed by the entity’s Chief Operating Decision Maker to make decisions about resources to be allocated to the segment and assess its performance, and for which discrete financial information is available. The Chief Operating Decision Maker has been identified as the Board of Executive Directors, at which level strategic decisions are made. Details of the Group’s reporting segments are provided in note 1. New and amended International Financial Reporting Standards adopted by the Group A number of new standards, amendments to standards and interpretations, including IFRS 9 Financial Instruments and IFRS 15 Revenue from Contracts with Customers (effective for annual periods beginning after 1 January 2018) have been adopted in the current year. IFRS 15 Revenue from Contracts with Customers (effective for the year beginning 1 January 2018), and subsequent amendments ‘Clarifications to IFRS 15’ set out the requirements for recognising revenue and costs from contracts with customers. IFRS 15 provides a single source of accounting requirements for all contracts with customers, thereby replacing all current accounting pronouncements on revenue. Under IFRS 15, revenue is recognised in a manner that depicts the completion of performance obligations to customers in an amount that reflects the consideration to which the provider of the goods or services expects to be entitled. The Group has applied IFRS 15 using the cumulative effect method – i.e. by recognising the cumulative effect of initially applying IFRS 15 as an adjustment to the opening balance of equity at 1 April 2018. Therefore, the comparative information has not been restated and continues to be reported under IAS 18. 56 GRC International Group plc Annual Report and Accounts 2019 Details of the identified adjustments from previous IFRS are below: Software maintenance and support The Group previously recognised revenue for all software products when the customer took delivery of the products and formally accepted them. Under IFRS 15, where the Group sells a support contract as part of the software package, the revenue associated with the support contract is recognised over the period of the support contract associated with the software (normally 12 months). In comparison to previous IFRS, this method reduces revenue on a pro-rata basis and records the amounts not yet earned as deferred income. Hosting Fees The Group previously recognised revenue for all Hosting fees when the customer took delivery of the products and formally accepted them. Under IFRS 15, the Group recognise revenue over the period of the hosting contract (normally 12 months) and records it as deferred income. The following table summarises the impact, of transition to IFRS 15 on retained earnings as 1 April 2018. Retained earnings Software maintenance and support contracts recognised over time Hosting fees recognised over time Impact at 1 April 2018 Total comprehensive income Impact of adopting IFRS 15 at 1 April 2018 £ 99,432 9,342 108,774 108,774 IFRS 9 – ‘Financial instruments’ (effective for years beginning on or after 1 January 2018) replaces IAS 39 ‘Financial instruments– Recognition and measurement’ and addresses the classification and measurement of financial instruments, introduces new principles for hedge accounting and a new forward-looking impairment model for financial assets. The primary impact of IFRS 9 on the Group relates to provisioning for potential future credit losses on financial assets. The adoption of IFRS 9 did not result in any changes in the measurement or classification of financial instruments as at 1 April 2018. All classes of financial assets and financial liabilities at 1April 2018 had the same carrying values under IFRS 9 as they had under IAS 39. There is no material impact on the Financial Statements of adopting IFRS 9. International Financial Reporting Standards in issue but not yet effective At the date of authorisation of the consolidated financial statements, the IASB and IFRS Interpretations Committee have issued standards, interpretations and amendments which are applicable to the Group. Whilst these standards and interpretations are not effective for, and have not been applied in the preparation of, these consolidated financial statements, the following could have a material impact on the Group’s financial statements going forward: New/revised IFRSs IFRS 16* IAS 1 & IAS 8 IFRS 3 Leases Annual Improvements to IFRSs 2015 – 2017 Cycle Amendments to IAS 1 and IAS 8: Definition of Material Amendments to IFRS 3 Business Combinations Effective date: annual periods beginning on or after EU adopted 1 January 2019 1 January 2019 1 January 2020 1 January 2020 Yes Yes No No * IFRS 16 – ‘Leases’ is effective for accounting periods beginning on or after 1 January 2019 and will be adopted by the Group on 1 April 2019. The Directors are assessing the likely impact on the reported results and financial position of the Group. The existing obligations under operating lease agreements at 31 March 2019 are £880,718, which primarily relate to buildings. We are using the modified retrospective approach for transition on 1 April 2019 and we are taking advantage of the exemption relating to low value assets, and considering other expedients available. We have not yet concluded on the value of the expected adjustment to the balance sheet for leases capitalised and the corresponding lease liability. New/revised International Financial Reporting Standards which are not considered likely to have an impact on the Group’s financial statements going forwards have been excluded from the above. Management anticipates that all relevant pronouncements will be adopted in the Group’s accounting policies for the first period beginning after the effective date of the pronouncement. New standards, interpretations and amendments not listed below are not expected to have a material impact on the Group’s financial statements. GRC International Group plc Annual Report and Accounts 2019 57 Financial StatementsCorporate GovernanceStrategic Report Nature of Operations and General Information continued Significant management judgements in applying accounting policies and key sources of estimation uncertainty The preparation of financial statements in conformity with generally accepted accounting practice requires management to make estimates and judgements that affect the reported amounts of assets and liabilities as well as the disclosure of contingent assets and liabilities at the reporting date and the reported amounts of revenues and expenses during the reporting period. Estimates and judgements are continually evaluated and are based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. Assumptions and accounting estimates are subject to regular review. Any revisions required to accounting estimates are recognised in the period in which the revisions are made including all future periods affected. Significant management judgements The following are significant management judgements in applying the accounting policies of the Group that have the most significant effect on the financial statements. Capitalisation of internally developed intangible assets Determining whether the recognition requirements for the capitalisation of development costs are met requires judgement. Management considers the criteria set out in IAS 38 in advance of capitalising any projects. After capitalisation, management monitors whether the recognition requirements continue to be met and whether there are any indicators that capitalised costs may be impaired. Should a different judgement be taken, the amounts capitalised may differ from those presented in note 11. Recognition of deferred tax assets The extent to which deferred tax assets can be recognised is based on an assessment of the probability that future taxable income will be available against which the deductible temporary differences and timing differences on capital allowances can be utilised. In addition, significant judgement is required in assessing the impact of any legal or economic limits or uncertainties in various tax jurisdictions. Judgement is also applied in the recognition of deferred tax assets in respect of losses, based on management’s view of the availability of future profits to offset such losses. Identification of assets acquired in business consideration Business combinations require management to exercise judgement in measuring the fair value of the assets acquired, equity instruments issued, and liabilities, and contingent consideration incurred or assumed. In particular, a high degree of judgement is applied in determining the fair value of the separate intangible assets acquired, their useful economic lives and which assets and liabilities are included in a business combination. In certain acquisitions, the Group may include contingent consideration which is subject to the acquired company achieving certain performance targets. At each reporting period, GRC International plc estimates the future earnings of acquired companies, which are subject to contingent consideration in order to assess the probability that the acquired company will achieve their performance targets and thus earn their contingent consideration. Any changes in their fair value of the contingent consideration between reporting periods are included in the determination of net income. Changes in fair value arise as a result of changes in the estimated probability of the acquired business achieving its earning targets and the consequential impact of amounts payable under these arrangements. Identification of performance obligations in customer contracts The identification of performance obligations in customer contracts requires management to exercise judgement to determine both the nature of the performance obligations and when those obligations are delivered in order to recognise revenue appropriately. Estimation uncertainty Information about estimates and assumptions that have the most significant effect on recognition and measurement of assets, liabilities, income and expenses is provided below. Actual results may be substantially different. The Group makes certain estimates and assumptions regarding the future. Estimates and judgements are continually evaluated based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. In the future, actual experience may differ from these estimates and assumptions. The estimates and assumptions that have a significant risk of causing a material adjustment to the carrying amounts of assets and liabilities within the next financial year are discussed below. Estimates and assumptions • Income taxes – provisions for income taxes in various jurisdictions (note 7) • Level of expected credit loss provision to hold or not hold (note 15) • Useful lives of intangible assets acquired or internally generated (note 11) • Impairment of goodwill – Estimate of future cash flows and determination of the discount rate (note 10) 58 GRC International Group plc Annual Report and Accounts 2019 Notes to the Financial Statements 1. Segmental reporting Operating segments For the purposes of segmental reporting, the Group’s Chief Operating Decision Maker (CODM) is considered to be the Executive Board of Directors. The Board identifies its operating segments based on the group’s service lines, which represent the main product and services provided by the Group. In the opinion of the Board, the Group operates as a single operating segment. Revenue by geographic destination Revenue across all operating segments is generated from the UK but includes overseas sales: UK Non-UK 2019 £ 2018 £ 12,886,471 2,962,095 12,666,042 3,022,174 15,848,566 15,688,216 2019 Non-UK Revenue includes Rest of Europe (£1,334,738), United States of America (£823,860), Australia (£149,967) and Rest of the World (£653,530). 2019 Non-UK non-current assets includes Ireland (£58,372), Germany (£10,041). In 2018 all non-current assets were held in the UK. Information about major customers No customers contributed 10% or more to the Group’s revenue in any period presented. 2. Revenue Revenue is all derived from continuing operations. The Group has disaggregated revenue into various categories in the following tables which is intended to depict how the nature, amount, timing and uncertainty of revenue and cash flows are affected by economic date: Consultancy Publishing and distribution Software Training Total revenue The Group’s revenue is analysed by timing of delivery of goods or services as: Point in time delivery Over time Total revenue The revenue is analysed as follows for each revenue category: Sale of goods Provision of services Other income Interest on cash deposits Total revenue 2019 £ 7,227,588 1,337,205 1,513,212 5,770,561 2018 £ 5,273,742 1,649,060 399,212 8,366,202 15,848,566 15,688,216 2019 £ 2018 £ 7,557,470 8,291,096 5,564,953 10,123,263 15,848,566 15,688,216 2019 £ 2018 £ 1,332,933 14,515,633 15,848,566 32,425 2,137 15,883,128 1,646,650 14,041,566 15,688,216 21,875 516 15,710,607 GRC International Group plc Annual Report and Accounts 2019 59 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 2. Revenue continued Contract balances: deferred income At 1 April On acquisition of DQM Amounts included in deferred income that were recognised as revenue in the period from the opening balance Amounts invoiced in the period and not recognised as revenue in the period At 31 March Deferred income 2019 2018 1,394,946 18,765 (1,394,946) 925,255 971,020 802,922 – (802,922) 1,394,946 1,394,946 Contract assets and contract liabilities are included within “trade and other receivables” and “trade and other payables” respectively on the face of the consolidated balance sheet. They arise from the Group’s contracts that cover multiple reporting periods as payments received from customers at each balance sheet date do not necessarily equal the amount of revenue recognised on the contracts. No material contract asset balances arise in the ordinary course of business. The Group recognised deferred income within “trade and other payables”. This balance equates to the value of the remaining performance obligations for revenue recognised over time, given the nature of the Group’s invoicing arrangements with customers. 3. Exceptional administrative costs Expenses relating to the Group’s AIM admission Expenses relating to the acquisition of DQM 4. Operating profit Operating profit is stated after charging: Cost of sales Wages and salaries Other direct costs including consultancy and training costs, books and manuals Other administration costs Wages and salaries Sales and marketing costs Depreciation of property, plant and equipment Amortisation of intangible fixed assets Auditor’s remuneration: –Fees payable for the audit of the annual accounts Foreign exchanges (credits)/charges Operating lease costs –Building –Other Other costs including office administration, legal and professional, IT and website costs. 2018 audit fees were in respect of work performed by Deloitte LLP. 2019 fees are in respect of BDO LLP. No non-audit fees were payable to the auditor in respect of services rendered in the year. 2019 £ – 164,149 164,149 2018 £ 714,251 – 714,251 2019 £ 2018 £ 4,870,571 2,424,468 7,295,039 9,023,705 1,204,769 183,351 611,220 120,000 (5,329) 148,714 10,216 2,419,104 2,128,389 4,035,301 6,163,690 6,005,590 818,654 108,944 391,550 110,000 41,851 111,410 10,170 786,689 13,715,750 8,384,858 60 GRC International Group plc Annual Report and Accounts 2019 5. Employees The aggregate payroll costs of the employees were as follows: Staff costs Wages and salaries Social security costs Share-based payment charge Pension costs The average monthly number of persons employed by the Group during the year was as follows: By activity Administration Sales and distribution Remuneration of Directors is disclosed in the Remuneration Committee Report. Details of key management personnel and their remuneration are disclosed within note 26. 6. Net finance costs Interest received on cash deposits Interest on overdrafts Interest on loans Interest on finance leases 7. Taxation Analysis of charge in the year: Corporation tax – current year Corporation tax – prior year Foreign tax – current year Deferred tax – current year movement Deferred tax – prior year movement Total tax charge (Loss)/Profit before taxation Profit by rate of tax (2019: 19%; 2018: 19%) Fixed asset timing differences Expenses not deductible for tax purposes Deferred tax not recognised Adjustments to deferred tax in respect of prior periods Effects of change in tax rate Other movements Prior year restatement Losses carried back Group relief surrendered Effects of different tax rates of subsidiaries operating in other jurisdictions Total tax 2019 £ 2018 £ 12,490,461 1,244,250 63,285 159,565 13,957,561 7,275,850 822,837 82,560 35,292 8,216,539 2019 £ 130 140 270 2019 £ (2,137) 92 9,281 234 7,470 2019 £ 72,124 (139,231) (118,634) 51,095 163,803 29,157 2019 £ (5,365,448) (1,019,435) 4,522 82,949 776,849 24,572 113,340 – – 37,582 6,988 1,790 29,157 2018 £ 83 94 177 2018 £ (516) – 9,700 202 9,386 2018 £ 153,146 – 1,890 (1,541) – 153,495 2018 £ 355,346 67,516 1,560 145,930 – – 192 (439) (73,183) – – 11,919 153,495 GRC International Group plc Annual Report and Accounts 2019 61 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 7. Taxation on ordinary activities continued Deferred tax in equity Change in estimated excess tax deductions related to share-based payments Total income tax recognised directly in equity 2019 £ 251,296 251,296 2018 £ 545,590 545,590 The Finance Act (No. 2) 2015 included a reduction in the rate of corporation tax from 20% to 19% from 1 April 2017 and the Finance Act 2016 included a reduction in the main rate of corporation tax from 19% to 17% from 1 April 2020. These tax law changes received Royal Assent before the balance sheet date and therefore are reflected in the deferred tax position. At the balance sheet date, the Group has the following unused tax losses as the Group expects the deferred tax to unwind at a rate of 17%: Trading losses (UK) Trading losses (Ireland) Non-trading loan relationship deficits 2019 £ 4,318,593 1,124,175 2,330 2018 £ – 183,149 2,330 At the balance sheet date, a deferred tax asset has not been recognised for excess unrelieved foreign tax of £19,848 (2018: £19,848) on the basis that it is not considered probable that there will be future taxable profits available to utilise the double tax relief credit. Deferred tax The following are the major deferred tax liabilities and assets recognised by the Group and movements thereon during the current and prior reporting period. Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. Fixed asset timing differences £ 135,591 (51,659) – – Retirement benefit obligations £ (750) (1,068) – – Share-based payments £ – (14,702) (582,903) – Short term timing differences £ (141,205) – – (29,635) Tax losses (Ireland) £ – (22,894) – – Tax losses (UK) £ (82,080) 88,590 – – 112 – 1,548 61,358 – – – – (6,906) – (1,706) – 1,706 – – (534,699) – 21,548 251,296 891 (170,840) – 29,205 – 141,205 (22,894) – (118,634) – (2,365) (396) – (21,296) – 21,692 – 420,955 – – – Intangibles £ Total £ – – – – – – (88,444) (1,733) (582,903) (29,635) 192 61,358 (641,165) 423,013 (67,539) 251,296 163,803 At 1 April 2017 Charge/(credit) to profit or loss Credit direct to equity Prior year adjustment Effect of change in tax rate: – Income Statement – equity Deferred tax (asset)/liability at 31 March 2018 Business acquired Charge/(credit) to profit or loss Credit direct to equity Prior year adjustment Deferred tax at 31 March 2019 Asset (Non-UK) Liability (UK) 5,438 – 89,370 2,058 19,932 – 2,380 – 113,740 – – – (260,964) – (430) (143,893) – – – – 420,955 (143,893) 273,301 8. Earnings per share Basic earnings per share is based on the (loss)/profit after tax for the year and the weighted average number of shares in issue during each year. (Loss)/profit attributable to equity holders of the Group (£) Weighted average number of shares in issue Basic (loss)/earnings per share (pence) 2019 2018 (5,394,605) 57,982,319 201,851 50,785,329 (9.30) 0.40 62 GRC International Group plc Annual Report and Accounts 2019 8. Earnings per share continued Diluted earnings per share is calculated by adjusting the average number of shares in issue during the year to assume conversion of all dilutive potential ordinary shares. Taking the Group’s share options into consideration in respect of the Group’s weighted average number of ordinary shares for the purposes of diluted earnings per share, is as follows: Number of shares Dilutive (potential dilutive) effect of share options Weighted average number of ordinary shares for the purposes of diluted earnings per share Diluted (loss)/earnings per share (pence) 2019 2018 57,982,319 – 57,982,319 50,785,329 378,786 51,164,115 (9.30) 0.39 Due to the losses incurred during the year, a diluted loss per share has not been calculated as this would serve to reduce the basic loss per share. There were 2,360,680 (2018: 2,360,680) share incentives outstanding at the end of the year that could potentially dilute basic earnings per share in the future. 9. Subsidiaries Details of the Group’s subsidiaries are as follows: Name of subsidiary and registered office address Principal activity IT Governance Limited* Vigilant Software Limited* IT Governance Europe Limited 6th Floor, South Bank House, Barrow Street, Dublin 4 IT Governance USA Inc 420 Lexington Avenue, Suite 300, New York, NY 10170, USA IT Governance Publishing Limited* GRCI Law Limited* GRC Elearning Limited* IT Governance Europe Limited* IT Governance Consulting Limited* IT Governance Franchising Limited* IT Governance Sales Limited* IT Governance Software Limited* IT Governance Training Limited* ITG Certifications Limited* ITG Qualifications Limited* ITG Security Testing Limited* ITG Encryption Limited* Data Quality Management Limited** Data Quality Management Group Limited** Data2 Limited** DQM Group Holdings Limited** Information technology governance services Information technology Software development Information technology governance services Information technology governance services Information technology governance publications Information technology governance legal services Information technology governance internet-based training Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Dormant company*** Information technology governance services Dormant company*** Holding Company*** * Registered Office: Unit 3, Clive Court, Bartholomew’s Walk, Cambridge Business Park, Ely, Cambridgeshire CB7 4EA ** Registered Office: Dqm House, Baker Street, High Wycombe, Buckinghamshire, England, HP11 2RX *** Dormant subsidiaries which have taken advantage of the s394A exemption from preparing individual accounts. Place of incorporation and operation England & Wales England & Wales Ireland USA England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales England & Wales % ownership held by the Group 2019 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 2018 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% – – – – GRC International Group plc Annual Report and Accounts 2019 63 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 10. Goodwill Cost At 1 April 2017 & 31 March 2018 Additions At 31 March 2019 Total £ – 6,693,234 6,693,234 The Directors have assessed the carrying value of the goodwill arising on the acquisition of DQM on the basis of consideration of both fair value less costs to sell and value in use in conjunction with the valuation of the business acquired in March 2019. Key assumptions included the discount rate of 15.6%, revenue growth rates consistent with market growth rates over a 5 year forecast period and a terminal growth rate of 2%. In view of the disclosures provided in notes 19 and 29 on the cost of the acquisition of DQM, the Directors do not consider that the disclosure of any further details concerning the carrying value of DQM is necessary. It is not considered that any reasonably possible changes in key assumptions as at 31 March 2019 would give rise to an impairment. 11. Intangible assets Cost At 1 April 2017 Additions At 31 March 2018 Additions Business acquired Foreign exchange movement Marketing tools £ Publishing products £ Consultancy products and Courseware £ Software and Website costs £ Trademarks £ Customer relationships £ Total £ 46,887 15,996 62,883 – – – 207,284 8,217 215,501 71,778 – – 462,711 70,981 533,692 164,601 – (1,161) 1,251,407 848,824 2,100,231 2,052,389 187,698 – 7,011 1,250 8,261 – 455,889 – – – – – 1,843,201 – 1,975,300 945,268 2,920,568 2,288,768 2,486,788 (1,161) At 31 March 2019 62,883 287,279 697,132 4,340,318 464,150 1,843,201 7,694,963 Accumulated depreciation At 1 April 2017 Charge for year Foreign exchange movement At 31 March 2018 Charge for year Foreign exchange movement At 31 March 2019 Net book value At 31 March 2019 At 31 March 2018 At 1 April 2017 42,274 5,189 – 47,463 7,357 – 139,734 32,124 – 171,858 31,310 – 148,109 49,146 (6) 197,249 55,555 (204) 599,833 304,089 – 903,922 515,973 – 2,180 1,002 – 3,182 1,025 – 54,820 203,168 252,600 1,419,895 4,207 – – – – – – – 932,130 391,550 (6) 1,323,674 611,220 (204) 1,934,690 8,063 15,420 4,613 84,111 43,643 67,550 444,532 2,920,423 459,943 1,843,201 5,760,273 336,443 1,196,309 314,602 651,574 5,079 4,831 – – 1,596,894 1,043,170 Amortisation is included within administrative expenses. All intangible assets have been developed internally with the exception of those arising on the business acquisition in the year (Note 29). The recoverable amounts of the CGU’s for the purpose of monitoring impairment are determined from value-in-use calculations. A review of the carrying amounts of the Group’s non-current assets to determine whether there is an indication that these assets have suffered an impairment loss was carried out at the year-end. Due to the timing of the acquisition of DQM and the substantial amount of development in the year of new and enhanced products the Directors deemed it too early to establish the need for any impairment. 64 GRC International Group plc Annual Report and Accounts 2019 12. Property, plant and equipment Cost At 1 April 2017 Additions Foreign exchange movement At 31 March 2018 Additions Businesses acquired Disposals Foreign exchange movement At 31 March 2019 Accumulated depreciation At 1 April 2017 Charge for year Foreign exchange movement At 31 March 2018 Charge for year Disposals Foreign exchange movement At 31 March 2019 Net book value At 31 March 2019 At 31 March 2018 At 31 March 2017 Leasehold improvements £ Computer equipment £ Office equipment £ 34,869 53,500 – 88,369 50,162 768 – (203) 262,387 322,127 129 584,643 162,362 – (12,990) (133) 20,050 24,539 10 44,599 21,705 20,893 (1,848) (117) Total £ 317,306 400,166 139 717,611 234,229 21,661 (14,838) (453) 139,096 733,882 85,232 958,210 15,755 7,985 – 23,740 12,688 – (13) 154,185 95,566 (3) 249,748 158,459 (7,312) (57) 14,712 5,393 (1) 20,104 12,204 – (29) 184,652 108,944 (4) 293,592 183,351 (7,312) (99) 36,415 400,838 32,279 469,532 102,681 333,044 64,629 334,895 52,953 24,495 488,678 424,019 19,114 108,202 5,338 132,654 Depreciation is included within administrative expenses. Included within the computer equipment net book values above is £6,784 (2018: 18,509, 2017: £30,012) relating to assets held under finance leases. 13. Investments in equity-accounted joint ventures The Group has a 50% interest in a joint venture, IBITGQ GmbH, a separate structured vehicle incorporated and operating in Germany. It was set up as a partnership together with GASQ Service GmbH dedicated to the provision of training and the continued professional development of information security, business resilience and IT governance professionals. The contractual arrangement provides the Group with only the rights to the net assets of the joint arrangement, with the rights to the assets and obligations for liabilities of the joint arrangement resting primarily with IBITGQ GmbH. Under IFRS 11 the joint arrangement is classified as a joint venture and has been included in the consolidated financial statements using the equity method. The principal place of business of the joint operation is in Germany. Additions Loss for the period Foreign exchange movement 2019 £ 10,995 (746) (208) 10,041 GRC International Group plc Annual Report and Accounts 2019 65 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 14. Inventories Finished goods for resale Amounts of inventories recognised as an expense during the period as cost of sales Amounts of inventories (written back)/impaired during the period 15. Trade and other receivables Trade receivables Less: provision for impairment of trade receivables Net trade receivables Other receivables Prepayments 2019 £ 64,242 2019 £ 196,286 2019 £ 9,773 2019 £ 1,986,220 – 1,986,220 217,440 700,293 2,903,953 2018 £ 76,171 2018 £ 40,532 2018 £ (5,011) 2018 £ 2,228,899 – 2,228,899 66,427 341,983 2,637,309 None of the Company’s trade and other receivables are secured by collateral or credit enhancements. The Group applies the IFRS 9 simplified approach to measuring expected credit losses on a collective basis. To measure expected credit losses on a collective basis, trade receivables and contract assets are grouped based on a similar credit risk and aging. The Group’s policy for default risk over receivables is based on the on-going evaluation of the collectability and ageing analysis of trade and other receivables. Considerable judgement is required in assessing the ultimate realisation of these receivables, including reviewing the potential likelihood of default, the past collection history of each customer and the current economic conditions. The Group uses a third party credit scoring system to assess the creditworthiness of potential new customers before accepting them. Credit limits are defined by customer based on this information. All customer accounts are subject to review on a regular basis by senior management and actions are taken to address debt ageing issues. The Directors believe that there is no requirement for a provision. All of the Group’s trade and other receivables have been reviewed for indicators of impairment. The Directors consider that the carrying amount of trade and other receivables approximates to the fair value. Included in the Group’s trade receivable balance as at the year end were customer balances with a carrying amount of £1,349,933 (2018: £641,885) which are past due at the reporting date for which the Group has not recorded a provision as the Directors believe the amounts to be recoverable in full, with an immaterial remaining exposure for amounts remaining uncollected at the date the financial statements were approved and authorised for issue. The expected loss rates are based on the Group’s historical credit losses experienced over a two year period prior to the period end. The historical loss rates are then adjusted for current and forward-looking information on macroeconomics factors affecting the Group’s customers. The Group has identified gross domestic product growth rates, employment rates and inflation rates as the key macroeconomics factors in the countries in which the Group operates. The calculated expected credit loss allowance for the current and prior reporting periods has not been included as an impairment provision as the directors consider it to be immaterial. The maturity profile of trade and other receivables is set out in the table below: In one year or less, or on demand 66 GRC International Group plc Annual Report and Accounts 2019 2019 £ 2018 £ 2,903,953 2,637,309 The analysis of trade and other receivables by foreign currency is set out in the table below: UK pound US dollars Euro 2019 £ 2,712,859 8,572 182,522 2,903,953 2018 £ 2,637,309 – 2,637,309 The Group’s foreign currency receivables are denominated in the functional currency of the subsidiaries in which they arise. There is no impact on the loss for the year from foreign exchange rate movements on such financial instruments. 16. Cash and cash equivalents Cash at bank (GBP) Cash at bank (EUR) Cash at bank (USD) Cash at bank (AUD) Cash at bank (other currencies) 2019 £ 609,493 16,096 6,850 6,902 (139) 639,202 2018 £ 5,447,646 17,378 90,653 960 939 5,557,576 All significant cash and cash equivalents were deposited with major clearing banks with at least ‘A’ rating. Details of bank overdrafts are given in note 18. 17. Trade and other payables Amounts falling due within one year: Trade payables Other taxation and social security Other payables Deferred income Accruals 18. Borrowings Secured – at amortised cost – Bank overdrafts – Bank loans – Other loans Current Non-current: – 1-2 years 2019 £ 1,999,981 868,644 169,965 971,020 357,609 4,367,219 2018 £ 1,516,315 1,019,555 141,046 1,394,946 564,403 4,636,265 2019 £ 492,411 – 28,143 520,554 520,554 – 520,554 2018 £ – 2,297 77,212 79,509 51,366 28,143 79,509 GRC International Group plc Annual Report and Accounts 2019 67 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 18. Borrowings continued Summary of borrowing arrangements The Group has an overdraft facility which comprised £500,000 at the end of 2019 (2018: £nil). The facility is uncommitted and secured with fixed and floating charges over the assets of the Group. The Group has a number of loans in the periods presented. These are secured with fixed and floating charges over the assets of the Group and are summarised as follows: 1. Funding circle loan 3 – £140,640 in October 2014 over five years at 14.69% APR interest. 2. Directors’ Pension scheme loan – £70,000 in October 2014 over five years at 9.5% APR interest. 3. Invoicing discounting facility acquired within the DQM acquisition. 4. Unsecured loan facility provided by Andrew Brode at an interest rate of 5% above the Bank of England Base rate to provide additional working capital. The facility will be available to the Group until at least 31 December 2020 and will automatically renew for a further 12 months unless terminated by either party. 19. Financial instruments – Risk Management The Group is exposed through its operations to the following financial risks: • Credit risk • Interest rate risk • Foreign exchange risk • Other market price risk, and • Liquidity risk. In common with all other businesses, the Group is also exposed to risks that arise directly from its use of financial instruments. This note describes the Group’s objectives, policies and processes for managing those risks and methods used to measure them. Further quantitative information in respect of these risks is presented throughout these financial statements. I. Principal financial instruments The principal financial instruments used by the Group, from which financial instrument risk arises, are as follows: • Trade receivables • Cash and cash equivalents • Trade and other payables • Bank overdrafts • Floating-rate bank loans • Fixed rate bank loans • Other loans II. Financial instruments by category Financial assets Cash and cash equivalents Trade and other receivables Total financial assets Fair value through profit or loss Amortised cost 2019 £ – – – 2018 £ – – – 2019 £ 639,202 1,986,220 2,625,422 2018 £ 5,557,576 2,228,899 7,786,475 All of the above financial assets’ carrying values are approximate to their fair values, as at each reporting date disclosed. Financial liabilities Trade and other payables Borrowings Finance lease payables Deferred consideration Total financial liabilities Fair value through profit or loss Amortised cost 2019 £ – – – 3,747,025 3,747,025 2018 £ – – – – – 2019 £ 2,357,590 520,554 5,667 – 2,883,811 2018 £ 2,228,899 79,509 15,183 – 2,323,591 All of the above financial liabilities’ carrying values are considered by management to be approximate to their fair values, as at each reporting date disclosed. 68 GRC International Group plc Annual Report and Accounts 2019 19. Financial instruments – Risk Management continued III. Financial instruments not measured at fair value Financial instruments not measured at fair value includes cash and cash equivalents, trade and other receivables, trade and other payables approximate their fair value. Due to their short-term nature, the carrying value of cash and cash equivalents, trade and other receivables, trade and other payables and borrowings approximates their fair value. IV. Financial instruments measured at fair value Classification of financial instruments The fair value hierarchy groups financial assets and liabilities into three levels based on the significance of inputs used in measuring the fair value of the financial assets and liabilities. The fair value hierarchy has the following levels: • Level 1: quoted prices (unadjusted) in active markets for identical assets or liabilities; • Level 2: inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly (I.e. as prices) or indirectly (i.e. derived from prices); and • Level 3: inputs for the asset or liability that are not based on observable market data (unobservable inputs). The level within which the financial asset or liability is classified is determined based on the lowest level of significant input to the fair value measurement. The Group did not hold any level 1 or 2 financial instruments in any of the periods presented. 31 March 2019 The reconciliation of the opening and closing fair value balance of level 3 financial instruments which comprises the Group’s deferred consideration liability is provided below: At 1 April 2018 Arising on acquisition (note 29) At 31 March 2019 Deferred consideration £ – 3,747,025 3,747,025 There have not been any changes to the amount recorded between initial recognition of the liability on 5 March 2019 and 31 March 2019. There is limited estimation uncertainty, and expected to be no material change in the value, as the measurement period for determining the amount payable has already concluded. Any deferred consideration payable is recognised at fair value at the acquisition date. Subsequent changes to the fair value of the deferred consideration are recognised in profit or loss. The fair value of deferred consideration is calculated using the income approach based on the expected amounts and their associated probabilities (i.e. probability – weighted). 31 March 2018 At 31 March 2018 the Group did not hold any level 3 financial instruments. 20. Financial instrument risk exposure and management General objectives, policies and processes The Board has overall responsibility for the determination of the Group’s risk management objectives and policies and, whilst retaining ultimate responsibility for them, it has delegated the authority for designing and operating processes that ensure that effective implementation of the objectives and policies to the Group’s finance function. The Board receives monthly reports from the Group Finance Director through which it reviews the effectiveness of the processes put in place and the appropriateness of the objectives and policies it sets. The Group’s internal auditors also review the risk management policies and processes and report their findings to the Audit Committee. The overall objective of the Board is to set policies that seek to reduce risk as far as possible without unduly affecting the Group’s competitiveness and flexibility. Further details regarding these policies are set out below: GRC International Group plc Annual Report and Accounts 2019 69 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 20. Financial instrument risk exposure and management continued Credit risk The Group’s credit risk is primarily attributable to its trade receivables, which are presented in note 15. In respect of trade and other receivables, the Group is not exposed to any significant credit risk exposure to any single counterparty, its counterparties have similar characteristics being small to medium sized UK businesses with a number of blue-chip organisations now being serviced by the Group following the DQM acquisition. Trade receivables consist of a large number of customers in various industries and geographical areas. Based on historical information about customer default rates management consider the credit quality of trade receivables that are not past due or impaired to be good. The credit risk on liquid funds is limited because the third parties are large international banks with a credit rating of at least A. The Group’s total credit risk amounts to the total of the sum of the receivables and cash and cash equivalents. At the 2019 year end, this amounts to £2,625,422 (2018: £7,786,425; 2017: £1,296,287). Interest rate risk The Group has secured debt consisting of bank overdrafts, bank loans and other loans. The interest on most of the loans (with the exception HSBC bank loan) is fixed. A variable rate interest applies to the overdraft which is a short-term liability, and therefore interest rate risk is considered to be limited. The Group’s only other exposure to interest rate risk is the interest received on the cash held on deposit, which is immaterial. Foreign exchange risk Most of the Group’s transactions are carried out in GBP. Exposures to foreign currency exchange rates arise from the Group’s overseas sales and purchases, which are denominated in a number of currencies, primarily USD, EUR and AUD. Cash balances held in these currencies are relatively immaterial (see note 16) and transactional risk is considered manageable due to the values involved. The Group does not hold material non-GBP balances and currently does not consider it necessary to take any action to mitigate foreign exchange risk due to the immateriality of that risk. Liquidity risk Prudent liquidity risk management includes maintaining sufficient cash balances to ensure the Group can meet liabilities as they fall due, and ensuring adequate working capital using invoice financing arrangements. In managing liquidity risk, the main objective of the Group is, therefore, to ensure that it has the ability to pay all of its liabilities as they fall due. The Group monitors its levels of working capital to ensure that it can meet its debt repayments as they fall due. The table below shows the undiscounted cash flows on the Group’s financial liabilities as at 31 March 2019 and 2018, on the basis of their earliest possible contractual maturity At 31 March 2019 Trade payables Accruals Finance lease payables Bank overdrafts Other loans Contingent consideration At 31 March 2018 Trade payables Accruals Finance lease payables Bank loans Other loans 70 GRC International Group plc Annual Report and Accounts 2019 Total £ On Demand £ Within 2 months £ Within 2-6 months £ 6-12 months £ 1-2 years £ Greater than 2 years £ 1,999,981 357,609 5,667 492,411 32,236 3,747,025 – – – 492,411 – – 1,999,981 – 1,889 – 9,210 – – 357,609 1,889 – 18,421 3,547,025 – – 1,889 – 4,605 200,000 6,634,929 492,411 2,011,080 3,924,944 206,494 – – – – – – – – – – – – – – Total £ On Demand £ Within 2 months £ Within 2-6 months £ 6-12 months £ 1,516,315 564,403 15,183 62,771 235,256 2,393,928 – – – – – – 1,516,315 – 1,888 4,829 17,221 – 564,403 3,814 9,657 34,441 1,540,253 612,315 – – 3,814 14,485 35,563 53,862 1-2 years £ – – 5,667 28,971 63,667 98,305 Greater than 2 years £ – – – 4,829 84,364 89,193 21. Capital management The Group’s capital management objectives are: • to ensure the Group’s ability to continue as a going concern; and • to provide long-term returns to shareholders. The Group defines and monitors capital on the basis of the carrying amount of equity plus its outstanding loan notes, less cash and cash equivalents as presented on the face of the balance sheet as follows: Equity Borrowings (note 18) Less: cash and cash equivalents (note 16) 2019 £ 7,356,073 28,143 (146,791) 7,237,425 2018 £ 5,900,346 79,509 (5,557,576) 422,279 The Board of Directors monitors the level of capital as compared to the Group’s commitments and adjusts the level of capital as is determined to be necessary by issuing new shares or adjusting the level of debt. The Group is not subject to any externally imposed capital requirements. 22. Dividends Ordinary shares Interim dividend for the year ended 31 March 2018 Final dividend for the year ended 31 March 2018 Total dividends provided for or paid Dividends paid in cash or satisfied by offset against directors’ loan receivable. Paid in cash Satisfied by offset against directors’ loan receivable. 2019 £ 2018 £ – – – – – – 731,320 220,000 951,320 386,500 564,820 951,320 Dividends of £731,320 were declared to Alan Calder by IT Governance Limited in December 2017. An additional £220,000 was subsequently declared as a final dividend payment from IT Governance Limited to Alan Calder on 31 December 2017. Of the Dividends declared and paid £386,500 was settled in cash and the remainder was offset against Alan Calder’s directors loan receivable. 23. Leasing arrangements Operating leases Operating leases primarily relates to land and buildings, and photocopiers. The Group does not have an option to purchase any of the operating leased assets at the expiry of the lease periods. Payments recognised as an expense are disclosed in note 4. Aggregate future minimum lease payments under non-cancellable operating lease commitments Land and buildings Not later than one year After one year and not later than five years After five years 2019 £ 2018 £ 198,460 588,913 237,345 1,024,718 124,107 450,136 318,721 892,964 GRC International Group plc Annual Report and Accounts 2019 71 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 23. Leasing arrangements continued Finance leases The Group leased certain items of its equipment under finance leases. The Group’s obligation under finance leases are secured by the lessors’ title to the leased assets. Finance lease liabilities minimum lease payments: Not later than one year After one year and not later than five years After five years Finance lease liabilities are included in liabilities: Current Non-current 2019 £ 5,667 – – 5,667 2019 £ 5,667 – 5,667 2018 £ 9,516 6,021 (354) 15,183 2018 £ 9,516 5,667 15,183 24. Retirement benefit plans Benefits from the contributory pension schemes to which the Group contributes are related to the cash value of the funds at retirement dates. The Group is under no obligation to provide any minimum level of benefits. The assets of the schemes are administered by trustees in funds independent of the Group. During the year £33,000 was recognised in the Income Statement in relation to pension contributions (2018: £33,400). As at 31 March 2019, £nil is payable to pension schemes (2018: £nil). 25. Share capital The total allotted share capital of the Company is: Ordinary shares of £0.001 each 2019 Number £ 2018 Number £ 64,484,172 64,484 57,462,940 57,463 Issue of shares by GRC International Group During the year ended 31 March 2019, shares were issued by GRC International Group as follows: Number Share capital £ Share premium £ Total proceeds £ 57,462,940 5,000,000 – 2,021,232 57,463 5,000 – 2,021 4,792,828 4,995,000 (200,000) – 4,850,291 5,000,000 (200,000) 2,021 64,484,172 64,484 9,587,828 9,652,312 Ordinary shares of £0.001 each Allotments: 1 April 2018 1 March 2019 Cost of share issue 5 March 2019 72 GRC International Group plc Annual Report and Accounts 2019 25. Share capital continued During the year ended 31 March 2018, further to the restructuring of the Group to add GRC International Group as the holding company of the Group, shares were issued by GRC International Group as follows: Ordinary shares of £0.001 each Allotments: 1 February 2018 – share-for-share issue to add GRC International Group as Parent Company of the Group 12 February 2018 Share split 5 March 2018 Cost of share issue Number Share capital £ Share premium £ Total proceeds £ 10,050,236 2,352 40,210,352 7,200,000 – 50,251 12 – 7,200 – – 5,028 – 5,032,800 (245,000) 50,251 5,040 – 5,040,000 (245,000) 57,462,940 57,463 4,792,828 4,850,291 Rights and obligations GRC Group International has one class of ordinary share. All shares rank pari passu in all respects, and the holders of all shares shall have the right (in particular) to receive notice of, and to attend and vote at, general meetings of the Company. 26. Share-based payments The Group operates a share option scheme to which the employees of the Group may be invited to participate by the Remuneration Committee. If the options remain unexercised after a period of ten years from the date of grant, the options expire. Options are forfeited if the employee leaves the Group before the options vest. As at 31 March 2017, 12,000 options in IT Governance Limited were exercisable at £0.44 per share, 1,668 options were exercisable at £19.00 per share. The options were to be settled in equity once exercised. All of the options had vested prior to the date of transition to IFRS. IT Governance adopted the exemption from applying IFRS 2 to options granted after 7 November 2002 and vested before the IFRS transition date. These options have been cancelled during the prior year following the restructuring of the Group. GRC International Group issued options during the prior year, including the holders of the former options in IT Governance described above as replacement for the cancellation of those options. Details of the number of share options and the weighted average exercise price (“WAEP”) outstanding during the year are as follows: 2019 Outstanding at the beginning of the year Outstanding at the year end Number vested and exercisable at 31 March 2018 2018 Outstanding at the beginning of the year (IT Governance) Cancelled Replacement options issued by GRC International Group New options issued in GRC International Group Options numbers and exercise price adjusted following share split Outstanding at the year end Number vested and exercisable at 31 March 2018 Number of options 2,360,680 2,460,680 2,203,180 Number of options 13,668 (13,668) 406,784 65,352 1,888,544 2,360,680 2,203,180 WAEP £ 0.08 0.08 0.06 WAEP £ 2.71 (2.71) 0.12 2.14 (0.32) 0.08 0.06 GRC International Group plc Annual Report and Accounts 2019 73 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 26. Share-based payments continued The fair values of share options issued or extended in the current financial year were calculated using the Black-Scholes model as follows: Date of grant Number granted Share price at date of grant Exercise price Expected volatility Expected life from date of grant (years) Risk free rate Expected dividend yield Fair value/incremental fair value at date of grant Earliest vesting date Expiry date 12 Feb 18 12 Feb 18 12 Feb 18 31,500 £3.50 £2.14 59.93% 5.00 1.14% 0% £69,463 12 Feb 18 12 Feb 28 31,500 £3.50 £2.14 59.93% 5.50 1.14% 0% £71,196 31 Mar 19 12 Feb 28 2,352 £3.50 £2.114 59.93% 5.00 1.14% 0% £5,187 12 Feb 18 12 Feb 28 Expected volatility was determined based on the average historic volatility of a pool of comparable companies’ shares. The expected life used in the model has been adjusted, based on management’s best estimate, for the effects of non-transferability, exercise restrictions and behaviour considerations. The Group recognised total expenses of £63,285 in relation to share options accounted for as equity-settled share-based payment transactions during the year (2018: £82,560) in relation to options issued to Directors – these were recognised as expenses in the Income Statement. 27. Related party transactions Key management personnel are identified as the Directors, including non-statutory directors, and their remuneration is disclosed as follows: Remuneration of key management Remuneration Social security costs Share-based payment charge Pension contributions to defined contributions scheme Year ended 31 March 2019 The Group held no balance for the Director Loan Accounts as at 31 March 2019. Year ended 31 March 2018 The Group held no balance for the Director Loan Accounts as at 31 March 2018. Please refer to note 22 for details of dividends paid to Alan Calder. 2019 £ 2018 £ 550,356 69,575 63,285 35,419 718,635 628,250 82,166 82,560 34,479 827,455 74 GRC International Group plc Annual Report and Accounts 2019 27. Related party transactions continued Other related party borrowings transactions are as follows Principal At 1 April 2017 Loans repaid At 31 March 2018 Loans repaid At 31 March 2019 Interest At 1 April 2017 Interest accrued Interest paid At 31 March 2018 Interest accrued Interest paid At 31 March 2019 Directors’ pension scheme £66,000 loan £70,000 loan Total 11,119 (11,119) – – – – 97 (97) – – – – 40,272 (14,433) 25,839 (15,866) 51,391 (25,552) 25,839 (15,866) 9,973 9,973 – 1,775 (1,775) – 4,419 (4,419) – – 1,872 (1,872) – 4,419 (4,419) – Alan Calder and his wife are the trustees of the IT Governance Pension Fund. All loan notes terms’ are described in note 18. Interest is accounted for on an effective interest basis and included within borrowings on the balance sheet. Other related party transactions are as follows Xanthos Limited is considered a related party entity as Alan Calder is a co-owner of that company with his spouse (who runs the business). Xanthos sub-lets office space from the Group, which comprises the other income received by the Group. Transactions were carried out on an arm’s length basis. Outstanding amounts due from Xanthos at 31 March 2019 totalling £nil (2018: £2,100). The Group also makes purchases from Xanthos. During the year to 31 March 2019, the Group made purchases totalling £661,690 from Xanthos (2018: £464,052). Outstanding amounts payable to Xanthos at 31 March 2019 totalled £99,491 (2018: £27,709). 28. Ultimate controlling party In the opinion of the Directors, there is no one individual who exercises control over the Group. 29. Business combinations during the period On 5 March 2019 the Group acquired 100% of the voting equity instruments of DQM Group Holdings Limited, and its subsidiaries (see Note 9), a company whose principal activity is a provider of data consulting and technology solutions. GRC International Group plc Annual Report and Accounts 2019 75 Financial StatementsCorporate GovernanceStrategic Report Notes to the Financial Statements continued 29. Business combinations during the period continued Details of the provisional fair value of identifiable assets and liabilities acquired, purchase consideration and goodwill are as follows: Goodwill Intangible assets: – Non-contractual customer lists and relationships – Software – Trade Name and Trademarks Property, plant and equipment Receivables Cash Payables Deferred tax liability Total net assets Fair value of consideration paid Cash Issued ordinary shares Contingent cash consideration Contingently issuable ordinary shares Total consideration Book value £ Adjustment £ Fair value £ – 6,693,234 6,693,234 – 10,585 – 21,662 762,244 1,019,197 (926,218) (2,058) 1,843,201 177,113 455,889 – – – – (420,955) 1,843,201 187,698 455,889 21,662 762,244 1,019,197 (926,218) (423,013) 885,412 8,748,482 9,633,894 Fair value £ 3,532,134 2,354,735 2,248,215 1,498,810 9,633,894 The initial accounting for the business consideration is presently incomplete as permitted by IFRS 3, due to the recent timing of the acquisition. The primary reasons for acquiring the business, aside from DQM being a profitable and cash generative business in in its own right, were as set out below: • To extend the Group’s existing offering to include high margin, data governance services • To add market share to the Group, by introducing additional household name clients with on-going contracts • To provide cross-selling and upselling opportunities through the companies’ complementary offerings • To broaden and strengthen the Group’s second tier management team, through the retention of existing DQM management • To add customer account management capability • To provide strategic opportunities, such as enabling the Group to gain Data Privacy Seal accreditation • To provide sector crossover, such as an increased financial sector exposure In terms of methods of valuing contingent consideration, the cash is measured in line with the financial instruments note and the contingent shares will be issued at a price of 116.5p per share, as set out in the sale and purchase agreement. Deferred consideration becomes payable within 5 days of the sign off of the “Earn-out Accounts”, which are based on the statutory accounts for the DQM financial year ended 28 February 2019, calculated based on an agreed multiple of the EBITDA of DQM, as defined in the sale and purchase agreements. The goodwill arising on the DQM Group Holdings acquisition is not deductible for tax purposes. Acquisition costs of £164,149 arose as a result of the transaction. These have been recognised as an exceptional expense included as part of administrative expenses in the statement of comprehensive income. The main factors leading to the recognition of goodwill are the presence of certain intangibles assets, such as the assembled workforce of the acquired entity, which do not qualify for separate recognition. Since the acquisition date, DQM has contributed £255,139 to Group revenues and £82,120 to Group profit. If the acquisition had occurred on 1 April 2018, Group revenue would have been £19,736,488 and Group loss for the period would have been £(4,323,183). In relation to the element of the consideration which is settled by the issuance of shares, the Parent Company has recorded an amount equating to the difference between the fair value of the shares issued and their nominal value in a merger reserve, in accordance with the provisions of the Companies Act 2006 relating to merger relief. 76 GRC International Group plc Annual Report and Accounts 2019 Company Balance Sheet For the period ended 31 March 2019 Assets Non-current assets Intangible assets Investments in subsidiaries Deferred tax asset Current assets Trade and other receivables Current liabilities Trade and other payables Contingent consideration Net current assets Net assets Equity Share capital Share premium Merger Reserve Share-based payment reserve Retained earnings: Opening retained earnings Loss for the period Total retained earnings Shareholders’ funds Notes 2019 £ 2 3 4 341,783 11,009,769 260,964 11,612,516 5 4,695,706 4,695,706 6 7 (742,283) (3,747,025) (4,489,308) 206,398 11,818,914 8 64,484 10,913,452 2,352,714 440,139 – (1,951,875) (1,951,875) 11,818,914 As permitted by Section 408 of the Companies Act 2006, a separate income statement for the Company has not been presented. The Company’s loss for the period ended 31 March 2019 was £1,951,875. Additionally, no cash flow statement is presented as permitted by FRS.101.8(L). The accompanying notes form part of the financial statements. No comparatives have been presented because this is the first period since incorporation. The financial statements were approved by the Board of Directors and authorised for issue on 25 September 2019 and were signed its behalf by: Chris Hartshorne Director Company registration number: 11036180 GRC International Group plc Annual Report and Accounts 2019 77 Financial StatementsCorporate GovernanceStrategic Report Company Statement of Changes in Equity For the period ended 31 March 2019 Loss for the period Total comprehensive loss for the period Investment in 10,050,236 ordinary shares Issue of Share Options Shares issued Cost of share issue Shares issued on the acquisition of DQM Cost of share issue Share-based payment expense Deferred tax on share-based payments Transactions with owners At 31 March 2019 Share capital £ – – 50,251 12 7,200 – 7,021 – – – Share premium £ – – 1,325,624 5,028 5,032,800 (245,000) 4,995,000 (200,000) – – Merger reserve £ – – – – – – 2,352,714 – – – Share-based payment reserve £ Retained earnings £ Total £ – (1,951,875) (1,951,875) – – – – – – – 145,845 294,294 (1,951,875) – – – – – – (1,951,875) 1,375,875 5,040 5,040,000 (245,000) 7,354,735 (200,000) 145,845 294,294 64,484 10,913,452 2,352,714 440,139 – 13,770,789 64,484 10,913,452 2,352,714 440,139 (1,951,875) 11,818,914 78 GRC International Group plc Annual Report and Accounts 2019 Notes to the Company Financial Statements 1. Principal accounting policies The principal accounting policies are summarised below. They have all been applied consistently throughout the period. General information GRC International plc is a company incorporated in the United Kingdom under the Companies Act 2006. The address of the Registered Office is given on page 63 of this Annual Report and Accounts. The Company is a holding company that manages the other trading subsidiaries of the GRC International Group. Basis of preparation The financial statements have been prepared in accordance with Financial Reporting Standard 100 Application of Financial Reporting Requirements (“FRS 100”) and Financial Reporting Standard 101 Reduced Disclosure Framework (“FRS 101”) and the Companies Act 2006 (the Act). The Company is a qualifying entity for the purposes of FRS 101. The financial statements have been prepared on a historical cost basis, except for the following items (refer to individual accounting policies for details): • Contingent consideration As permitted by FRS 101, no share-based payment disclosures have been included in these financial statements. Details of the share option scheme can be found in Note 25 of the Group financial statements. The Company has taken advantage of the following disclosure exemptions under FRS 101: • the requirement in paragraph 38 of IAS 1 ‘Presentation of Financial Statements’ to present comparative information in respect of: – paragraph 79(a)(iv) of IAS 1; – paragraph 73(e) of IAS 16 Property, Plant and Equipment; – paragraph 118(e) of IAS 38 Intangible Assets. • IFRS 2, ‘Share-based Payment’. • IFRS 7, ‘Financial instruments: Disclosures • the requirements of paragraphs 10(d), 10(f), 16, 38A, 38B, 38C, 38D, 40A, 40B, 40C, 40D, 111 and 134-136 of IAS 1 Presentation of Financial Statements. • the requirements of IAS 7 Statement of Cash Flows. • the requirements of paragraphs 30 and 31 of IAS 8 Accounting Policies, Changes in Accounting Estimates and Errors. • the requirements of paragraph 17 and 18A of IAS 24 Related Party Disclosures. • the requirements in IAS 24 Related Party Disclosures to disclose related party transactions entered into between two or more members of a group, provided that any subsidiary which is a party to the transaction is wholly owned by such a member. • the requirements of the second sentence of paragraph 110 and paragraphs 113(a), 114, 115, 118, 119(a) to (c), 120 to 127 and 129 of IFRS 15 Revenue from Contracts with Customers. Going concern The Parent Company has certain non-operating cash requirements. The most significant of these is the deferred consideration due to the vendors (and existing management team) of DQM Holdings Limited (“DQM”) that was acquired by the Parent Company at the end of the financial year, as announced on 11 February 2019. Under the sale and purchase agreement (the “Agreement”), further consideration (“Deferred Consideration”) is due to the vendors of DQM based on financial statements for the financial year ended 28 February 2019 (“Earn-out Accounts”). DQM’s financial performance was better than originally expected and the final amount of Deferred Consideration is consequently expected to be in the region of £3.7 million, slightly ahead of the top range of the £2.5 - £3.5 million announced on 11 February 2019. Under the Agreement, the Deferred Consideration is intended to be satisfied through cash (as to 60 per cent. of the Deferred Consideration) and the issue of Ordinary Shares (as to 40 per cent. of the Deferred Consideration and based on an issue price per Ordinary Share of 116.5 pence) within five business days of completion of the audit of DQM’s Earn Out Accounts. In advance of the Deferred Consideration falling due, the Parent Company is presently holding constructive discussions with the vendors of DQM, who are mainly Group employees, about the settlement of that balance. GRC International Group plc Annual Report and Accounts 2019 79 Financial StatementsCorporate GovernanceStrategic Report Notes to the Company Financial Statements continued 1. Principal accounting policies continued In order to settle the Deferred Consideration the Parent Company is considering a range of options which includes, but is not limited to, adjusting the balance of consideration between cash and shares and exploring the feasibility of a payment schedule in order to enable the Parent Company to satisfy the cash element of the Deferred Consideration that will fall due within 12 months of the balance sheet date. The Parent Company is also considering different potential funding options, including but not limited to debt and equity, from existing and other potential investors, along with the possible sale of DQM. If this cannot be concluded in a satisfactory manner, the Parent Company would need to raise additional funding, with no guarantee such funding would be secured. Although no agreement has yet been reached, the Board believes that it is in the interests of all parties to agree a deal that maintains the strength of the Parent Company balance sheet and the Parent Company’s ability to trade. However, the Directors’ ability to renegotiate the Deferred Consideration on terms satisfactory to the Parent Company, or otherwise fund the liability for the Deferred Consideration, cannot be predicted with certainty. In light of the above, the directors have identified a material uncertainty that may cast significant doubt over the Parent Company’s ability to continue as a going concern for the foreseeable future. The financial statements do not include the adjustments that would result if the Parent Company was unable to continue as a going concern. Investments Investments in subsidiaries and associates are measured at cost less impairment. For investments in subsidiaries acquired for consideration, including the issue of shares qualifying for merger relief, cost is measured by reference to the nominal value of the shares issued plus fair value of other consideration. Any premium is ignored. Financial instruments Recognition and derecognition Financial assets and financial liabilities are recognised when the Company becomes a party to the contractual provisions of the financial instrument. Financial assets are derecognised when the contractual rights to the cash flows from the financial asset expire, or when the financial asset and substantially all the risks and rewards are transferred. A financial liability is derecognised when it is extinguished, discharged, cancelled or expires. Classification and initial measurement of financial assets Except for those trade receivables that do not contain a significant financing component and are measured at the transaction price in accordance with IFRS 15, all financial assets are initially measured at fair value adjusted for transaction costs (where applicable). Financial assets are classified into the following categories: • amortised cost • fair value through profit or loss (FVTPL) • fair value through other comprehensive income (FVOCI). In the period presented the Company does not have any financial assets categorised as FVOCI or FVTPL. The classification is determined by both: • the entity’s business model for managing the financial asset • the contractual cash flow characteristics of the financial asset. All income and expenses relating to financial assets that are recognised in profit or loss are presented within finance costs, finance income or other financial items, except for impairment of trade receivables which is presented within other administrative expenses. Subsequent measurement of financial assets Financial assets at amortised cost Financial assets are measured at amortised cost if the assets meet the following conditions: • they are held within a business model whose objective is to hold the financial assets and collect its contractual cash flows • the contractual terms of the financial assets give rise to cash flows that are solely payments of principal and interest on the principal amount outstanding After initial recognition, these are measured at amortised cost using the effective interest method. Discounting is omitted where the effect of discounting is immaterial. The Company’s cash and cash equivalents, trade and most other receivables fall into this category of financial instruments. 80 GRC International Group plc Annual Report and Accounts 2019 1. Principal accounting policies continued Classification and measurement of financial liabilities The Company’s financial liabilities include trade and other payables and contingent consideration. Financial liabilities are initially measured at fair value, and, where applicable, adjusted for transaction costs unless the Company designated a financial liability at fair value through profit or loss. Subsequently, financial liabilities are measured at amortised cost using the effective interest method except for derivatives and financial liabilities designated at FVTPL, which are carried subsequently at fair value with gains or losses recognised in profit or loss. All interest-related charges and, if applicable, changes in an instrument’s fair value that are reported in profit or loss are included within finance costs or finance income. Deferred Consideration Deferred consideration is recognised at fair value at the acquisition date and subsequently at FVTPL. Changes in deferred consideration arising from additional information, obtained within one year of the acquisition date, about facts or circumstances that existed at the acquisition date are recognised as an adjustment to the investment value. Impairment of assets At each balance sheet date, the Directors review the carrying amounts of the Company’s non-current assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated in order to determine the extent of the impairment loss, if any. Where the asset does not generate cash flows that are independent from other assets, the Company estimates the recoverable amount of the cash-generating unit to which the asset belongs. Recoverable amount is the higher of fair value less costs to sell and value in use. In assessing value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time value of money and the risks specific to the asset for which the estimates of future cash flows have not been adjusted. If the recoverable amount of an asset or cash-generating unit is estimated to be less than its carrying amount, the carrying amount of the asset or cash-generating unit is reduced to its recoverable amount. If the recoverable amount of a cash-generating unit is less than its carrying amount, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata based on the carrying amount of each asset in the unit. An impairment loss is recognised as an expense immediately. Where an impairment loss subsequently reverses, the carrying amount of the asset or cash-generating unit is increased to the revised estimate of its recoverable amount, but so that the increased carrying amount does not exceed the carrying amount that would have been determined had no impairment loss been recognised for the asset or cash-generating unit in prior periods. A reversal of an impairment loss is recognised in the Income Statement immediately. Taxation Current tax, including UK corporation tax and foreign tax, is provided at amounts expected to be paid (or recovered) using the tax rates and laws that have been enacted or substantively enacted by the balance sheet date. Deferred tax is recognised in respect of all timing differences that have originated but not reversed at the balance sheet date where transactions or events that result in an obligation to pay more tax in the future or a right to pay less tax in the future have occurred at the balance sheet date. Timing differences are differences between the Company’s taxable profits and its results as stated in the financial statements that arise from the inclusion of gains and losses in tax assessments in periods different from those in which they are recognised in the financial statements. Unrelieved tax losses and other deferred tax assets are recognised only to the extent that, on the basis of all available evidence, it can be regarded as more likely than not that there will be suitable taxable profits from which the future reversal of the underlying timing differences can be deducted. Foreign currency The functional currency of GRC International Group plc is considered to be UK Sterling because that is the currency of the primary economic environment in which the Company operates. Transactions in foreign currencies are recorded at the rate of exchange at the date of the transaction. Monetary assets and liabilities denominated in foreign currencies at the balance sheet date are reported at the rates of exchange prevailing at that date. Exchange differences are recognised in profit or loss in the period in which they arise. GRC International Group plc Annual Report and Accounts 2019 81 Financial StatementsCorporate GovernanceStrategic Report Notes to the Company Financial Statements continued 1. Principal accounting policies continued Share-based payment The Company grants to its employees rights to its equity instruments of GRC International plc. The fair value of awards granted is recognised as an employee expense with a corresponding increase in equity. The fair value is measured at grant date and spread over the period during which the employees become unconditionally entitled to receive the awards. The fair value of the awards granted is measured using a pricing model, taking into account the terms and conditions upon which the awards were granted. The amount recognised as an expense is adjusted to reflect the actual value of share awards that vest except where forfeiture is only due to share prices not achieving the threshold for vesting. Where the Company grants awards over its own shares to the employees of its subsidiaries, it recognises an increase in the cost of investment in its subsidiaries equivalent to the equity-settled share-based payment charge recognised in its subsidiaries’ financial statements with the corresponding credit being recognised directly in equity. Equity Equity comprises the following: • “Share capital” represents the nominal value of equity shares issued. • “Share premium” represents amounts subscribed for share capital, net of issue costs, in excess of nominal value. • “Merger Reserve” represents the excess of the fair value of the consideration received for the issue of shares over the nominal value of shares issued. • “Share-based payment reserve” represents the accumulated value of share-based payments. • “Retained earnings” represents the accumulated profits and losses attributable to equity shareholders. Dividends Dividends are recognised in the period in which they are approved by the Company’s shareholders, or in the case of an interim dividend, when the dividend is paid. Dividends receivable from subsidiaries are recognised when either received in cash or applied to reduce a creditor balance with a subsidiary. 2. Intangible assets Cost Additions At 31 March 2019 Accumulated depreciation Charge for year At 31 March 2019 Net book value At 31 March 2019 3. Investments in subsidiaries Cost and net book amount Additions – IT Governance Additions – DQM At 31 March 2019 Consultancy products and Courseware £ Software and Website costs £ Total £ 74,718 267,065 341,783 74,718 267,065 341,783 – – – – – – 74,718 267,065 341,783 Investments in subsidiaries £ 1,375,875 9,633,894 11,009,769 The carrying value of investments in subsidiaries relates to investments in IT Governance Limited and DQM Data Quality Group Holdings Limited. On 5 March 2018, the Company acquired 100% of the issued share capital of IT Governance Limited for £1,375,875. On 5 March 2019, the Company acquired 100% of DQM Group Holding Limited for a total consideration of £9,633,894. Further information about subsidiaries is provided in note 9 of the consolidated financial statements. 82 GRC International Group plc Annual Report and Accounts 2019 4. Deferred tax Deferred tax assets and liabilities are offset where the Group has a legally enforceable right to do so. The deferred tax asset is recognised to the extent that it is probable that future taxable profits will be available against which the asset can be utilised by way of parent company management services charges. At inception Charge to profit or loss Credit direct to equity Deferred tax asset at 31 March 2019 Share-based payments £ – (9,285) 270,249 260,964 The deferred tax asset is recognised to the extent that it is probable that future taxable profits will be available against which the asset can be utilised by way of parent company management services charges. 5. Trade and other receivables Amounts owed by subsidiary undertaking Prepayments 6. Trade and other payables Trade payables Other tax and social security Accruals Other creditors 7. Deferred consideration At inception Arising on acquisition At 31 March 2019 £ 4,556,845 138,861 4,695,706 £ 391,144 225,931 75,196 50,012 742,283 Deferred consideration £ – 3,747,025 3,747,025 For further information, please refer to notes 19 and 29 in the Group’s financial statements. 8. Share capital The total allotted share capital of the Company is: Ordinary shares of £0.001 each 2019 Number £ 64,484,172 64,484 GRC International Group plc Annual Report and Accounts 2019 83 Financial StatementsCorporate GovernanceStrategic Report Notes 84 GRC International Group plc Annual Report and Accounts 2019 Page Title at start:Content Section at start: G R C I n t e r n a t i o n a l G r o u p p l c A n n u a l R e p o r t a n d A c c o u n t s 2 0 1 9 GRC International Group plc Unit 3, Clive Court Bartholomew’s Walk Cambridgeshire Business Park Ely CB7 4EA T: 0330 999 0222 www.grci.group Page Title at start:Content Section at start

Continue reading text version or see original annual report in PDF format above