Securing
the future
Peace of mind
today and forever
Annual report and accounts
for the year ended 31 May 2021
�We exist to make
the world safer
and more secure
NCC Group is a global cyber and software
resilience business operating across multiple
sectors, geographies and technologies.
As society’s dependence on the connected
environment and the associated technologies
increase, we use our global insights to help
organisations assess, manage and develop
their cyber resilience posture, enabling them to
confidently take advantage of the opportunities
that sustain their business growth.
STRATEGIC REPORT
Highlights
1
At a glance
2
Our investment case
4
Chair’s statement
6
Our strategic roadmap
8
9
Chief Executive Officer’s review
14 Our continued Covid-19 response
16 Markets
18 Research at NCC Group
20 Business model
29 Strategy and KPIs
32
40
49 Stakeholder engagement
53 Sustainability
Chief Financial Officer’s review
Principal risks and uncertainties
GOVERNANCE
70 Chair’s introduction to governance
73 Governance framework
74 Board of Directors
76 Executive Committee
78
Board composition and division
of responsibilities
87 Shareholder engagement
88 Audit Committee report
95 Nomination Committee report
Cyber Security Committee report
98
100 Remuneration Committee report
119 Directors’ report
123 Directors’ responsibilities statement
FINANCIAL STATEMENTS
125 Independent auditor’s report
133 Consolidated income statement
133 Consolidated statement
of comprehensive (loss)/income
134 Consolidated balance sheet
135 Consolidated cash flow statement
136 Consolidated statement of changes
in equity
137 Company balance sheet
138 Company cash flow statement
139 Company statement of changes
in equity
140 Notes to the Financial Statements
ADDITIONAL INFORMATION
187 Glossary of terms – Alternative
Performance Measures (APMs)
189 Glossary of terms – other terms
191 Other information
192 Financial calendar
Read more online: www.nccgroup.com
�Highlights 1
GAAP measures
Revenue
£270.5m
.
7
3
6
2
.
5
0
7
2
.
7
0
5
2
.
0
3
3
2
.
3
5
1
2
Operating profit 2,3
£17.3m
.
7
3
1
.
5
9
1
.
)
4
3
5
(
.
6
2
1
.
3
7
1
Basic EPS 2,3
3.6p
5
2
.
9
4
.
.
)
4
0
2
(
6
3
.
3
2
.
17
18
19
20
21
17
18
19
20
(restated) 3
21
17
18
19
20
(restated) 3
21
Alternative Performance Measures 2
Net cash/(debt) 2
£83.3m
Adjusted operating profit 2, 3
£39.2m
Adjusted EPS 2, 3
9.5p
.
3
3
8
.
8
0
3
.
7
3
3
.
7
0
3
.
2
9
3
.
5
5
2
2
9
.
2
8
.
6
7
.
5
9
.
2
6
.
.
)
8
7
2
(
.
)
2
0
2
(
)
2
4
(
.
.
)
7
3
4
(
17
18
19
20
21
17
18
19
20
(restated) 3
21
17
18
19
20
(restated) 3
21
Footnotes
1 References for the Group’s results are for continuing operations.
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in
April 2021. The 2017 to 2019 figures above have not been restated. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to
the adoption of the IFRIC agenda decision:
Adjusted operating profit (as noted above)
Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below)
Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements
2021
£m
39.2
(3.0)
36.2
2020
£m
30.7
(1.4)
29.3
Change
27.7%
(114.3%)
23.5%
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy
in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS)
arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to
the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based
software arrangements is comparable to Adjusted operating profit previously reported.
Strong trading performance
despite the pandemic
Another year of excellent
cash management
Successful acquisition of
IPM with strategic and
financial importance
Exciting development and
growth of key service lines
for the future
Our cyber and resilience
markets continue to offer
excellent long-term
growth prospects
Investing for the future
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
1
Strategic report�At a glance
What we do
NCC Group is a global cyber and software resilience business
operating across multiple sectors, geographies and technologies.
As society’s dependence on the connected environment and the associated technologies
increase, we use our global insights to help organisations assess, manage and develop their
cyber resilience posture, enabling them to confidently take advantage of the opportunities that
sustain their business growth. This includes:
Getting the basics
of cyber hygiene
correct
Knowing what
and how to
prioritise
Coping with the scarcity
of skilled resources
needed to deliver quality
improvement, change
and operations
Responding to the
increasing compliance,
regulatory and legislative
burden
Quantifying cyber
spend efficiency
and return
on investment
Our divisions
Across our two divisions, we deliver solutions that result in outcomes that match our customers’ goals, budgets and
risk appetite, giving them peace of mind that their most important assets – their business, software and personal data
– are safe and secure.
Assurance
Software Resilience
We demystify cyber for our customers,
and ensure:
• Our customers understand the cyber threats and
vulnerabilities across their technology environments,
supply chains, processes and products
• Our customers maintain their licence to do business,
having achieved their governance, compliance and
accreditation objectives in a changing regulatory
environment
• Our customers’ resilience against ever increasing cyber
threats is materially improved because of implementing
remediation plans and solutions
• Our customers can reduce risk and achieve greater
resilience for less investment
• Our customers can outsource their cyber defence
operations and increase their confidence in detecting
and responding to cyber events
We protect the development, supply
and use of business-critical technology
and software applications:
• Our services ensure buyers are safeguarded from
supplier failure, software vulnerabilities and unforeseen
technology disruption
• Our on-premise and cloud offering can demonstrate
robust business continuity and risk mitigation, and
suppliers benefit from enhanced credibility and
intellectual property rights protection
• Our escrow contract services secure the long-term
availability of business-critical software data
and applications
• Our verification services assure customers that the
knowledge and guidance are readily available to
manage, maintain or recreate an application from
the original source, should it ever be needed
• Our cloud Escrow-as-a-Service (EaaS) offering helps
customers transition to the cloud securely, so they can
adopt the latest technology with confidence
Read more on our markets on pages 16 and 17
Read more on our markets on pages 16 and 17
22
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Where we operate
We operate as one global business, with in-country
delivery tailored to local needs and cultures.
We have a significant market presence in the UK, Europe and North America,
and a rapidly growing footprint in Asia Pacific with offices in Australia,
Japan and Singapore.
Key:
Our offices
Group revenues
Assurance revenue
Software Resilience revenue
UK and Asia Pacific
£127.9m
(2020: £124.7m)
North America
£90.0m
(2020: £90.2m)
Europe
£52.6m
(2020: £48.8m)
£233.9m
(2020: £226.2m) 65+
73+
Global Professional Services £172.2m
(2020: £166.2m)
£36.6m
(2020: £37.5m)
Software Resilience contracts £24.0m
(2020: £25.8m)
Global Managed Services £56.2m
(2020: £49.6m)
Verification services £12.6m
(2020: £11.7m)
Products £5.6m
(2020: £10.4m)
Read more on our markets on pages 16 and 17
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
3
Strategic reportStrategic report24
+
3
+
0
+
M
35
+
M
�Our strong historical performance
and enduring ability to succeed
in a rapidly changing market are
a result of four characteristics
that will continue to fuel our
growth now and in the future:
Capex light
Commitment to
sustainability
Research driven
People centric
Our investment case
The global market for cyber professional and
managed services offers phenomenal potential
for growth, now and in the future.
As investment in cyber resilience becomes essential to
organisations’ licence to operate, NCC Group’s addressable
market is expanding.
Cyber security market size, 2018–2025 (USD billion)
.
9
1
4
2
.
9
7
1
2
C A G R : 1 1 . 0 %
.
3
9
5
1
.
5
3
4
1
.
3
6
9
1
.
9
6
7
1
.
3
9
2
1
.
5
6
1
1
18
19
20
21
22
23
24
25
Source: https://seekingalpha.com/article/4335822-check-point-
software-market-misunderstands-subscription-growth.
Our performance throughout the pandemic and
beyond demonstrates our enduring and reliable
business model in an agile market.
We have grown revenue, gross margin and Adjusted
operating profit 2 throughout a period of disruption. The
performance of our key future service lines positions us
to capture accelerating market growth.
We have recurring high margin revenues and sustainable
cash flows from our globally scalable Managed Detection
and Response (MDR) and Software Resilience services,
and a quality customer base.
The acquisition of Iron Mountain’s Intellectual Property
Management (IPM) business will be accretive to earnings
per share (EPS). We expect revenue opportunities from
offering a richer set of software verification and cloud
and wider cyber resilience services to IPM’s extensive
customer base over the medium term.
+2.6%
revenue growth
+5.9%
gross margin growth
See Note 3 for an explanation of Alternative Performance Measures
(APMs) and adjusting items. Further information is also contained
within the Chief Financial Officer’s Review and the Glossary of terms
on pages 187 and 188.
2
4
�Our commitment to sustainability is integral
to how we do business.
Our approach to sustainability is focused on the recognised
elements of environment, social and governance (ESG).
They’re brought to life with our framework, which enables us
to focus our efforts on the activities that deliver the greatest
value to our people, our customers, our shareholders and the
world we all live in.
We will continue to secure the future today and our
sustainability agenda will play a strategic role to support
conscious decision making as we begin to set targets that
challenge us to continually improve in making the world
safer and more secure for all.
We are research driven.
Our greatest strength is our breadth and depth of world-class
technical capabilities. We employ some of the most talented
security consultants and researchers on the planet: every
researcher on our team is also an active consultant. We
consistently perform independent, cutting-edge security
research that supports current and future specialist technical
consulting capabilities and customer and consultant needs,
and responds to world events. Through our agile methodologies,
we have delivered six new solutions in response to market
demand in the last year, including a next generation SaaS
platform for digital escrow deposits and secured digital vault
storage, data science-based analytical and machine learning
approaches to threat detection, and our new data-driven
cyber risk quantification and peer comparison offer.
Read more on pages 53 to 68
Read more on pages 18 and 19
3,400
research days
6
new customer-facing
propositions
35
tool releases
We are people centric.
Each day at NCC Group, our technologists and professionals wake
up with one mission – to help make the world safer and more
secure. Together they form a phenomenal knowledge network,
collaborating, innovating and delivering value to our customers.
We continue growing our technical people base year on year,
even managing to increase our global headcount throughout
the disruption of the global pandemic, because we invest in
our colleagues’ wellbeing, career development and full potential.
As we are taking advantage of remote and flexible delivery
models, we have doubled our global resourcing days in 2020.
This means that we truly put the best person on any job, all
around the world. And we will seek to increase this even
further as we grow our global talent pool and our colleagues’
skills and competencies and mature our global delivery model.
We are capex light.
Unlike other businesses in the technology space, we are an
inherently asset-light business, limiting our capital expenditure
and promoting our agility and flexibility to respond to
changing circumstances.
We have strengthened our Balance Sheet through disciplined
cash management and reduced overheads which positions
us to exploit further opportunities in the future. It has allowed
us to invest up to £3m in cloud technology, artificial
intelligence/machine learning advanced analytics, and
our new remediation and security improvement offer.
8.1%
growth in headcount
+49
net movement in technical
specialists
88.2%
cash conversion ratio 2
£34.6m
free cash flow
Read more on page 50
Read more on pages 32 to 39
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
5
Strategic reportStrategic report�Chair’s statement
Securing the future
As at year end, net cash (excluding lease liabilities 2) amounted to
£83.3m including net placing proceeds of £70.2m; adjusting for this
has meant that underlying cash amounted to £12.6m compared to
net debt of £4.2m 12 months ago. It is also worth noting that we have
taken no government subsidies or loans (other than deferring tax
payments that have now been fully repaid), nor have we made any
colleagues redundant or furloughed them during the pandemic,
demonstrating our objective of being a global hub for cyber talent.
In Assurance, the North American and EU Assurance businesses
grew by 6.5% and 5.9% respectively on a local currency basis.
Our UK and APAC business increased 3.9%, supported by growth
in MDR and the launch of our Remediation service. Our Global
Software Resilience business declined by 2.4%, a result of execution
challenges in a remote environment and capacity challenges in sales
resourcing. However, we are proud to see that our cloud proposition
(EaaS) continues to go from strength to strength, with orders having
increased by 83% to £2.2m, providing a promising and exciting
platform for the future.
Our business performance can be found in more detail on pages 9 to 13
Strategy and sustainable business model
Our strategy, mission and vision remain unchanged, and continue
to drive progress towards our medium-term objectives:
• For our shareholders:
• Double-digit revenue growth and margin improvement
for Assurance
• Return Software Resilience to sustainable growth
• Disciplined cash generation
• For our customers:
• Use our unique data, capability and insight to help customers
to meet their cyber resilience needs
• For our people:
• A global hub for cyber talent
• An inclusive environment where everyone feels safe to be
authentic and which is representative of the diversity of the
world in which we live
NCC Group’s research-driven, people-centric and capex-light
business model enables us to remain at the forefront of the dynamic
cyber industry.
Further details on our strategy and value creation through our business model
are provided on pages 29 to 31 and 20 and 21 respectively
During the year, we agreed the acquisition and associated funding
for Intellectual Property Management (IPM), the Software Resilience
division of Iron Mountain, and received shareholder approval on
1 June. It was therefore pleasing post year end that we completed
the transaction, which will be accretive to profitability and provide
further strong cash generation. It is also pleasing that the management
team has commenced the integration programme, and this is on plan.
The strength and flexibility of our Balance Sheet will allow us to
pursue further organic and inorganic growth opportunities where
they align with our strategic and financial objectives.
Further details on our recent acquisition are provided on page 12
Chris Stone
Non-Executive Chair
Our colleagues have continued
to show their commitment and
resilience throughout the pandemic
in delivering excellent service to our
customers and pursuing our mission,
vision and objectives relentlessly.
Introduction
At the end of a financial year which has seen continued disruption
to economies and trading environments worldwide, it is pleasing
to be able to report to all our stakeholders that NCC Group has
continued to demonstrate its resilience in many ways. In particular,
NCC Group has achieved year on year revenue growth and
profitability despite the headwinds of a global pandemic. Along the
way, we secured the Group’s largest acquisition to date, enjoyed
strong growth in our most exciting propositions for the future and,
had another year of strong cash management.
Business performance
Overall, the Group delivered revenue growth of 2.6% (2020: 5.2%),
Adjusted EBITDA 2 of £52.5m (2020: £45.5m) and Adjusted operating
profit 2 of £39.2m (2020: restated £30.7m 3). On a statutory basis,
after the partial recognition of acquisition costs of £7.6m and cloud
configuration and customisation costs associated with the Group’s
transformation programme SGT (£5.1m, 2020: restated £7.9m 3),
operating profit increased by 37% to £17.3m (2020: restated
£12.6m 3) and profit before taxation increased 54% to £14.8m
giving rise to a statutory EPS of 3.6p (2020: restated 2.3p 3) and
Adjusted basic EPS 2 of 9.5p (2020: restated 7.2p 2) respectively.
The Group delivered sustainable cash flows with cash conversion 2 of
88.2%, resulting in the Group becoming cash positive in November 2020
prior to the equity funding process for the IPM business US acquisition.
6
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Dividend
We are recommending an unchanged final dividend of 3.15p
(2020: 3.15p) per ordinary share, making a total for the year of 4.65p
(2020: 4.65p), with our dividend policy continuing to remain under
review. The final dividend will be paid on 12 November 2021, subject
to approval at the AGM on 4 November 2021, to shareholders on the
register at the close of business on 15 October 2021. The ex-dividend
date is 14 October 2021.
Board composition
There have been no changes to the Board during the year.
Further details on our Board composition are provided on pages 78 to 86
Board governance and effectiveness
As Chair, I am responsible for providing leadership to ensure that the
Board operates effectively in all aspects of its performance. We have an
established and experienced Board, which actively oversees the Group’s
strategic development, monitors the delivery of its business objectives and
considers risks and mitigating actions. Our performance and decisions
made during this global pandemic are testament to the Board’s effectiveness.
customers, an investor survey and shareholder engagement
throughout the recent acquisition, and physical and mental wellbeing
programmes for all our colleagues.
Further details on stakeholder engagement are provided on pages 49 to 52
Colleagues
We will always be a people-centric business and our technical
colleagues are at the core of our customer offer, supported by agile
sales and back-office functions. Our colleagues have continued to
show their commitment and resilience throughout the pandemic in
delivering excellent service to our customers and pursuing our
mission, vision and objectives relentlessly. We seek to provide
meaningful and rewarding career paths for all our colleagues.
Following our colleague engagement survey, we will continue to
create a great place to work and focus on becoming the employer
of choice in our markets. We are also embracing more flexible ways
of working and intend to continue with that flexibility as we anticipate
returning to a hybrid office/remote way of working. In addition,
through our colleague resource groups that create conversations
inherent to an inclusive culture, we continue making NCC Group an
organisation where everybody feels safe to be their authentic selves.
Further information on risk management and the key risk identification
procedures is set out on pages 40 to 48
Further details on this are provided on page 50
During the year, we have been further embedding the requirements of
the UK Corporate Governance Code 2018 (the ‘Code’), particularly the
renewed focus on identifying and engaging with all our stakeholders in
a remote world. During the year we complied with all other aspects of
the Code with the exceptions that our CEO and CFO pensions were
not in alignment with our general colleague population, we do not have
post-employment shareholding guidelines and we did not engage with
the workforce to explain how executive remuneration aligns with the
wider Company pay policy. The first of these three areas of non-
compliance will be resolved following our 2021 AGM and subject to
shareholder approval of our new Directors’ Remuneration Policy.
We recognise that we still have much progress to make in terms of
improving the diversity of the Board and our Executive Team (and
indeed our workforce as a whole). With that in mind, during the year
we have made the commitment that by 2024, we will have at least
33% female representation on our Board and at least one person of
colour. Although this is best practice for FTSE 350 companies, we
will commit to this target regardless of which share index we are in.
Please see the Corporate Governance Statement starting on page 70
for further information
Executive management composition
It has been a delight to welcome Inge Bryan as Managing Director
for NCC Group’s European Assurance operations, who joined us
after a remarkable career in cyber and security. Inge previously held
roles with the Dutch National Police and the General Intelligence
and Security Service of the Netherlands and served as Home Affairs
Counsellor in the Royal Netherlands Embassy in Paris. Before she
joined NCC Group Inge was part of the cyber security leadership
team with Deloitte Risk Advisory, securing the critical infrastructure
of the Netherlands, including central government. In 2019 she was
listed in the top 100 most influential women in the Netherlands and
one of the 50 most inspiring women in tech.
Further details on our executive management
composition are provided on pages 76 and 77
Stakeholder engagement
Successful stakeholder engagement is a key area of focus for NCC
Group, especially during these remote and challenging times. During
the year, we have engaged with our customers, our colleagues, our
network and our shareholders. Certain highlights include the
CyberUp Campaign, our “working together” approach with our
On behalf of the Board, I therefore offer our sincere thanks and
appreciation to all of the Group’s colleagues for their continued
resilience and professionalism in delivering this performance.
As a Board, we also welcome our new colleagues from the IPM
business as we look to the future with enduring confidence.
Sustainability
NCC Group recognises the importance of an environment, social
and governance (ESG) framework that underpins our operations as
a key indicator of the Group’s sustainability and ethical impact. The
Group has developed an ESG framework which continues to evolve.
Examples of progress to date include the ongoing review of key policies
and maintaining our corporate governance and decision-making
structures through the “move to remote” during the pandemic. In addition,
we continue to foster partnerships that support the development
of future diverse cyber talent and we encourage engagement from
colleagues and our external stakeholders around our four focus
areas of gender, LGBTQIA+, race and ethnicity and neurodiversity.
Further details on sustainability are provided on pages 53 to 68
Outlook
• For the current financial year (FY22), the Board expects higher revenue
growth partially offset by increased global costs from inflationary
pressures as well as a resumption in travel and office usage
• Our medium-term objectives continue to be double-digit revenue
growth in Assurance and sustainable revenue growth
in Software Resilience
• We are recommending an unchanged final dividend of 3.15p
(2020: 3.15p) per ordinary share
Chris Stone
Non-Executive Chair
14 September 2021
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and
adjusting items. Further information is also contained within the Chief Financial
Officer’s Review and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to
the adoption of the IFRIC agenda decision on cloud configuration and customisation
costs in April 2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
7
Strategic report�Our strategic roadmap
Our connected society presents a world of opportunity
It is essential for us all to proactively manage any risk to our safety and security. As you go about your daily routines you can be safe in the
knowledge that we are passionate about keeping you and your personal data, the technology and devices you use, and the critical assets
and software your business relies on safe and secure. It is our mission and is what drives our strategic roadmap...
Mission
Vision
We exist to make the world safer and more secure.
To be the leading cyber resilience provider globally. Trusted to
protect and secure our customers’ critical assets. Sought after
for our complete people-led, technology-enabled cyber and
software resilience solutions that enable our customers to thrive.
Delivering our vision through our Securing Growth Together transformation programme
We continue to transform our business.
Our vehicle for transforming the firm and achieving our vision is the Securing Growth Together programme,
which is about connecting our global firm and creating stronger relationships with our customers.
The programme is run through five workstreams:
Lead the market
Win business
Deliver excellence
Support growth
Develop our people
Read more in our Chief Financial Officer’s Review on pages 32 to 39
Delivering value to our customers
Cyber threats are pervasive, complicated and rapidly changing and there’s no such thing as a “silver bullet”. We help our
customers navigate through the complexity of cyber risks. Through our global research capability, technical expertise
and full suite of services we can guide customers through the risks to achieve cyber resilience.
Assess
cyber risk
Develop
cyber maturity
Manage
cyber operation
Read more in our business model on pages 20 and 21
Our Code of Ethics and values
NCC Group is a distinctive place to work where we are guided by our Code of Ethics – treat everyone and everything with respect.
Our common values help us to make decisions without the need for a comprehensive instruction manual:
We work together
We are brilliantly creative
We embrace difference
Read more on our sustainability on pages 53 to 68
8
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Chief Executive Officer’s review
Resilience is the key
Resilience is the key
Covid-19, supply chain shocks and rampant ransomware attacks
have reminded us all how difficult it is to predict the future and thus
of the importance of resilience against unknown risks. We are proud
of our own resilience through the past 12 months, demonstrating
our ability to deliver great work, to hire more talent and to grow even
through the most extreme of shocks.
Our resilience starts with our people and I would like to pay tribute
to the remarkable skills and commitment of my colleagues. They are
at the heart of our success.
Last financial year we hired over 200 front-line technical specialists,
increasing our global net headcount by 8.1%. It is remarkable to
think that many of them have not been into an office or met their
colleagues. Happily, the feedback from surveys we have conducted
indicates that the work we have done to onboard colleagues in the
remote environment has been valued.
Overall, the global voluntary attrition rate remained constant at c.15%
and our technical attrition increased to 17.0% (2020: 14.4%). We
identify two particular influences on this attrition increase. First, the
advent of remote working drove significant labour mobility in the
United States as it became possible to work for the largest and
most exciting technology companies without having to move to the
Bay Area. Second, while attrition was much lower in the UK and
Europe through the first half, as the world began to open up we saw
people leave to change lifestyle or gain variety after being locked
down in the same place for an extended period of time.
However, once again demonstrating our own resilience, the global
operating and resourcing model that we developed mitigated the
impact of this higher attrition, enabling us to deliver revenue in
North America using resources spread elsewhere across the globe.
Everyone is welcome
There are not enough cyber skills in the world to meet today’s challenges.
We see ourselves as playing a significant role in the attraction and
training of new talent, having one of the cyber industry’s most effective
training programmes. As we strive to bring more people into the world
of cyber and to make the population of cyber specialists representative
of the societies in which they live and work, we continue to focus on
inclusion and improving the diversity of our teams. In particular:
• We are embracing more flexible ways of working – and intend to
continue with that flexibility as we explore new ways of working
• Our four colleague resource groups – Gender, Race and Ethnicity,
LGBTQIA+ and Neurodiversity – have catalysed conversations on
topics as diverse as menopause, systemic racism, transvestism
and autism, as we strive to raise awareness, create understanding
and respect each other to make NCC Group an inclusive place
for everyone
• Our teams have worked hard to provide mutual support with
a particular focus on mental health and wellbeing. We have
61 trained Mental Health First Aiders. Over 100 of our people
managers have received training in mental health awareness, and
a full wellbeing programme for colleagues is supplemented by
employee assistance programmes in our local geographies. All
of these efforts continue to help our teams through these difficult
times and will provide a legacy of ongoing benefit in the future
Adam Palser
Chief Executive Officer
Our resilience starts with our people
and I would like to pay tribute to the
remarkable skills and commitment
of my colleagues. They are at the
heart of our success.
Which pandemic will you still be worrying more about
next year?
Pandemics start somewhere else and affect other people – until
very suddenly they are on your doorstep and inside your business,
forcing you to re-evaluate how you live and how you work.
Our 2021 financial year was a tale of two pandemics, one biological
and the other digital. The ensuing tug-of-war between these
pandemics defined our markets:
• Covid-19 rippled across our geographic operating territories at
different speeds and intensities provoking different responses
from governments. We saw demand from customers ebb and
flow depending on whether their industry was opening up or
being placed under more restrictions
• Simultaneously, the rapid uptake of remote working drove
increased cyber risk, which was exploited by “bad actors”
including organised crime and state-sponsored groups.
Ransomware, in particular, has now become so prevalent
that no organisation can afford to ignore the risk it presents
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
9
Strategic reportStrategic report�Chief Executive Officer’s review continued
Sustainable growth for all of our stakeholders
Every day we work for customers in pursuit of our mission: to make the
world a safer and more secure place. This mission and the focus on our
people are at the heart of our value proposition and how we do business.
More broadly, our sustainability approach is focused on the recognised
elements of environment, social and governance and our progress
is outlined below:
• Environment – Building on the new and successful ways of working
created by the pandemic we are engaging in conversation with
our customers to explore how we can work together to reduce the
impact on the environment. In addition, as our office environments
come back to life, we are investing in education programmes to
reduce our physical impact – from flexible working and preventing
unnecessary printing, to recycling. We have also developed our
new working policies and therefore will continue to review our
physical office requirements to ensure we only use what we need
• Social – We continue to foster partnerships that support the
development of future diverse cyber talent and encourage colleagues
to give back to their local communities through schools, universities and
charity partnerships, and the piloting of a giving back day in the UK. In
addition, we continue to invest in developing not only our mental health
first aid network and resources, but we are now looking to implement
our broader wellbeing strategy, partnering again with This Can Happen.
Through NCC Conversations we continue to encourage engagement
from colleagues and our external stakeholders around our four focus
areas of gender, LGBTQIA+, race and ethnicity and neurodiversity,
adding accessibility in this coming year. These conversations
alongside our performance management programme and career
framework development help drive our performance culture, creating
an environment where everyone is welcome and can be successful
• Governance – We continue to strengthen our governance
structures. We assess and consciously decide to work with
customers who align with our own values and Code of Ethics.
We are currently strengthening our Supplier Code of Conduct to
ensure that we enter any supplier or partner relationship with a
mutual understanding of each other’s code of ethics and general
business policies. In addition, we remain committed to considering
the interests of all our stakeholders when making decisions on
the Group’s future strategy and priorities
Year on year growth led by Assurance
Against this backdrop, Group revenues increased by 2.6% (2020: 5.2%).
On a constant currency basis 2, Group revenues increased by 3.6%.
In our Assurance business, the North American and EU Assurance
businesses grew by 6.5% and 5.9% respectively on a local currency basis 2.
Our UK and APAC region increased 3.9%, including a notable 9.6% in the
second half as industries began to look forward to the easing of restrictions.
In our Software Resilience division, we were delighted by the 83%
increase in Escrow-as-a-Service orders which herald great promise
for the future, but disappointed by an overall revenue decline of 2.4%.
Attracting sufficient sales resource, retaining sales colleagues,
delivering on-site work and maintaining sales momentum have all
been more difficult in a fully remote working environment and we
anticipate improvements in all of these factors in the next 12 months
as we work to return Software Resilience to sustainable growth.
Gross profit increased by 5.9% to £110.6m (2020: £104.4m) with
gross margin percentage increasing to 40.9% (2020: 39.6%). The
margin increase was significantly driven by the flourishing of our global
resourcing engine where skilled resources from every part of our
Group can now be deployed on high value engagements, smoothing
out peaks and troughs of demand or skill shortages. The gross
margin was, however, offset by a c.£2m provision taken in relation
to existing long-term European contracts as a result of pandemic
disruption, cost increases and project management challenges.
Operating profit increased by 37.3% to £17.3m (2020: restated
£12.6m 3) after the inclusion of transaction costs of £7.6m in relation
to the $220m acquisition of Intellectual Property Management (IPM),
the Software Resilience division of Iron Mountain and cloud
configuration and customisation costs associated with the Group’s
SGT transformation programme (£5.1m, 2020: restated £7.9m 3).
The Group manages its performance internally at an Adjusted
operating profit 2, 3 level, with Adjusted operating profit 2, 3 increasing
by 27.7% to £39.2m albeit with the benefit of a temporary reduction
in travel and office usage costs of c.£3m. This information is disclosed
below and reconciled to statutory operating profit.
During the year, the Group has incurred £12.7m of Individually
Significant Items (ISIs) (2020: restated £7.9m 3). These items
relate to the acquisition of the IPM business (£7.6m) and cloud
configuration and customisation costs associated with the Group’s
SGT transformation programme (£5.1m, 2020: restated £7.9m 3).
2021
Assurance
£m
Software
Resilience
£m
Central and
head office
£m
Revenue
Cost of sales
Gross profit
Gross margin %
General administration
expenses allocated
Adjusted EBITDA 2
Depreciation and amortisation
Adjusted operating profit 2, 3
Individually Significant Items
Amortisation of acquired intangibles
Share-based payments
233.9
(149.5)
84.4
36.1%
(45.4)
39.0
(9.4)
29.6
–
–
–
36.6
(10.4)
26.2
71.6%
(9.5)
16.7
(0.7)
16.0
–
–
–
Operating profit
29.6
16.0
–
–
–
–
(3.2)
(3.2)
(3.2)
(6.4)
(12.7)
(6.4)
(2.8)
(28.3)
10
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
2020 (restated) 3
Software
Resilience
£m
Central and
head office
£m
37.5
(10.0)
27.5
73.3%
(10.0)
17.5
(0.6)
16.9
–
–
–
–
–
–
–
(5.0)
(5.0)
(3.5)
(8.5)
(7.9)
(8.8)
(1.4)
Assurance
£m
226.2
(149.3)
76.9
34.0%
(43.9)
33.0
(10.7)
22.3
–
–
–
Group
£m
263.7
(159.3)
104.4
39.6%
(58.9)
45.5
(14.8)
30.7
(7.9)
(8.8)
(1.4)
22.3
16.9
(26.6)
12.6
Group
£m
270.5
(159.9)
110.6
40.9%
(58.1)
52.5
(13.3)
39.2
(12.7)
(6.4)
(2.8)
17.3
�Long-term market prospects are excellent
Development
of the connected
environment
Society’s
dependence
on the
connected
environment
Agility
and pace
of the
threat
Regulatory
environment
The four secular growth drivers of resilience demands
(as we refer to them) continue to strengthen:
• The connected environment is growing. Every year,
more devices are connected to the internet to share data
or offer up the possibility of remote access, and the
interdependencies between organisations across
geographical boundaries increase in complexity too
• Society’s reliance on the connected environment
is greater than ever. The world is undergoing a digital
transformation, accelerated by the pandemic. Our economies
and wellbeing have never been more dependent on the
safe and secure flow of data, and the continued resilience
of essential services they rely on in their daily lives
• The threat is growing. Ransomware has now
become endemic
• Regulatory and legislative requirements are increasing.
In response to all of the above, organisations have to comply
with a growing set of mandated requirements if they wish
to enter or continue operating in their respective markets.
This includes proposed legislation by the UK government
for consumer IoT manufacturers, US President Biden
implementing software supply chain security measures by
Executive Order, and global financial regulators updating
their rules and guidance on technology, third party
technology and cloud outsourcing arrangements
For further detail, please refer to the Chief Financial Officer’s review
and Note 34 to the consolidated Financial Statements.
Profit before taxation increased 54.2% to £14.8m (2020: restated
£9.6m 3) and profit for the year increased 56.3% to £10.0m (2020:
restated £6.4m 3) giving rise to a basic EPS of 3.6p (2020: restated
2.3p 3). Adjusted basic EPS 2 amounts to 9.5p (2020: restated 7.6p 3).
In 2021, our cash conversion 2 was 88.2% (2020: restated 102.9% 3).
Net cash/(debt) (including lease liabilities) 2 amounts to £48.9m (2020:
net debt £42.4m).
A sustainable business model in a dynamic environment
We are fortunate to work in a sector of growing opportunity.
Naturally, this opportunity attracts significant investment from many
organisations leading to healthy competition for customers and talent.
In this context, we cherish our research-driven, people-centric and
capex-light business model that enables us to stay at the leading
edge of the dynamic cyber resilience market and create profitable,
cash generative growth. Every year we enable talented individuals
from our global teams to research the latest technologies, discover
new system vulnerabilities and develop skills. In turn:
• The subsequent education of our customers and monetisation
of our knowledge allow NCC Group to maintain its world-leading
position in this ever-evolving market
• The opportunity to work with some of the best minds in the
industry and to conduct research is part of our rounded colleague
value proposition for technical specialists
Although the pandemic has impacted all our colleagues and
customers around the world, our business has demonstrated its
resilience and remains committed to securing the future for all.
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs
in April 2021. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to the adoption of the IFRIC agenda decision:
Adjusted operating profit (as noted above)
Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below)
Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements
2021
£m
39.2
(3.0)
36.2
2020
£m
30.7
(1.4)
29.3
Change
27.7%
(114.3%)
23.5%
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy
in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS)
arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to
the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based
software arrangements is comparable to Adjusted operating profit previously reported.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
11
Strategic reportStrategic report�Chief Executive Officer’s review continued
Creating value through the execution of our strategy
Over the past three years – and even through the disruption caused
by Covid-19 – our confidence in the direction of our Company has
grown. Our mission, vision and values have remained the same and
we have created value through the relentless execution of our
transformation programme, “Securing Growth Together”.
Our mission is to make the world safer and more secure.
Our vision is to be the leading cyber resilience provider globally,
trusted to protect and secure our customers’ critical assets and
sought after for our complete people-led, technology-enabled
cyber resilience solutions that enable our customers to thrive.
Our values are work together, be brilliantly creative and
embrace difference.
Our medium-term objectives are:
• For our shareholders:
• Medium-term target of double-digit revenue growth and margin
improvement for Assurance
• Return Software Resilience to sustainable growth
• Disciplined cash generation
• For our customers:
• Use our unique data, capability and insight to help customers
to meet their cyber resilience needs
• For our people:
• A global hub for cyber talent
• An inclusive environment where everyone feels safe to be
authentic and which is representative of the diversity of the
world in which we live
As noted at our interim results, we are now building on the strong
initial foundations of our Securing Growth Together programme and
have moved to the next phase of becoming the complete provider
of global cyber resilience solutions, particularly by:
• Broadening our portfolio (adding services and solutions across
the cyber lifecycle)
• Improving how we go to market globally (becoming easier
to engage with and buy from)
At our interim results, we announced the investment of £3m into
propositions that we consider critical for the future and for realising our
ambition to become a complete provider of cyber resilience services,
acting as a one-stop shop to meet our customers’ demand for
evidence-based solutions that offer them peace of mind.
The table below describes these propositions and highlights our
progress in FY21:
Proposition
Progress
Escrow-as-a-Service
(EaaS), our cloud escrow
proposition
• 83% increase in EaaS orders to £2.2m
• Weighted year end EaaS pipeline at £1.1m
• Notable FY21 wins include Sky, Carrefour,
Christie’s, Deutsche Bank, Standard Chartered
and Barclays
Global Managed Services
(GMS)
• MDR revenue growth of 14.3%
• Sales orders growth of 15.8% to £71.8m
New MDR service based
on Microsoft’s Azure
Sentinel platform
• Launched at the end of the financial year
New Remediation service
to develop clients’
resilience
• Global rollout after successful UK launch
(revenues of £2.1m with current pipeline
of c.£3m)
We will invest further in FY22 and beyond to build on these successes.
Acquisition of IPM business
The most significant investment of the year was our recent
acquisition of the IPM business, which marked an exciting
culmination of our financial year. We obtained shareholder
approval on 1 June and completed the transaction on
7 June for $220m, subject to a normalised working capital
adjustment during FY22. On this basis, the results of the
IPM business will be consolidated from 1 June 2021. The
acquisition was funded through an equity placing (£70.2m)
in May combined with a new three year $70m term loan,
existing cash balances and our revolving credit facility.
The acquisition aligns with the Group’s existing strategy and will:
• Scale up the Group’s core business to create a global
business and platform for further growth
• Generate revenue synergies through allowing the enlarged
division to offer NCC Group’s broader suite of established
verification services as well as the newer Escrow-as-a-
Service (EaaS) cloud offering to the IPM business’ existing
customer base
• Present an exciting new opportunity to sell NCC Group’s cyber
security services from its Assurance division into the IPM business’
broad and blue-chip customer base in the medium term
• Be accretive to earnings per share from completion, even
without factoring in revenue synergies
• Result in greater strategic strength for the future
Financially and, prior to our ownership, the business generated
revenues of c.£23m and operating profit of c.£15m for the 12
months ended 31 December 2020, with cash conversion of
c.90%. It is expected that for NCC Group’s FY22 financial year,
the business will incur c.£2.5m of one-off integration costs.
From an integration perspective, integration is on plan with all
workstreams (People, Customers, Operations, Finance and IT)
making good progress against objectives. The business is also
supported by TSA and MSA arrangements.
From a personal perspective, it has been a pleasure to welcome
our new colleagues from the IPM business. I look forward with
confidence to the future as we transform our Software
Resilience business into a growing, high margin global leader.
12
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Summary
Financial
• Year on year growth in Group revenue, gross profit, Adjusted
operating profit and profit before taxation
• Another year of excellent cash management
Operational
• Successful acquisition of IPM with strategic and financial importance
• Exciting development and growth of key service lines
for the future
• Market prospects continue to evolve and create opportunities
• We continue to have a strong and flexible Balance Sheet that
will allow us to fund future organic and inorganic growth
Our FY22 operational priorities are:
Assurance
• Broadening our portfolio (adding services and solutions across
the cyber lifecycle)
• Growing recurring global MDR services
• Effective use of our global resourcing model
Software Resilience
• Addressing execution challenges and returning Software
Resilience to sustainable growth
• Continuing to broaden the portfolio through innovation and
growing our EaaS proposition
• Embedding the IPM acquisition and minimising integration costs
Outlook
• For the current financial year (FY22), the Board expects higher
revenue growth as compared to FY21 partially offset by increased
global costs from inflationary pressures as well as a resumption
in travel and office usage. IPM integration costs are expected
to be c.£2.5m
• Our medium-term objectives continue to be double-digit revenue
growth in Assurance and sustainable revenue growth in
Software Resilience
• Q1 FY22 revenue growth was stronger than prior year in local
currency but we experienced some un-anticipated disruption in
customer buying patterns over the summer period. Q1 orders
were ahead YoY and our orders pipeline is robust.
Consequently, the full year outturn remains in line with
management expectations
• The Board is recommending an unchanged final dividend of 3.15p
(2020: 3.15p) per ordinary share
Adam Palser
Chief Executive Officer
14 September 2021
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Read more online: www.nccgroup.com
13
Strategic reportStrategic report
�Our continued Covid-19 response
Planning ahead to
survive and thrive
in a global pandemic
When the World Health
Organization announced
the global pandemic, we
began planning to support
our colleagues and our
customers through the
inevitable lockdown.
The priority was colleague welfare
and customer safety. Beyond that,
we set out two clear objectives
that would guide our actions:
• Maintain a strong Balance Sheet
to ensure the survival of the
Company and its ability
to pounce on opportunities
as the pandemic subsided
• Maintain the capacity and
capability we knew we would
need to meet future demand
We worked towards these objectives
using five strategic pillars.
Anticipate
Be resilient
Objective: Plan for different outcomes
and track KPIs to inform our
decision making
Objective: Ensure the safety of
our colleagues and customers, and
maintain continuous operations
Examples of our actions:
Examples of our actions:
• Scenario planning
• Preparation for contingency plans
with different levels of response
• Data-led insights from our
new systems
• Regular communication
• Global systems set up to ensure
colleagues delivering customer
work were supported to do
this remotely
• Developed a programme that
enabled critical need colleagues
to access office environments
when it was safe and permitted
to do so
• Provided colleagues with
resources to support longer-term
remote working
14
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Stay profitable
Exploit any downtime
Prepare for the bounce back
Objective: Proactively sell remote
services; careful control of cost
and cash
Examples of our actions:
• More than 95% of our services
can be delivered remotely
• Provided advice and guidance
to customers with practical
solutions to stay safe during
the global pandemic
• Continued to develop our service
offerings to support customers
with short-term challenges caused
by the pandemic as well as through
our research capability and global
threat intelligence insights,
continuing to develop solutions
for the future
Objective: Strengthen the firm every
day through research and development
Examples of our actions:
• Invested a record 3,400 days
on technical security research,
which resulted in a significant
contribution of conference
presentations, vulnerability
advisories, blog posts, research
papers and open-source tools
being released
• Created a new internal research
working group focused specifically
on finding creative and massively
scalable solutions to remediate
(even prevent) security
vulnerabilities at internet scale,
and a group which focuses
exclusively on the security
implications of emerging
technologies yet unstudied by
any other security research firm
Read more on our research on pages 18
and 19
•
Developed our Global Assurance
operating model, investing in our
future delivery capability and
value proposition
Objective: Preserve capability and
capacity to invest selectively for
the future
Examples of our actions:
• Acquisition of Iron Mountain’s
Intellectual Property Management
(IPM) business to provide a robust
platform for growth, particularly
in North America but also for our
Software Resilience division
and NCC Group as a whole
• Redesigned and launched our
regional websites, which supports
our new global marketing
operating model
• Reimagined our future world of
work by learning from and listening
to the experience of the pandemic
including how flexible working
could be an enabler for a more
inclusive and diverse workforce
• Continued investment and
development in services and
solutions to broaden our portfolio
and better serve our customers
including the launch of our new
Remediate service and our flagship
Partner Network for our Software
Resilience offering in the UK
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
15
Strategic reportStrategic report
�Markets
Market dynamics
A changing threat landscape and exponential digital transformation,
coupled with society’s ever-growing reliance on digital technologies
and increasing regulatory and legislative requirements, mean that
investment in cyber and software resilience is no longer optional
and NCC Group’s addressable market is growing.
Changing threat
landscape
Exponential digital
transformation
Society’s ever-growing
reliance on digital
technologies
Increasing regulatory
and legislative
requirements
A changing threat landscape
The global geo-political environment fuels a buoyant cyber resilience
market. Strategic competition is coming from China, and hostile
threats from Russia, Iran and North Korea. This, coupled with
emerging offensive capabilities in other nation states and organised
crime groups, creates a volatile state of unpeace that organisations
need to prepare for, navigate and defend against.
As the scourge of ransomware emerges as a distinct threat to
organisations of all sizes, and software supply chain attacks inflict
mass disruption in all geographies, the real-world kinetic impact of
recent cyber attacks has catapulted a deeper awareness of the
threat to our digital lives into the mainstream.
Society’s ever-growing reliance on digital technologies
This has been exacerbated by exponential digital transformation.
Software and cloud consumption, driven by the Internet of Things
(IoT), has never been higher, and the digital supply chains upon
which our connected environment depends have never been more
complex and interdependent. And as the fall-out from ransomware
attacks and technical outages alike has shown, we have never
relied more on the smooth functioning of digital technologies
than we do now.
Increasing regulatory and legislative requirements
That means, too, that focus on and expectations of ensuring the
continuity of essential services – and with it a renewed awareness
of the crucial importance of digital business continuity planning –
have increased significantly.
And while citizens rightly expect organisations to act responsibly, so
legislators and regulators have concluded that the defence and resilience
of schools and hospitals, banks and insurers, water treatment
facilities and gas pipelines are too important to be left to chance.
As a result, we are seeing a global increase in the depth and breadth
of mandated requirements with which organisations must comply
to enter or continue operating in their respective markets.
Cyber resilience measures are becoming an integral element of an
organisation’s licence to operate. We are seeing evidence of this in
the UK with the government’s proposed legislation for consumer IoT
manufacturers, and the strengthening of security requirements for
telecommunications companies. In the US, the government is taking
forward software supply chain security measures by Executive Order
and the Australian government is enhancing incident management
for critical infrastructure operators, while the European Union is
pressing ahead with expanding the scope of the Network and
Information Security Directive.
At the same time, we are seeing a growing convergence of cyber
and software resilience as part of a broader trend towards digital
operational resilience. Global financial regulators, from the Basel
Committee to the UK’s Prudential Regulation Authority and
Canada’s Office of the Superintendent of Financial Institutions,
have updated their rules and guidance on technology, third party
technology and cloud outsourcing arrangements. All acknowledge
that the financial systems’ reliance on third party solutions presents
risks that need to be mitigated before they fundamentally threaten
the global financial system.
16
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Although competition for customers
and talent is also growing, our
continued portfolio evolution and
differentiation enable us to take
advantage of the tremendous
opportunities the cyber services
market offers, fuelling our growth
now and in the future.
Growing competition
for customers
and talent
Continued portfolio
evolution and
differentiation
Competition for customers
As board-level and senior executive understanding – and liability –
grows, cyber and software resilience is increasingly seen as a
strategic investment.
That also means that the competitive landscape continues to be
busy on all fronts, and that new and disruptive ways of working and
service delivery come to market frequently. Excitement about new
and emerging technologies – from artificial intelligence to quantum
computing – that infuse traditional cyber offerings continues unabated.
By way of example, venture capital activity until May 2021 rivalled
the full-year activity level in 2020 and continues on an upward
trajectory, and private equity investment continues to focus on the
typical “platform buy and bolt on” strategies across cyber services
and technology domains globally.
We’ve also seen continued evolution in penetration testing to
continuous, automated and on-demand/crowd-sourced models and
experienced competitive pressures in the Managed Detection and
Response space, and from regionally and vertically aligned
specialists in the wider Software Resilience offering.
Competition for talent
In addition, competition for talent continues unabated, not least
as regulatory authorities are equally seeking to fill their capability
gaps as they discharge their new responsibilities.
As the global pandemic has driven remote working models more
widely, we have, moreover, experienced external challenges to
our traditionally uncontested talent pools, for example, where
US technology companies have acquired talent in the European
and Asia Pacific regions.
NCC Group’s continued portfolio evolution
and differentiation
Through our combined Cyber and Software Resilience offering,
we are uniquely placed to offer our customers – current and new –
easy-to-access peace of mind in an ever-more complex digital world.
Our service orientated research and development, and selective
investments to meet our customers’ changing challenges and
demands have and will allow us to:
• Evolve our penetration testing services to address risks
of commoditisation
• Establish our Managed Detection and Response offering as a
leading proposition in a competitive and diverse space, building
on a full suite of incident response and threat intelligence
services across a leading, sovereign European business, while
adding analytical and machine learning approaches to our threat
detection, to offer customers insight and context into malicious
activity and response capabilities to identify and mitigate
sophisticated cyber threats
• Innovate to integrate Microsoft Sentinel into our offering which
means we are fully equipped to manage threat monitoring and
detection for Microsoft customers
• Differentiate our Remediate service against competition from
system integrators, generalist consultancies and fragmented
boutiques, through our technical depth, expertise, scale and global
footprint which mean we are able to work with our customers to
assess their existing risk position, and prioritise and fix security
weaknesses as part of a structured improvement plan to reduce
their cyber risk
• Enhance our Software Resilience capabilities into a market-
leading combination of service modernisation and trusted
reputation, through the acquisition of Iron Mountain’s Intellectual
Property Management (IPM) business, which completed on 7
June 2021, and the continued innovation in cloud-delivered
services and a next generation Software-as-a-Service platform
for digital escrow deposits and secure digital vault storage
Finally, our tenure, stability and reputation mean we remain an
attractive destination for global talent at all stages of their career
and we continue to invest in creating a world-class environment
in which everybody is welcome and can be successful.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
17
Strategic reportStrategic report�INSIGHTS:
RESEARCH AT NCC GROUP
Cutting-edge research
and technical capabilities
NCC Group employs some of the most talented security consultants
and researchers on the planet, serving customers worldwide and
uncovering countless vulnerabilities per year through both customer
work and independent vulnerability research. We are a research-driven
firm where every researcher on our team is also an active consultant.
Our greatest strength is our breadth and depth of world-class technical
capabilities, publicly exemplified by our research publications, now
spanning into the hundreds per year, across two decades 1.
We consistently perform independent, cutting-edge security
research across hardware and embedded systems security, applied
cryptography, programming languages, artificial intelligence and
machine learning, mobile privacy, cloud and container security, exploit
development, critical infrastructure security and threat intelligence,
and beyond all technologies, and in all sectors – the outputs of which
support current and future specialist technical consulting capabilities
and customer and consultant needs, and respond to world events.
We host a GitHub repository of over 200 open-source security tools 2 ,
have a research group dedicated to security research in the public
interest 3 , and are trusted experts to whom open-source projects
and major tech companies alike regularly turn for our publicly
reported security audits of their most important technologies 4.
Public-facing reports, research papers and tool releases are
published on our dedicated research blog, research.nccgroup.com,
and are also regularly covered by publications including the Wall
Street Journal, New York Times, Washington Post, DarkReading and
Politico, as well as other mainstream and trade publications globally.
Our research blog attracted over a quarter of a million visitors in the
past financial year.
We also regularly work with independent UK consumer body Which?
undertaking research across a range of smart devices – from toys to
doorbells. The results are published in its online and print magazine
titles as well as extensively covered by the mainstream media with
our more detailed research findings published on our blog.
In addition to our published work, our researchers regularly present
their work in top research venues across as the world as well as
serving on review boards of conferences. These include Black Hat
USA, Chaos Communication Congress, HITB Amsterdam,
CanSecWest and DEF CON to name a few.
Our technical capabilities extend beyond our public-facing work,
to include our internal-only research and development function,
including our Exploit Development Group, Threat Intelligence
Fusion Centre and Full Spectrum Attack Simulation Group
as well as unpublished proprietary tooling.
FY21 research
Our research investment has had a direct and positive impact
on the safety and security of our digital world for everyone,
from operators of critical infrastructure to everyday consumers.
We discover and remediate existing vulnerabilities before they
can be uncovered and exploited by threat actors. We continue
to invest in our future – both as a firm, and in improving the
security of the global internet ecosystem.
In January 2021, we published our inaugural Annual Research
Report, in which we summarised our security research findings
from across all our conference publications, blog posts and
tool releases published by researchers at NCC Group between
1 January and 31 December 2020. In this report, we presented our
findings and their impact in context, with links to the associated
research papers, recorded conference presentations, publicly
reported security audits, technical advisories and open-source
tools, as well as selected media coverage of our work 5.
51
conference presentations, including over
20 presentations at “Tier 1” research venues
9
internal research working groups
8
whitepapers, research papers and research reports
35
open-source tool releases
71
research blog posts
37+
technical advisories/CVEs
18
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Jennifer Fernick
SVP & Global Head of Research
Highlights include:
• We invested a record 3,400 days on technical security
research, which resulted in a significant contribution of
conference presentations, vulnerability advisories, blog posts,
research papers and open-source tools being released
3,400
days dedicated to research
• We co-founded the Open Source Security Foundation 5 – a
group of industry experts working together to improve the
security of the open-source ecosystem – forming the group’s
governing board alongside representatives from GitHub,
Google, IBM, JPMorgan Chase, Microsoft, OWASP Foundation
and Red Hat, among others
• We served on the Industry Advisory Board at King’s College
London, the Executive Steering Board for the Internet of
Things Security Foundation (IoTSF), the UK’s National
Cyber Security Centre (NCSC) Research Advisory Panel
and the Technical Advisory Council of the Open Source
Security Foundation, as well as contributing to standards
groups like the CIS Benchmarks, the ioXt Alliance and the
C Standards Committee
• We created a new internal research working group focusing
specifically on finding creative and massively scalable
solutions to remediate – and perhaps even prevent – security
vulnerabilities at internet scale, as well as a group which
focuses exclusively on the security implications of emerging
technologies yet unstudied by any other security research firm
• It’s this technical excellence that makes NCC Group attractive
to some of the world’s most talented security consultants.
Attractive to those just starting out in their career, and to those
who have already established a name for themselves in the
infosec community, there is a research path for every single
consultant who wants it here at NCC Group
Research at NCC Group typically falls under one or more
of six core categories:
Offensive – we perform deep technical vulnerability research
to understand the complexities involved in attacking different
technologies and systems and the true impact of any successes
that attackers might derive with similar capabilities.
Defensive – outputs from our offensive research inform our
defensive research – this is where we research methods, tooling
and solutions to mitigate the issues that we identify across
technologies.
Capability – we are constantly innovating and developing new
technical testing capabilities and methodologies to keep pace
with the rapid change in technology and threat landscapes. This
ensures that when we assess client systems and networks, our
techniques are at least as good as those of their adversaries.
Future looking/horizon scanning – we routinely research
emerging technologies to understand the potential security
impact of those technologies on the sectors in which our
customers operate.
Customer-driven commercial research – we regularly
perform paid research for customers, helping them to answer
any uncertainties they might have on technology risk, such as
understanding security capabilities of specific technologies or
emerging technological security impact on an industry or sector.
Collaborative – we are open to research collaborations and
regularly work with academia through joint research and PhD
sponsorships. We also contribute many of our research outputs
to various international security standards bodies and we are
open to B2B and consortia-based research collaborations.
https://research.nccgroup.com/2020/08/21/immortalising-20-years-of-epic-research/.
1
2 https://github.com/nccgroup.
3
https://research.nccgroup.com/2021/01/31/2020-annual-research-report/
#PublicInterestTechnology.
4 https://research.nccgroup.com/category/public-report/.
5 https://newsroom.nccgroup.com/news/ncc-group-joins-forces-with-industry-
leaders-to-improve-security-of-open-source-software-oss-408150.
https://research.nccgroup.com
@NCCGroupInfoSec
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
19
Strategic reportStrategic report�Business model
Creating value
We draw on our expertise, capabilities and global footprint to develop solutions to meet
current and future cyber challenges. We help to educate policymakers and regulators.
We give back to protect our local community services. And we share opportunities to
experience the world of cyber and inspire the next generation to secure our future.
A
K
Assurance
How we create value
S S E S S CYBER RIS
33+
D
E
V
E
L
O
P C
Y
B
Software Resilience
M
A
N
A
G
E
TION
ER M
R+D
ITY
A
C
R
E
Y
B
P
R
U
A
T
E
O
R
33+
Research and development investment
We continue to innovate and develop new technical testing capabilities
to keep pace with the rapid change in technology and threat landscapes.
Our ongoing research allows us to understand and quantify risk for our
customers about the technologies they use and the threats to the sectors
and industries in which they operate.
Read more on pages 18 and 19
Inputs
Securing Growth Together strategy
• In a fast-moving and complex environment our
enduring strategy enables us to be agile to
continue to make sustainable investments, creating
the world’s leading cyber and software resilience,
risk mitigation and remediation specialist
Talented and motivated colleagues
• We are a global community of talented individuals
working together, being brilliantly creative and
embracing difference to help make the world
safer and more secure
Culture of innovation
• Research driven where every researcher is also
an active consultant. We invest in sustainable
product development, continually enhancing
our proposition to meet current and future
needs of customers
Stronger partner relationships
• We are active members of the global cyber
and software resilience community, working
in collaboration and in partnership with key
industry players. Many successful global
partnerships have delivered integrated,
seamless solutions to customers
Market-leading reputation
• We understand our customers’ challenges
and the risks these pose to their business.
Successful delivery to customers worldwide
means we are in a strong position to help them
understand and improve their cyber resilience
posture and how best to mitigate against
evolving threats, keeping them up to date and
aligned to regulations and compliance needs
throughout
20
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
34
+
33
+
I
I
34
+
33
+
I
�How we create value
Read more on our strategy on pages 29 to 31
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Value creation
Colleagues
• Our core strength is the expertise of our colleagues
and we aim to create an environment where
everyone can reach their full potential. From our
technical teams to our professional teams, we
work together in support of our customers.
Colleagues are part of a phenomenal knowledge
network, connected through online collaboration
and communication platforms with access to
formal and on the job learning opportunities
Customers
• The cyber landscape is complex, and our unrivalled
global footprint, technical community and
scientific approach mean we can confidently
say: we understand it, we are good at it and
we can help mitigate the risks
• We advise on the right solution to match our
customers’ cyber and software resilience
posture requirements – based on goals,
budgets and risk appetite
• We balance our global knowledge with
customer-specific prioritisation of risks to ensure
the right actions are taken to mitigate them
Our network
• We are active members of the cyber and
software resilience community, working in
collaboration and partnership with key industry
players around the world. Our network extends
to ensuring we have the relevant accreditations
and certifications to assure our customers of
our professional services. This includes our
partner programme
Shareholders
• Our scale provides us insights and understanding
of the vulnerability landscape and our technical
teams and tools allow us to provide insight into
the patterns of vulnerability. This, along with our
people-led culture, gives us a competitive
advantage and superior shareholder value
33+
33+
33+
33+
33+
Assurance
As one of the world’s leading cyber security service
providers we are best placed to help businesses assess,
develop and manage the cyber security risks they face.
Through an unrivalled suite of services, we provide
organisations with peace of mind that their most
important assets are protected.
Software Resilience
Regardless of whether the infrastructure or data is
on-premise or in the cloud, security and regulatory
compliance of business-critical technology need
to be assured.
Through our data and application continuity solutions
we safeguard buyers from supplier failure, software
vulnerabilities and unforeseen technology disruption
while providing credibility and intellectual property
rights protection for software suppliers.
Assess cyber risk
A fast and global response with the ability to understand
what the problem is, using experience and/or relevant
industry frameworks. The value is not just in the
assessment but in the clear advice and guidance
from the results to improve cyber resilience.
Read more on pages 22 and 23
Develop cyber maturity
We work together with our customers to help them
develop security capability or fix the issues identified
during the assess stage. It is only once these areas
have been remediated that the true return on
investment will be realised against their cyber spend.
Read more on pages 24 and 25
Manage cyber operation
The ever-evolving threat landscape means that beyond
the initial assess and develop phases it is vital to
continually improve levels of security, detect incidents
and react to them. We help companies manage their
own capability or provide it through efficient security
managed services.
Read more on page 28
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
21
Strategic report34
+
33
+
I
I
34
+
33
+
I
I
34
+
33
+
I
I
34
+
33
+
I
I
34
+
33
+
I
I
�BUSINESS MODEL INSIGHTS:
ASSESS CYBER RISK
33+
Making the automotive
sector safer and more secure
The key priority for the automotive industry
has for many years been safety – the safety
of vehicle occupants, other road users and
pedestrians, by trying to prevent crashes from
occurring and minimising injury when a crash
does occur.
Established international standards and regulations are in place
to support this initiative. However, as connectivity and automation
have increased (and are still increasing at pace), the safety
challenge has now been joined by a cyber security challenge,
resulting in a concept of cyber safety. Many modern vehicles have
Advanced Driver Assistance Systems (ADAS), such as Adaptive
Cruise Control and Lane Keep Assist, that require software to
automatically control physical aspects of the vehicle, e.g. steering,
braking and acceleration. These systems have primarily been
designed to increase safety; however, as thousands of lines of
complex code are controlling these vehicle functions, cyber security
flaws could result in catastrophic outcomes and, therefore, cyber
security and functional safety have become closely coupled.
Regulatory compliance
Automotive cyber security standards are being developed to support
the industry and regulations have been recently introduced. These will
ensure that the vehicle manufacturers and their suppliers don’t just
consider cyber security as a checklist item during their production
phase, but instead embed cyber security into their entire vehicle
design and development lifecycle, making fundamental cultural
changes to the way vehicles are created.
Cyber security and
functional safety have
become closely coupled.
Cyber security basics and the prioritisation
of cyber activities
The diverse nature of the automotive industry – from small electric
vehicle start-ups to huge multinational manufacturing groups and
many other shapes and sizes of organisation in between – means
that cyber security has had different priorities in different companies
historically. This is especially due to the tight margins within the
sector. A recent industry report 6 highlighted that 30% of car
manufacturers and suppliers do not have an established product
cyber security programme or team. Therefore, the automotive
industry is facing a steep learning curve and will require significant
assistance from the cyber security community.
Resourcing challenges and return on cyber investment
As in many other industries, the automotive sector faces serious
cyber security resourcing challenges. In an article 7, our CTO, Ollie
Whitehouse, highlighted the shortage of cyber resilience skills,
explaining that from our own research, of those who planned
to outsource elements of their cyber security in the next 12 months,
43% said that this was being driven by return on investment.
This suggests that organisations recognise the importance of
validating cyber security spend, but they are not confident that
they have the skills or resources to do so in house.
How we are helping the automotive industry tackle
these challenges
The NCC Group Transport practice has been part of the independent
review process validating new automotive cyber security standards
and has aligned our services (in some cases, developing new ones)
to help support vehicle manufacturers to achieve compliance with the
new regulations, as the most serious consequence of non-compliance
is the inability to sell new vehicles. The services involve close collaboration
between our governance, risk and compliance teams and deeply
technical cyber security experts with automotive industry-specific
knowledge and expertise.
Our services help vehicle manufacturers to address some fundamental
cyber security challenges, not just to achieve initial compliance with
the regulations, but to maintain that compliance by changing cyber
security culture. As advisory partners to our customers, we will
continue to help them increase their cyber security maturity by
providing expert advice, security assurance and software resilience,
which over time is expected to become a market differentiator within
the automotive industry.
6
7
Securing the Modern Vehicle: A Study of Automotive Industry Cybersecurity Practices
– Ponemon Institute
https://www.mynewsdesk.com/nccgroup/blog_posts/technical-viewpoint-cyber-
resilience-skills-please-mind-the-gap-101288.
22
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
34
+
33
+
I
I
�Regulatory compliance driving automotive industry
investment in cyber security
*
e
z
s
i
t
e
k
r
a
m
r
e
b
y
c
e
v
i
t
o
m
o
t
u
A
n
b
$
$9
$8
$7
$6
$5
$4
$3
$2
$1
$0
0.6
2.0
2.4
1.0
3.9
3.5
2020
2021
2022
2023
2024
2025
Cyber security hardware
Cyber security software
Cyber security processes
Key NCC Group
services:
Risk management
Remediate
SDLC
Pentesting
Vehicle SOC
UNECE cyber
security regulation
adopted
January 2021
Supporting
international standard
published
Q3 2021
New vehicle types
with over-the-air
software updates
must be certified
July 2022
New vehicle types
without over-the-air
software updates
must be certified
July 2024
All new registrations
with over-the-air
software updates
must be certified
July 2024
All new registrations
without over-the-air
software updates
must be certified
April 2026
Japan and Europe
Japan
Japan and Europe
Japan
Preparation for certification
Certification deadlines
* Source: https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/cybersecurity-in-automotive-mastering-the-challenge.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
23
Strategic reportStrategic report
�BUSINESS MODEL INSIGHTS:
DEVELOP CYBER MATURITY
33+
Building resilience
within local government
A ransomware attack on a UK local government
authority in early 2020, which significantly
disrupted its ability to maintain operations,
brought into sharp focus the risk posed by
cyber criminals and other malicious actors.
This event raised concerns that comparable organisations
within the public sector may also be similarly vulnerable and the
importance of maintaining citizen services and operational resilience.
In response a central government sponsored 14-week remediation
programme was initiated to rapidly establish the risk position in 28
organisations thought to be at the greatest risk of ransomware, and
to make practical interventions to reduce the specific risks identified.
The objectives were:
• Reduce vulnerability of backups to ransomware attack
• Reduce the susceptibility of organisations to ransomware attacks
• Improve the longer-term resilience of each organisation
An initial view of the risk in key areas was established through
a targeted questionnaire and workshops, with a programme of
accelerated security improvement and remediation work initiated
to quickly reduce risk across all organisations.
A collaborative approach
The pace of the programme required a high degree of integration
and collaboration across the broad stakeholder group, working with
multiple independent organisations each with different priorities.
The joint programme between the local authorities, Ministry of Housing,
Communities and Local Government, Cabinet Office and our team of
NCC Group experts coupled with the broader stakeholders required
a highly transparent and flexible operating model to succeed.
A baseline of vulnerability exposure and security posture was
established through a facilitated, self-assessment approach via
a workshop. This provided an indication of the risk present in each
estate; however, in most cases, a cyber threat actor emulation
was required to truly understand security posture.
The delivery of risk prioritised remediation at this scale was only
achievable through a modular approach that delivered essential
solutions to the organisations that needed them.
The modules are continually updated based on the latest technology and
threat information and cover key security and resilience themes. This
approach allowed consistency of delivery at scale for common risks,
while enabling a more flexible approach to unique risks where required.
Outcomes
The programme quantifiably reduced the risk of the ransomware
threat across many organisations critical to the UK government’s
Covid-19 response:
• All critical and high risks identified in relation to both the
vulnerability of backups to ransomware and the broader
susceptibility to ransomware were reduced to a controllable level
• All organisations received a long-term security improvement
plan detailing residual risk and recommendations for
continuous improvement
• 221 remediation modules were delivered across all organisations
using multi-disciplinary teams of cyber consultants and engineers
24
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
34
+
33
+
I
I
�Achieving sustainable
cyber security resilience
What needs to be in place?
• The desire to tackle deep-seated challenges
• Understanding the technology is vital rather than simply
executing compliance
• The importance of long-term improvement programmes
• A minimum cyber resilience criteria to support investment
The scale and criticality of the
cyber security challenges we all
face can only be tackled through
a collaborative approach that
embraces diverse teams and
perspectives across the public
and private sectors. It’s not easy,
but the benefits in understanding
and reducing risk are significant.
Pete Cooper
Deputy Director Cyber Defence in the UK Cabinet Office
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
25
Strategic reportStrategic report�BUSINESS MODEL INSIGHTS:
DEVELOP “RESILIENCE BY DESIGN”
33+
Promoting safe and secure
cloud adoption worldwide
The last year has seen intensified global dialogue
on the challenges facing regulatory authorities
around the world, to update guidance, rules and
frameworks on third party and technology risk
management and operational resilience in the
face of accelerated cloud and technology
adoption, particularly in financial services.
Third party software has become a permanent fixture of many
competitive organisations’ supply chains: according to the Bank of
England, 40 to 90% of banks’ workloads globally could be hosted
on public cloud or Software-as-a-Service within a decade.
We have been delving into the topic of operational resilience and
third party risk management within financial institutions (FIs),
exploring what the latest guidelines and proposals released by
regulators across the globe mean for businesses, their resilience,
and the pace of digital transformation across the sector.
As reliance on third party software and its availability continues
to increase, financial institutions must ensure that all providers
they work with have the necessary risk mitigation and business
continuity measures in place.
Taking action
• Organisations should assess the resilience of their supply
chain, categorising outsourcers on their criticality, financial
stability and concentration risk, with particular attention
paid to services in the cloud
• Once this is understood, businesses can put the appropriate
strategies and systems in place to manage risk. Organisations
should look for suppliers that proactively deliver complementary
risk mitigation and business continuity assurance that fit
with the organisation’s needs. This can include implementing
robust onboarding and procurement policies that ensure
that software escrow agreements and verification testing
are built into any supplier contracts
• For every outsourcing agreement, organisations are required
to develop a business continuity plan in order to protect
business-critical applications. This can be tested repeatedly
using software escrow verification tests, which ensure that
an application can be rebuilt should the need arise
• For many financial institutions and their outsourcers, these
regulatory changes could mean that a lot of resource must
be used on the creation and implementation of viable stressed
exit plans. However, for those with escrow agreements
already in place, organisations can test their existing
procedures and cover anything that has been missed
NCC Group has long taken the view that
software, technology and data escrow
solutions offer legal and technical assurance
to allow firms to adopt, innovate and
manage third party technologies with
confidence. We continue to engage with
regulators worldwide to encourage them
to acknowledge escrow agreements as a
mechanism that enables organisations to
comply with third party risk mitigation,
outsourcing and business continuity
requirements and as a way to operate and
grow in a resilient, safe and secure way.
We believe that awareness and education
of operational resilience need to improve
and that regulators can play a role in
supporting financial institutions in achieving
resilience by design.
Simon Fieldhouse
Global Managing Director,
Software Resilience
26
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
34
+
33
+
I
I
�Overview of the financial regulatory authorities publishing consultations, supervisory statements and
update guidance on operational resilience and third-party risk management over the past 12 months.
Canada
Office of the Superintendent
of Financial Institutions
(OSFI) Technology
Risk Consultation
United Kingdom
Prudential Regulation
Authority (PRA) Supervisory
Statement SS2/21 on
Outsourcing and Third
Party Risk Management
European Union
Digital Operational
Resilience Act
Ireland
Central Bank of Ireland
Consultation on Cross
Industry Guidance on
Operational Resilience
United States
Proposed Interagency
Guidance on Third-Party
Relationships:
Risk Management
Financial
Stability Board
Discussion Paper on
Outsourcing and Third
Party Relationships
Dubai
Dubai Financial Services
Authority Guidelines
for Financial Institutions
Adopting Enabling
Technologies
Singapore
Monetary Authority
of Singapore (MAS)
Technology Risk
Management Guidelines
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
27
Strategic reportStrategic report�MANAGE CYBER OPERATION
I BUSINESS MODEL INSIGHTS:
33+
Protecting critical
research and education
The ever-evolving threat landscape means that
beyond the initial assess and develop phases it
is vital to continually improve levels of security,
detect incidents and react to them. We were
engaged by a university to design a comprehensive
package, including a broad, ongoing Managed
Detection and Response (MDR) solution.
From our previous experience in the higher education sector,
we knew that securing universities from cyber threat can be
more complex than in other sectors. Liberal expectations of
information sharing from the student body need to be balanced with
the requirement to protect extremely valuable intellectual property.
A nuanced and segmented approach to risk is required. Additionally,
any solution had to work for both on-premise and cloud architectures.
The starting point was to understand the enterprise deployment in
a way that was digestible by the customer’s security team. From this
baseline, the priority was to implement a solution to identify malicious
activity at the earliest point to accurately report incidents so that
effective remediation could be conducted.
The NCC Group technical team designed a multi-layered solution,
including a Managed Detection and Response (MDR) suite
incorporating Security Information and Event Management, endpoint
detection and network detection with a unifying service wrap
centred on a 24/7 security operations centre (SOC) facility.
During the engagement, we were presented with a time-critical
challenge to assure the security of its essential Covid-19 research
programme, which was part of a World Health Organization global
megatrial on treatments. Our specialist team worked round the clock
to ensure the infrastructure was penetration tested, remediated and
added to 24/7 monitoring within three days.
One year on, the customer’s cyber risk was detailed and demonstrated
and a risk mitigation solution was designed and is now managed
through a 24/7 MDR solution. The benefit is the university is better
informed and more secure and the solution enables it to continue
in its critical research and develop the next generation of leaders
through its educational programmes.
SURF partnership – protecting universities
in the Netherlands
In January 2021 we announced a partnership with SURF – the IT
cooperative for education and research across the Netherlands –
to provide 24/7 security incident and event management (SIEM)
and security operations centre (SOC) services over the next five
years. Our specialist team in Delft provides the services in support
of SURFsoc – the security operations service launched by SURF,
which is dedicated to securing and continuously monitoring the
systems of all its member institutions.
SURFsoc is a forward-thinking
example of how industry-wide bodies,
individual institutions and security
teams can work together to improve
the resilience of entire sectors and we
are proud to be providing our expert
services in support of this mission.
This combination of ongoing
knowledge sharing and 24/7 threat
intelligence gathering is a model that
will not only increase the resilience of
individual educational institutions, but
will be at the forefront of educational
security around the world in the years
to come.
Inge Bryan
Managing Director,
Assurance Europe
28
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
34
+
33
+
I
�Strategy and KPIs
Executing
our strategy
We are successfully executing our strategy,
realising our vision to become the complete
provider of cyber and software resilience
solutions globally.
This section demonstrates how we are making progress to
becoming a one-stop shop for our customers, offering them
a complete set of cyber and software resilience services,
which are promoted and sold to a global market,
underpinned by research, data and quantification.
In securing NCC Group’s future, we build on strong
foundations to create a highly engaged and diverse talent
base, as we continue to:
• Broaden our portfolio, adding services and solutions
across the complete Assess – Develop – Manage
cyber lifecycle
• Improve how we go to market globally, becoming easier
to engage with and buy from
Read more on our business model on pages 20 and 21
Link to risks:
1 Business strategy
2 Management of strategic change
3 Global pandemic – Covid-19
4 Availability of critical information systems
5 Attracting and retaining appropriate
colleague capacity and capability
6 Information security risk (including cyber risk)
7 Quality of Management Information Systems
(MIS) and internal business processes
8 Quality and Security Management Systems
9 Post-Brexit
10 Sustainability
Read more on our risks on pages 40 to 48
Lead the market
Deliver world-class research and thought leadership coupled
with leaders who can gauge audiences and convey our
message across all channels
What we said we would do
• Continue high impact research
What we have achieved
• Published 71 blog posts and 37+ technical advisories
on our dedicated research blog, attracting a quarter of
a million visitors
• Released 35 open-source tools, and contributed to
security standards development for C, Kubernetes
and post-quantum cryptography
• Recognised as some of Microsoft Security Response
Center’s (MSRC) most valuable security researchers
• Led the CyberUp Campaign to improve legal protections
for cyber security and threat intelligence researchers
Read more on page 49
• Commercial R&D accounted for up to nearly 1.5%
of total revenue, under leadership of newly appointed
Head of Commercial Research
Read more on our research on pages 18 and 19
KPIs
3,400+
research days (2020: 3,300)
51
conference presentations,
over 20 at Tier 1 venues (2020: 76)
Link to risks
1
2
4
5
6
7
8
10
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
29
Strategic reportStrategic report�Strategy and KPIs continued
Win business
Deliver excellence
Win high value work as a result of a deep understanding of
our customers’ cyber needs in the context of their business
What we said we would do
• Create “One Global Offer” that articulates the full spectrum
of our services to deliver the firm across the globe
What we have achieved
• Increased amount and effectiveness of marketing spend
following formation of one global marketing team
• Validated strategic focus on cloud, data, managed
services and remediation solutions while creating a more
consolidated and focused platform for future growth
• Used agile methodology to deliver six new solutions in
response to market demand, including a next generation
SaaS platform for digital escrow deposits and secured
digital vault storage, data science-based analytical and
machine learning approaches to threat detection,
and our new data-driven cyber risk quantification
and peer comparison offer
• Formally launched our Software Resilience Partner
Network, working with 51 software vendor
partners as their resilience partner of choice
Deliver consistently high quality solutions that our customers
value, fully utilising our global capability and the technical
excellence of our consultants
What we said we would do
• Promote a global delivery model and embed new ways
of working with our clients, providing a distinctive service
What we have achieved
• Invested £3m to launch and grow our new Remediation
proposition globally, and expand our technology suite
across Managed Detection and Response (MDR) to
include Splunk, CarbonBlack and, now, Microsoft Sentinel
• Implemented Global Assurance (specifically the creation
of one EU business, Global Professional Services and
Global Managed Services) to drive collaboration and unlock
efficiencies through common delivery methodologies and
global resourcing, and common technology stacks and
global product development roadmaps
• Launched a new customer operations team to provide
a single post-sales interface for our UK Software
Resilience customers
KPIs
Technical specialists increased by
49
(2020: 91)
10,600
days’ global resourcing (2020: 5,100 days)
KPIs
Revenue (£m)
£270.5m
.
3
5
1
2
.
0
3
3
2
.
7
0
5
2
.
7
3
6
2
.
5
0
7
2
17
18
19
20
21
134
orders with a value greater than £250k
(2020: 144)
£2.2m
Software Resilience cloud proposition orders (EaaS)
(2020: £1.2m)
Link to risks
1
6
10
Link to risks
1
2
3
4
5
6
7
8
10
30
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Support growth
Develop our people
Provide the tools and processes that enhance how we work
today enabling access to quality management information
Create a positive colleague experience like no other offer
in the industry, investing in our talent and organisation
to unlock our full potential
What we said we would do
• Deploy systems that provide us with the information we
need to run the business in an assertive and agile way
What we have achieved
• On track to build a system ready for the future, offering
global visibility of quality data and improved efficiencies
and profitability
• YoY gross margin improvement of 1.4%
• Systems and process landscape is more robust than ever
• North America Assurance division pilot of Workday PSA
and Kimble to improve user acceptance and embrace
cultural change
• Launch of Workday Adaptive to shift to active
forecasting processes
• Creation of benefits delivery team to drive business
ownership and closer alignment across systems
KPIs
Adjusted operating profit (£m) 2,3
£39.2m
.
8
0
3
.
7
3
3
.
7
0
3
.
5
5
2
.
2
9
3
17
18
19
20
(restated) 3
21
Cash conversion (%) 2,3
88.2%
.
0
8
8
.
0
1
9
.
0
0
1
1
.
9
2
0
1
.
2
8
8
What we said we would do
• Be a hub for cyber talent, and a quirky, distinctive
environment where individuals and teams thrive
• Support our people on learning and development
What we have achieved
• Launched a career framework and learning pathways pilot
for our UK Assurance delivery colleagues across technical,
consulting and management functions
• Launched the Next Generation Manager Programme in
the North America and UK Assurance divisions following
its successful pilot in Software Resilience (100% of the
initial cohort are now in manager roles)
• Created a global people managers’ forum to support them to
manage the drivers of engagement, and expanded our colleague
forums globally, as part of a culture of active listening
• Gender decoded our job adverts and piloted the
redaction of CVs to remove unconscious bias
Read more on our sustainability on pages 53 to 68
KPIs
Attrition rate (%)
17.0%
.
4
3
2
.
1
1
2
.
2
8
1
.
0
7
1
.
4
4
1
17
18
19
20
21
Engagement score (Best Companies)
One to Watch
Employee engagement score
642.7
(2020: 626.9)
17
18
19
20
(restated) 3
21
Link to risks
1
2
3
4
5
7
9
10
Link to risks
1
3
5
10
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
31
Strategic report�Chief Financial Officer’s review
Strong financial performance
Total administrative expenses (including Individually Significant Items)
have increased by £1.5m compared to the adjusted prior year figure
mainly owing to a tighter control of overheads, a reduction on travel
and office costs of c.£3m, a profit arising on disposal of an intangible
asset of £0.5m and a reduction in amortisation of intangibles of
£2.4m, offset by increased system licence costs of £1.3m, a foreign
exchange charge of £1.5m, an increase in a share-based payment
charge of £1.4m and an increase in Individually Significant Items
of £4.8m.
Following the adoption of the IFRIC agenda decision on cloud
configuration and customisation costs, capitalised software and
development costs during the year amounted to £2.3m (2020:
restated £2.3m 3), with all cloud configuration and customisation
costs now being expensed as incurred. Further details on the
application of IFRIC agenda decision and prior year restatement are
included later in this review.
Operating profit has increased by 37.3% to £17.3m (2020: restated
£12.6m 3) following the inclusion of Individually Significant Items of
£12.7m (2020: restated £7.9m 3) in relation to the IPM US Acquisition
(£7.6m) and cloud configuration and customisation costs associated
with the Group’s SGT transformation programme (£5.1m, 2020:
restated £7.9m 3). Operating profit also includes amortisation of
acquired intangible assets of £6.4m (2020: £8.8m) and share-based
payments of £2.8m (2020: £1.4m). Adjusted operating profit 2, 3
increased by 27.7% to £39.2m (2020: restated £30.7m 3). Adjusted
EBITDA 2 increased by 15.4% to £52.5m (2020: £45.5m). Profit
before taxation increased by 54.2% to £14.8m (2020: restated £9.6m 3)
following the inclusion of Individually Significant Items noted above.
Basis EPS amounted to 3.6p and diluted EPS amounted to 3.5p
(2020: restated basic and diluted 2.3p 3). Adjusted basic EPS 2
amounts to 9.5p (2020: restated 7.6p 3).
During the year, we secured the acquisition of the IPM business
and following shareholder approval on 1 June we completed the
transaction for $220m, subject to a normalised working capital
adjustment. On this basis, the results of the IPM business will
be consolidated from 1 June 2021. The acquisition was funded through
an equity placing in May (£70.2m) combined with a new three year
$70m term loan, existing cash balances and our revolving credit facility.
Our Balance Sheet remains strong; we have continued to demonstrate
effective cash management with cash conversion 2 of 88.2% and are
now cash positive. Our Balance Sheet strength can therefore continue
to fund organic and inorganic opportunities.
The Board is also declaring an unchanged interim dividend of 3.15p
per ordinary share (2020: 3.15p). This represents a dividend equal
to that paid in the prior year as the Board is conscious of the need
to invest in initiatives to support longer-term growth and service
debt profile following the recent acquisition. The dividend policy
will therefore continue to remain under review.
Tim Kowalski
Chief Financial Officer
Our Balance Sheet strength
can continue to fund organic
and inorganic opportunities.
Overview 1
We have delivered another period of good financial results,
demonstrating our resilience during a global pandemic. During
2022, the Group will continue to strategically invest for the future
with the expectation of higher revenue growth accompanied
by increased global costs from inflationary pressures as well
as a resumption in travel and office usage.
Group revenues increased by 2.6%. On a constant currency basis 2,
Group revenues increased by 3.6% due to the strengthening of
Sterling against the US Dollar. In Assurance, the North American and
EU Assurance businesses grew by 6.5% and 5.9% respectively on
a local currency basis 3. Our UK and APAC region increased 3.9%,
supported by growth in MDR and the launch of the Remediation
service. Disappointingly, Software Resilience declined by 2.4%.
This decline was mainly a result of execution challenges in a remote
environment together with retaining sales colleagues and attracting
sufficient sales resource to enable a return to contract growth.
Gross profit increased by 5.9% to £110.6m (2020: £104.4m)
with margin percentage increasing to 40.9% (2020: 39.6%)
mainly owing to higher global resourcing and utilisation offset by a
c.£2m provision taken in relation to long-term European contracts
as a result of pandemic disruption, cost increases and project
management challenges. Assurance margin percentage increased
to 36.1% (2020: 34.0%) and Software Resilience decreased to
71.6% (2020: 73.3%) due to execution challenges.
1
2
3
References for the Group’s results are for continuing operations.
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs
in April 2021.
32
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Financial summary
Summary Income Statement 1:
£m
Revenue
Cost of sales
Gross profit
Depreciation and amortisation
Other administration expenses
Adjusted operating profit 2, 3
Individually Significant Items
Acquired intangible amortisation
Share-based payments
Operating profit
Finance costs
Profit before taxation
Taxation
Profit for the year
EPS
Basic
Diluted
Revenue summary:
£m
Assurance
Software Resilience
Total revenue
Operating profit summary:
£m
Assurance
Software Resilience
Central and head office
Adjusted operating profit 2, 3
Individually Significant Items
Acquired intangible amortisation
Share-based payments
Operating profit
Operating profit margin %
2021
270.5
(159.9)
110.6
(13.3)
(58.1)
39.2
(12.7)
(6.4)
(2.8)
17.3
(2.5)
14.8
(4.8)
10.0
3.6p
3.5p
2020
(restated) 3
263.7
(159.3)
104.4
(14.8)
(58.9)
% change
2.6%
(0.4%)
5.9%
10.1%
1.4%
30.7
27.7%
(7.9)
(8.8)
(1.4)
12.6
(3.0)
9.6
(3.2)
6.4
(60.8%)
27.3%
(100.0%)
37.3%
16.7%
54.2%
(50.0%)
56.3%
2.3p
2.3p
56.5%
52.2%
2021
2020
% change
233.9
36.6
270.5
226.2
37.5
263.7
3.4%
(2.4%)
2.6%
2021
29.6
16.0
(6.4)
39.2
(12.7)
(6.4)
(2.8)
17.3
6.4%
2020
(restated) 3
22.3
16.9
% change
32.7%
(5.3%)
(8.5)
24.7%
30.7
27.7%
(7.9)
(8.8)
(1.4)
(60.8%)
(27.3%)
100%
12.6
37.3%
4.8% 1.6% pts
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
33
Strategic reportStrategic report�Chief Financial Officer’s review continued
Financial summary continued
Alternative Performance Measures (APMs)
Throughout this Financial Review, certain APMs are presented. As
discussed in the FY20 Annual Report and in accordance with FRC
guidelines, the Group no longer presents a Consolidated Income
Statement showing adjusting items separately. In prior periods,
the Group disclosed adjusting items in 2020 of £10.2m relating
to amortisation of acquired intangibles (2020: £8.8m) and share-
based payments (2020: £1.4m) as a separate column on the face
of the Consolidated Income Statement. This is no longer disclosed
in this way to simplify the Group’s results. However, as the Group
manages internally its performance at an Adjusted operating profit
level (before Individually Significant Items, amortisation of acquired
intangibles and share-based payments), which management
believes better represents the underlying trading of the business,
this information is still disclosed as an APM. This APM is reconciled
to statutory operating profit, together with the consequently
Adjusted basic EPS (before Individually Significant Items,
amortisation of acquired intangibles, share-based payments
and the tax effect thereon) to statutory basic EPS.
This change has removed the following adjusted measures
from the Group’s narrative reporting and disclosures:
• Adjusted profit before taxation
• Adjusted taxation
Following this revision to APMs, the Group has the following APMs/
non-statutory measures:
• Adjusted EBITDA (reconciled below and in Note 3)
• Adjusted operating profit (reconciled below and in Note 3)
• Adjusted basic EPS (pence) (reconciled in Note 10)
• Net cash/(debt) excluding lease liabilities (reconciled in Note 3)
• Net cash/(debt) (reconciled in Note 3)
• Cash conversion (reconciled in Note 3)
These measures provide supplementary information that assists the
user to understand the financial performance, position and trends of the
Group. Further detail is included within the glossary of terms to these
Financial Statements that provide supplementary information that
assists the user in understanding these APMs/non-statutory measures.
The Group also reports certain geographic regions on a constant
currency basis to reflect the underlying performance taking into
account constant foreign exchange rates year on year. This involves
translating comparative numbers to current year rates for comparability
to enable a growth factor to be calculated. In addition, the Group
also reports these regions on a local currency basis to demonstrate
the revenue performance on a local basis. As these measures
are not statutory revenue numbers, management considers
these to be APMs; see Note 3 for further details.
Divisional performance
Divisional performance includes the allocation of certain central costs incurred on behalf of the divisions. Segmental information is disclosed below:
2021
Assurance
£m
Software
Resilience
£m
Central and
head office
£m
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative
expenses allocated
Adjusted EBITDA 2
Depreciation and amortisation
Adjusted operating profit 2, 3
Individually Significant Items
Acquired intangible amortisation
Share-based payments
233.9
(149.5)
84.4
36.1%
(45.4)
39.0
(9.4)
29.6
–
–
–
36.6
(10.4)
26.2
71.6%
(9.5)
16.7
(0.7)
16.0
–
–
–
Operating profit
29.6
16.0
–
–
–
–
(3.2)
(3.2)
(3.2)
(6.4)
(12.7)
(6.4)
(2.8)
(28.3)
2020 (restated) 3
Software
Resilience
£m
Central and
head office
£m
37.5
(10.0)
27.5
73.3%
(10.0)
17.5
(0.6)
16.9
–
–
–
–
–
–
–
(5.0)
(5.0)
(3.5)
(8.5)
(7.9)
(8.8)
(1.4)
Assurance
£m
226.2
(149.3)
76.9
34.0%
(43.9)
33.0
(10.7)
22.3
–
–
–
22.3
16.9
(26.6)
Group
£m
263.7
(159.3)
104.4
39.6%
(58.9)
45.5
(14.8)
30.7
(7.9)
(8.8)
(1.4)
12.6
Group
£m
270.5
(159.9)
110.6
40.9%
(58.1)
52.5
(13.3)
39.2
(12.7)
(6.4)
(2.8)
17.3
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs
in April 2021. The following additional information and reconciliation is noted in relation to Adjusted operating profit due to the adoption of the IFRIC agenda decision:
Adjusted operating profit (as noted above)
Proforma amortisation charge in respect of certain cloud-based software arrangements (see explanation below)
Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements
2021
£m
39.2
(3.0)
36.2
2020
£m
30.7
(1.4)
29.3
Change
27.7%
(114.3%)
23.5%
The proforma amortisation adjustment noted above represents an estimate of the amortisation that would have been recognised had the Group not changed its accounting policy
in the current year following additional clarification on the accounting in relation to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS)
arrangements in the IFRIC agenda decision issued in April 2021. The proforma amortisation charge is estimated based on cloud configuration and customisation costs charged to
the income statement in the year of £5.1m (2020: £7.9m). The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based
software arrangements is comparable to Adjusted operating profit previously reported.
34
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Amortisation of acquired intangibles decreased during the year as certain historical acquisitions became fully amortised. It is expected that
for FY22, the charge will increase significantly following the US acquisition of the IPM business. Share-based payments increased during the
year following the introduction of new share schemes for key management.
Assurance
The Assurance division accounts for 86.5% of Group revenue (2020: 85.8%) and 76.3% of Group gross profit (2020: 73.7%).
Assurance revenue analysis – by originating country:
UK and APAC *
North America
Europe *
Total Assurance revenue
2021
£m
102.7
82.7
48.5
233.9
2020
£m
98.8
82.4
45.0
226.2
% change
3.9%
0.4%
7.8%
3.4%
*
With the continuing growth and formation of a European division we have changed geographical segments in line with how this information is reported to the Board and managed
on an ongoing basis and have restated prior year figures on a like-for-like basis. The APAC division was previously included within the segment Europe and APAC. See the notes
to the Financial Statements for further detail.
Assurance revenue increased by 3.4% despite lower rechargeable travel expenses, foreign exchange and the ongoing disruption of a global
pandemic. UK and APAC increased by 3.9% supported by growth in MDR and the launch of the Remediation service. North America grew by
6.5% on a local currency basis ($) and Europe experienced continued growth after benefit from multi-year product sales in 2020. Our global
average order value increased by 2.3% year on year.
Assurance revenue analysed by type of service/product line:
Global Professional Services (GPS) **
Global Managed Services (GMS) **
Product sales (own and third party)
Total Assurance revenue
2021
£m
172.2
56.2
5.5
233.9
2020
£m
166.2
49.6
10.4
226.2
% change
3.6%
13.3%
(47.1%)
3.4%
**
With the continuing global growth and focus on recurring revenues we have changed the type of service/product lines in line with how this information is to be reported to the Board
and managed on an ongoing basis and have restated prior year figures on a like-for-like basis. Previously Risk Management Consulting was shown separately and is now included within
Global Professional Services, and certain other activities are now included in Global Managed Services. Contained within GMS is Managed Detection and Response (MDR) which is
considered the high growth service line due to the nature of the cyber resilience market. Product sale categorisation has remained the same.
Global Professional Services grew by 3.6% to £172.2m (2020: £166.2m) supported by global resourcing with Covid-19 still felt across all
geographies. During the year, day rates have remained consistent.
Global Managed Services, a service line that provides operational cyber defence and managed security services, grew in total by 13.3% to
£56.2m (2020: £49.6m). Within GMS, our MDR offering grew by 14.3% to £45.5m. Sales orders secured during the period amounted to
£71.8m compared to £62.0m in 2020, a 15.8% increase, although slower procurement processes were still experienced due to the pandemic.
Assurance gross profit is analysed as follows:
UK and APAC *
North America
Europe *
Assurance gross profit and % margin
2021
£m
41.0
27.4
16.0
84.4
2021
% margin
39.9%
33.1%
33.0%
36.1%
2020
£m
35.0
25.9
16.0
76.9
2020
% margin
% pts
change
35.4% 4.5% pts
31.4% 1.7% pts
35.6% (2.6% pts)
34.0% 2.1% pts
Gross margin improved due to higher global resourcing (increased from 5,094 days to 10,602 days), lower client travel and billable utilisation (+7%)
through remote delivery, offset by a c.£2m provision taken in relation to long-term European contracts caused by pandemic disruption, cost
increases and project management challenges.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
35
Strategic reportStrategic report�Chief Financial Officer’s review continued
Divisional performance continued
Software Resilience
The Software Resilience division accounts for 13.5% of Group revenues (2020: 14.2%) and 23.7% of Group gross profit (2020: 26.3%).
Software Resilience revenue analysis – by originating country:
UK
North America
Europe
Total Software Resilience revenue
2021
£m
25.2
7.3
4.1
36.6
2020
£m
25.9
7.8
3.8
37.5
% change
(2.7%)
(6.4%)
7.9%
(2.4%)
In Software Resilience, we experienced a disappointing overall revenue decline of 2.4%. This decline was mainly a result of execution
challenges in a remote environment together with recruiting sufficient sales resource to enable a return to contract growth.
The UK experienced a decline of 2.7% exacerbated by recruitment challenges in a pandemic market. North America declined 6.4% albeit
2.9% on a constant currency basis due to a decrease in on-premise testing. Europe, as a relatively new market, continued to progress
positively during the year mainly due to increased testing revenues. Renewal rates improved to 89.2% (2020: 87.0%) and remain within
our expected range.
Software Resilience revenues analysed by service line:
Software Resilience services revenue
Software Resilience contracts
Verification services
Total Software Resilience revenue
2021
£m
24.0
12.6
36.6
2020
£m
25.8
11.7
37.5
% change
(7.0%)
7.7%
(2.4%)
Our contract revenue was impacted by the pandemic and sales recruitment challenges. Our future expectation is that our nascent channel
sales model will contribute to revenue going forward. Verification services grew 7.7% to £12.6m owing to the success of EaaS (£0.8m).
Gross margin is analysed as follows:
UK
North America
Europe
2021
£m
18.4
4.9
2.9
2021
% margin
73.0%
67.1%
70.7%
2020
£m
19.5
5.3
2.7
2020
% margin
% pts
change
75.3% (2.3% pts)
67.9% (0.8% pts)
71.1% (0.4% pts)
Software Resilience gross profit and % margin
26.2
71.6%
27.5
73.3% (1.7% pts)
Gross profit has declined due to the challenges noted above and as we started to make investments in our channel proposition and cloud
infrastructure to underpin sustainable growth.
Individually Significant Items
During the period, the Group has incurred £12.7m of Individually Significant Items (ISIs) (2020: restated £7.9m 3). These items relate to
the acquisition of the IPM business (£7.6m) and cloud configuration and customisation costs associated with the Group’s transformation
programme SGT (£5.1m, 2020: restated £7.9m 3). These costs are considered material and are in accordance with the Group’s policy on
identification of certain costs that distort the underlying performance of the Group. For further detail, please refer to Note 5 to the consolidated
Financial Statements.
36
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Net finance costs
Net finance costs for the period were £2.5m compared to £3.0m in
2020 due to the reduction in our drawn facilities and LIBOR during
the global pandemic. Net finance costs include lease financing costs
from IFRS 16 of £1.2m (2020: £1.2m).
Taxation
The Group’s effective statutory tax rate is 32.4% (2020: restated
33.3% 3). The Group’s adjusted tax rate is 27.8% (2020: 23.5%).
The effective rate remains above the UK standard rate of
corporation tax, reflecting the origin of a reasonable proportion of
Group profits in overseas territories with higher tax rates than the
UK and due to a review of US R&D tax credits recognition.
Earnings per share (EPS)
Statutory
Basic EPS
Diluted EPS
Adjusted 2
Basic EPS
2021
pence
3.6p
3.5p
2020
(restated) 3
pence
2.3p
2.3p
9.5p
7.6p
Cash flow and net debt 2
The table below summarises the Group’s cash flow and net debt 2:
Operating cash inflow before
movements in working capital
Increase/(decrease) in trade and
other receivables
Increase in inventories
(Decrease)/increase in trade and
other payables
Cash generated from operating
activities before interest and taxation
Interest element of lease payments
Finance interest paid
Taxation paid
Net cash generated from
operating activities
Purchase of property, plant and equipment
Software and development expenditure
Proceeds on disposal of intangibles
Equity dividends paid
Repayment of lease liabilities
Proceeds from the issue of ordinary
share capital
Net movement
Opening net debt
Non-cash movements (release of deferred
issue costs and lease financing costs)
Foreign exchange
Closing net cash/(debt) excluding
lease liabilities 2
Lease liabilities
Closing cash/net (debt) 2
Free cash flow (net cash generated
from operating activities less net
capital expenditure)
2021
£m
2020
(restated) 3
£m
47.3
38.8
4.7
(0.2)
(11.0)
(0.2)
(5.5)
19.2
46.3
(1.2)
(1.1)
(5.1)
38.9
(2.7)
(2.1)
0.5
(13.0)
(6.0)
72.6
88.2
(4.2)
(0.2)
(0.5)
83.3
(34.4)
48.9
46.8
(1.2)
(1.6)
(4.8)
39.2
(2.8)
(2.5)
–
(12.9)
(5.3)
1.1
16.8
(20.2)
(0.2)
(0.6)
(4.2)
(38.2)
(42.4)
34.6
33.9
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
37
Strategic reportStrategic report
�Chief Financial Officer’s review continued
Cash flow and net debt 2 continued
Net cash/(debt) 2 can be reconciled as follows:
Cash and cash equivalents
Borrowings (net of deferred issue costs)
Net cash/(debt) excluding lease
liabilities 2
Lease liabilities
Net cash/(debt) 2
2021
£m
116.5
(33.2)
83.3
(34.4)
48.9
2020
£m
95.0
(99.2)
(4.2)
(38.2)
(42.4)
The calculation of the cash conversion ratio 2 is set out below:
Net operating cash flow before
interest and taxation (A)
Adjusted EBITDA 2 (B)
Cash conversion ratio 2 (%)
(A)/(B)
2021
£m
46.3
52.5
2020
(restated) 3
£m
% change
46.8
45.5
(1.1%)
15.4%
88.2%
102.9% (14.7% pts)
Cash conversion remains above our medium target of c.85%, as we
have maintained strong cash management through the global pandemic.
The increase in tax paid is mainly due to the FY20 deferral of £1.2m
under government tax deferral schemes now fully repaid.
Net cash capital expenditure during the year was £4.3m (2020: restated
£5.3m 3) which includes tangible expenditure of £2.7m (2020:
£2.8m) and capitalised software and development costs of £2.1m
(2020: restated £2.5m 3), which has been offset by proceeds from
the disposal of an intangible asset for £0.5m. Additional cash capital
expenditure will be incurred during 2022 as we finish the installation
and improve our new systems.
Acquisition costs paid prior to the shareholder approval on 1 June 2021
of the US acquisition of IPM amounted to £1.2m. During early
FY22, further costs have been paid of c.£6.4m.
Dividends
Dividends of £13.0m paid in the year (2020: £12.9m) comprised
the final dividend for FY20 of 3.15p and the interim dividend of 1.5p
per ordinary share for FY21 (2020: 1.5p). The Board is declaring an
unchanged final dividend of 3.15p per ordinary share (2020: 3.15p).
This represents a dividend equal to that paid in the prior year as the
Board is conscious of the need to invest in initiatives to support
longer-term growth and service debt profile following the recent
acquisition. The dividend policy will therefore continue to remain
under review.
The final dividend will be paid on 12 November 2021, to shareholders
on the register at the close of business on 15 October 2021.
The ex-dividend date is 14 October 2021.
IPM acquisition and future statutory reporting
As noted within the Business Review, prior to our ownership of IPM,
the business generated revenues of c.£23m and operating profit of
c.£15m for the 12 months ended 31 December 2020, with cash
conversion of c.90%. It is expected that for NCC Group’s FY22
financial year, the business will report proforma numbers on a similar
basis and that we will incur c.£2.5m of one-off integration costs.
However, on a statutory basis the Group will have to recognise
acquisition fair value adjustments for the first year only in relation
to deferred income, resulting in an expected consequential reduction
to IPM numbers in relation to revenue and operating profit for the
first year only.
Application of IFRIC agenda decisions
and prior year restatement
In April 2021, the IFRS Interpretations Committee (IFRIC) published
an agenda decision on the clarification of accounting in relation to
the configuration and customisation costs incurred in implementing
Software-as-a-Service (SaaS) as follows:
• Amounts paid to the cloud vendor for configuration and
customisation that are not distinct from access to the cloud
software are expensed over the SaaS contract term
• In limited circumstances, other configuration and customisation
costs incurred in implementing SaaS arrangements may give
rise to an identifiable intangible asset, for example, where code
is created that is controlled by the entity
• In all other instances, configuration and customisation costs
will be expensed as the customisation and configuration
services are received
Due to the nature of this agenda decision and the level of spend
incurred in relation to the Group’s Securing Growth Together digital
transformation programme, the Group’s accounting policy has been
reviewed retrospectively to align with the IFRIC guidance recently
issued in relation to SaaS costs previously capitalised. This has
resulted in a prior year restatement to reflect costs previously
capitalised as an expense when incurred and represents a non-cash
adjustment. See Notes 1, 5, 12 and 34 to the Financial Statements
for further details.
Financing facilities
The Group is financed through a combination of bank facilities,
retained profits and equity. As at 31 May 2021, the Group had
committed bank facilities (revolving credit facility) of £100m (2020:
£100m), of which £33.8m (2020: £100m) was drawn down. These
arrangements were agreed in June 2019 and are due for renewal in
June 2024. Under these arrangements the Group can also request
(seeking bank approval) an additional accordion facility to increase
the total size of the revolving credit facility by up to £75m.
On 12 May 2021, the Group entered into a new Term Loan Facility
Agreement of $70m, to fund the US acquisition of the IPM
Software Resilience business in early June 2021. The Term Facility
is repaid in annual instalments of $23.3m on each of 10 June 2022
and 10 June 2023, with a final instalment of $23.4m payable on
10 June 2024. The Term Facility Agreement also contains financial
covenants consistent with the revolving credit facility.
On our banking covenants, leverage as at 31 May 2021 amounted
to (1.8)x as we have become cash positive (2020: 0.1x) and net
interest cover amounted to 35.0x (2020: 22.7x). The Group was in
compliance with the terms of all its facilities, including the financial
covenants, at 31 May 2021 and expects to remain in compliance
with the terms going forward. The terms and ratios are specifically
defined in the Group’s banking documents (in line with normal
commercial practise) and are materially similar to GAAP with the
exceptions being net debt excludes IFRS 16 lease liabilities and
Adjusted EBITDA 2 excludes amortisation of acquisition intangibles,
share-based payments and Individually Significant Items.
38
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Going concern
The Directors have acknowledged guidance published in relation
to going concern assessments.
The Group’s business activities, together with the factors likely to
affect its future development, performance and position, are set out
in the Business Review and Financial Review. The Group’s financial
position, cash and borrowing facilities are also described within
these sections.
The Financial Statements have been prepared on a going concern
basis which the Directors consider to be appropriate for the
following reasons.
The Directors have prepared cash flow and covenant compliance
forecasts for the 12 month period ending September 2022 which
indicate that, taking account of severe but plausible downsides and
the anticipated impact of Covid-19 on the operations of the Group
and its financial resources, the Group and Company will have
sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving
credit facility that matures in June 2024. The Group is required to
comply with financial covenants for leverage (net debt to Adjusted
EBITDA 2) and interest cover (Adjusted EBITDA 2 to interest charge)
that are tested bi-annually at 31 May and 30 November each year.
As at 31 May 2021, the Group had drawn down £33.8m for working
capital requirements.
Subsequent to the year end and shareholder approval on 1 June,
the Group acquired on 7 June the IPM business for $220m; the US
acquisition was funded through an equity placing in May of £70.2m
(net proceeds) combined with a new three year $70m term loan,
existing cash balances and our existing revolving credit facility.
The impact of the acquisition on the Group’s financial performance,
covenants and business model has therefore been considered within
this going concern assessment. As at 2 June 2021, following the
acquisition of the IPM business, the Group had drawn down £75.5m
of its revolving credit facility and was due to incur further transaction
costs of £6.4m. As at 31 August 2021, cash, net debt (excluding
lease liabilities) 2 and headroom amounted to £43.6m, £74.7m and
£80.5m respectively.
Although the Group has demonstrated resilience to the challenging
environment resulting from Covid-19, the Directors acknowledge
that the financial performance of the Group has been adversely
impacted to a certain degree since the commencement of the
pandemic, and for this reason the base case forecast for 2021
reflects this assessment. The continuing macro-economic risks
and potential changes in government policies (on the severity of
enforced lockdowns worldwide) could have a continued effect
on the Group’s performance. However, trading throughout the
pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible
scenarios as follows:
1.
2.
3.
4.
5.
The performance of FY22 continues to be similar to that
of 2021, including the impact on regional and international
operations of the Group and a potential reduction in growth.
An additional impact of Covid-19 during a two month period
from January to February 2022 which coincides with a similar
economic pandemic pattern as 2021.
Potential impact of customers’ inability to pay during a
specified period.
Failure of execution of the strategy, loss of key customers and
a number of acquisition related risks crystallising (for example
increased customer churn, integration and cash collection issues).
Software Resilience performance does not return to growth and
the Assurance business experiences similar impact of Covid-19
on its performance as 2021.
These scenarios have been modelled individually and also in combination
in order to assess the Group’s ability to withstand multiple challenges,
although the Directors do not believe a scenario combining all these
risks to be plausible. The impact of these sensitivities has been reviewed
against the Group’s projected cash flow position, available bank facilities
and compliance with financial covenants. In the instance that a
combination of the above scenarios arise, mitigating actions would be
required to ensure that the Group remains liquid and financially viable,
which might include a reduction of planned capital expenditure, freezing
pay and recruitment and not paying a dividend to shareholders. All of the
mitigating actions are within the Directors’ control. These forecasts,
including the severe but plausible downsides, show that the Group is
able to operate within its available banking facilities, with no forecasted
covenant breaches, and that the Group will have sufficient funds to meet
its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other
Group trading entities for financial support. Having reviewed the
current trading performance, forecasts, other Group trading entities’
financial support, debt servicing requirements, total facilities and risks,
the Directors are confident that the Company and the Group will have
sufficient funds to continue to meet their liabilities as they fall due for
a period of at least 12 months from the date of approval of these
Financial Statements. Accordingly, they continue to adopt the going
concern basis of accounting in preparing the Group’s Financial
Statements for the year ended 31 May 2021.
Brexit
The Group’s operations based in Continental Europe have so far
proven structurally resilient to any significant disruption caused by
Brexit. The main risks to the Group from Brexit continue to be any
reduction in demand from an economic slowdown as well as real
or perceived differences in data protection standards which impact
our global ways of working.
Tim Kowalski
Chief Financial Officer
14 September 2021
2
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and customisation costs in April 2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
39
Strategic reportStrategic report�Principal risks and uncertainties
Embedded risk
management systems
Embedded risk management
systems have supported the
Group in pursuing its strategy for
sustainable and profitable growth.
Risk management
Risk is an inherent part of doing business and risk management is
a fundamental part of good corporate governance. A successful risk
management process balances risk and reward and is underpinned by
sound judgement of their impact and likelihood. The Board has overall
responsibility for ensuring that NCC Group has an effective risk
management framework, which is aligned to our business objectives.
The Board has established a Risk Management Policy, which has
established protocols, including:
• Roles and responsibilities for the risk management framework
• Risk scoring framework
• A definition of risk appetite
The integrated approach to risk management diagram summarises
the Group’s overall approach to risk management, which is supported
by a web-based tool – the Integrated Risk Management System (IRMS).
The tool is designed to follow the risk management model described
in the next section and records both strategic and operational risk
registers and tracks risk mitigation action plans, helping embed
ownership of risks and treatment actions while also providing access
to live management information, which is used at both a Board and
operational management level.
NCC Group’s approach to risk management
NCC Group adopts both a “top down” and “bottom up” approach
to risk, to manage risk exposure across the Group to enable the
effective pursuit of strategic objectives. The approach is summarised
in the diagram on page 41.
The approach is one of collaboration, which supports our
comprehensive approach to risk identification, from the “top down”
and “bottom up”. The Group believes that this is the most efficient
and effective way to identify its business risks.
Top down
The Board, Audit Committee and Cyber Security Committee review
risks on an ongoing basis and are supported by the Executive
Committee and subject matter specialists (including Software
Resilience, Assurance, information security, data protection and
health and safety). The Board gives consideration to the Group’s
strategic objectives and any barriers to their achievement.
Bottom up
The Board and senior leadership team engage with colleagues
at every level of the Group in recognition of the importance of
their expertise, contribution and views. In relation to matters of
wrongdoing, or risks not being recognised and adequately managed,
the Group has a robust and effective whistleblowing procedure,
which is supported by the Safecall reporting line.
40
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Top down
Strategic risk management
Bottom up
Operational risk management
• Establishing guidance on the Group’s approach to risk
management and establishing the parameters for risk
appetite and associated decision making
• Identification, review and management of identified
Group strategic risks and associated actions
• Ongoing consideration of:
– IT and cyber-centric risk
– Environmental risk
• Implementing and embedding the Group’s Risk
Management Policy and approach
• Directing the delivery of the Group’s identified
actions associated with managing/mitigating risk
• Identification of key risk indicators, monitoring and
taking timely action where appropriate
• Instrumental in developing the risk management
framework adopted by the Board
• Providing governance and control over the IRMS
• Conduit between the Board and the business units –
providing training and support where appropriate
• Developing and executing a risk-based internal audit
plan to assess the management of risks
• Execution of the delivery of the Group’s identified
actions associated with managing risk
• Timely reporting on the implementation and progress
of agreed action plans
• Provision of key risk indicator updates
n
w
o
d
p
o
t
e
h
t
m
o
r
f
i
k
s
i
r
g
n
g
a
n
a
M
Board
Audit Committee
Cyber Security
Committee
• Periodically assessing the effectiveness of the
embedded Group risk management process
• Challenging the content of the strategic risk register
to support a comprehensive and balanced assessment
of risk
• Reporting on the principal risks and uncertainties
of the Group
Executive Board
and
leadership team
• Responsible for reviewing the operational risks across
the business units and Group
• Challenging the appropriateness and adequacy of
proposed action plans to mitigate risk
• Giving due consideration to the aggregation of risk
across the Group
• Provisioning suitable cross-functional/business unit
resource to effectively manage risk where appropriate
Global Governance
function, incl.
dedicated CISO
• Ongoing monitoring and reporting to the Board in
relation to the progress being made by the business
units in implementing agreed action plans to mitigate
strategic risk
• CISO dedicated to the identification, management,
monitoring and reporting of data security risks
Business units
• Identification and reporting of strategic risk to the Board
• Provision of reports and data relating to significant
emerging risks to the Group (internal and external)
• Implementation of risk management approach which
promotes the ongoing identification, evaluation,
prioritisation, mitigation and monitoring of
operational risk
M
a
n
a
g
n
g
r
i
s
k
i
f
r
o
m
t
h
e
b
o
t
t
o
m
u
p
Effective pursuit of strategic objectives
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
41
Strategic reportStrategic report
�Principal risks and uncertainties continued
C o r p o r a te governance
Identify risks
M onito r
Monitor
delivery of
action plans/
risk universe
Id
e
n
tif
y
Identify
inherent risks
and likelihood
of impact
Risk
management
model
Develop
action plans
(treat, transfer,
tolerate,
terminate)
Assess
adequacy and
effectiveness
of existing
controls
A
d
d
r
e
s
s
Assign
Director-level
sponsorship
Evaluate
mitigated risks
and likelihood
of impact
A ssess
Corporate gov e r n a n c e
Risk management model
The Board has overall responsibility for ensuring that NCC Group
adopts an effective risk management model, which is aligned to our
objectives and promotes good risk management practice. We have
therefore adopted the model described in this section and
summarised in the diagram above.
The Board, Audit Committee, Cyber Security Committee and
Executive Team review risks on an ongoing basis throughout the
year. The appropriateness and relevance of the risks and issues
tracking system – IRMS – are monitored by the global governance
team to ensure that it continues to be updated, meets the needs of
the Group and remains in line with good risk management practice.
In addition, there is a robust process in place for monitoring and
reporting the implementation of agreed actions.
We are satisfied that the Risk Management Policy, framework and
model currently in place are sufficient to manage risk across the Group.
The key areas of identifying, assessing, addressing and monitoring
risks are explained in more detail below:
Identify
Risks exist within all areas of our business and it is important for us to
identify and understand the degree to which their impact and likelihood
of occurrence will affect the delivery of our key objectives. This is
achieved through day-to-day working practices and incorporates risks
in both the internal and external environment. Examples of identification
include horizon scanning for legislative and market changes, operational
and delivery reviews (such as SGT), procedures in relation to projects
and change and independent systems audits.
All identified risks are initially assessed for their “inherent” risk (risk
with no controls in place), using a scoring mechanism that accounts
for the likelihood of an event occurring and the impact that it may
have on the Group. The scoring mechanism adopted takes account
of high impact, low likelihood events and these risks are managed
in a timely manner.
In addition to ongoing risk identification, an annual exercise is
undertaken to review the Group’s strategic risk universe by the
Board. This exercise is reliant on the “top down” “bottom up”
approach discussed earlier.
Assess
Post identification of the Group’s inherent risk exposure, a
comprehensive assessment of the effectiveness of current mitigating
controls is undertaken. This exercise takes account of the design of
the current control environment and the application of these controls
prior to assessing the Group’s current exposure to risk – mitigated
risk score. The Board uses a number of sources of information to
support the scoring of risk and these include, but are not limited to:
• Management updates
• Action tracking and reporting
• Control environment policies and procedures
• Independent audit activity
• Project monitoring reports
Address
Having identified and assessed the risks faced by the Group, the
risks are scored according to likelihood of occurring and impact
to the business should they occur. The risks are then mapped
according to their rating onto a risk heat map, which reflects the
Group’s overall risk appetite set by the Board. The Group’s Risk
Management Policy then provides guidance on the expected level
of response to those risks, depending on where they sit on the risk
heat map. The heat map shows the four bandings in the different
shades of risks as set out below as well as expected actions and
responses to risks in these areas:
• Green – within appetite. Ongoing monitoring in place
• Amber – out of appetite. Some actions are required to treat
the risk to bring this within acceptable levels
• Purple – significantly out of appetite. High combination of
residual probability and impact. Management actions required,
with some urgency, to treat the risk, reducing this to acceptable
levels
• Grey/black – risks that are deemed to have such an impact
that they could theoretically impact the ability of the business
to continue in existence. If any, they would need consideration
in assessing in the Directors’ Viability Statement
An assessment of whether additional actions are required to reduce
our risk exposure is undertaken, with actions falling into the one of
four categories:
• Treat – develop an action plan (applying responsibility, deadlines
and prioritisation) that may include the implementation of additional
controls, or increase the requirement for additional assurance
over the adequacy and effectiveness of the existing controls
• Transfer – use a third party specialist to undertake the activity,
thus mitigating the risk
• Tolerate – determine the risk is within appetite
• Terminate – exit the activity
Output from the evaluation of strategic risks has resulted in
milestone plans owned by senior business leaders, or has been
used in the development of the Group’s transformation programme.
42
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�h
g
H
i
t
c
a
p
m
I
8
4
3
7
1
11
6
5
10
9
2
w
o
L
Low
1 Business strategy
2 Management of
strategic change
3 Global pandemic –
Covid-19
4 Availability of critical
information systems
5 Attracting and retaining
appropriate colleague
capacity and capability
6 Information security risk
(including cyber risk)
Likelihood
High
7 Quality of Management
Information Systems (MIS) and
internal business processes
8 Quality and Security
Management Systems
9 Post-Brexit
10
Sustainability
11
Acquisition of IPM
Monitor
Ongoing monitoring of risks and related actions is key to the
implementation of our risk management model and, therefore,
NCC Group is committed to making enterprise-wide risk
management part of business as usual. Examples of ongoing
monitoring of business risks include, but are not limited to:
• Annual review of the external audit strategy and plan by the
Audit Committee and Chief Financial Officer to ensure inclusion
of key financial risks
• Annual review of the annual internal audit plan to validate that it
incorporates key areas of business risk
• At each Audit Committee, a review of internal audit reports issued
during the period, including a summary of progress against
previously raised management actions
• Annual review of the strategic risk register by the Enterprise Risk
Management Steering Group (introduced in FY21) and Board to
ensure that it includes risks arising in year
Internal control
Whilst risk management identifies threats to the Group achieving
its strategic objectives, internal controls are designed to provide assurance
that these objectives are being achieved, such as the effectiveness
and efficiency of operations and delivery, accurate and reliable
financial reporting, and compliance with applicable laws and regulation.
NCC Group has established a robust internal control framework
which is made up of a number of components:
Control environment
The control environment has primarily been established taking
account of the Group’s values (working together, being brilliantly
creative and embracing difference) and its Code of Ethics, which
sets the foundations for the expected behaviours, values and
competencies for all colleagues across the Group. The Board,
Executive Committee and extended leadership team lead by
example and strive to maintain effective control environments,
whilst also maintaining integrity and transparency.
Risk assessments
Risk assessments are conducted at both a strategic and operational
level of the Group and support the Group in understanding the risks
that it faces and the controls in place to mitigate them. Importantly,
they provide a mechanism to identify operational improvements
which is vital in our transformational programmes.
Policies and procedures
Established policies communicate expected behaviours and these
are supported through procedures and guidelines defining required
processes and controls. This in turn supports the business to adopt
efficient and effective control environments.
Information and communication
Access to accurate and timely data is key in supporting our colleagues
to make decisions and to be well informed in order to conduct, manage
and control their areas of responsibility. During the year, the Group
has continued to focus on its data systems – rolling out the Workday
Finance system to support consistent controls and reporting.
Activity monitoring
Financial minimum controls were established during FY20 for local
finance teams. The financial minimum controls have been self-
assessed by all finance teams and a programme of audit against
these standards launched in FY21. The financial minimum controls
framework was established in consultation with the Chief Financial
Officer, Group Financial Controller and local Finance Directors and
has taken account of the implementation of Workday Finance.
Further enhancement of the framework is being considered in
preparation for potential changes proposed in the Brydon Review
and related white paper issued by the Department for Business,
Energy and Industrial Strategy.
Financial accounting and reporting follows generally accepted
accounting practices.
Group review and approval procedures exist in relation to major
areas of risk and require Executive Committee/Board approval,
including mergers and acquisitions, major contracts, capital
expenditure, litigation, treasury management and taxation policies.
Compliance with all legislation, current and new, is closely monitored.
Risk and control reporting structure
During the current financial year, NCC Group has focused on
establishing the “three lines of defence” to provide a robust internal
controls structure that will support the Board, Audit Committee,
Cyber Security Committee, Executive Committee and extended
leadership team with accurate and reliable information in relation
to the systems of internal control.
Three lines of defence:
• First line – Group policies and procedures
• Second line – Global Governance function, incorporating
Health and Safety; Information Security; Data Protection;
Compliance and Standards; and Corporate Legal
• Third line – independent challenge and assessment,
including ISO certification and internal and external audit
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
43
Strategic reportStrategic report�Principal risks and uncertainties continued
Principal risks and uncertainties
The Group continues to operate in a particularly dynamic and evolving marketplace. The current strategic risk register has been developed
to reflect those factors and includes those risks that would threaten its business model, future performance, solvency or liquidity. Detailed
descriptions of the current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls
are set out below. A risk related to sustainability (10) has been added to the strategic risks for FY21 and reflects the importance being
placed on a sustainable business strategy by NCC Group and its investors.
The heat map provides a pictorial representation of the Group’s strategic risks and their direction of travel.
Strategic
1. Business strategy
VR
Link to strategy:
Lead the market
Win business
Deliver excellence
Support growth
Develop our people
A comprehensive business strategy
is essential to the continued
success of the Group as we strive
to maximise shareholder value.
Accountable Executive
Adam Palser,
Chief Executive Officer
Impact
A poor strategy or ineffective execution of a strategy
could have a material negative impact on the Group’s
financial performance and value. It would potentially
weaken the Group compared to its competitors and risk
the Group’s established position in the marketplace.
Key controls and mitigating factors
Members of the Board have significant experience
in evolving business strategies. The Board is
significantly engaged in both setting and reviewing
strategy and held a dedicated strategy session in
March 2021.
Risk movement/impact
2. Management of strategic change
Link to strategy:
Win business
Support growth
Develop our people
As the Group adapts and executes
its strategy there are a number of
complex projects and initiatives
that not only need to be delivered
but also require understanding and
support from all colleagues.
Impact
Poor change management could lead to ineffective
implementation of projects that then cost more
to deliver, take longer to deliver and result in
fewer benefits being realised (or all three). Poor
delivery of change could ultimately impair
business performance.
Key controls and mitigating factors
The Group has established a strategic change
management capability and this includes access
to programme management professionals and the
deployment of associated change management
processes, for example the operation of senior
change oversight committees.
Accountable Executive
Adam Palser,
Chief Executive Officer
Operational
Risk movement/impact
3. Global pandemic – Covid-19
Link to strategy:
Lead the market
Support growth
Develop our people
NCC Group has a number of
features which give the Group
greater resilience in the face of a
global pandemic. Failure to prepare
for this may cause disruption and
uncertainty to our business, as well
as risk the health and safety of our
people. Any disruption or uncertainty
could have an adverse effect on
our business, financial results
and operations.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
The potential impact of a pandemic globally is closed
offices, people who are unwell and unable to work
for periods of time and a slow-down in business from
our clients.
Risk movement/impact
Key controls and mitigating factors
During 2021, we successfully moved to remote
working during the lockdown periods across our
offices and were able to deliver our services off
client sites. We have also used remote working as
an opportunity to develop our services to support
remote delivery.
In addition, the Group has developed an office
re-opening programme, which has taken into account
the health and wellbeing of our colleagues, which has
further supported our successful service delivery.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
44
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�4. Availability of critical information systems
VR
Link to strategy:
Win business
Support growth
Develop our people
Impact
If the Group’s critical systems failed, this could affect
the Group’s ability to provide services to our customers.
Risk movement/impact
The Group is heavily reliant on
continued and uninterrupted
access to its IT systems. As well as
environmental and physical threats,
the Group is a natural target for
individuals who may seek to disrupt
the Group’s commercial activities.
Accountable Executive
Steve Boughton,
Global Operations Director
Key controls and mitigating factors
The Group continues to make significant investment
in its IT infrastructure to ensure it continues to
support the growth of the organisation. This has
been particularly pertinent during home working
as part of the response to Covid-19.
The Group has controls in place in order to reduce
the risk of actual loss of critical systems; this has
included a review of single points of failure and these
have been mitigated. Further, controls are operated
to ensure the availability of backup media in the
event of prolonged loss of systems.
The Group also standardises and simplifies processes
whilst increasing resilience. Additional focus is given
to proving the recoverability of systems and data.
5. Attracting and retaining appropriate colleague capacity and capability
VR
Link to strategy:
Lead the market
Win business
Support growth
Develop our people
The Group would be adversely
impacted if it were unable to attract
and retain the right calibre of
skilled colleagues. Some roles
within the Group operate in highly
technical and extremely specialised
areas in which there are shortages
of skilled people.
Accountable Executive
Colin Watt,
Chief People Officer
Impact
Loss of key colleagues or significant colleague
turnover could result in a lack of necessary expertise
or continuity to execute the Group’s strategy.
Key controls and mitigating factors
Colleagues are offered a rewarding career structure
and attractive salary and benefits packages, which
can include participation in share schemes.
An inability to attract and retain sufficient high-
calibre colleagues could become a barrier to the
continued success and growth of NCC Group.
Comprehensive communications with our colleagues
are ongoing and include all-hands calls, The Wire
and Group and local communications.
Risk movement/impact
Linked to the development of our people, the Group
continues to review our values and continues to use
personal performance management processes, and
aligned development programmes, which are linked
to succession planning.
6. Information security risk (including cyber risk)
VR
Link to strategy:
Win business
Deliver excellence
Support growth
Due to the nature of the services
provided by NCC Group, clients
have a high expectation of the
systems, processes and people
handling their data.
In addition, as a cyber security
provider, NCC Group is more
exposed to its systems being
maliciously compromised.
As a result, NCC Group could
experience a malicious cyber-
attack, inadvertent disclosure and/
or compromise of confidential data
and/or any other information
security incident.
Accountable Executive
Steve Boughton,
Global Operations Director
Impact
Failure to maintain control over customer, colleague,
commercial and/or operational data could lead to
a range of impacts, including reputational damage.
The misuse of personal data, for example without the
customer’s consent, or retaining data for longer than
is necessary, may also result in reputational harm,
regulatory investigations and potential fines.
Risk movement/impact
Key controls and mitigating factors
The Board operates a Cyber Security Committee
chaired by the Chair of the Board and is responsible
for the ongoing oversight of this risk and related
control environments.
All colleagues globally are required to undertake
annual security training and updates to alert them
to potential methods of security breach and to their
responsibilities in safeguarding information and
reporting potential issues.
Security testing is regularly carried out on the Group’s
infrastructure and there are extensive response plans,
which were reviewed during the year, in the event of
a major security incident.
Comprehensive plans are in place and being
delivered associated with discharging our data
protection obligations.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
45
Strategic reportStrategic report
�Principal risks and uncertainties continued
Principal risks and uncertainties continued
Operational continued
7. Quality of Management Information Systems (MIS) and internal business processes
VR
Link to strategy:
Win business
Support growth
Develop our people
We need to ensure that trusted
and relevant MIS are available
on a day-to-day basis to inform
management decisions and
drive performance.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
Suboptimal business decision making and
performance as key financial performance data
is not available or trusted.
Risk movement/impact
8. Quality and Security Management Systems
Link to strategy:
Win business
Support growth
We aspire to attain and retain
key internationally recognised
standards, which form an
important component for
many of our customers.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
The risk of the Group failing to retain a core
standard, e.g. 9001, 27001 or PCI, with a
consequential loss of key customer accounts
or ability to operate.
Risk movement/impact
9. Post-Brexit
Link to strategy:
Develop our people
Failure to comply with changing
EU regulations as a result of Brexit
may cause disruption to our business.
Any disruption could have an adverse
effect on our business operations.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
There remains some uncertainty around the detail
of EU regulatory changes as these are finalised
(for example, finalisation of trade negotiations with
the wider world), which may impact on some of the
services delivered by the Group, which fall under
export control regulations.
Risk movement/impact
Key controls and mitigating factors
The Group finance function has developed a
forward-facing Finance Functional Strategy.
Enhancements were identified covering system and
process standardisation. A comprehensive milestone
plan is in place and progress is tracked and reported
to each Audit Committee.
The rollout of Workday across our global finance
teams has been significantly completed and will
support the standardisation of policies and procedures,
in addition to improving efficiency and effectiveness.
Standardised business process control standards are
in place across all parts of the Group. Financial year
2021 has seen the implementation of the new
control self-assessment questionnaires along with
an aligned programme of internal audits.
Key controls and mitigating factors
We operate a comprehensive programme to ensure the
retention of our core standards. This includes a portfolio
of aligned policies and cascading business processes.
A programme of internal audit provides assurance over the
design and application of these policies and procedures.
External assessors provide a further layer of review and
challenge, confirming during the year the retention of
our Quality and Security standards, which were
renewed in April 2021.
VR
Key controls and mitigating factors
Similar to any UK company, we list post-Brexit as
a significant risk due to the continued uncertainty
surrounding the final EU post-Brexit trade deals with
Europe and other international countries, which are
still being negotiated.
As our operations around the world include business
entities based in Continental Europe and the wider
world, we believe NCC Group is structurally resilient
to the post-Brexit trading environment. The main
risks to our business post-Brexit are:
• Changes to export control requirements and related
tariffs being implemented which may impact on
some areas of service delivery
• Real or perceived differences in data protection
standards, which impact our global ways of working
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
46
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�10. Sustainability
Link to strategy:
Support growth
Develop our people
NCC Group recognises the
importance of good environment,
social and governance (ESG)
frameworks as a key indicator
of the Group’s sustainability and
ethical impact of our business.
Accountable Executive
Yvonne Harley,
Global Director of Sustainability
and Corporate Affairs
Impact
Non-compliance with the Group’s frameworks related
to ESG will impact on our ability to display robust
working practices, grounded in good working
practice, which take account of our environment,
people and communities. This in turn could impact
on our ability to develop and maintain business
relationships and may lead to the loss of key
customer accounts and shareholder investment.
Risk movement/impact
New
NR
Key controls and mitigating factors
The Group has developed an ESG framework
which continues to evolve. Examples of progress
to date include:
• Ongoing review of key policies, such as the Code
of Ethics, Whistleblowing Policy, Anti-Bribery and
Corruption Policy and Anti-Trust Policy. These policies
reflect our global footprint and will be translated into
all of our jurisdictional languages in 2022
• Maintained our corporate governance and
decision-making structures during the “move to
remote” during Covid-19 lockdowns
More examples are outlined in the sustainability
section of the report.
11. Acquisition of IPM (Intellectual Property Management)
NR
Link to strategy:
Deliver excellence
Support growth
Develop our people
Impact
Ineffective implementation of the integration plan
may lead to:
• Staggered transition to key systems
• Increased costs against the budgeted £2.5m
Risk movement/impact
New
Key controls and mitigating factors
The Group has established a comprehensive
integration plan, which has been sub-divided into
specific workstreams, including, but not limited to,
finance; legal; compliance; and IT.
Each workstream has specific deliverables, along
with deadlines, and these are being regularly
monitored to validate “on time” delivery and to
enable additional actions/resource to be deployed
if required.
NCC Group obtained shareholder
approval to acquire Iron Mountain’s
Intellectual Property Management
(IPM), post extensive due diligence
on 1 June 2021. The acquisition
of the IPM division significantly
grows the US Software Resilience
customer base and allows us to
support them with a broader set
of services.
A comprehensive integration plan
has been established to support
the effective and efficient
transition of IPM into the Group.
Accountable Executive
Simon Fieldhouse,
Global Managing Director –
Software Resilience
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
Extraordinary risk during the year
During the year, the global pandemic of Covid-19 continued, with minimal impact on financial performance; it also provided
opportunities. The Group mobilised its Executive Support Team and its business continuity plan in January 2020 and this enabled
a number of planned initiatives to be brought forward to support a Group-wide response to remote working and delivery.
We have continued to successfully negotiate with our customers where appropriate to work remotely, which has minimised
disruption to service delivery.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
47
Strategic reportStrategic report�Principal risks and uncertainties continued
Viability Statement
The context for assessment
In accordance with the requirements of the UK Corporate Governance
Code, the aim of the Viability Statement is for the Directors to report
on the assessment of the prospects of the Group meeting its liabilities
over the assessment period, taking into account the current financial
position, outlook, principal risks and uncertainties and key
judgements and estimates in preparing the Financial Statements.
The Directors have based their assessment of viability on the Group’s
current business model and strategic plan, which is updated and
approved annually by the Board, in line with our objectives to deliver
sustainable and profitable growth, increase shareholder value and
offer an improved service and product offering to our customers.
This is underpinned by the strategic priorities outlined on pages 20
and 21 of the Strategic Report. The effective management of
principal risks and uncertainties is outlined within pages 40 to 48
and this assessment emphasises those risks that could theoretically
threaten the Group’s ability to operate, or to continue in existence
(with the VR designation).
The assessment period
The Directors have assessed the viability of the Group over the
three year period to May 2024, as this is an appropriate planning
time horizon given the speed of change and customer demand in
the industry and is in line with the Group’s strategic planning period.
Assessment of viability
The viability of the Group has been assessed taking into account
the Group’s current financial position, available bank facilities, and
the Board approved FY22 budget and three year strategic plan.
The Directors have produced a budget for FY22 which reflects the
anticipated trading levels in the current environment and years two
to three of the strategic plan represent the expected trading growth
over this period factoring in the initial planned growth in the budget.
The Directors have also assessed the viability of the Group taking into
account the current financial position, including the recent acquisition
of the Intellectual Property Management division of Iron Mountain
and the associated new equity issue and additional debt taken on
to fund that acquisition. The Directors have also modelled the impact
of certain severe but plausible scenarios, which have the greatest
potential impact on viability in the period under review, as set out
in the table below. In particular, the Directors have considered the
potential impact of additional Covid-19 related economic disruption
on both the short and long-term growth prospects for the Group in
a number of different scenarios, the potential impact of Covid-19
on customers and the associated impact on the Group’s performance,
as well as the Group’s ability to execute its strategy.
The impact of these sensitivities has been reviewed against the
Group’s projected cash flow position, available bank facilities and
compliance with financial covenants over the three year viability
period. Should these occur, mitigating actions would be required
to ensure that the Group remains liquid and financially viable, which
include a reduction of planned capital expenditure, freezing pay and
recruitment and not paying a dividend to shareholders, all of which
are within the Directors’ control.
Conclusions
Based on these severe but possible scenarios, the Directors have
a reasonable expectation that the Group and Company will be able
to continue in operation and remain commercially viable over the
three year period of assessment.
Scenario
Associated principal risks and uncertainties
Description and potential impact
Business
strategy
Attracting and retaining appropriate
colleagues’ capacity and capability
Failure to deliver the Securing Growth Together
transformation programme.
Loss of key colleagues or inability to attract and retain
key talent.
The potential impact of the above would act as a barrier
to future growth.
A critical systems failure, leading to an inability to provide
services to customers.
The potential impact of this would be short-term reputational
damage and an inability to do business in the short term,
impacting revenue and profits.
A cyber security breach occurs with theft of data and disruption
to business services.
The potential impact of this would be long-term reputational
damage significantly impacting future revenue.
The world was victim to a global pandemic of Covid-19 in early
2020. Most affected countries were locked down for a minimum
of six weeks and the economic disruption is still ongoing.
The potential longer-term impact of this would be loss of jobs
due to loss of revenue. There would also be reputational damage
if there was a cyber security breach due to the remote working
we have put in place to safeguard our people.
Systems
failure
Availability of critical information systems
Cyber risk (including data protection)
Cyber risk (including data protection)
Global pandemic – Covid-19
Cyber
security
breach
Covid-19
(over and
above base
case short-
term impact)
48
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�INSIGHTS:
STAKEHOLDER ENGAGEMENT
Leading reform
through stakeholder
engagement
Katharina Sommer
Head of Public Affairs
Our public affairs function is focused on creating a conducive
political and regulatory operating environment to improve cyber
security policies, so they materially improve the cyber resilience
for our customers and broader society (see pages 50 to 52 for
more on stakeholder engagement).
Nowhere is this demonstrated better than in our continued efforts
to reform the UK’s Computer Misuse Act 1990, to enable cyber
security professionals to undertake this critical work without fear
of prosecution and unleash their full potential in making the world
safer and more secure.
As founding members of the CyberUp Campaign 1, we brought
together peers from across the cyber security industry alongside
trade associations, incubators, academics and parliamentarians, all
of whom believe that UK cyber crime laws should not inadvertently
criminalise the very same people seeking to keep the nation safe
and secure.
This campaign approach paid off, when, in May 2020, UK Home
Secretary, the Rt Hon Priti Patel MP, announced that “now is the
right time to undertake a formal review of the Computer Misuse Act” 2
and launched a call for information to assess if the law remained fit
for use following the technological advances since its introduction
in 1990 3.
The campaign, driven by an evidence-based, pragmatic approach,
considers the operational realities of cyber resilience in modern
day society. The security of the internet and our digital world is
strengthened by the work undertaken by security and threat
intelligence researchers who help us identify and fix weaknesses,
to stay one step ahead of our adversaries.
Our vulnerability assessments of smart doorbells, for example,
demonstrated attackers would be able remotely to control some
devices, further highlighting the importance of good security
practices in developing Internet of Things (IoT) products, and
our research into a cyber threat group showed its preference
for abusing cloud services in its operations, enabling us to help
organisations improve their detection of and protection against
future attacks.
We will continue working with all our key stakeholders to create
a reformed law that adequately protects security and threat
intelligence researchers.
1 https://www.cyberupcampaign.com/.
2
3
https://www.gov.uk/government/speeches/home-secretary-priti-patel-speech-to-cyberuk-conference.
https://www.gov.uk/government/consultations/computer-misuse-act-1990-call-for-information.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
49
Strategic report�Stakeholder engagement continued
Consistent
and authentic
engagement
We believe by understanding
and meeting the needs of our
stakeholders, we will secure
long-term success. This is
achieved through consistent
and authentic engagement.
Here we have highlighted our key stakeholders, their identified
needs and how we have engaged with them. Engagement of each
stakeholder is done so with the NCC Group values at the heart of
everything we do. We recognise the importance of listening to and
understanding the views of our key stakeholders. We use insights to
support our approach, addressing opportunities to build enduring
and trusted relationships. Insights are gathered during our day-to-
day business and are used to improve decision making at every level
of the organisation – from the Board down to operations.
Section 172 statement
Section 172 of the Companies Act 2006 requires a director of a
company to act in the way they consider, in good faith, would most
likely promote the success of the company for the benefit of its
members as a whole but having regard to a range of factors set out
in section 172(1)(a)–(f) in the Companies Act 2006. In discharging
our section 172 duty, we have regard for these factors taking them
into consideration when decisions are made. Examples of how our
Directors have oversight of stakeholder matters and have regard for
these matters when making decisions are set out on these pages.
Colleagues
We are a people business and our 2,000+ colleagues around
the world each have an important role in helping to make the
world safer and more secure.
The opportunity
• Understanding our mission, vision, values and strategy
• Understanding what is expected of them and knowing how they are
contributing to our success
• Spending quality time with their line manager, feeling listened to and
supported, enabling them to feel confident they have the skills to be
successful in their role
• Feeling they are welcome to bring their whole selves to work
How we listen and engage
• Global internal news platform, which gives colleagues the option to
keep up with what’s happening around the Group. Built using the
Dynamic Signal platform, colleagues can share approved content
with their social networks directly at the touch of a button
• Online knowledge hubs to support consistent ways of working and
make it easy for colleagues to understand requirements of their role
• Knowledge sharing events – locally, regionally and globally
• ExCom-led engagement at the local level, targeted as appropriate for
different colleague groups, which includes colleague forums and, in
Europe, Works Councils
• Annual colleague engagement survey with local teams empowered to
drive actions to continue to make NCC Group a great place to work
• Non-Executive Director regular engagement sessions hosted with
colleagues (see page 80)
2020/21 highlights
• Hosted a virtual sales conference and our flagship technical event –
Not the NCC Con – went virtual too, showcasing both our technical
and professional brilliance over a three day period. We were joined by
distinguished external speakers from the infosec world and business as
well as Lord Chris Holmes, a supporter of the UK Computer Misuse Act
reform campaign
• Launched our first ever global team and individual awards
programme (page 66)
• Launched our inclusion and diversity engagement programme –
NCC Conversations (page 55)
• Continued to invest in our colleague wellbeing programme, which included
partnering with This Can Happen, as well as creating a global network
of trained Mental Health First Aiders, and training managers in mental
health awareness to help build resilience throughout the organisation
• Welcomed our new colleagues who joined us from the IPM acquisition
• Continued to invest in colleague engagement, with significant
improvement being seen in how colleagues feel about management,
which represents the investment we’ve made over the past 12 months
in management and leadership development
Covid-19 action
• Made provision for longer-term working from home with physical and
mental wellbeing programmes put in place
• Created a system to support colleagues with urgent needs to access
alternative places to work where home working was not conducive to
a positive working environment
Link to strategy:
Lead the market
Win business
Deliver excellence
Support growth
Link to strategy:
Develop our people
50
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Customers
Shareholders
NCC Group is committed to engaging with our shareholders
through continued sufficient and effective communication.
The opportunity
• Financial performance
• Dividend
• Sound long-term sustainable strategy
• Sound corporate governance and stewardship
How we listen and engage
• CEO and CFO regularly meet investors
• Investor roadshows after the full and half year results
• Chair meets investors on an annual basis
• Open door policy with investors
• The AGM (and this year a general meeting to support
the IPM acquisition)
2020/21 highlights
• All resolutions (with the exception of the Directors’ Remuneration
Report) passed at the 2020 AGM with at least 81% of votes for,
with over 70% of the issued share capital voting
• Further engagement with investors following the significant vote
against the Directors’ Remuneration Report at the 2020 AGM
• Consultation with shareholders on a new 2021–2024 Directors’
Remuneration Policy
• 100% shareholder vote in favour of IPM acquisition
• All Directors attended the AGM and were available to answer
shareholder questions
• Brokers and financial PR firm presented to the Board
• Regular reports to the Board on investors and their feedback
The past 12 months have seen threats turn into impacts
across all markets. Our solutions continue to help to keep
our customers’ businesses secure and operational.
The opportunity
• Using our global understanding of the risks and our customers’
operational challenges
• Developing “right-fit” solutions which improve and enhance our
customers’ cyber resilience
• Bringing our technical investment into solutions beyond what non-cyber
business can do
• Ability to work collaboratively with them, their partners and supply chains
How we listen and engage
• Active account management
• Regular client surveying and management feedback loops
• Increasing investment in research to understand and mitigate risks
across a wide range of current and future technology and industries
2020/21 highlights
• Launched our Partner Network, initially for UK Software Resilience,
expanding the offering through software vendors and helping them
support their customers and scale their businesses
• Partnered with SURF, the cooperative association of Dutch educational
and research institutions, to provide 24/7 security incident and event
management (SIEM) and security operations centre (SOC) services over
the next five years
• Achieved global partner “co-sell readiness” with Microsoft on Azure
Sentinel. This opens up a marketplace for MDR where customers can
use our expertise and achieve their cyber resilience via their Microsoft
Azure technology
• Enhanced our support to the increasing need for security assessments
by becoming an approved provider for Google and Facebook third party
app developer programmes such as ioXt Authorise Lab, Google OAuth
API Verification, Facebook Workplace Security Review and Alexa Built-in
Devices Authorised Third Party Lab and others
• The Escrow division rebranded as Software Resilience – strengthening
its proposition to support customers in achieving broader resilience
of their critical software
• The acquisition of Iron Mountain’s Intellectual Property Management
(IPM) division significantly grows the US customer base and allows
us to support them with a broader set of services
Covid-19 action
• Continued successful delivery through remote working and maintained
a “working together” approach to match our customers’ challenging
needs through the impact of local restricted working practices
Link to strategy:
Link to strategy:
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
51
Strategic reportStrategic report�Stakeholder engagement continued
Suppliers
Our network
We engage with a large number of different suppliers across
our global business. Historically, we have had a very local and
transactional relationship with suppliers; however, to enhance
our competitiveness and remain agile, we are developing
more formalised and sustainable relationships with our
key suppliers based on both spend level and risk profile.
The opportunity
• Long-term trusted partnerships facilitating real, sustainable overhead
cost reduction and cost of sale margin improvement
• Strong working relationships
• Fit for purpose contracts and payment terms, ensuring suppliers
deliver to acceptable service levels and protecting NCC Group from
any long-term commercial inflation
• Ensuring we have a safe supply chain to protect our service delivery
to customers and brand reputation
How we listen and engage
• We now have a small professional, dedicated and experienced
procurement function which actively manages key suppliers,
monitors supply chain trends and supports the business units
to achieve their commercial targets
• Regular meetings to be held with key suppliers to better inform
them of NCC Group’s strategy and future forecasting
• Due diligence completed at the beginning of our relationship
with suppliers
• Intention to host a supplier conference (post-Covid-19)
• Supplier “Code of Conduct” launched to provide clarity around
NCC Group’s expectations of our supply chain
2020/21 highlights
• Delivery of substantial cost savings to support the businesses growth strategy
• Significant restructure of NCC Group’s global estate portfolio to support
the expected new ways of working, post-Covid-19
• Introduction of risk-based analysis of NCC Group’s supply chain to
provide valuable insight supporting the Company though the significant
changes due to Brexit and Covid-19
• Proactive communication of the Source to Pay Policy which underpins
NCC Group’s relationship with its supply chain
• Consistently engaging other business units and corporate functions
to recommend, based on experience, internal efficiency improvements
to drive clearer planning and spend reporting
NCC Group is committed not only to creating a conducive
operating environment to enable our long-term growth
ambitions but to using our expertise to inform evidence-based
policy making and improving the resilience of our societies.
The opportunity
• Our expertise, capabilities and global footprint allow us to offer solutions
to modern society’s cyber challenges
• Educating policymakers and regulators
• Providing access to basic cyber knowledge to those organisations
that are vital to their local communities
• Sharing opportunities to experience the world of cyber and inspiring
the next generation
How we listen and engage
• We work in partnership and build alliances with like-minded and trusted
organisations – from global think tanks and foundations, to trade
associations, charities and campaign groups – to pool resources,
amplify our messages and maximise impact
• We support initiatives by governments and public bodies where we
have shared objectives, such as the UK government’s CyberFirst skills
programme, work with schools and universities to offer mentoring and
industry support, and maintain strategic relationships with national
technical authorities across all of our regions
• We undertake direct engagement and advocacy to share our expertise
with regulators, officials and politicians grappling with the challenges
of emerging technologies and keeping their citizens safe in an
interconnected digital world
2020/21 highlights
• Campaigned forcefully for better legal protections for the crucial work
of security and threat intelligence researchers around the world, as
a founding member of the CyberUp Campaign in the UK that brings
together cyber security professionals, technology firms and start-up
incubators alike, and has seen the UK government undertake a formal
review of the Act, and as a member of the Open Source Security
Foundation (OSSF), to press for security research exemptions in
the US Digital Millennium Copyright Act (DMCA)
• Supported the UK National Cyber Security Centre’s (NCSC) CyberUK
flagship conference for the fifth year running and delivered the NCSC
Cyber Security PhD Winter School virtually allowing academics, industry
and government to connect; offered remote work experience to pupils,
students and interested parties from law enforcement; and concluded
the first year of partnership with the Small Charities Coalition which
helped to build the cyber resilience of up to 12,500 charity employees,
trustees, volunteers, beneficiaries and service users
• Joined the UK’s Cyber Growth Partnership; became part of the UK
Department for Digital, Culture, Media and Sport (DCMS) Secure
Connected Places External Advisory Group; educated global financial
regulators, from the Financial Stability Board to Canada’s OSFI,
on the benefits of technology and software escrow agreements in
supporting operational resilience objectives; and worked with the UK
Industry & Parliament Trust to continue giving parliamentarians an
insight into the day-to-day realities of cyber resilience, and with the
Linux Foundation in the United States to educate Congressional staffers
on workable policy solutions to high profile technology challenges
Link to strategy:
Link to strategy:
52
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Sustainability
Making the world safer and more
secure for all
NCC Group’s commitment to sustainability is integral to how we
do business – simply it is our licence to operate. Grounded in our
values and principles, we’re guided by our Code of Ethics and
driven by our mission to make the world safer and more secure
for our people, our customers, our investors, and the communities
we live and work in.
As society’s dependence on the connected environment and
its associated technologies increase, we use our global insights
to help organisations assess, develop and manage their cyber
resilience posture, enabling them to confidently take advantage
of the opportunities that sustain their business growth.
We draw on our expertise, capabilities and global footprint to
develop solutions to meet current and future cyber challenges.
We help to educate policymakers and regulators. We give
back to protect our local community services and we share
opportunities to experience the world of cyber and inspire the
next generation to secure our future.
Read more on our business model on pages 20 and 21
Read more on how we manage and monitor risk in
relation to sustainability on page 47
Our approach to sustainability is focused on the recognised
elements of environment, social and governance (ESG). These are
brought to life with our framework, which enables us to focus our
efforts on the activities that deliver the greatest value to our people,
our customers, our shareholders, and the world we all live in.
We will set objectives that
consider people and the
planet, and we will hold
ourselves to account through
our annual reporting cycle
and through regular
stakeholder engagement.
Yvonne Harley
Global Director of Sustainability
and Corporate Affairs
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
53
Strategic reportStrategic report�Sustainability continued
Our key sustainability focus areas and objectives
Efficiency
Community
engagement
Climate change
Respect our
environment
T
M E N
N
O
IR
V
N
E
S
O
C
I
A
L
Focus
areas and
objectives
Wellbeing
Inclusion,
diversity, skills
and development
G
OVERN A N C E
Good governance
enabling investment,
innovation and
sustainable
growth
Responsible
supply chain
Quality services
and satisfied
customers
Environment
Social
Governance
• This is a priority area for us to focus
on in this new financial year
• Building on the new and successful ways
of working created by the pandemic we will
engage in conversation with our customers to
explore how we can work together to reduce
the impact on the environment through
reducing non-essential travel
• As our office environments come back to life,
we are investing in education programmes
to reduce our physical impact – from flexible
working and minimising printing, to increasing
recycling. And we will continue to review our
physical office requirements to ensure we only
use what we need
• We’ll design solutions for the future,
driving efficiency into our design and delivery
• We have partnered with Willis Towers Watson
to develop our approach to identifying and
assessing climate change risk, which will
support the development of a robust strategy
and enable reporting against the Task Force
on Climate-Related Financial Disclosures
(TCFD) in 2022
• We continue to foster partnerships that support
development of future diverse cyber talent
• Building on the development of our pilot
programme in the UK (in preparation for lockdown
restrictions easing) we will develop a global giving
back programme, which will enable colleagues
to take part in local community programmes
• We will continue to invest in developing our mental
health first aid network and resources and look
to implement our broader wellbeing strategy,
partnering again with This Can Happen
• Through NCC Conversations we will continue to
encourage engagement from colleagues and our
external stakeholders around our four focus areas
of gender, LGBTQIA+, race and ethnicity and
neurodiversity. Our signing of the UN Global
Compact will reinforce our commitment to our
responsible business operations
• The conversations alongside our performance
management programme and career framework
development will help drive our performance
culture, creating an environment where everyone
is welcome and can be successful
• We continue to be committed to building
long-term sustainable relationships, earning
trust through understanding the challenges
our customers have and delivering high quality
solutions to take their pain away
• We will win business fairly and use our internal
processes to assess and consciously accept
working with customers who align with our
own values and Code of Ethics
• We will strengthen our Supplier Code of
Conduct to ensure we protect the integrity
of our ethics across the supply chain, entering
any supplier or partner relationships with a
mutual understanding of each other’s code
of ethics and general business policies
• We will provide accurate and timely
information to shareholders and always
observe the relevant regulations and corporate
governance principles to protect the integrity
of our business operations
• We will consider the interests of all our
stakeholders when we make decisions on
the Group’s future strategy and priorities
54
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�How we will measure our commitments
In FY22, we are conducting a Responsible Business Tracker with
the UK’s Business in the Community organisation. This will provide
us with a detailed report of how we are performing and coupled with
recent investment ratings feedback will support us to identify
longer-term sustainability targets.
In the interim, in FY22, building on our work to date we aim to:
• Report against the Task Force on Climate-Related
Financial Disclosures (TCFD)
• Establish our local office champion network and provide training
and toolkits to support responsible business practices in line with
health, safety, security and environment requirements
• Create an Accessibility colleague resource group, to look at
inclusion across everything we do – from websites, to our offices
and working off-site – through multiple lenses, always seeking
to improve how we operate
• Measure our travel behaviour and understand the impact on the
environment and how we can improve/offset, with an aim to reduce
activity by 30% based on FY19 (our last full year of travel pre the
pandemic) by:
• Continuing to host routine meetings virtually where it makes
sense to do so
• Embracing flexibility, family friendly policies and remote working
• Piloting a new pricing model in our UK Assurance business
to help customers understand the environmental impact of
on-site delivery versus remote delivery
• Continue to increase the diversity of our workforce by
establishing partnerships and ensuring our focus on creating
an environment where everyone feels welcome:
• In FY21, 29% of all hires (where gender was disclosed) were
female, with an increase of 43.5% on actual female hires
compared to FY20; in FY22 we commit to achieving the same
or better through our targeted efforts and working with hiring
managers to realise the value of difference
• Establish partnerships in the UK and North America to support our
early careers programme, with a focus on underrepresented groups
• 100% of eligible colleagues undertake compliance training covering
Code of Ethics, Inclusion and Diversity, Anti-Bribery and Corruption,
Data Privacy and Data Protection and Information Security
• Launch our Action Ally programme, led by the Gender colleague
resource group, to educate and inspire 100% of our colleagues
to be inclusive every day
Reflections on the past year
While technology was able to break (in part) the barrier of isolation
caused by the global pandemic, there was also a risk of it becoming a
barrier as fatigue and frustration started to creep in. We know from our
engagement with other organisations we weren’t unique, and we took
action to mitigate the risk to our Covid-19 survive and thrive strategy.
We continued to focus on the health and wellbeing of colleagues –
prioritising the training of a global network of 61 Mental Health First
Aiders and training over 100 managers in mental health awareness
and supporting wellbeing, building resilience through a series of
engagements throughout the organisation.
We also launched our NCC Conversations programme to support
engagement around our four inclusion and diversity priorities (page
62) – gender, LGBTQIA+, race and ethnicity and neurodiversity. The
conversations, hosted through panel sessions, articles, workshops
and podcasts, have led to positive changes in how we operate as a firm.
NCC Conversations is such a great
initiative and, although we are all
remote working, it feels like this has
somehow brought us closer together.
Holly Duncalf
Project Manager
Our focus on inclusion and diversity is sustained through embedding
insights for dialogue, and local target setting into our monthly
executive business reviews and is a key priority in our growth strategy.
We continued to reduce complexity in our business, reducing our legal
entities, combining our Benelux and Danish entities to create one
powerful European business and creating a global operating committee
to unify how our professional and managed services operate in
service of our customers. This not only increases our ability to attract
a wider and more diverse talent pool but also reduces the risk of
regional talent challenges affecting our ability to deliver for customers.
In the ever-increasing connected society, cyber resilience is important
and should be part of responsible business practice – from design
to operations. As a major player in the cyber resilience market, we
have a responsibility to apply our world-class research skills, market
knowledge and threat intelligence to ensure we design products
and services that support our customers to meet their whole cyber
resilience posture requirements.
This is the driver of the progress towards our vision to be the
complete global provider of cyber resilience solutions within a
growing global market and evidenced with the launch of new
propositions to meet this requirement.
Partnership for the goals
We review partnerships on an annual basis with a view to ensure
they continue to be of value. In the past year we became members
of the UK’s Business in the Community programme, undertaking
its Responsible Business Tracker assessment to support our future
sustainability plans. In this new financial year, we have become
members of the United Nations Global Compact, with full Board
and CEO endorsement to embed its principles into our strategy,
culture and ways of working.
More broadly, our active network engagement and industry
partnerships help us to further support the United Nations
Sustainable Development Goals, build global cyber resilience
and help make the whole world safer and more secure.
Investing in a sustainable future
Our commitment is to create an environment where all colleagues
feel psychologically, emotionally and physically safe to be authentic
and representative of the diversity of the world they live in, to share
their personal experiences and to have equal opportunity to achieve.
We want to drive the focus globally but empower local action
ensuring that we reflect and embrace our differences.
This commitment influences our partnerships, how we recruit and
how we deliver value to our customers. We will continue to secure
the future today and our sustainability agenda will play a strategic
role to support conscious decision making as we begin to set
targets that challenge us to continually improve in making the
world safer and more secure for all.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
55
Strategic reportStrategic report�w
Sustainability continued
Aligning to the United
Nations Sustainable
Development Goals
for best practice
The United Nations Sustainable Development
Goals provide us with a blueprint to
achieving a better and more secure future
for all. We selected the following goals,
which we felt were most relevant to our
business and to our stakeholders:
Our Sustainable
Development Goals
3 – Good health and wellbeing
Through our threat intelligence and cyber
resilience solutions, we are helping to secure
the technology for increasing and protecting
the provision of health services globally.
4 – Quality education
We are focused on investing in the future
of cyber security skills, developing not only
career frameworks and pathways for research,
but also helping to protect the technology,
which gives access to education.
5 – Gender equality and 10 – Reduced inequalities
We are committed to building a diverse and
inclusive culture, for our colleagues and our
customers.
We are focused on equality, creating an
environment where everyone is welcome
and can be successful.
8 – Decent work and economic growth
We are a global business, with local hubs,
attracting and developing diverse talent – from
early careers to senior experts – all to support
the global need for cyber resilience skills.
9 – Industry, innovation and infrastructure
and 17 – Partnerships for the goals
Our commitment to research, vulnerability
disclosure and threat intelligence and the
industry partnerships we foster help to provide
safe and secure by design technologies, which
enable industrialisation and innovation to drive
future developments.
13 – Climate action
As well as our own ambition to reduce our
carbon footprint, working with our customers
we will seek to contribute to reductions in
global greenhouse gas emissions through
continuing to develop remote solutions.
16 – Peace, justice and strong institutions
Our value proposition is based on trust
and this is founded on our Code of Ethics,
considering the interests of all our stakeholders
when we make decisions on the Group’s
future strategy and priorities.
56
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Environment
Out of 207 company cars (the UK and Netherlands):
61
are fully electric
113
are other
33
are hybrid
78
Average CO2 emissions of our company car fleet
Greenhouse gas emissions
The greenhouse gas (GHG) reporting period is aligned with
our financial reporting year running from 1 June to 31 May.
The reported figures detail annual GHG emissions from activities
for which NCC Group is directly responsible. Having considered
the production metrics within the business, we have concluded that
annual turnover is the most appropriate to achieve a benchmark,
which aligns with the carbon reduction policy and methodology
that we will work towards in FY22.
The methodology used to calculate total energy consumption and
carbon emissions has been through the extraction of consumption
data from invoices and meter reads for the financial years stated.
Where data was not available, estimates have been calculated
using historical profiles and details held on record by the Group’s
Compliance department for audit purposes. Energy and fuel
consumption has been expressed in tonnes of carbon dioxide
equivalent (tCO2e), using 2019 DEFRA published conversion
factors. Fuel for transportation has been converted using statistical
data sets published by the UK Department of Transport.
The overall energy and carbon report was produced by PEP Energy,
an independent third party that analysed invoices from energy suppliers
and data from expense systems to calculate the overall results.
Pandemic considerations
Over the past year, we’ve had little use of our global office space
due to pandemic restrictions and we’ve also reduced our office
footprint so comparing like for like is not possible.
Our calculations do not consider the impact of our colleagues
working from home and the increase of their domestic energy use
or decrease of their commuting over the full year. We are continuing
to seek expert advice on how this can be measured to enable us to
truly reflect the CO2 emissions of our organisation as we continue
to operate in a more flexible environment in the future.
Energy performance benchmarking
In FY22 our aim is to reduce carbon intensity for the Group and,
working with our key stakeholder groups, we will set out targets,
which will minimise the impact of our operations on the environment.
Due to the size and nature of NCC Group, an external environment
audit is not required; however, we will continue to assess this as the
Group grows in conjunction with any legislative developments.
Electricity: 65.63
Emissions by type %
Air: 6.42
Gas: 17.62 6+
Electricity (tCO2e)
Petrol: 5.32
Diesel: 5.00
345
415
298
2018/19
2019/20
2020/21
Gas (tCO2e)
63
61
80
2018/19
2019/20
2020/21
Diesel (tCO2e)
187
122
23
2018/19
2019/20
2020/21
Petrol (tCO2e)
122
64
24
2018/19
2019/20
2020/21
Air (tCO2e)
611
222
29
2018/19
2019/20
2020/21
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
57
Strategic reportStrategic report66
+
5
+
5
+
18
M
�Sustainability continued
Environment continued
Source
Scope 1
Gas
Company vehicles
Diesel
Petrol
Total scope 1
Scope 2
Electricity
Total scope 2
Total scope 1 and 2
Scope 3
Business travel
Total scope 3
Total scope 1, 2 and 3
Underlying energy use
The table below shows the proportion of Scope 1 and Scope 2
energy use that occurs in the UK and non-UK countries alongside
the total carbon emissions. In FY21, 45% of the Group’s energy
consumption and 72% of carbon emissions arose from the UK.
Area
UK
Non-UK
1,436,210
1,780,945
Total
3,217,155
FY21 energy use
FY21 carbon emissions
KwH
% of global
energy use
tCO2e
% tCO2e
45%
55%
N/A
305.003
119.577
424.58
72%
28%
N/A
Task Force on Climate-Related Financial Disclosures
(TCFD)
We recognise the importance of identifying the financial and
non-financial impacts of climate change on the business. To make
more informed financial decisions, we and our investors, lenders and
insurance underwriters need to understand how climate related risks
and opportunities are likely to impact our future financial position.
A robust approach to assessing climate change risks and opportunities
will support us to develop business strategies, which will support future
sustainability and growth. While we are not required to report against
TCFD requirements this year, we recognise the importance of this
initiative and how it aligns with our wider ESG agenda.
We have established a partnership with Willis Towers Watson to further
develop our approach to identifying and assessing climate change risk,
which supports the development of a robust strategy.
The model to achieve this is shown opposite.
Total GHG tCO2e
2019
2020
2021
63.11
185.83
121.98
63.85
61.35
309.42
187.27
122.15
79.96
46.83
22.68
24.15
248.94
370.77
126.79
345.43
415.32
345.43
415.32
594.36
786.09
222.32
611.17
222.32
611.17
297.79
297.79
424.58
29.14
29.14
816.68
1,397.26
453.72
tCO2 change
from previous
year (2020
and 2021)
% change
from previous
year
19
(263)
(165)
(98)
(244)
(118)
(118)
(362)
(582)
(582)
(944)
30
(85)
(88)
(80)
(192)
(39)
(39)
(85)
(95)
(95)
(68)
UK cycle to work scheme
In April 2021 we enhanced the benefit allowance, in line with the
UK government’s cycle to work scheme, from £1,000 to £6,000 for
colleagues living in the UK and using a bike to commute to work.
Colleagues can purchase a bike and equipment through this organised
salary sacrifice scheme and the increase was made because of their
feedback in our colleague forums and annual engagement survey.
This enhancement is part of our overall wellbeing programme and
commitment to reducing the impact we have on the environment.
Secure leadership buy-in
Establish committee oversight
Audit Com mitte e
Integrate
into reporting
Assess
financial
impacts
Ris
k
C
o
m
m
i
t
t
e
e
Perform
scenario
analysis
Adapt
ERM
Obtain
assurance
Implement
internal
control
Collaborate across
the business
Use
existing
tools
Solicit
investor
feedback
58
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�At the very start of the pandemic in early 2020,
an important consideration for organisations
around the world was how they were going to
function as restrictions impacted their traditional
way of working. With remote working becoming
the norm, trust was required to make it work.
Product development – designing today for the future
We are committed to building new products, which support our
sustainability commitments and meet our customers’ current and
future needs. Our product development ethos is to improve our
end-to-end product design and build processes, ensuring we design
with sustainability in mind, purposely and continuously.
This approach enabled us to be agile in adapting many of our
products to be purchased, deployed and implemented remotely,
ensuring we could support our customers as they moved to remote/
hybrid working models due to pandemic restrictions. (An example of
this is our Firebase appliance illustrated opposite.)
Another critical element of our design approach is to ensure our
product offerings are accessible. Our new Calibrate platform, which
offers intelligent data-driven cyber resilience dashboards to guide
risk strategy, is a great example of this. The platform was purposely
designed to support user accessibility for those with the visual
impairment of colour blindness. This inclusive design provides high
colour contrast visual aids to support the interactive engagement
between users and the Calibrate platform.
We listen to our customers, ensuring their voice is represented
in the products we take to market.
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Firebase
With 80% of the work we traditionally do for customers
already being delivered remotely, one area that is often
overlooked is routine security testing. In 2018 our consultants
developed an appliance – Firebase – that would enable
remote security testing to be conducted – a great example
of designing for the future. From the early prototype, NCC
Group’s Nick Watkins developed the current appliance as a
research project supported by Simon Beattie. Their current
version can be downloaded or posted and provides our
customers with a credible and necessary alternative to
ensuring their systems were secure.
Initially launched in the UK, and later in North America and
our APAC region, the Firebase appliance is being developed
and used to support our incident response teams as well as
being planned for use by our European business.
Between 1 April 2020 and 31 May 2021, we conducted 761
jobs using Firebase, which equalled 11,656 days of remote
working, and with an average of a 45–50 mile round trip from
a consultant’s home to customer premises, we reduced our
travel impact by c.500–600k miles – the equivalent of 20–25
times around the world.
We will continue to engage with customers and encourage
continued deployment of security testing remotely to improve
efficiency for their business and remove unnecessary travel,
which has a negative impact on climate change.
We design today for the future, working
in collaboration with our colleagues
across the Group, understanding
the whole needs of our customers
and ensuring our product offerings
are accessible by all.
Michelle Barry
Director of Product and Development
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
5959
Strategic reportStrategic report
�Sustainability continued
Social
Each day at NCC Group our technologists and professionals
wake up with one mission – to help make the world safer and
more secure. Together they form a phenomenal knowledge network,
collaborating, innovating and delivering value to our customers.
This culture is important to us and we strive to create a great place
to work, a place where everyone is welcome and can be successful.
We are guided by our Code of Ethics – treat everyone and
everything with respect; our common values are:
We work together
No matter how brilliant an individual might be, they are no match for
a team. Our best and most impactful work has always resulted from
collaboration. We act in the best interests of the whole Group and
we never miss an opportunity to help each other and our customers.
We exist to help keep our customers safe and secure – the better
we understand our customers and their values, the better we can
help them thrive. So, we work closely with our customers too.
We are brilliantly creative
We like to win. We like to, and we are good at, solving hard
problems. We work hard but, in our world, success does not just
come from hard work – it comes from looking at things differently
and never being satisfied with the way things are. In being brilliantly
creative, we need to work together – we expect collaboration,
innovation, and diversity, which brings us onto our third value…
We embrace difference
The ability to think in a different way (to, for example, how systems
were intended to be used) is what leads to much cyber vulnerability
and is the cornerstone of the security testing and risk work we do.
So, we work together, we are brilliantly creative and:
• We welcome and actively seek out diversity in our thinking and
in our internal representation
• We seek constructive challenge as we gather information before
making a decision
• We want to keep our quirky and distinctive culture (unusual in
an attractive and interesting way)
Listening to colleagues
During the past year, we continued to improve how we listen
to colleagues both at a global and a local level.
We created a monthly team engagement pack for managers to talk
to their teams about various aspects of our business – all with the
aim to ensure we kept connected to our mission, vision, values, and
strategy despite the isolation of the pandemic restrictions. These
monthly sessions encouraged teams to talk, explore and feed back
– not just about our business operations but also how they were feeling.
From those conversations we recognised the opportunity to create
a global people managers’ forum to support them to manage the
drivers of engagement – it enables them to get closer to their local
executive member and our HR team has created a dedicated
resource centre to further support people managers and to improve
how we listen at every level of the organisation.
Building on the UK colleague forum pilot launched in the previous
year, we extended the colleague forums to our operations in Spain,
Australia, Singapore and Japan and our Global Software Resilience
business and Group functions, and we launched a new Works
Council for colleagues in Denmark alongside our existing Works
Council in the Netherlands.
We ran our annual b:Heard employee engagement survey with Best
Companies, increasing our response rate to 81.85% (up nearly 2%)
on the prior year, and continuing to improve our colleague
engagement score to 642.7 (626.9 in 2019). While still within Best
Companies’ index of “one to watch” companies, through robust local
and global action planning and active listening we strive to match
our world-class participation rate with a world-class engagement
score of 3*.
The investment in our Manager Essentials programme can be seen
in the results from our engagement survey where 77% of eligible
managers were recognised by their teams:
Good
Very good
Outstanding
World class
20.5%
18%
18%
20.5%
Jennifer Duvalier, our designated Non-Executive Director for
colleague engagement, continued to meet with colleagues around
the world virtually, extending our listening ability, and you can read
more about her experience on page 80.
Regular town hall events and the creation of virtual communities
using Microsoft Teams gave more opportunities for us to improve
how we listen and learn through our day-to-day operations. Visible
leadership played a critical role in this improvement and even more
so due to the continued isolation of colleagues due to the ongoing
pandemic restrictions.
60
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Investing in personal development
Our ambition is to be known as a hub for cyber talent, a place where
people can come and develop personally and professionally.
In FY21 we:
• Launched a sales academy pilot in our UK and APAC Assurance
division, which provides structured training to support sales
colleagues at every stage of their career – from joining
NCC Group through to advance sales techniques
• Began to build leadership development, with 40 North American
leaders undertaking the Stanford Leadership Development
programme with over 180 managers globally attending our
Manager Essentials programme
• Extended investment in developing our next generation managers
and 22 colleagues in the UK and North America due to graduate
in September 2021. All colleagues from the pilot cohort in FY20
went on to be promoted to managerial roles
In addition, listening to feedback from our colleague forums and
engagement survey, we launched our career framework pilot in
March 2021.
The initial focus for the pilot is our technical community in our Global
Professional Services in the UK and APAC region. The aim is to
clarify how colleagues can progress from junior through to senior
levels and how to move across specialist and management roles,
with a view to empowering them to manage their own career.
The career framework will include:
• A toolkit to help colleagues plan potential career steps/paths
across the role options
• A learning catalogue linked to roles, with details of how
to access learning
• Optional career development workshops for colleagues
• Regular career development discussions as part of our
performance management process
• Clarity on our approach to promotions
The pilot will extend to other parts of the business including our
Global Software Resilience, Global Managed Services and Sales
colleagues over the coming year.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
61
Strategic reportStrategic report�Sustainability continued
Social continued
Creating an inclusive and diverse community
We want to create an environment where all colleagues feel
psychologically, emotionally and physically safe to be authentic,
representative of the diversity of the world they live in, share their
personal experiences and have equal opportunity to achieve.
Our inclusion and diversity plan underpins our growth strategy and
in FY21 was focused on four areas that were identified as being
important to our colleagues:
• Gender
• LGBTQIA+
• Neurodiversity
• Race and ethnicity
For each of these focus areas we have colleague resource groups
led by a Steering Committee, each of which has an Executive
sponsor, HR and a Talent Partner. A dedicated Group Communications
Business Partner is responsible for supporting our colleague
resource groups to drive engagement both internally and externally.
At the heart of our commitment to inclusion and diversity is our NCC
Conversations programme, which we launched in August 2020.
Each month the focus area Steering Committees work together
to produce content, from blogs to panel sessions and resources,
which support our ongoing awareness and education for colleagues.
In addition, the programme includes workshops with external experts
invited to support learning around topics exploring what it means
personally and in the workplace.
What a journey we’ve been on over the past nine months.
The content, the resources, the conversations and the personal
experiences being shared, alongside the feedback we’ve
received both internally and externally, have been inspiring.
Our NCC Conversations programme is a great example
of our values in action. We work together, being brilliantly
creative and embracing difference, and what connects us
– what we all have in common – is our desire to make this
a safe and great place for all.
A highlight for me was when a colleague said: “Had I ever
before today come out as a transvestite in the workplace?
Well, I never had. This is a first for me and it is indeed a big
step. So why did I feel the need to do it? It is because
of our inclusion and diversity programme that I felt like
it was no longer a matter of why, but why not.”
Chloe Kersey
Communications Business Partner and NCC Conversations lead
Inclusion and diversity engagement FY21 highlights
4
colleague resource groups:
Race and Ethnicity, LGBTQIA+,
Neurodiversity and Gender
36
13
external guest speakers
15
Steering Committee members
across the four groups
articles published externally
(newsroom.nccgroup.com)
90
inclusion and diversity
community members
6
Executive sponsors
20
Instagram posts
90
pieces of content
shared internally
1/3
of colleagues attended
at least one workshop
250
average workshop
attendance
Read more online: www.nccgroupplc.com
62
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�These conversations are leading to positive changes in how we
operate as a firm – investing in annual inclusion and diversity
training as well as building into Manager Essentials training,
partnering with organisations to develop future pathways for
diverse talent to enter the industry, reviewing colleague policies, and
improving how we recruit new talent and invest in career development.
Gender pay gap *
We take our role as a responsible employer seriously and see the
UK requirement to publish gender pay gap figures as an important
step towards transparency around a key issue within our industry.
We recognise steps need to be taken to continually improve our
gender mix at all levels as part of our broader strategy and the
investment we are making under our broader sustainability
commitment is supporting us to achieve this. Our full report is
available to view on our website and in FY21, in addition to the work
of our Gender colleague resource group, we continued to support
local initiatives aimed at encouraging more women to enter the
world of cyber security.
* Source: NCC Group payroll data.
Read more online: www.nccgroupplc.com/investor-
relations/corporate-governance/gender-pay-gap/
Main Board
14%
40%
86%
Direct reports to the
Executive Committee
8686+
6060+
7676+
Group
76%
23%
60%
1%
80%
20%
Executive Committee
New hires in FY21
8080+
6767+
29%
67%
4%
Male
Female
Undisclosed
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
63
Strategic reportStrategic report
+
14
14
+
+
0
0
+
+
0
0
+
+
M
M
+
23
23
+
+
1
1
+
+
0
0
+
+
M
M
+
40
40
+
+
0
0
+
+
0
0
+
+
M
M
+
20
20
+
+
0
0
+
+
0
0
+
+
M
M
+
29
29
+
+
4
4
+
+
0
0
+
+
M
M
�Sustainability continued
Social continued
Colleague resource groups – reviews from each chair
Race and Ethnicity
Nadia Batool
Data Protection and Governance Officer
LGBTQIA+
Liz James
Security Consultant
Neurodiversity
Joy Evans
Chief Data Protection and
Governance Officer
We are a global business with colleagues in many different countries around the world.
We work hard to be an inclusive workplace, where everyone is treated with respect.
Discrimination and harassment due to race or ethnicity are unacceptable and will not
be tolerated here.
But saying it isn’t enough, and like many companies addressing the systemic racism
embedded in our societies, we are planning action to remove barriers for underrepresented
individuals that exist within our organisation. Over the past nine months our Race and
Ethnicity Steering Committee has covered key themes such as an introduction to race
and ethnicity, and cultural intelligence, with guest speakers from North America and the
UK discussing how to build an anti-racist organisation. We have also been working hard
on providing colleagues across the Group with resources on inclusive language and
behaviours and why representation matters as well as sharing personal and historic
experiences of racism across the world.
We believe that a workplace in which colleagues feel safe and empowered regardless
of their sexual and romantic orientation, and their gender identity enables everyone to
perform at their best.
We are at the beginning of a long journey and committed to increasing our awareness and
activity in this space to work towards creating an environment that provides inclusion for all
underrepresented groups, ensuring their voices are heard. As the first colleague resource
group in NCC Group, launched in 2019, we were delighted to be joined by the other groups
to create a broader inclusion and diversity community.
This year, our LGBTQIA+ Steering Committee has helped colleagues explore sexual and
gender identity in its many forms, taken a deeper dive into the importance of inclusion and
hosted talks on topics including how language matters, asexuality, being transgender and
transvestism, as well as providing content based on personal experience and informative articles.
Together we have utilised our social platforms to provide advice and support to parents of
children who sit within the community, written to UK Members of Parliament to show our
support against anti-trans bills, made pronoun badges available to colleagues across the
globe and given guidance on adding pronouns onto email signatures.
We strive to create a working environment where neurodiversity is embraced. We value
all colleagues equally and adjust as necessary to meet the personal needs of
neurodiverse individuals.
The NCC Conversations series we’ve led has so far focused on both dyslexia and autism
as a subcategory of neurodiversity, where the Steering Committee has been challenging
taboos and taking a deeper dive into dyslexia and autism in the workplace through a range
of activities including panel discussions, resources, tips for managers and a podcast on
parenting an autistic child.
Most recently, we’ve invited Lexxic, a specialist consultancy championing and advising on
neurodiversity in the workplace, to run an interactive workshop with colleagues to produce
a neurodiversity smart roadmap with recommendations and actions based on any gaps
identified in our business. This workshop builds on an earlier webinar that was hosted
as part of our NCC Conversations series.
Neurodiverse individuals bring many strengths that not only need to be understood but
further celebrated and valued. At NCC Group we are lucky to work with neurodiverse
colleagues who bring many positive attributes to our workplace.
64
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Gender
Natasha Gardner
Technical Pre-Sales Engineer
We recognise that gender inequality affects everyone across all genders. We want to
provide opportunities for every colleague across the Group to be involved, to share
experiences and to help set the vision for how we can work together in creating
a more gender inclusive and diverse workplace.
We are committed to ensuring that equal opportunities are presented across the Group.
We will do this by constantly reviewing and improving our hiring processes and examining
the channels we use for talent attraction and recruitment, at the same time as leading with
an approach of inclusivity and fairness to promote career progression.
Over the past year the Gender Steering Committee, working closely with our people team,
has shone a light on mental and physical health with external talks on the menopause
and prostate cancer, and internal panels on male mental health as well as publishing an
external webpage celebrating some of the incredible women we have working here across
the Group. Our recent project, Action Ally, aims to support and educate colleagues on what
allyship looks like in certain situations through using examples of uncomfortable instances
that colleagues have either experienced or observed throughout their careers in a bid to
recognise and call out poor behaviour. We’ve also established NCC Group Women’s
International Network (WIN), which is open to those who identify as women and are
passionate about championing an inclusive and diverse workforce.
We recognise that now, more than
ever, it’s important for us all to pull
together, as families, as colleagues,
and as communities. Our giving back
day is designed to help colleagues
connect with and support local
communities and causes that
mean something to them.
Ian Thomas
Managing Director, Assurance UK and RoW
Giving back in our local communities
Through our annual engagement survey and local colleague forums,
we know that giving back to our local communities is important to
colleagues. Up until more recently these giving back activities have
been informal and led entirely locally and colleagues were keen for
us to create a more formal giving back activity while still retaining
that local action.
So last year, in preparation for pandemic restrictions lifting, we
developed a pilot giving back programme with colleagues in our UK,
Spain and APAC Assurance division. The programme enables
colleagues to take one day of additional paid leave in a calendar
year, to support a local community or charitable organisation.
During FY22, the programme will be rolled out to the wider Group,
ensuring compliance with local requirements relating to volunteering.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
65
Strategic reportStrategic report�Sustainability continued
Social continued
Partnering with the UK Small Charities Coalition
In 2019, we launched our partnership with the Small Charities
Coalition, organising cyber resilience training workshops to give
small charities the practical tools to improve their cyber resilience.
In FY 2020, despite the challenges of the pandemic restrictions, we
continued to invest in our commitment. Across four virtual workshops,
offering ad-hoc advice, and the production of four easy to understand
cyber security videos, more than ten colleagues invested over
40 hours to help make the world safer and more secure.
71 representatives from small charities across the UK, with an
average annual income of less than £190,000, attended our virtual
workshops: that means that, on average, the cost of a cyber breach 1
represents at least 1% of those charities’ annual income, highlighting
the importance of improved cyber resilience for their future.
Moreover, those charities play a fundamental role in their local
communities and often work with vulnerable communities, or
on sensitive issues, from addiction and mental health support,
to supporting asylum seekers, veterans, disabled children or
disadvantaged communities.
1
https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/
cyber-security-breaches-survey-2021.
Northern
Ireland
Republic
of Ireland
Scotland
North
North
East
East
Midlands
West
Midlands
East
Anglia
Wales
South West
South East
I found it so helpful to get a broad
introduction about the main areas
of cyber security while also getting
lots of specific and practical tips
about the many things I can do to
make our charity as safe as possible.
Workshop attendee
Demonstrating the impact of our work, 80% of charity attendees
said they felt better informed on cyber resilience issues and were
very keen to implement their learnings. And their combined reach
includes the more than 2,500 staff, volunteers and trustees who
work with them, and the more than 28,000 service users and
beneficiaries they support.
Our support has extended to becoming a referral partner for the
Small Charities Coalition helpdesk, so that callers with cyber security
queries will be routed to our NCC Group experts. This builds on our
work with the Federation of Small Businesses’ cyber advice helpline
and the Scottish Business Resilience Centre’s cyber incident helpline.
Celebrating our colleagues
We launched our global NCC Diamonds and Stars awards in July
2020 to celebrate the incredible achievements of our colleagues
– as they work together and as individuals. Our aim was to create
a public platform where we could recognise colleagues and say
thank you, as well as to shine a light on these achievements.
It helps to instil a sense of pride and accomplishment and,
importantly, the value we place on every colleague who every
single day helps to make our world safer and more secure.
Our team awards – NCC Stars – saw 68 entries highlighting
contributions against each of our five nomination categories –
Working Together, Being Brilliantly Creative, Embracing
Difference, Delighting the Customer and Community Champion.
Our global winners were announced in a virtual online ceremony
– not allowing the pandemic restrictions to get in the way of
our celebrations.
Next up in February 2021 we launched our NCC Diamonds,
inviting colleagues to nominate their colleagues. We received
498 nominations, which were judged locally, and winners of
each category were given an “experience of their choice” prize.
The local winners were then submitted to a global judging panel
with our global winners being celebrated across the Group.
Nomination categories:
• Working together
• Being brilliantly creative
• Embracing difference
• Inspiring colleague
• Inspiring manager
• Brand ambassador
66
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Global winners
Working together
Carla Strong
Inspiring colleague
Natasha Gardner
Carla is the person you want to go to whenever you need some
information or have a problem, or if you’re a fresh face at NCC
looking for a little guidance. Along with mentioning her infectious
positive energy, her nominators said that Carla is a fount of all
knowledge on office administration, facilities management,
delivery operations, and any other way she can support colleagues.
Her commitment to ensure that everyone has support means she
truly is an #NCCDiamond.
Beyond her role as a Technical Pre-Sales Engineer, she is chair of
our Gender colleague resource group, a Mental Health First Aider,
a member of the UK Colleague Forum, and host of our internal
podcast series, NCC Untitled. As her nominators said, she manages
each of these responsibilities with an unfailingly positive attitude
and puts her heart and soul into everything she does.
Embracing difference
Charlotte Tanner
Inspiring people manager
Ben Mitchell
When her secondment to Sydney was prevented by the Covid-19
pandemic, she still took on the responsibilities of her new Business
Partner role, despite being unable to relocate. This meant supporting
the APAC team with long, unsociable hours across two time zones!
Those who nominated her spoke of her appreciation of cultural
differences and acknowledgement and respect of colleagues’
diverse perspectives on issues. This, combined with her flexibility,
empathy, and commitment to going above and beyond, has resulted
in several brilliant outcomes for her team.
Ben Mitchell was recognised as the global winner of the NCC
Diamonds inspiring people manager award for his caring, positive
and empathetic attitude. Those who nominated him mentioned his
genuine care for those he manages, his extraordinary support and
encouragement, and his willingness to go above and beyond for
those who need his help.
Being brilliantly creative
aschmitz
Brand ambassador
Tim Anderson
aschmitz was nominated several times for being brilliantly creative,
but one example stands out in particular. When we moved to a
new system in North America, aschmitz was quick to notice that
colleagues required greater functionality than was initially built in.
Realising that the data required for the functionality was available
to them, aschmitz worked around the clock to develop a tool that
would help colleagues use the new system and continue their work
uninterrupted. This brilliantly creative idea is a great example of how
they jump on opportunities to find solutions and help others.
Our brand ambassador award acknowledges those who love sharing
the brilliant things people get up to across the business. Our global
winner, Tim Anderson, kept his network in the loop on recent
research, new partnerships, expert insights, and the latest NCC
Group news with an unparalleled number of shares. His commitment
to letting people know what’s going on at the Group makes him
a true #NCCDiamond.
In addition to colleague nominations, CEO Adam Palser selected Sourya Biswas as the recipient of the CEO
choice award.
Nominated by a significant number of colleagues for a variety of different reasons, Sourya’s impact is felt across
NCC Group. Known for delighting customers through brilliantly creative solutions to problems, his expert insight is
invaluable. He provides support and guidance for colleagues through guides on technical processes, by setting
an admirable example, and by encouraging colleagues to be the best they can be through thoughtful feedback.
His speaking engagements and publications demonstrate his great knowledge and provide new opportunities
to engage with customers and prospects.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
67
Strategic reportStrategic report�Sustainability continued
Our focus is on building long-term sustainable
relationships, earning trust through meeting our
customers’ needs and delivering the highest
quality of services.
We, and our customers, expect our supply chain partners (and their
supply chain) to behave ethically and securely and to treat everyone
fairly and with respect. Supply chain partners are an extension of the
NCC Group team, and our Supply Chain Code of Conduct exists to
clearly articulate the standards and behaviours we expect to see
in our supply chain partnerships.
Our Code of Ethics sets the standard we uphold ourselves to and
we take pride in our approach. We consider the interests of all our
stakeholders, including colleagues, when we make decisions
on the Group’s future priorities and plans.
Anti-corruption and anti-bribery
We do not tolerate bribery and corruption. We have established
policies on anti-bribery and the receiving and giving of gifts, and
hospitality. Anti-bribery awareness is part of our colleague induction
process and regular refresher training is mandated.
Colleagues are encouraged to report any concerns to their manager
or, if required, our confidential and independent whistleblowing service.
The whistleblowing process is overseen by the Audit Committee.
We aim to engender in our colleagues principles of honesty and
integrity and the desire to work to the best of their ability.
We strive to act in a professional, honest and ethical manner in all
our dealings with our customers, colleagues, shareholders, suppliers,
and the community. Our reputation is paramount and nothing we do
should detract from or compromise our standing in the market and
the community. Our independence and impartiality as a Group are
fundamental. We have a Code of Ethics, which all colleagues are
required to adhered to.
Supply chain
Our customers and colleagues respect us for providing a trusted
service, and to achieve this we rely on supply chain partners to
support our business operations.
We are fully aware of the responsibility we have toward our
stakeholders and we seek to work with supply chain partners who
are equally aware of and proud to uphold these high standards.
Our relationship with supply chain partners is based on trust,
collaboration and continuous improvement, underpinned by
fair contracts.
Human rights (including anti-slavery and
human trafficking)
We recognise our responsibility to uphold and protect the rights
of individuals in all aspects of our operations across the world.
Through our published statement and our global policies, we make it
clear that we will observe and uphold the principles contained in the
Universal Declaration of Human Rights and the International Labour
Organization Fundamental Conventions.
We believe that human rights belong equally to all people without
distinction as to race, colour, sex, language, religion, political or other
convictions, national or social origin, birth or other traits. We support
freedom of association, the abolition of forced labour and the
elimination of child labour.
We have a zero-tolerance approach to modern slavery and are
committed to acting ethically and with integrity in all our business
dealings and relationships. We communicate this to all our suppliers,
contractors, and business partners at the outset of the relationship
and regularly thereafter. Our Anti-Slavery and Human Trafficking
Statement is available to download from our website.
Governance and oversight
The Board recognises that robust governance and oversight are vital
to maintaining a strong business, which can weather a changing
business environment.
We have a dedicated and independent Global Governance function,
which has been designed to work together to ensure seamless
oversight of the control environment and management decision
making. This team is made up of:
• Group Legal Services
• Information Security
• Data Protection
• Compliance and Standards
• Health and Safety
• Internal Audit
The Global Governance function reports into the Group Board, or its
sub-committees, the Audit Committee and Cyber Security Committee.
The primary remit of the team is to validate compliance with the
Group’s policies and procedures, legislation and regulations and
good practice.
Read more about our governance on pages 70 to 73
and risk management on pages 40 to 48
This Strategic Report was approved by the Board of Directors
and signed on its behalf by:
Adam Palser
Chief Executive Officer
14 September 2021
Tim Kowalski
Chief Financial Officer
14 September 2021
68
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Governance
As Directors we recognise the renewed focus
on the contribution that a successful company
can make to wider society in general, in addition
to generating value for shareholders, and as a
Board we want to ensure that we have effective
engagement with, and encourage participation
from, shareholders and other stakeholders
Board composition and division of responsibilities
IN THIS SECTION
70 Chair’s introduction to governance
73 Governance framework
74 Board of Directors
76 Executive Committee
78
87 Shareholder engagement
88 Audit Committee report
95 Nomination Committee report
Cyber Security Committee report
98
100 Remuneration Committee report
119 Directors’ report
123 Directors’ responsibilities statement
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
69
�Chair’s introduction to governance
Committed to
good governance
During the year we have made
the commitment that by 2024,
we will have at least 33% female
representation on our Board and
at least one person of colour.
Although this is best practice
for FTSE 350 companies, we will
commit to this target regardless
of which share index we are in.
Chris Stone
Non-Executive Chair
Dear Shareholder
The last year has been one of unprecedented upheaval and disorder
from the Covid-19 pandemic reaching all parts of the globe and
significantly impacting economies everywhere. We as a Board had
a very busy year dealing with the impact of the pandemic on the
Group and also considering its impact on all of our stakeholders.
It is worth noting that we have taken no government subsidies or
loans (other than deferring tax payments), nor have we made any
colleagues redundant or furloughed them during the pandemic.
We continued to pay dividends, in line with our policy, throughout
the year.
We have also been engaged with the Executive Team in ensuring
that all of our colleagues received the best support we could give
them, specific to each of their individual needs, to manage in these
new and changed circumstances. I have been very impressed by the
depth and quality of the colleague support programme that the team
has delivered.
The Board is committed to creating and maintaining a culture where
strong levels of governance thrive throughout the organisation,
specifically ensuring that we send out consistent messages on our
values and acceptable behaviours for our colleagues, our customers,
our suppliers and our advisers.
2020/21 highlights
• Continued to hear from our designated NED
for workforce engagement who reports to every
Board meeting
• Supported management in the major acquisition of Iron
Mountain’s Intellectual Property Management (IPM)
business which will now form part of our Global
Software Resilience division
• Obtained a better understanding of our stakeholders
and how we engage with them
• An increased focus on ESG matters
• Kept normal Board meetings and strategy day
scheduled during lockdown with no meetings cancelled
2021/22 priorities
• Continuing to focus on our stakeholders, particularly
colleague engagement
• Restarting off-site and overseas Board meetings
to support better engagement with all colleagues
• A focus on diversity around the Board table with our
commitment to gender and ethnic diversity by 2024
• Continuing to focus on succession planning
and diversity and inclusion amongst our wider
colleague population
70
�Governance standards
As a Board we have focused our attention on the requirements
of the UK Corporate Governance Code 2018 (the ‘Code’) and are
reporting against this Code in our Annual Report and Accounts.
A key focus for the 2018 Code is culture and ensuring that it aligns
with the Group’s purpose, strategy and values. Culture has been
high on the Board’s agenda for some time and the Board considers
culture to be an essential ingredient in meeting our long-term,
sustainable returns to shareholders and indeed our stakeholders.
The Board, the Executive Committee and the senior management
continue to promote our culture and standards throughout the
business and lead by example to provide a strong corporate
governance framework.
One of the most significant changes to the Code affecting NCC Group
is in respect of workforce engagement. Our main stakeholder is our
colleagues and we wanted to develop meaningful mechanisms to
ensure that we, as a Board, have meaningful and regular dialogue
with our dedicated and committed workforce. This then puts us in
a strong position to deliver our strategy.
To assist us with this, during the year, Jennifer Duvalier, a
Non-Executive Director, has continued her excellent work as our
designated Non-Executive Director for workforce engagement.
Jennifer (along with other Non-Executive colleagues, including me)
has been meeting (albeit virtually) and speaking with colleagues
around the world and reporting back on findings at each Board
meeting via a dedicated agenda slot. We have not let Covid-19 be
a barrier to hearing our colleagues’ opinions around the Board table.
As a people business, this is a crucial area for us to focus on and
get right.
Towards the end of our financial year, we re-joined the FTSE 350
so we are now reflecting on the new governance provisions that
are now relevant and we will report back on these next year.
Board tenure as at 31 May 2021
Chris Stone
Adam Palser
Tim Kowalski
Chris Batterham
6 years 1 month
Jonathan Brooks
Jennifer Duvalier
Mike Ettling
4 years 2 months
3 years 6 months
2 years 10 months
4 years 3 months
3 years 1 month
3 years 8 months
31 May:
2015
2016
2017
2018
2019
2020
2021
Our approach
As individual Directors we recognise our statutory duty to act in
the way we each consider, in good faith, would be most likely to
promote the success of NCC Group for the benefit of its members
as a whole, as set out in section 172 of the Companies Act 2006.
Our role as the Board is to set the strategy of the Group and ensure
that management operates the business in accordance with
this strategy. We believe this approach will promote the Group’s
long-term success and our customers’ interests as well as
create value for shareholders and have regard to our other
key stakeholders such as our colleagues.
The Board’s intention is to hand over the business to our successors
in a better and more sustainable position for the future. We recognise
the renewed focus on the contribution that a successful company
can make to wider society in general in addition to generating value
for shareholders, and as a Board we want to ensure that we have
effective engagement with, and encourage participation from,
shareholders and other stakeholders. During the year we have
reflected on who our key stakeholders are and assessed our
current engagement mechanisms to ensure the effectiveness
of that engagement. We then factor into our decision making
any feedback from that engagement.
Board changes
We have made no changes to the Board during the year. The
biographies of all the Board members can be found on pages 74
and 75.
Board composition and diversity
With regard to our current diversity, I am satisfied that we have
an appropriately diverse Board in terms of experience, skills and
personal attributes among our Board members. The Directors have
many years of experience gained across a variety of industries and
sectors, ensuring a mix of views and providing a broad perspective.
All that said, we recognise that we still have much progress to make
in terms of improving the diversity of the Board and our Executive
Team (and indeed our workforce as a whole). With that in mind,
during the year we have made the commitment that by 2024, we
will have at least 33% female representation on our Board and
at least one person of colour. Although this is best practice for FTSE
350 companies, we will commit to this target regardless of which
share index we are in. (To achieve this commitment by 2024 based
on our current Board size of seven Directors, we would need to have
at least three female Directors out of the seven. At least one of the
seven would be a person of colour).
We will look to address this during future Board and Executive
Committee appointments. Given that this is a fairly young Board
in terms of tenure, this improvement in diversity will not be a quick
process but we are very mindful of the need to take positive action,
and the matter is fully on our agenda. Accessing the candidates we
require to reach this target will involve us looking beyond the obvious
pool of existing board directors within the UK and we intend to
ensure that we extend our talent search to other sectors and
countries to ensure we find a diverse pool of candidates from which
to choose to provide us with true diversity around our Board table.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
71
GovernanceGovernance�Chair’s introduction to governance continued
Effectiveness
As Chair, I am responsible for providing leadership to ensure that
the Board operates effectively. I have been supported in this by all
the Directors, in particular Chris Batterham, our Senior Independent
Director. The annual reviews of Board effectiveness help the Board
to consider how it operates and how its operations can be improved.
This year, the review was undertaken internally and the findings
of this review have provided us with ideas to further improve
the manner in which the Board operates, and build on previous
evaluations. The results were very useful and insightful and have
been incorporated into our plans for the coming year. In particular,
Board succession planning remains a priority, particularly as we look
to ensure the Board and Executive Committee have the right set of
skills and experience to support the Group as the business evolves.
I have been very impressed about how effectively the business as
a whole, and indeed the Board, has transitioned to remote working
during the Covid-19 pandemic. Although I feel that longer meetings
are best done face to face, we have continued to hold all of our
scheduled Board and Committee meetings as planned and also
our strategy day in March, which all attendees agreed was our
best strategy session to date. While being mindful of the impact
of Covid-19 on the wider world and us as a business, our approach
as a Board has been one of “business as usual” and we continue
to focus on important longer-term strategic and governance issues
facing the Group, while supporting management on more short-term
tactical decisions. Despite most colleagues working from home,
we managed to successfully purchase Iron Mountain’s Intellectual
Property Management (IPM) business which will now form part of
our Global Software Resilience division. The acquisition meant that
we held a number of additional Board meetings throughout the
year, and I was very grateful for the flexibility demonstrated by my
colleagues to make sure that they were available for this process.
As lockdown eases, the Board is very much looking forward to
holding some in-person meetings and reconnecting with our
colleagues as part of office and site visits.
Our investors
We are in regular contact with our large investors through a regular
scheduled programme of meetings attended by either our CEO
or CFO or both of them. Chris Batterham, our Senior Independent
Director, and I are also available to meet with investors should the
need arise.
I met with our larger investors in February/March 2021 and fed
back my findings to Board colleagues at the next Board meeting.
In addition, our brokers undertook an investor survey on the back
of our half year results in January and the results of this were
presented and discussed at a Board meeting. Our aim is to
engage with our shareholders in an open and meaningful way.
Ensuring that the Directors’ remuneration packages align the
Directors’ and senior managers’ interests with the long-term
interests of NCC Group and its shareholders is always a key area
of interest for investors. Our Directors’ Remuneration Policy was
last approved by shareholders at the 2020 AGM and at the 2021
AGM we will be asking shareholders to approve a new
Remuneration Policy.
The 2020 Directors’ Remuneration Policy received 81.44% of
votes in favour at the 2020 AGM. Our 2018 and 2019 Directors’
Remuneration Reports received over 99% of votes in favour,
recognising the continued support of our shareholders for our
approach to executive remuneration, so naturally we were very
disappointed with the voting outcome of the 2020 AGM of only
51.53% votes in favour. Jonathan Brooks, as our Remuneration
Committee Chair, consulted with our shareholders who voted
against the Remuneration Report following this significant vote
against and we published our response on 2 February 2021 which
can be read here, https://www.nccgroupplc.com/media/zfhhxutu/
voting-results-of-2020-annual-general-meeting.pdf. The UK
Corporate Governance Code 2018 has increased the role and remit
of the Remuneration Committee and this is reported on within the
Remuneration Report. As part of our new Remuneration Policy, we
will be aligning our Executive Directors’ pensions with our wider
colleague population, and introducing post-employment
shareholding rules.
Statement of compliance with the UK Corporate
Governance Code
The Company measures itself against the requirements of the UK
Corporate Governance Code 2018 (the ‘Code’), which is available
on the Financial Reporting Council website (www.frc.org.uk).
From 1 June 2020 to 31 May 2021, the Company complied with
the Code in full with the exceptions that our CEO and CFO pensions
were not in alignment with our general colleague population, and we
do not have post-employment shareholding guidelines. Both of
these areas of non-compliance will be attended to post our 2021
AGM and subject to shareholder approval of our new Directors’
Remuneration Policy.
Also between 1 June 2020 and 31 May 2021, the Company did not
engage with the workforce to explain how executive remuneration
aligns with the wider Company pay policy as required by the Code.
However, the Remuneration Committee compares information on
general pay levels and policies across the Group when setting
Executive Director pay. Jennifer Duvalier undertakes regular
colleague engagement sessions where colleagues are able to
ask about Executive Director pay. During the year no questions
or concerns on executive pay were raised to Jennifer.
Thank you
We are immensely proud of our colleagues for their extraordinary
efforts during the pandemic, recognising that many were working
from home in far from ideal circumstances, acting in the best interests
of our customers and our stakeholders. I would like to thank all
our colleagues for their incredible contribution in stepping up and
meeting the unprecedented challenges of the Covid-19 pandemic.
Chris Stone
Non-Executive Chair
14 September 2021
72
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Governance framework
The different parts of the Company’s governance framework are
shown below, with a description of how they operate and the
linkages between them.
Board
Provides leadership and is responsible for the overall management of NCC Group, its strategy, long-term objectives and risk
management. It ensures the right Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Board Committees
Support the Board in its work with specific areas of review and oversight objectives and risk management. They ensure the right
Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Audit
Committee
Nomination
Committee
Cyber Security
Committee
Remuneration
Committee
Primary function is to
assist the Board in
fulfilling its financial and
risk responsibilities. It
also reviews financial
reporting, the internal
controls in place and the
external audit process.
Responsible for
considering the Board’s
structure, size,
composition, diversity
and succession
planning.
Responsible for overseeing
and advising on the Group’s
exposure to cyber risk and
its future cyber risk strategy,
its cyber security breach
response and its crisis
management plan and the
review of reports on any
cyber security incidents.
Responsible for
determining the overall
remuneration of the
Executive Directors and
the remuneration of
senior managers (ExCom)
within the broader
institutional context of
remuneration practice.
Read more on pages 88 to 94
Read more on pages 95 to 97
Read more on pages 98 and 99
Read more on pages 100 to 118
Chief Executive Officer
Has responsibility for managing the business and overseeing the implementation of the strategy agreed by the Board.
Executive Committee (ExCom)
Currently comprises the Group’s most senior business and operational executives.
It is responsible for assisting the Chief Executive Officer in the performance of its duties including:
• Developing the budget
• Reviewing the Company’s policies and procedures
• Monitoring the performance of the different
divisions of the Company against the plan
• Carrying out a formal risk review process
• Prioritisation and allocation of resources
• Overseeing the day-to-day running of the Company
• Being responsible for people, talent and culture
For further details on Board composition and division of responsibilities see pages 78 to 86
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
73
GovernanceGovernance�Board of Directors
Our business is led by our Board of Directors. Biographical and
other details of the Directors as at 31 May 2021 are as follows:
Chris Stone
Non-Executive Chair
Adam Palser
Chief Executive Officer
Tim Kowalski
Chief Financial Officer
and Company Secretary
N
C
Chris Batterham
Senior Independent
Non-Executive Director
A
C
N
R
Appointment to the Board:
6 April 2017
Appointment to the Board:
1 December 2017
Appointment to the Board:
23 July 2018
Appointment to the Board:
1 May 2015
Career experience
Prior to NCC Group, Adam was
the CEO of NSL Ltd, the public
services provider. He joined NSL
in 2015 and led the successful
transformation and sale of the
business for its private equity
owner. Between 2003 and 2013
Adam performed a number
of different roles at QinetiQ
including taking responsibility
of QinetiQ’s cyber, information
warfare and professional
services businesses.
External appointments
Adam does not currently have
any external appointments.
Internal appointments
Adam is an Executive sponsor
of the Gender resource group.
Career experience
Chris has held various
Non-Executive Director and Chief
Executive roles at listed and
private equity backed technology
companies. He was CEO of
Northgate Information Solutions
plc from 1999 to 2008, until its
sale, and stayed as CEO until
2011. From 2013 to 2016, he
was CEO of Radius Worldwide.
Chris was also a Non-Executive
Director of CSR plc, and Chair of
the Remuneration Committee,
from 2012 until its sale in 2015.
Chris was also Chair of AIM listed
CityFibre plc from January 2017
until June 2018, when it was sold
to private equity buyers.
External appointments
Chris is the Chair of Everynet BV,
a privately owned Internet of
Things infrastructure business,
and Chair of AIM listed Idox plc.
Chris is also a Non-Executive
Director of Rural Broadband
Solutions Plc.
Career experience
Tim is an accomplished CFO
with significant listed and private
company experience. Prior to
joining NCC Group, Tim was
Group Finance Director of Findel
Plc between 2010 and 2017
and prior to that held similar
roles with Homestyle Group Plc
and N Brown Group Plc. Tim has
significant experience of divisional
financial management within the
hospitality sector. Tim qualified as
a Chartered Accountant with
KPMG and spent his early career
there. Tim has a wide breadth of
finance expertise obtained from
experiencing differing finance
roles within organisations and
also within a variety of companies,
and has been involved in
a number of high profile
financial turnarounds.
External appointments
Tim does not currently have any
external appointments.
Internal appointments
Tim is an Executive sponsor
of the Race and Ethnicity
resource group.
Career experience
Chris is a qualified Chartered
Accountant, spending his early
career with Arthur Andersen, and
also has significant experience in
senior finance roles across the
technology sector. Chris was
Finance Director of Unipalm plc
(the first internet company to IPO
in the UK) from 1996 until 2001,
before becoming CFO of
Searchspace Limited until 2005
and has since held a wide variety
of non-executive and advisory
roles, the majority having a
technology focus.
External appointments
Chris is currently the Senior
Independent Director and
Non-Executive Deputy Chair of
Blue Prism Group plc (and also
chairs the nomination committee,
as well as being a member of its
audit and remuneration
committees) and Non-Executive
Director at Nanoco Group plc
(and also chairs the audit
committee, as well as being a
member of its nomination and
remuneration committees).
Chris is also Chair of Racing
Digital Limited.
Committee key:
A Member of
Audit Committee
C Member of
Cyber Security
Committee
N Member of
Nomination Committee
R Member of
Remuneration Committee
Committee Chair
74
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Diversity of skills and
experience
Strategy development
Jonathan Brooks
Independent
Non-Executive Director
Jennifer Duvalier
Independent
Non-Executive Director
Mike Ettling
Independent
Non-Executive Director
Sales and marketing
R
A
C
N
C
N
R
A
Human resources
Corporate governance
Financial management
M&A
Professional services
Appointment to the Board:
16 March 2017
Appointment to the Board:
25 April 2018
Appointment to the Board:
22 September 2017
Career experience
Jonathan was Chief Financial
Officer of ARM Holdings plc from
1995 until 2002. He has since
held a number of Non-Executive
Director positions with listed and
private technology businesses,
including chairing the audit
committees at IP Group, Aveva
Group, FDM Group, Sophos
Group PLC, and e2v PLC. He
also chaired the remuneration
committees of IP Group and
Xyratex Ltd, where he also
served as Chair between 2011
and 2013.
External appointments
Jonathan does not currently
have any external appointments.
Career experience
Jennifer was Executive Vice
President of People at ARM
Holdings plc, with responsibility
for all people and internal
communications activity
globally, from September 2013
to March 2017.
External appointments
Jennifer is currently the Senior
Independent Director of Trainline
plc (where she is also a member
of the audit and risk, nomination
and remuneration committees)
and an independent Non-Executive
Director and Chair of the
Remuneration Committee of Mitie
Group plc (as well as being a
member of its nomination
committee) (she is also the
designated Non-Executive Director
for colleague engagement at both
companies) and of Guardian Media
Group plc. She is Non-Executive
Director of The Cranemere Group
Ltd, a member of The Council of
the Royal College of Art and Chair
of the Remuneration Committee,
and a senior adviser to the
Cleveland Clinic London and
M Squared.
Career experience
Mike has strong sector and
non-executive experience.
He has had an extensive career
in global technology businesses
including SAP-Sucessfactors,
NorthgateArinso, Unisys, Synstar
and EDS and was formerly a
Non-Executive Director of
Backoffice Associates LLC,
a US PE backed data business,
and also formerly a Non-Executive
Director of Telkom BCX Ltd,
a South African IT and
telecommunications business.
Mike has also served as a
Non-Executive Director with
Topia Inc, a Silicon Valley cloud
relocation software business.
External appointments
Mike is currently CEO of Unit4,
a world leader in enterprise
applications for services and
people organisations. He is also
Non-Executive Director of
Impellam PLC, an AIM listed
recruitment business.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
75
GovernanceGovernance�Executive Committee
Max Baldwin
Group Sales and
Marketing Director
Steve Boughton
Global Operations Director
Max joined the Group in October 2019 and is responsible for
inspiring and challenging its business growth plans towards
continued sustainable and profitable revenue. Max owns the Group
Marketing function and provides regional sales and portfolio teams
with global insight, tools, techniques and direction that support their
business winning objectives. Max was the Executive sponsor of the
Race and Ethnicity resource group in FY21.
Steve is responsible for our Group transformation programme and
for Group central services around the world. He joined the business
in March 2018 from the NSL Group where he was the Chief Operating
Officer supporting the business through its sale in 2017, and previously
served as Managing Director of QinetiQ’s technical advisory
business, leading software and service subsidiaries in the UK,
Canada and Australia. In FY22 Steve will be the Executive sponsor
of the new Accessibility resource group.
Simon Fieldhouse
Global Managing Director,
Software Resilience
Yvonne Harley
Global Director of
Sustainability and
Corporate Affairs
Simon is Global Managing Director of the Software Resilience division,
with locations in the UK, the USA, Europe and the Middle East. Simon
is focused on returning the division to sustainable growth, supporting
Group investment in product innovation to underpin growth across
our EaaS cloud portfolio. Having completed the acquisition of the
Intellectual Property Management company from Iron Mountain,
Simon is leading the integration of the IPM business into NCC Group.
Prior to NCC Group, Simon was the CEO of Hardware.com, an
international value-added reseller of hybrid IT solutions operating in
the UK, the USA, Europe and South Africa. In FY22 Simon will be
Executive sponsor alongside Tim Kowalski of the Race and Ethnicity
resource group.
Yvonne is Global Director of Sustainability and Corporate Affairs
responsible for driving our sustainability strategy and setting
communication standards, channels, brand reputation, colleague
communication, public relations and crisis communication as well
as co-sponsoring our inclusion and diversity engagement initiatives
with Chief People Officer, Colin Watt.
Joining the Group in July 2018, Yvonne has international experience
across a range of industry sectors, which includes senior roles in
financial services, oil and gas, and shipping.
Robert Horton
Global Head of
Assurance Delivery
Nick Rowe
Managing Director, Assurance
North America
Robert has worked in a number of areas across the Group, most
recently on the creation of the single European division. He is also
the Executive sponsor for Global Managed Services. Currently
he is involved in the business transformation programme driving
business alignment.
Robert was a Director of NGS Software, a security consulting
company he co-founded, from its formation in 2001 through to its
acquisition by and successful integration into the Group in 2008.
Nick is Managing Director of the North American Assurance
division based in California. He has held positions across business
development, consulting and operations management since joining
the firm in 1998. Currently Nick is responsible for the Group’s
North American operations since relocating from the UK in 2013
and while the primary focus is on the growth of this region Nick
also sponsors global initiatives across sales, marketing and, as
part of the Group-wide commitment to diversity and inclusion,
the Neurodiversity resource group in FY21.
76
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Inge Bryan
Managing Director,
Assurance Europe
Ian Thomas
Managing Director, Assurance
UK and RoW
Inge is Managing Director for NCC Group’s Continental European
operations, including Fox-IT and the former Fort Consult brand
(Denmark). With a strong career in cyber and security she has
previously held roles with the Dutch National Police and the General
Intelligence and Security Service of the Netherlands and served as
Home Affairs Counsellor in the Royal Netherlands Embassy in Paris.
Before she joined NCC Group Inge was part of the cyber security
leadership team with Deloitte Risk Advisory, securing the critical
infrastructure of the Netherlands, including central government. In
2019 she was listed in the top 100 most influential women in the
Netherlands and one of the 50 most inspiring women in tech.
In FY22 Inge will sponsor the Neurodiversity resource group.
Ian joined NCC Group in December 2018 and is responsible for the
Group’s UK and RoW Assurance division and acts as Executive sponsor
for Global Professional Services and for the LGBTQIA+ community.
Prior to that he was UK MD at Sopra Steria for two and a half years,
following a successful interim career working for a number of global
businesses and private equity backed firms, in Managing Director and
Sales Director positions. He was at Cable&Wireless for eight years,
where he ran global service assurance and the wholesale and public
sector divisions. Ian’s early career includes 14 years at British Airways.
Colin Watt
Global Chief People Officer
Ollie Whitehouse
Chief Technical Officer
Colin is the Global Chief People Officer for NCC Group. He is
responsible for the human resources team across the Group, as well
as being the co-sponsor with Yvonne Harley on the Group’s inclusion
and diversity initiatives. Prior to joining NCC Group, Colin was the
Director of Employee Engagement and Relations at Shop Direct,
the online digital retailer. He previously held a number of senior
leadership roles in Telefonica’s O2UK, research, European and
global HR teams and Co-operative Financial Services.
Ollie is Chief Technical Officer at NCC Group responsible for the
Group’s technical strategy, research, product and development
functions. Ollie is ultimately tasked with ensuring that NCC Group
is well placed with capability and technology to exploit market
opportunities now and in the future. In FY21 Ollie was the Executive
sponsor of the Gender resource group.
Joining the Group in 2012, over the past 25 years Ollie has worked
in a variety of cyber security consultancy, applied research and
management roles. Ollie is Chair of a science advisory council to
the UK government and is an adviser on matters of cyber security
to several government departments.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
77
GovernanceGovernance�Board composition and division of responsibilities
Role profiles are in place for the Chair and Chief Executive Officer, which clearly set out the duties of each role.
Role
Responsibilities
Chair of the Board
(Chris Stone)
Chief Executive Officer
(Adam Palser)
Chief Financial Officer
(Tim Kowalski)
Senior Independent Director
(Chris Batterham)
Is responsible for the running and leadership of the Board, setting its agenda and
ensuring its effectiveness on all aspects of its role, and promoting a culture of openness,
debate and the highest standards of corporate governance. The Chair, in conjunction
with the CEO and other Board members, plans the agendas, which are issued with the
supporting Board papers in advance of the Board meetings. These supporting papers
provide appropriate information to enable the Board to discharge its duties which include
monitoring, assessing and challenging the executive management of the Group.
Together with the senior management team (ExCom), is responsible for the day-to-day running
of the Group’s business, implementing the strategy and policies approved by the Board, and
regularly providing performance reports to the Board. The role of CEO is separate from that
of the Chair to ensure that no one individual has unfettered powers of decision.
Works closely with the CEO with specific responsibility for all financial matters, including
Group accounting policies, financial control, tax and treasury management, risk management
and financial probity. The CFO is also accountable for the transparency and appropriateness
of management information and key performance indicators, internally and externally.
Provides a sounding board for the Chair and serves as an intermediary for other Directors,
colleagues and shareholders when necessary. The main responsibility is to be available
to the shareholders should they have concerns that they have been unable to resolve
through normal channels or when such channels would be inappropriate.
Non-Executive Directors
(Jonathan Brooks, Jennifer Duvalier
and Mike Ettling)
Bring experience and independent judgement to the Board. Maintain an ongoing dialogue
with the Executive Directors which includes constructive challenge of performance and
the Group’s strategy.
Designated Non-Executive Director
for engagement with the workforce
(Jennifer Duvalier)
Company Secretary
(Tim Kowalski)
Leads on Board engagement with the workforce (please see separate section on page 80).
Ensures good information flows within the Board and its Committees and between senior
management and Non-Executive Directors. The Company Secretary is responsible for
facilitating the induction of new Directors and assisting with their professional development
as required. All Directors have access to the advice and services of the Company Secretary
to enable them to discharge their duties as Directors. The Company Secretary is responsible
for ensuring that Board procedures are complied with and for advising the Board through
the Chair on governance matters. The appointment and removal of the Company Secretary
is a matter for the Board as a whole. Tim is supported with his company secretarial duties
by a Deputy Company Secretary.
Meetings and attendance
The Board considers that each Director is able to allocate sufficient time to the Company to discharge their responsibilities effectively.
The Non-Executive Directors are contracted to spend a minimum of 24 days per annum on the Group’s affairs, and the Chair 60 days.
A summary of each current Director’s attendance at meetings that they were eligible to attend of the Board and its Committees during the
financial year ended 31 May 2021 is shown below. Unless otherwise indicated, all Directors held office throughout the year. More Board
meetings than usual were held during the year due to the delayed full year results caused by Covid-19, plus the acquisition of IPM.
Board
Audit
Nomination
Cyber Security
Remuneration
Chris Stone
Adam Palser
Tim Kowalski
Chris Batterham
Jonathan Brooks 1
Jennifer Duvalier
Mike Ettling 2
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
N/A
Committee Chair
1 Was absent for July 2020’s meetings due to sudden illness. Jennifer Duvalier chaired the July 2020 Remuneration Committee meeting.
2
Was absent due to personal circumstances.
78
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�What have we looked at as a Board during 2020/21?
At every meeting the Board reviews the minutes from the previous
meeting and the status of any outstanding actions. Colleague
engagement is a standing agenda item presented by Jennifer Duvalier
as our designated Non-Executive Director for workforce engagement.
The CEO and CFO present their monthly performance update reports,
which are also circulated to Board members in months where there
is no scheduled Board meeting. Over the year, the Board has had
reports on the Group’s trading in light of Covid-19 along with the
defensive measures the Group has taken in response to the
pandemic. Potential opportunities created by Covid-19 have also
been discussed. A significant proportion of the Board’s time has
been spent on the IPM acquisition.
The Board has also reviewed the following during 2020/21:
Leadership and colleagues
• Received an update on colleague engagement and the results
of the annual colleague engagement survey
• Approved a number of share scheme grants to colleagues
including UK Sharesave, International Sharesave (in Australia,
Denmark, the Netherlands, and Spain), and the Employee Stock
Purchase Plan (in the US and Canada)
• Discussed a colleague death in service and approved the placing
of the insurance proceeds into trust for the beneficiary
• Continued with the colleague engagement programme, with
an appointed designated Non-Executive Director leading,
with an update to the Board at every Board meeting
• Appointed a European Managing Director for Assurance (Inge Bryan)
• Had a presentation from the Global Head of Research
and Development
Strategy
• Received regular updates on the Group’s transformation
programme, “Securing Growth Together” (SGT)
• Held a dedicated one day strategy session (see page 80)
• Discussed the strategy day and the key points arising out
of it, and had a strategy day progress check six months later
• Approved a Group entity reorganisation and the establishment
of subsidiary companies in Belgium, Germany and Sweden
• Discussed a number of sector IPOs plus investments that
competitors had made during the year
Governance
• Completed the Board, Committee and Chair effectiveness reviews
and discussed the results of these reviews, agreeing on key focus
areas for the coming year
• Approved the Notice of AGM and Proxy Form
• Had a number of presentations on the Group’s ESG work and
progress (labelled as “sustainability” internally)
• Attended the AGM and the general meeting to seek shareholder
approval for the IPM acquisition
• Recommended new share plan rules to shareholders for approval
at the AGM
• Received a governance and audit update from KPMG
• Had presentations on the Group’s key stakeholders, e.g. our
customers, suppliers and network, and reflected on Board
stakeholder engagement and improving the mechanisms for this
• Noted and approved the updated Code of Ethics Policy
• Had a presentation from a representative from the National Cyber
Security Centre
• Received updates on a number of high profile cyber attacks that
had been targeted at other companies and organisations
• Approved some minor amendments of an administrative nature
to share plan rules
• Discussed and approved the Group’s Modern Slavery Statement
• Reviewed Directors’ outside directorships and potential conflicts
of interest and also Directors’ shareholdings, along with the
annual review of Non-Executive Director independence
Financial
• Reviewed and approved the Annual Report and Accounts,
ensuring that it is fair, balanced and understandable
• Discussed and approved the full year and half year results
and associated presentations to investors
• Approved the interim and final dividends and discussed the
dividend policy
• Noted and approved the 2020/21 Group insurance cover renewal
and had a presentation from the Group’s insurance brokers
• Discussed and approved the 2021/22 budget
• Received presentations from the brokers and financial PR advisers
• Considered and approved trading updates at the full and half year end
• Received regular updates from investor meetings and noted
circular investor letters
• Received presentations on shareholder perspectives on the Company
• Continued with the colleague engagement programme, with an
appointed designated NED leading the Board’s engagement activities
Other Group business
• Numerous Board meetings, discussions and presentations from
colleagues and external advisers on the IPM acquisition
• Kept updated on a number of strategic projects including the
implementation of new business systems such as Salesforce
and Workday and SGT
• Had a presentation on the Group’s Transport practice
• Approved a number of major customer contracts and bids
• Received regular updates on material litigation affecting the Group
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
79
GovernanceGovernance�Board composition and division of responsibilities continued
Board strategy session
In March 2021 the Board held a dedicated one day strategy session
which allowed for “deep dives” into all aspects of the Group’s business.
As the Group remains focused on the successful execution of its
strategy, the March 2021 Board strategy day presented an opportunity to
understand the trends and changes in the cyber and software resilience
markets, assess the Board’s confidence in the Group’s strategic direction,
and discuss our preparedness to make any future changes.
To prepare, Board members received a briefing pack in advance of
the day which contained a concise, high level presentation for each
business unit, including an overview of global and regional inclusion
and diversity initiatives and colleague engagement programmes,
along with additional background briefing material, to allow for high
quality presentations and discussions on the day.
The Board strategy day itself focused on our Global Software
Resilience and Global Assurance divisions.
Advisers and brokers offered an external view of the broader market
environment for both, before the divisions’ Managing Directors presented
to the Board on their transformation plans for growth, provided their
reflections on NCC Group’s opportunities within Europe and beyond, and
outlined progress and expectations for the Group’s growth propositions,
notably the Microsoft Sentinel and Remediate offers.
Following an open exchange of views between Managing Directors
and the Board to discuss any outstanding questions, the Board
strategy day concluded with a Board only discussion that focused
on driving long-term value creation for NCC Group.
The Board agreed that the 2021 strategy day had been the best
to date, provided thought provoking and inspirational insights, and
demonstrated the Group’s decisive strategic action to realise its vision.
Managing Directors used the feedback from the day to inform
their 2021/22 budget considerations and associated approvals,
and a progress check will be held at the halfway point to the 2022
strategy day to ensure that the agreed actions remain on track
and the Group remains in the best possible position to increase
its chances of success.
Colleague engagement
I have really enjoyed getting out and
meeting with colleagues across the
Group albeit virtually. I have been very
pleased by the positive comments
received and have been impressed
by the people I have met and their
engagement and dedication particularly
working remotely, with a number of
recent joiners never having met their
colleagues in person! Of course, there
are things to be addressed, of which
some are “quick wins”, but some
matters will take longer to address.
Colleagues also make really helpful
suggestions as to how we can improve
how the business runs which I feed
back to management. I hope that as
the designated Non-Executive Director
I am able to facilitate positive change
and ensure that the colleague voice is
heard strongly within the boardroom
and reflected within all the decisions
we as a Board make that impact our
most important stakeholder.
Jennifer Duvalier
Designated Non-Executive Director
Jennifer Duvalier is the Board’s designated Non-Executive
Director to lead the Board’s colleague engagement programme.
Jennifer also undertakes the designated Non-Executive Director
role at both Trainline plc and Mitie Group plc meaning she has
the relevant experience as to what is needed and can draw on
her successful HR career. She is committed to understanding
the views of our colleagues and ensuring they are incorporated
into the Board’s decision-making process.
Colleagues were introduced to Jennifer via our internal social
channels where she explained her role through a video and
written communications. Jennifer has access to these channels
to enable her to engage fully outside of the formal events.
Jennifer has not let Covid-19 get in the way of her engagement
activities and the past year has been a busy one with Jennifer
meeting colleagues virtually from Australia, the Netherlands,
San Francisco, Seattle, Canada, Singapore, Japan and Spain.
We were keen to build on the momentum in the previous year.
Jennifer is sometimes joined by our Chair, Chris Stone, or other
Non-Executives, to meet colleagues, all of whom are invited from
below the mid-management level and all parts of the business to
ensure diversity of thought. We ensure that no one has their line
manager in the (virtual) room to ensure they can speak freely
and tell Jennifer what is on their mind.
Feedback from each session’s participants is shared
anonymously to the Board and to our CEO, Adam Palser. This
enables action to be taken, further strengthening the value of
listening. Colleagues attending are invited to give their feedback
and, so far, results have been positive and valued.
80
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Independent advice
All Directors have access to the advice and services of the Company
Secretary and Directors are entitled to take independent professional
advice if necessary, at the expense of the Company.
Conflicts of interest
The Companies Act 2006 requires Directors to avoid situations
where they have, or could have, a direct or indirect interest that
conflicts or potentially conflicts with the interests of the Company.
The Company’s Articles of Association require any Director with a
conflict or potential conflict to declare this to the Board.
That Director will not then be involved in the discussions relating
to the proposal, transaction, contract or arrangement in which they
have an interest, unless agreed otherwise by the Directors of the
Company in the limited circumstance specified in the Articles of
Association, nor will they be counted in the quorum or be permitted
to vote on any issue in which they have an interest. Directors are
required to inform the Board without delay should they be aware of
any actual or potential conflicts of interest and a check on conflicts
is undertaken each year with a report to the Board.
Board independence
As required by the Code, at least 50% of the Board, excluding
the Chair, are independent Non-Executive Directors. The Board
comprises two Executive Directors, four independent Non-Executive
Directors, and the Non-Executive Chair.
The Board has debated and considers that all of the current
Non-Executive Directors are independent, and in so doing considered
the profile of all of the individuals, concluding that none of them:
• Has ever been a colleague of the Group
• Has ever had a material business relationship with the Group or
receives any remuneration other than their salary or fees
• Has close family ties with the advisers, other Directors or senior
management of the Group that could reasonably be expected to
cause a conflict
• Holds cross-directorships or has significant links with other
Directors through involvement with other companies or bodies
• Represents a significant shareholder
• Has at the point of this report served on the Board for more than
nine years from the date of their first election
The Non-Executive Directors provide a strong independent element
on the Board and are well placed to constructively challenge and
help develop proposals on strategy and succession planning.
Between them they bring an extensive and broad range of
experience to the Group.
Details of the Directors’ respective experience are set out in their
biographical profiles on pages 74 and 75.
The terms and conditions of appointment of Non-Executive
Directors are available for inspection at the Company’s registered
office during normal business hours.
Diversity
The principle of Board diversity (and indeed diversity across the
Group) is strongly supported by the Board. It is the Board’s policy that
appointments to the Board will always be based on merit so that the
Board has the right balance of individuals in place. The Board
recognises that diversity of thought, approach and experience is an
important consideration and is therefore one of the selection criteria
used to assess candidates prior to any Board appointments. Read more
about diversity in the Nomination Committee Report on pages 95 to 97.
The Company’s policy is to find, develop and maintain a diverse
workforce at all levels with an initial focus on developing a culture
where women can achieve and retain senior positions.
Annual re-election
In accordance with the Code, any Directors appointed in the
financial year are subject to election by shareholders at the AGM
and, in line with best practice, all the other Directors are subject
to re-election annually.
Director induction, training and development
No new members of the Board were appointed during the year.
New Directors are provided with an induction on appointment,
which would include visits to the Group’s operations and meetings
with operational and executive management. Each Director’s induction
is tailored to their experience and background with the aim of
enhancing their understanding of the Group’s strategy, business,
operating divisions, colleagues, customers, suppliers and advisers
and the role of the Board in setting the tone of our culture and
governance standards.
The Company acknowledges the importance of developing the skills
of the Directors to run an effective Board. To assist in this, Directors
are given the opportunity to attend relevant courses and seminars
to acquire additional skills and experience to enhance their
contribution to the ongoing progress of the Group. All of the
Directors attend sessions which are aimed at updating the Board
on trends and developments in corporate governance.
Board and Committee effectiveness review
The performance of the Board and its Committees is appraised
annually and an internal effectiveness review was completed for
31 May 2021. The overall rating was very positive meaning that
the Board and its Committees continue to function well.
The results were presented to the May 2021 Board meeting and the
Chair also held one-to-one calls with Board colleagues for “deeper
dives” into any areas they wished to discuss in more detail and with the
CEO to discuss areas highlighted by the evaluation process. We have
also scheduled in a progress check in September 2021 to ascertain
how we are doing against our proposed improvements and whether we
need to do anything different in the second half of the financial year.
The evaluation identified changes which would improve the working
of the Board, including:
• An increased focus on diversity
• Assessing and monitoring culture
• A continued focus on strategy and strategic discussion
• An increased focus on succession planning and ensuring
that these plans are reviewed on a regular basis
• An increased focus on CSR/ESG
Although all of the above were considered important, it was agreed
that the key area to focus on would be succession planning.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
81
GovernanceGovernance�Board composition and division of responsibilities continued
Board and Committee effectiveness review continued
How will we improve in these areas?
To focus on these actions, we have agreed the following:
Action
Progress and our plan
An increased focus
on diversity
• Firm commitment to at least 33% female representation and at least one person of colour on the Board
by 2024
Assessing and
monitoring culture
• Presenters to the Board encouraged to highlight diversity statistics within their business area
as happened during the strategy day, when each presenter did this
• Appointment of Inge Bryan as Managing Director of NCC Assurance Europe
• Unconscious bias training has now been completed by the Board with the ExCom having already
completed it
• Significant work underway internally on creating an inclusive culture throughout the organisation
• More Board discussion on ensuring our culture aligns with our values
• Regular updates on how colleagues were coping with remote working during Covid-19 and the support
available to them
• Presenters to the Board encouraged to highlight culture initiatives within their business area
• Board to have more exposure to senior executives across the business
• Having a designated NED for workforce engagement reporting back to every Board meeting has helped
with this (please see page 80 on colleague engagement for further details)
• NEDs to spend more time in the business and at different offices (which will be done in person
as we come out of lockdown)
• Reporting on the “mood” of the business within the monthly CEO reports and areas of concern or where
there are higher than expected colleague attrition levels
• Discussing the results of both the annual colleague engagement survey and the more regular
“pulse” surveys
A continued focus on
strategy and strategic
discussion
• One day dedicated strategy session now held annually, attended by all divisional Managing Directors
and this year by brokers and advisers to provide an external and wider market perspective
• Ensuring strategy is more of an ongoing Board discussion between annual strategy days rather than
a once a year activity
• Shifting Board discussion away from short-term tactical issues to more longer-term strategic issues
• Actions from dedicated strategy day circulated to the Board with a check-in on strategy halfway through
the year
An increased focus on
succession planning and
ensuring that these plans are
reviewed on a regular basis
• Nomination Committees now being held with a programme of four Committee meetings planned every
year with the Committee moving away from a transactional Committee (e.g. to recruit a new Director)
to a more holistic view encompassing: future skills needs, talent pipelines, diversity, succession planning,
and reviewing leadership needs of the Company
• Nomination Committee redoubling focus on succession planning for the Board and senior management
including discussing Executive Director succession planning in general terms
• Chris Stone (Nomination Committee Chair) and Colin Watt (Global Chief People Officer) are now
meeting regularly and discussing a separate workstream on succession planning
82
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Action
Progress and our plan
An increased focus on
CSR/ESG (labelled as
“sustainability” internally)
• Global Director of Sustainability and Corporate Affairs taken on ESG lead within the Group and presents
every six months to the Board
• Gap analysis has been undertaken to provide an action plan to close the gaps and an ESG framework has
now been developed
• Policies have been refreshed and standardised (e.g. Code of Ethics and Modern Slavery). The whole
organisation has undertaken Code of Ethics refresher training
• Increasing recognition that this area will become an ever-more important area for new and existing clients
and investors when they are evaluating who to buy from and partner with/invest in
• Improving the visibility of what the organisation is doing with regard to ESG and ensuring that all the ESG
initiatives and activities are being properly recorded and reported
• TCFD will be reported on within the 2022 Annual Report. A TCFD steering group has been formed
• Partnerships with external organisations being developed, e.g. we have become a member of Business
in the Community (BitC) and joined the UN Global Compact (UNCG) at the “Participant” membership level.
With BitC, we have taken part in its Responsible Business Tracker
Progress from the previous year
The 2021 evaluation process also reviewed progress on actions identified in previous evaluation processes.
Areas identified in previous
evaluations
An increased focus on
succession planning and
ensuring that these plans
are reviewed on a regular
basis
An increased focus on
CSR/ESG
A continued focus on
strategy and strategic
discussion
Enhancing Board
interactions and
communications with the
Company and its customers
Developing Board
involvement in the Group’s
culture related initiatives
2021 evaluation – progress
Good progress and firmly on the Board’s and Nomination Committee’s agenda with a firm commitment to
at least 33% female representation on the Board and at least one person of colour by 2024 (see above
table for further details).
Good progress and firmly on the Board’s agenda (see above table for further details).
Good progress with the 2021 strategy day felt to be the best to date (see above table for further details).
Good progress. The Board has continued to interact with a significant number of colleagues on both a
Company-wide basis and via receiving presentations from various members of the ExCom plus senior managers.
There are regular updates on customers within the CEO’s Report.
Good progress (see above table for further details).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
83
GovernanceGovernance�Board composition and division of responsibilities continued
Board, Committee and Chair evaluation process 2021
Company Secretary reviewed 2020
questionnaires and evaluation
exercise results and, based on this,
proposed questionnaires for the
2021 evaluation exercise.
The proposed questionnaires were
reviewed and approved by the Chair
and Committee Chairs and (for the
Chair’s review) the Senior
Independent Director.
Questionnaires were added to an
online survey website which ensured
the anonymous and efficient
collection of answers.
Summary reports together with the
results and comments received were
prepared for the Board and
Committee meetings where the
results were discussed and key
actions for the coming year agreed.
The responses were collated and
analysed by the Company Secretary
who then shared these with the
Chair and Committee Chairs and
(for the Chair’s review) the Senior
Independent Director.
Board members, the Company
Secretary and regular Committee
attendees were then invited to
complete the questionnaires.
The Chair held one-to-one meetings
with Board members where areas
of interest could be discussed in
more detail.
The Senior Independent Director
met with the Chair to discuss the
Chair evaluation results.
Committee evaluation
During the year, each of the Audit, Remuneration, Nomination and Cyber Security Committees carried out an internal self-evaluation on their
effectiveness. The conclusion from the Committee reviews is that, overall, the Committees are working well but some recommendations
were made, as per the table below.
Committee
Audit
Focus areas
• Continuing to focus on reducing the length of Committee papers (using summaries where appropriate)
but acknowledgement that the internal papers had improved
• Continuing to ensure that Committee papers were circulated as early as possible
• An acknowledgement that Covid-19 (and the delay to the 2020 full year results) had resulted in too
many Committee meetings and the number of meetings should be reduced to normal levels
• The change in audit partner during the year was felt to have brought a refreshed perspective to the
external auditor’s view and the audit partner’s onboarding should continue
Cyber Security
• Continuing to take the papers/presentations as read and focusing on more value-adding dialogue,
discussion, and interaction rather than going through the Committee briefing packs
• Acknowledgement that the presentation from the Director of Operations at the UK’s National Cyber
Security Centre (NCSC) had been excellent and more external presenters should be used where possible
• A review of whether external advisers/consultants could attend future Committee meetings
• More frequent updates on the nature of the changing cyber threat landscape, e.g. what are the current
major topics within cyber and the significant threats
84
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Committee
Nomination
Focus areas
• Making strong initial progress with our firm commitment to have at least 33% female representation and
at least one person of colour on the Board by 2024
• Succession planning for the Board and senior management and in particular a discussion on Executive
Director succession planning in general terms over the next 6–12 months
• Improving succession plans for senior executives and improving exposure to senior executives at Board
meetings and within more informal settings
Remuneration
• Continuing to have opportunities for more open and unfettered discussion (Executive Directors and HR
colleagues are now invited to meetings on a by exception basis)
• Embedding the 2021–2024 Directors’ Remuneration Policy (subject to shareholder approval at the
2021 AGM)
• Ensuring that the Group’s reward structure aligns to the key issues facing the Group rather than
standard industry practice
• Continuing to focus on choosing appropriate benchmarks against which to compare NCC Group’s
remuneration packages against
Individual Director appraisal process
During the year, the Senior Independent Non-Executive Director evaluated the performance of the Chair and the Chair evaluated the
performance of each Director. In addition, the Non-Executive Directors met independently from the Executive Directors to discuss with
the Chair the overall functioning of the Board and his contribution in making it effective.
Operation of governance framework
Role of the Board
The Board is responsible for reviewing, challenging and approving the strategic direction of the Group, while providing strong values-based
leadership of the Company, within a framework of prudent and effective controls, which enable risk to be assessed and appropriately
managed. The Board reviews the Group’s business model and strategic objectives to ensure that the necessary financial and human
resources are in place to achieve these objectives, to sustain them over the long term and to review management’s performance
in their delivery.
The Board sets the tone of the Company’s values and ethical standards and manages the business in a manner to meet its obligations
to shareholders and other stakeholders.
The Board receives information on at least a monthly basis to enable it to review trading performance, forecasts and strategy and it has
a schedule of matters specifically reserved for its decision. The most significant of these are:
• Approval of strategic plans, the annual budget and any material changes to them
• Oversight of the Group’s operations, ensuring competent and prudent management, sound planning, and an adequate system of internal
control and governance
• Through the Audit Committee, oversight of financial reporting systems and information and adherence to appropriate accounting policies
• Changes to the structure, size and composition of the Board and Executive Committee, and oversight of the Company culture and the
ethical standards of the leadership and the independence of Non-Executive Directors, taking into consideration prudent succession
planning
• Approval of the acquisition or disposal of subsidiaries and major investments and capital projects
• Approval of the dividend, treasury and banking policies, including the Group’s capital structure
• Through the Remuneration Committee, the delivery of an effective executive and senior management Remuneration Policy
• Receiving reports on the views of shareholders and approval of all documents put to shareholders at a general meeting or circulated
to shareholders
• Approval of the appointment of key advisers
The Board has a schedule of specific matters reserved for its decision where it feels they are critical to the ongoing success of the business
and are of a significant nature to merit the Board having such a decision reserved to it. The Group also has a Group Authority Matrix (which
documents the levels of authority delegated from the Board to various role holders within the Group). The schedule of matters reserved for
decision by the Board and the Group Authority Matrix are complementary documents and are designed to ensure that decisions are either
made by the Board or delegated to an appropriate senior colleague within the Group.
As noted above, the operational management of the Group is delegated to the Executive Committee. The Board also delegates other matters
to Board Committees and management as appropriate.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
85
GovernanceGovernance�Board composition and division of responsibilities continued
The Audit Committee makes a recommendation to the Board on
effectiveness which the Board considers, together with reports
from the Cyber Security Committee, in forming its own view on the
effectiveness of the risk management and internal control systems.
During the year ended 31 May 2021, the Board reviewed the
effectiveness of the Group’s risk management and internal control
systems. We confirm that the processes outlined above and on page
92 have been in place for the year under review and up to the date
of approval of this Annual Report and Accounts and that these
processes accord with the UK Corporate Governance Code and the
FRC Guidance on Risk Management, Internal Control and Related
Financial and Business Reporting. We also confirm that no
significant failings or weaknesses were identified in relation
to the review.
Executive remuneration
During the year, we operated within the Remuneration Policy
approved by shareholders at the 2020 AGM. Details of how the
Remuneration Policy has been applied during this financial year are
set out on pages 103 to 108 of the Remuneration Committee Report.
Risk management
The Board has ultimate responsibility for ensuring that business risks
are effectively managed. The Board has delegated regular review of
the risk management procedures to the Cyber Security Committee
in relation to cyber risks and to the Audit Committee in relation to
all other risks. The Board reviews the overall risk environment on
at least an annual basis. The day-to-day management of business
risks is the responsibility of the Executive Committee.
Internal control
The Group has a system of internal controls which aims to support
the delivery of the Group’s strategy by managing the risk of failing
to achieve business objectives and to protect the stewardship of the
Group’s assets. As with all such systems, the goal is to manage risk
within acceptable parameters rather than to eliminate risk entirely.
The Group can therefore only provide reasonable and not absolute
assurance that the business objectives and asset stewardship will
be provided successfully.
In addition, the Group insures against various risks, but certain
risks remain difficult to insure, due to the breadth and cost of cover.
In some cases, external insurance is not available at all, or at least
not at an economically viable price. The Group regularly reviews
both the type and amount of external insurance that it buys in
conjunction with its insurance brokers. For a more detailed review
of risk management processes, the principal risks faced by the
Group and their mitigation, see pages 40 to 48.
The Audit Committee is responsible for reviewing the effectiveness
of the risk management and internal control systems. The steps it
takes in relation to the review are set out on page 92.
86
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Shareholder engagement
Share capital structure
The Company’s issued share capital at 31 May 2021 consisted
of 308,956,045 ordinary shares of 1p each. There are no special
control rights or restrictions on share transfer or special rights
pertaining to any of the shares in issue and the Company does
not have preference shares.
As far as is reasonably known to the Board, the Company is not
directly or indirectly owned or controlled by another company
or by any government.
Board engagement with shareholders
Communications with shareholders are given high priority. There is
a regular dialogue with institutional investors including presentations
after the Company’s year end and half year results announcements.
A programme of meetings takes place throughout the year with
major institutional shareholders, and private shareholders have
the opportunity to meet the Board face to face and ask questions
at the AGM.
We are in regular contact with our large investors through a regular
scheduled programme of meetings attended by either our CEO
or CFO or both of them. Chris Batterham, our Senior Independent
Director, and I are also available to meet with investors should the
need arise. I met with our larger investors in February 2021 and fed
back my findings to Board colleagues at the next Board meeting.
In addition, our brokers undertook an investor survey on the back
of our half year results in January and the results of this were
presented and discussed at a Board meeting. Our aim is to engage
with our shareholders in an open and meaningful way. During the
financial year the Directors held a number of meetings with
shareholders as set out below.
Board shareholder updates
Feedback from major institutional shareholders is provided to the
Board on a regular basis and, where appropriate, the Board takes
steps to address their concerns and recommendations.
Investor meetings
One-to-one meetings
(held virtually due to
Covid-19)
Group meetings
31
2
Substantial shareholdings
As at 31 May 2021, the Company had been notified of the following
interests of 3% or more in the issued share capital of the Company
under the UK Disclosure and Transparency Rules:
Shareholder
Artemis Investment Management
BlackRock, Inc
Castlefield Fund Partners
Montanaro Asset Management
Schroder Investment Management
Unicorn Asset Management
Number of
ordinary shares
13,822,640
14,224,646
14,325,000
16,546,426
15,364,318
10,796,426
% of
NCC’s total
share capital
4.98%
5.15%
5.16%
5.90%
5.53%
3.89%
The following changes to the above interests have been notified to
the Company from 31 May 2021 to 14 September 2021.
Shareholder
Number of
ordinary shares
% of
NCC’s total
share capital
Canaccord Genuity Wealth Group Limited 15,580,182
5.04%
Directors’ shareholdings
For details of Directors’ shareholdings, remuneration and interests in
the Company’s shares and options, together with information on service
contracts, see pages 109 to 118 of the Directors’ Remuneration Report.
Annual General Meeting
The AGM is an opportunity for shareholders to vote on certain aspects
of Group business and provides a useful forum for one-to-one
communication with private shareholders. At the AGM shareholders
receive presentations on the Company’s performance and may ask
questions of the Board. The Chair seeks to ensure that the Chairs of the
Audit, Remuneration, Nomination and Cyber Security Committees are
available at the meeting to answer questions and all Directors attend.
The Company prepares separate resolutions on each substantially
separate issue to be voted upon at the AGM. The result of the vote on
each resolution is published on the Company’s website after the AGM
and will be announced via the regulatory information service. At the
2020 AGM, shareholders representing over 70.78% of the
Company’s issued share capital returned their proxy votes.
On behalf of the Board
Chris Stone
Non-Executive Chair
14 September 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
87
GovernanceGovernance
�Audit Committee report
Ensuring integrity of our
financial reporting and
internal controls
The Committee particularly
focuses on systems and processes
of management control, the
reporting of internal management
information and externally
reported financial information.
Chris Batterham
Committee Chair
The Audit Committee’s key objectives
The purpose of the Audit Committee is to assist the Board in
the discharge of its fiduciary duties of stewardship of the Group’s
assets. The Committee particularly focuses on systems and
processes of management control, and the reporting of internal
management information and externally reported financial
information. The Committee also provides a forum for reporting
by the external auditor.
The Audit Committee’s responsibilities
The Committee’s main responsibilities include:
• Monitoring the integrity of the Financial Statements relating
to the Group’s financial performance and their compliance with
the provisions of IFRS, the UK Corporate Governance Code, the
Disclosure Guidance and Transparency Rules and other regulations
• Reviewing material information and significant accounting
judgements contained in the Annual Report and Accounts
• Advising the Board on the continuing appropriateness of
the Group’s existing accounting policies and the application
of any new or modified accounting and reporting standards
• Advising the Board on the effectiveness of the processes
ensuring that the Annual Report and Accounts, when taken
as a whole, is fair, balanced and understandable
• Reviewing the audit findings with the external auditor including
discussing any major issues that arise during an audit, the accounting
and audit judgements made, the level of any errors identified during
the audit and the effectiveness of the audit process itself
2020/21 key activities
• Reviewing SGT progress, and ensuring controls are
in place to prevent additional time/cost overruns
• Monitoring ongoing impact of Covid-19 on key areas
of judgement
• Ensuring compliance with new policy on APMs and ISIs
• Reviewing a change in accounting policy in relation
to the configuration and customisation costs incurred
in implementing Software-as-a-Service (SaaS),
following the publication of the IFRIC agenda decision
in April 2021
2021/22 priorities
• Understanding integration plans and associated risks
for Iron Mountain’s IPM business as well as monitoring
costs of integration
• Ensuring adequate controls exist as the Iron Mountain’s
IPM business is consolidated into the Group’s results
and that the existing Group controls are implemented
within the newly acquired business
• Ensuring the Iron Mountain’s IPM business fair value
accounting including the assessment of deferred
revenue is appropriately accounted for and disclosed
• Review of SGT progress and time/cost overruns and
ensuring any lessons learnt are adequately captured
• Planning for regulatory changes arising from the BEIS
white paper, “Restoring trust in audit and corporate
governance”, and Task Force on Climate-Related
Financial Disclosures (TCFD)
88
�• Reviewing the effectiveness of the Group’s internal control systems
• Received a self-assessment of the finance controls highlighting
• Reviewing the nature and extent of significant financial risks
and how they can be mitigated
• Making recommendations to the Board in relation to the
appointment of the external auditor, approving its remuneration
and terms of engagement
• Overseeing the relationship with the external auditor
including, but not limited to, assessing its independence,
objectivity and effectiveness
• Reporting to the Board on the procedures for responding to
whistleblowing, fraud or potential breaches of anti-bribery legislation
A full copy of the Committee’s terms of reference can be found
in the Investor Relations section of the Group’s website at
www.nccgroup.trust/uk/about-us/investor-relations.
Activities during the year
During the year, the Committee:
• Assessed the effectiveness of the 2020 external audit process
• Considered and approved updated policies including policies on
hedging, functional currencies and Individually Significant Items
• Undertook a Committee evaluation exercise to assess where the
Committee should best focus its attention
• Received a summary of health and safety updates including new
initiatives and activities
• Considered recent technical updates including guidance issued
by the Financial Reporting Council
• Following the publication of the April 2021 IFRIC agenda
decision, ensured compliance of change in accounting policy
regarding configuration and customisation costs incurred
in implementing Software-as-a-Service (SaaS). Reviewed
associated prior year restatement disclosures
• Received regular briefings from the Director of Global
Governance summarising risk management and control issues
• Reviewed the findings from the internal audit projects conducted
during the year and approved the internal audit plan for the
forthcoming year
• Reviewed the findings from the audit for the year ended
31 May 2021 and from the auditor’s review of the half year
results to 30 November 2020
• Reviewed all significant accounting areas and areas of key
estimation including specific loss-making contracts and amounts
recognised in respect of research and development tax credits.
Reviewed KPMG audit conclusions in these areas
• Reviewed the application of the Group’s revenue recognition
with respect to Managed Detection and Response, a significant
growth area for the Group, to ensure accordance with IFRS 15
• Reviewed management’s going concern and Viability Statement
assessment, including Brexit and Covid-19 considerations.
Reviewed KPMG audit conclusions in these areas
• Reviewed the progress of Securing Growth Together and
conducted a review of the reasons for any time and cost
overruns experienced (e.g. systems implementation)
enhancements made during the year, areas of continuous
improvement and specific actions to implement minimum
control standards
• Reviewed a summary of why management considers the Annual
Report is fair, balanced and understandable
Composition
The Audit Committee is chaired by me, a Chartered Accountant
of 42 years’ standing. I have previously served as the Finance
Director of Unipalm plc, before becoming Chief Financial Officer
of Searchspace Limited until 2005. Both businesses operated in
digital technology sectors. My earlier career included roles with
BICC Group and accountants Arthur Andersen. I also am a member
of the audit committee at Blue Prism Group plc and chair the audit
committee at Nanoco Group plc (both listed companies) which
provides me with additional external perspectives to bring to my
chairing of this Committee. The Board considers that I have the
recent and relevant experience required by the Code.
The other members of the Committee who served throughout the
year are Jonathan Brooks and Mike Ettling. All members of the
Committee are considered to be independent and the Committee
as a whole continues to have competence in the technology sector.
Summary biographies of each member of the Committee are
included on pages 74 and 75.
Meeting frequency and attendance
The terms of reference for the Committee require at least three
meetings per year. During this financial year the Committee met seven
times. As well as the members of the Committee, standing invitations
are given to the Chair, the other independent Non-Executive Directors,
the Chief Executive Officer, the Chief Financial Officer and the Group
Financial Controller, with other attendees also appearing by invitation.
The external auditor also attends each meeting. During the year the
Committee met, on a number of occasions, with the external auditor
without the Executive Directors being present. In addition, following
the appointment in early 2020 of the Group’s Director of Global
Governance, who heads up the Group’s internal audit function, a
number of meetings were held with her without management
being present.
The attendance of individual Committee members at Audit
Committee meetings is shown in the table below:
Meetings attended
Attendee
Chris Batterham
Jonathan Brooks 1
Mike Ettling 2
1 Absence due to sudden illness.
2
Absence due to personal circumstances.
At all times the Committee remained quorate.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
89
GovernanceGovernance
�Audit Committee report continued
Significant accounting areas and areas of significant management judgement or estimation uncertainty
The table below summarises the significant accounting issues, judgements and estimates that the Committee considered during the year
in relation to the Financial Statements. These are split between those items which are identified either as recurring items that the Committee
regularly reviews or as items of current year focus. The table also sets out the financial context and potential impact of each item as well as
the impacted metric. Finally, the table shows the degree of judgement or estimation that the Committee feels has to be applied for each item.
Items with a significant impact but with a “low” judgement level will typically have extensive independent third party evidence of the bases for
any judgement. Areas assessed as requiring a “high” level of judgement tend to rely more heavily on management estimates and historical
trends than extensive independent third party evidence.
Review items
Goodwill carrying values (recurring)
Intangible assets – capitalisation of cloud-based software and development costs (revised)
Control of Iron Mountain IPM business (new)
Research and development tax credits (new)
Long-term loss-making contracts – other estimate (recurring)
Accounting judgement
Estimation required
N/A
Yes
Yes
N/A
Yes
High
N/A
N/A
High
Low
Significant issues considered during the year
in relation to the Financial Statements
During the year, the Committee reviewed and considered the
following areas in respect of financial reporting and the preparation
of the interim and annual Financial Statements:
• The appropriateness of the accounting policies used
• Significant areas of management judgement or estimation
Goodwill carrying value
(Recurring item: see Note 12 to the Financial Statements)
The Group has significant balances relating to goodwill at 31 May 2021
as a result of acquisitions of businesses in previous years. The
carrying value of goodwill at 31 May 2021 is £182.9m (2020: £193.1m).
Goodwill balances are tested annually for impairment. Tests for
impairment are primarily based on the calculation of a value in use
for each CGU.
• The effectiveness and changes to the financial control environment
• Compliance with external and internal financial reporting
standards and policies
This involves the preparation of discounted cash flow projections,
which require significant estimates of both future operating cash
flows and an appropriate risk-adjusted discount rate.
• Disclosure and presentation of GAAP and Alternative
Performance Measures (APMs)
The commercial viability of individually capitalised development
project costs is also part of the overall assessment of carrying values.
• Whether the Annual Report and Accounts, taken as a whole, is
fair, balanced and understandable and provides the information
necessary to assess the Group’s financial position, performance,
business model and strategy
Future cash flow estimates are based on two critical estimates: the
rate of revenue growth and the discount rate, particularly in relation
to the Europe Assurance CGU which is the most sensitive to
movements in estimates.
In carrying out this review the Committee challenged the significant
estimates and judgements made by the Group’s finance team and
considered the external auditor’s reports setting out its views
on the accounting treatments and judgements included in the
Financial Statements.
The calculation of an appropriate discount rate to apply to the
future cash flow estimate is itself an estimate. While some aspects
of discount rate calculations can be more mechanical in nature
(such as using the 30 year gilt yield as a proxy for the risk free rate)
others, such as entity or sector-specific risk adjustments, rely more
on management estimates. The discount rate is also a key
component in assessing the terminal value which is often an
important part of any valuation. Sensitivity analysis on what are
regarded as reasonably possible changes is provided in Note 12.
90
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�The Committee has reviewed the rationale used to determine the
CGUs including a change in CGUs driven by how the business is
managed. The Committee also reviewed assumptions used in future
cash flows that underpin the valuation of goodwill, particularly in
relation to Europe Assurance since this CGU is the most sensitive
to movements in estimates and assumptions.
The Committee concurred with the view of management that no
impairment should be recognised as either the discounted future
cash flows or fair value was higher than carrying value.
Intangible assets – capitalisation of cloud-based
software and development costs
(Revised item: see Note 12 and 34 to the Financial Statements)
Where software costs are incurred as part of a service agreement,
judgement is required in assessing whether the Group has control
over the resources defined in the arrangement.
Software development activities involve a plan or design for the
production of new or substantially improved products or processes.
Judgement is required in determining whether the project is
technically and commercially feasible; judgement is required in
assessing the future economic benefit and viability of the project.
Such judgements are inherently subjective and can have a material
impact on determining whether such costs should be capitalised.
The total net book value of software and development costs
on 31 May 2021 was £5.4m, including additions of £2.3m.
The Committee reviews the level of intangible additions and
especially how capitalised internal staff time relates to specific
assets to ensure alignment with the Group’s policy and is satisfied
the policy was applied appropriately for the year ended 31 May 2021.
During the year, the Committee has reviewed judgements taken
when applying the Group’s new accounting policy in relation to the
IFRIC agenda decision regarding configuration and customisation
costs incurred in implementing Software-as-a-Service (SaaS).
This resulted in a prior year restatement. See Note 34 of the
consolidated Financial Statements for further details.
The Committee is satisfied with the judgements made for the year
ended 31 May 2021.
Control of IPM Software Resilience business
(Current year focus item: see Note 35 to the Financial Statements)
A key judgement in the year ended 31 May 2021 is the acquisition
date for the purchase of the IPM Software Resilience business.
Management considers shareholder approval of the transaction
constitutes a change in control and therefore the date of shareholder
approval is considered to be the acquisition date for the transaction.
Shareholder approval was granted on 1 June 2021 and the IPM
Software Resilience business will be consolidated into the Group
results from that date.
The Committee has reviewed management’s assessment of the
date of change of control of the Iron Mountain IPM business and
is satisfied that it is reasonable.
Recognition of research and development tax credits
(Current year focus item: see Note 9 to the Financial Statements)
The tax expense reported for the current year and prior year is
affected by certain positions taken by management where there
may be uncertainty. The most significant source of uncertainty arises
from claims for US research and development (R&D) tax credits
relating to historical periods. Uncertainty arises as a result of a
degree of uncertainty concerning interpretation of US legislation
and because the statute of limitations has not expired. The basis on
which the Group has claimed R&D tax credits involves a technical
assessment of which party bears the economic risk in any research
contracts entered into with third parties. This assessment is a key
estimate. It is considered “probable” that the US taxation authority
would accept the uncertain tax treatment in relation to the utilised
tax credits recognised.
For the periods ending 31 May 2017 to 31 May 2021, the
aggregate net current tax benefit included in the Income Statement
relating to the R&D tax credits is £2.7m (2020: £4.3m). The gross
deferred tax asset relating to the R&D tax credits is £1.0m, although
due to the uncertainty we have made a provision of £0.6m against
this asset. The aggregate gross amount of US R&D tax credits
recognised amounts to £8.2m (2020: £5.1m) and we have made
a provision of £5.1m (2020: £0.8m) against this gross position.
Sensitivity analysis on what are regarded as reasonably possible
changes is provided in Note 2.
The Committee has reviewed management’s assessment of US
R&D tax credits together with an independent third party review
assessment and is satisfied the estimate made is reasonable and
consistent with IFRIC 23 ‘Uncertainty over Income Tax Treatments’.
Loss-making contracts – other estimate
(Recurring item: see Note 21 to the Financial Statements)
Some aspects of the Group’s revenue are derived from relatively
long-term fixed price contracts. On this basis, an estimate is
disclosed in relation to one contract:
• An onerous provision recognised during the year ended 31 May 2020
of £0.2m has increased during the period by a further £1.9m, of
which £1.7m has been utilised leaving a closing balance of £0.4m
of a total provision for loss-making contracts of £1.1m (see Note
21). This additional provision relates to a European contract and
has been caused by Covid-19 disruption and some project
management challenges during the year. Management prepares
projections, which, due to the complexity of the contract, require
estimates and accounting judgement of both revenue and cost
recognition (including the number of performance obligations).
Revenue is recognised based on the input method of IFRS 15
in relation to total costs and therefore management has to estimate
the number of hours still required to complete the long-term
projects and labour cost to complete. Sensitivity analysis on what
are regarded as reasonably possible changes is provided in Note 2
The Committee reviewed and challenged the assumptions
underpinning this accounting treatment and is satisfied that the
contract has been correctly treated, and that in the case of the
loss-making contract the liabilities recorded are reasonable.
The Group’s approach to materiality
In considering the materiality of any individual issue or issues in
aggregate, the Group looks at a range of qualitative and quantitative
measures to assess whether or not omitting, misstating or obscuring
information could reasonably be expected to influence decisions
that the primary users of general purpose financial statements make
on the basis of those financial statements. The range of measures
includes (but is not limited to) the primary Financial Statements
themselves, the individual line item in question, and whether or not
the issue moves the result from one side of an inflection point to
another (for example, turning a profit into a loss or a net asset into
a net liability). Qualitative and quantitative measures are both
considered as is any potential impact on remuneration or banking
arrangements such as debt covenants.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
91
GovernanceGovernance�Audit Committee report continued
Internal audit
The internal audit function is responsible for internal audit, the
assurance of other quality systems and processes, and monitoring
the embedding of risk management processes throughout our
operations. The internal audit plan was approved by the Committee
during the financial year and a number of audits were performed,
the findings of which have been reviewed by the Committee. During
the year, eight internal audit reports were issued. The Group will look
to increase the scope of the audit plan during FY22, drawing on
third party resource provided under co-source arrangements, and
through the use of data analytics.
Internal controls and risk management
The Board is responsible for establishing, maintaining and
monitoring the Group’s system of risk management and internal
control and reviewing its effectiveness. The Committee monitors
the performance of management in this area.
We have an ongoing process for identifying, evaluating and
managing the principal risks faced by the Group which has been in
place for the year under review and up to the date of approval of the
Annual Report and Accounts. The Group’s non-cyber security risks
are monitored by the Audit Committee on behalf of the Board which
sets aside time for an in-depth discussion of notable or changing
risks to the business. A description of the process for managing risk
together with a description of the principal risks and strategies to
manage those risks is provided on pages 40 to 48. Cyber risks are
reviewed by the Cyber Security Committee; the Cyber Security
Committee Report can be found pages 98 and 99.
Internal control systems are designed to meet the particular needs
of the Group and the risks to which it is exposed. By their nature,
however, internal control systems are designed to manage rather
than eliminate the risk of failure and can provide only reasonable
but not absolute assurance against material misstatement or loss.
During the year, the Group has implemented new systems which
have brought about some changes in controls, as the Group
transitions away from historic systems. These controls will require
further changes in the forthcoming year as we continue to embed
new ways of working across all our systems. Key elements of the
risk management and internal control system are described below.
Enhancements during the year are highlighted while the other
elements have all been in place throughout the year.
Controls relating to financial reporting and preparation of the
Annual Report and Accounts
• Information provided to management covering financial
performance and key performance indicators, including
non-financial measures (enhanced by new KPIs and targeted
management reports)
• A detailed budgeting process where business units prepare plans
for the coming year (enhanced with new standardised reporting,
discretionary cost reviews and consolidation models and systems)
• Procedures for the approval of capital expenditure and
investments and acquisitions (enhanced by standardised capital
approval request forms)
• Monthly operational reviews to monitor and reforecast results as
required against the annual operating plan, with major variances
followed up and management action taken where appropriate
Other controls
• Defined management structure and delegation of authority to
Committees of the Board, subsidiary boards and associated
business units (enhanced by more detailed authorities and
guidance notes)
• Recruitment standards and training to ensure the integrity and
competence of staff
• Anti-bribery, security and compliance training for all colleagues
• Clearly documented internal procedures set out in the Group’s
ISO 9001:2015 accredited quality manual
• Regular internal audits of key processes and procedures under
the Group’s ISO 9001 and ISO 27001 accredited quality
assurance process
• Monitoring of any whistleblowing or fraud reports
The external auditor regularly reports its findings on those areas of
internal control which it assesses as part of the external audit and
half year review to the Board and the Audit Committee.
Our internal control effectiveness is assessed through the performance
of regular checks, which in the year ended 31 May 2021 included:
• Assessment of the identification and management of risks connected
to the Group’s strategy and management of strategic change
• Reviewing and testing the Group’s financial reporting processes
• Performing compliance monitoring activities
• Assessment of the Group’s processes for identifying and
mitigating potential conflicts of interest
• Monitoring the completion of the Group’s mandatory
colleague training
92
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Whistleblowing and confidential reporting procedures
The Group operates a confidential reporting and whistleblowing
procedure (known as our “Whistleblowing Policy”). The policy aims
to support the stewardship of the Group’s assets and the integrity
of the Financial Statements as well as protecting colleague welfare.
The procedure is reviewed annually by the Committee to ensure
that it remains fit for purpose.
The Group has appointed an independent third party reporting agent
to be the first point of contact for those who do not wish to use
normal internal line management channels for reporting their
concerns. This is advertised internally via colleague noticeboards
and our intranet. During the year, the Code of Ethics Policy was
updated and all colleagues were asked to undertake refresher
training. As part of this training, colleagues were reminded of the
existence of the Whistleblowing Helpline.
The Committee reviews any whistleblowing or confidential reporting
of concerns raised during the year with respect to their nature, scale
and any associated or consequential risks.
Review of the Audit Committee’s effectiveness
The Committee has reviewed and considered the effectiveness
of its performance during the year. The review included the views
of members of the Committee and of regular attendees at the
various meetings (including the Executive Directors). I am satisfied
that the degree of rigour and challenge applied in performing the
Committee’s responsibilities is appropriate and effective and
continues to improve. Please see page 84 for further details
of the Committee evaluation process.
Auditor’s independence and objectivity
The Committee received a formal statement of independence
from the external auditor.
The Company also operates a rigorous policy designed to
ensure that the auditor’s independence is not compromised by it
undertaking inappropriate non-audit work. The Audit Committee’s
approval is therefore required for any fees for any non-audit work
undertaken by the auditor. However, the Company recognises that it
can receive particular benefit from certain non-audit services provided
by the external auditor due to its technical skill and detailed
understanding of the Company’s business.
During this financial year non-audit fees of £75,000 (2020: £50,000)
were paid to the external auditor for the half year review.
All significant pieces of non-audit work are put to informal tender to
suitable parties that, if appropriate, can include the external auditor.
Upon review as to suitability and price, the work will then be placed
with the service provider recommended. If this is the external auditor,
then Audit Committee approval is required.
The external auditor was not engaged during the year to provide any
services which may have given rise to a conflict of interest. The
Committee is satisfied that the overall levels of audit and non-audit
fees (i.e. the half year review fee) are not material relative to the income
of the external auditor as a whole and therefore that the objectivity
and independence of the external auditor were not compromised.
External auditor’s effectiveness and appointment
The Committee reviews and makes recommendations regarding
the reappointment of the external auditor following a formal review
of the auditor’s performance following completion of the prior year
Financial Statements’ audit. In making these recommendations the
Committee considers:
• The experience, industry knowledge and expertise of the auditor
• The scope and planning of the audit and any variations from the plan
• The quality of the processes adopted
• The auditor’s explanations of significant risks to audit quality by
reference to the Company’s specific circumstances and changes
to the risks, including Covid-19 implications
• The fees charged
• Its attitude to and handling of key audit judgements
• Its ability to challenge and communicate effectively
with management
• The quality of the final report
• The FRC’s Audit Quality Review report relating to KPMG
During the financial year, I attended regular meetings with KPMG’s
engagement partner without management being present. This
provided the opportunity for open dialogue. The engagement partner
demonstrated her understanding of the Group’s business risks and
the consequential impact on the Financial Statements. Feedback on
the conduct of the audit from the engagement partner’s perspective
is used to determine if any challenges in the prior year audit would
be sufficiently addressed in the next audit cycle.
The Group’s current auditor, KPMG LLP, has been in place since
1 November 2013 with a competitive audit tender process having
last been undertaken in November 2011. Frances Simpson has
replaced Mick Davies as KPMG’s engagement partner for the year
ended 31 May 2021. The lead audit partner rotates at least every
five years to ensure independence.
The Group will continue to keep this position under review during the
new financial year. The Group intends to remain in full compliance
with the requirement to carry out a formal tender at least once every
ten years; therefore, a formal tender is expected to be undertaken
before November 2023.
Therefore, having fully considered the effectiveness, independence
and objectivity of the external auditor and the reports it has produced
in the current financial year, the Committee has concluded that it is
appropriate to recommend to the Board the reappointment of KPMG
LLP as the Group’s external auditor for the next financial year.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
93
GovernanceGovernance�Audit Committee report continued
1
Financial
information
4
Audit
Committee
Chair
2
Narrative
disclosures
3
Independent
reviewers
Fair, balanced and understandable
The following process was followed by the Committee
in making its assessment:
1. Financial information
• Prepared by individual business units
• Consolidated by Group finance team
• Reviewed by Group Financial Controller and CFO
2. Narrative disclosures
• Prepared by Group finance team
• Reviewed by Group Financial Controller and CFO
• Various reports prepared by Committee Chairs, CEO
and CFO
3. Independent reviewers
• Senior members of the Executive Committee or other
senior colleagues
• Those who have not been major contributors
4. Audit Committee Chair
• Review of detailed verification documents
• Review of findings and observations from
independent reviewers
Related party transactions and other fees approved
by the Committee
Refer to Note 32 for related party transactions in the year.
There were no such fees payable in the current year.
Fair, balanced and understandable
At the request of the Board, the Committee considered whether the
2021 Annual Report and Accounts, when taken as a whole, was fair,
balanced and understandable (FBU) and whether it provided the
necessary information for shareholders to assess NCC Group’s
position and performance, business model and strategy. The reviews
outlined in the diagram above include reviews of all material matters,
as reported elsewhere in this Annual Report and Accounts, and
reviews of the balance of good and bad news and ensure the
Annual Report and Accounts correctly reflects:
• The Group’s position and performance as described
on pages 9 to 13 and 32 to 39
• The Group’s business model as described on pages 20 and 21
• The Group’s strategy as described on pages 29 to 31
The independent reviewers were not major contributors to the
Annual Report and Accounts but, at the same time, as members of
the Executive Committee or other senior colleagues, are deemed to
be sufficiently well informed on the Group’s activities to be able to
give appropriate feedback on the FBU criteria. They undertake a
qualitative review of disclosures and a review of internal consistency
throughout the Annual Report and Accounts.
The Directors’ statement on a fair, balanced and understandable
Annual Report and Accounts is set out on page 123.
Chris Batterham
Chair, Audit Committee
14 September 2021
94
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Nomination Committee report
An increased focus on succession
planning for the Board and
senior management
During this year we have made the
formal commitment that by 2024,
we will have at least 33% female
representation on our Board and at
least one person of colour. Although
this is best practice for FTSE 350
companies, we will commit to this
target regardless of which share
index we are in.
Chris Stone
Committee Chair
The members of the Nomination Committee are Chris Batterham,
Jonathan Brooks and Jennifer Duvalier along with me.
The Nomination Committee’s objectives and
responsibilities
The Nomination Committee is responsible for reviewing the size,
structure, balance, composition and progressive refreshing of the
Board and its Committees and as such its duties include:
2020/21 highlights
• Session to review senior management and Executive
Director succession plans
• Focused on diversity and inclusion in every meeting,
including undertaking unconscious bias training
• Undertook a review of the colleague engagement results
and continued with the non-executive colleague
engagement sessions
2021/22 priorities
Our priorities for the coming year focus on three areas:
• Broadening our approach to talent and succession
• Reviewing the structure of the Board
enabled by Workday
• Continuing to support the development of a diverse
leadership profile and pipeline
• Creating the right working environment to support
colleague engagement and working post pandemic
• Evaluating the balance of skills, knowledge, experience and
diversity on the Board
• Making recommendations for further recruitment to the Board
or proposing changes to the existing structure of the Board,
or individual Directors
• Reviewing the leadership needs of the Company, both Executive
and Non-Executive
• Succession planning for Directors and other senior executives
within the business
• Recruiting, appointing and exiting of Directors
• Overseeing membership of, and succession to, the various
Board Committees
• Reviewing the time commitment required from the Non-Executive
Directors on NCC Group business
95
GovernanceGovernance�Nomination Committee report continued
The Nomination Committee’s objectives and
responsibilities continued
The Chair of the Board leads the process for the appointment of
new Non-Executive Directors to the Board and for the appointment
of the Chief Executive Officer. The Chief Executive Officer, in
conjunction with the Chair, leads the process for the Chief Financial
Officer. The Senior Independent Director leads the process for
a new Chair of the Board.
In relation to an appointment to the Board, the Committee draws
up a specification and assesses the capabilities and experience
required for such a role, taking into account the Board’s existing
composition, including relevant experience and understanding of
our stakeholder groups.
We will look to address this during future Board and Executive
Committee appointments to improve our diversity. Given that this is
a fairly young Board in terms of tenure, this improvement in diversity
will not be a quick process but we are very mindful of the need to
improve this and take positive action, and the matter is fully on our
agenda. Accessing the candidates we require to reach this target
will involve us looking beyond the obvious, for example existing
board directors within the UK, and we intend to ensure that we
extend our talent search to other sectors and countries to ensure
we find a diverse pool of candidates from which to choose from.
When a new Director is appointed they receive a full, formal and
tailored induction into the Company and discuss with the Chair any
immediate training requirements.
We also assess the time commitment required. Candidates are
sought by third party executive search consultants and, where
appropriate, through the assessment of internal candidates and are
then formally considered by the Nomination Committee. Extensive
external referencing is completed.
The Committee’s terms of reference can be found in the Investor
Relations section of the Company’s website:
www.nccgroupplc.com/investor-relations.
The terms of reference are reviewed annually and updated
when necessary.
Diversity
Our objective is to have a broad range of skills, backgrounds,
experiences and personal attributes within the Board as this
ensures the Board is best placed to serve the Company.
All appointments are made on merit and against objective criteria
with due regard for the benefits of diversity on the Board, including
gender, nationality, and educational and professional background,
as well as individual characteristics which will enhance diversity of
thinking on the Board. The Company and the Committee value the
aims and objectives of the Hampton-Alexander Review on FTSE
women leaders and the Parker Review on ethnic diversity of UK
boards and support and apply the Group’s diversity policy.
The Group’s gender diversity statistics are set out on page 63.
At Board level, we currently have one female on our Board and
no people of colour, but we note that diversity extends beyond the
measurable statistics of gender and ethnicity. As such, while we
historically have not set any particular targets, we continue to take
diversity in its wider context into account, having regard to the
diversity policy, and recommend only the most appropriate
candidates for appointment to the Board.
That said, we recognise that we still have much progress to make
in terms of improving the diversity of the Board and our Executive
Team (and indeed our workforce as a whole). With that in mind,
during the year we have made the formal commitment that by 2024,
we will have at least 33% female representation on our Board and
at least one person of colour. Although this is best practice for FTSE
350 companies, we will commit to this target regardless of which
share index we are in. (To achieve this commitment by 2024 based
on our current Board size of seven Directors, we would need to have
at least three female Directors out of the seven. At least one of the
seven would be a person of colour.)
Committee meetings
During this financial year, the Committee held three scheduled meetings.
The attendance of individual Committee members at Nomination
Committee meetings is shown in the table below. Unless otherwise
indicated, all Directors held office throughout the year.
Meetings attended
Attendee
Chris Stone
Chris Batterham
Jonathan Brooks
Jennifer Duvalier
Activities during the year
During the year, the Committee:
• Evaluated the skills, knowledge and experience around the
Board table
• Reviewed the structure, size and composition of the Board
• Reviewed the Directors’ length of service
• Reviewed the diversity of the Board
• Reviewed the memberships of all Committees
• Reviewed the expected time commitment of the Chair and the
Non-Executive Directors
During the year, the Nomination Committee has had several
in-depth presentations from the Chief People Officer and the Global
Head of Learning and Development which focused on people, talent
and succession planning. These presentations looked at the overall
current position and in particular senior succession, i.e. the
Executive Committee and its direct reports.
96
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�One presentation also described a roadmap to a 2022 future state
where we wish to be a “destination employer with a quirky, distinctive
environment”. In terms of our ongoing focus on improving diversity,
we are focusing on:
Processes
• Reviewing all our processes/documentation as part of our
Workday system go-live – i.e. ensuring the wording on adverts
and job descriptions is gender neutral
• Providing better tracking and reporting at all points of the
colleague cycle to check for bias
Training
• Introducing a Manager Essentials programme which covers
recruiting and managing a diverse team
• Providing unconscious bias training for leadership groups
(the Board and ExCom have both now undertaken unconscious
bias training). Participated in NCC Conversations – promoting equality
Colleague voice
• Continuing to develop and assess the broad range of
opportunities for colleagues to ask questions, to provide feedback
and to play an active role in creating a great place to work. (For
further information, please see the stakeholder engagement
section on pages 49 to 52)
Long term
• Building strategic partnerships with organisations to support our
commitment to create an inclusive and diverse environment
• Connecting the initiatives we are involved in so we get the best return
for investment – work experience, mentoring and CyberFirst bursaries
Committee effectiveness
During the year, the Nomination Committee carried out an internal
self-evaluation on its effectiveness.
A number of recommendations were made, including the need to:
• Make strong initial progress with our firm commitment to have
at least 33% female representation and at least one person
of colour on the Board by 2024
• Focus strongly on succession planning for the Board and senior
management and in particular discuss Executive Director
succession planning in general terms over the next 6–12 months
• Improve succession plans for senior executives and improve
exposure to senior executives at Board meetings and within more
informal settings
The intention is to again have a Committee discussion on all senior
roles during the 2021/22 financial year, to ensure that we have the
depth and breadth of diverse talent to deliver our strategy.
External search consultancies
No external search consultancies were utilised in the year.
Chris Stone
Chair, Nomination Committee
14 September 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
97
GovernanceGovernance�Cyber Security Committee report
Maintaining and improving the
Group’s resilience to cyber-attack
as the threat landscape changes
Through the Committee, the Group
continues to review and challenge
the data governance and information
security risks that affect the Group,
particularly in light of the “move to
remote” during the Covid-19 pandemic
and the changing regulatory
landscape post-Brexit and Schrems II.
Chris Stone
Committee Chair
The Cyber Security Committee was formed to focus specifically on
the cyber risks faced by the Group. This reflects the significant threat
posed by cyber risks, the nature of our business, and the potential
damage to the business as a high value target for malicious acts.
The Committee’s activities aim to challenge and support improvements
to the Group’s information security and data protection policies,
defences and controls, so as to comply with global data protection
regulations around the world, and ensure that the Group looks after
its own information, and the information that its customers entrust
to it, with the proper care and attention.
The Committee was formed in November 2016 and I have been
Chair since January 2018.
Chris Batterham, Jonathan Brooks and Jennifer Duvalier
(all independent Non-Executive Directors) served as members
of the Committee throughout the year.
The Group’s Director of Global Governance, the Group’s Chief Information
Security Officer (CISO), and the Group’s Chief Data Protection and
Governance Officer (CDPGO) are standing invitees of the Committee.
The Executive Directors are invited to attend Committee meetings
when the Committee considers it to be appropriate.
The Cyber Security Committee’s objectives
and responsibilities
The Cyber Security Committee is responsible for assessing
the performance of the Group’s internal security and defences
and as such its duties are to:
• Oversee and advise the Board on the current cyber risk exposure
of the Group and future cyber risk strategy
• Review at least annually the Group’s cyber security breach
response and crisis management plan
• Review reports on any cyber security incidents and the adequacy
of resulting actions
2020/21 highlights
• Enhanced SOC coverage and detection capabilities
across our network
• Extending our Microsoft Defender for Endpoint rollout;
implementation of remote application patching capability
• Development of a Data Protection by Design framework,
including new and revised policies, procedures and
guidance
• Global risk management framework initial
implementation and rollout
2021/22 priorities
• Running more complex cyber exercises to test our
response processes
• Implementing a new security awareness platform
across NCC Group globally
• Implementing a system to facilitate dynamic
maintenance of Records of Processing across the
NCC Group business
• Implementing the Data Protection by Design
framework across NCC Group globally
98
�• Receive and consider the regular update reports from the CISO
and CDPGO and ensure the CISO and CDPGO are given the
right of direct access to the Committee
• Consider and recommend actions in respect of all cyber risk
issues escalated to it
• Keep under review the effectiveness of the Group’s controls,
services and products to analyse potential vulnerabilities that
could be exploited
• Regularly assess what are the Group’s most valuable intangible
assets and the most sensitive Group and customer information
and assess whether the controls in place sufficiently protect
those assets and information
• Review the Group’s ability to identify and manage new cyber risks
• Assess the adequacy of resources and funding for cyber security
defence and control activities
• Regularly review the cyber risk posed by third parties including
outsourced IT and other partners
• Oversee cyber security due diligence undertaken as part of an
acquisition and advise the Board of the risk exposure
• Annually assess the adequacy of the Group’s cyber insurance cover
The Committee’s terms of reference can be found in the Investor Relations
> Corporate Governance section of the Company’s website (www.
nccgroupplc.com/investor-relations/corporate-governance). The terms
of reference are reviewed annually and updated when necessary.
Committee effectiveness
During the year, the Cyber Security Committee carried out an internal
self-evaluation on its effectiveness, as it continues to mature since
its formation in November 2016. The Committee was found to be
working effectively and I am satisfied that the degree of rigour and
challenge applied in performing the Committee’s responsibilities is
appropriate and effective and continues to improve. In terms of
specific focus areas for the year ahead we agreed on the following:
• Continuing to take the papers/presentations as read and focusing
on more value-adding dialogue, discussion, and interaction rather
than going through the Committee briefing packs
• Acknowledgement that the presenter from the National Cyber
Security Centre had been excellent and more external presenters
should be used where possible
• A review of whether external advisers/consultants could attend
future Committee meetings
• More frequent updates on the nature of the changing cyber threat
landscape, e.g. what are the current major topics within cyber and
the significant threats
As an output of both this and previous evaluations, the Committee,
along with the Board, reaffirmed that cyber security is a sufficiently
important risk for the business that the Committee should remain
focused on this specific set of risks. Therefore, the current structure
in which the responsibility for broader risk management remains
with the Audit Committee will continue.
Committee activities during the year
The Committee continues to make sure that the Group’s resilience
to cyber-attack is maintained and improved as the threat landscape
changes. As the Securing Growth Together programme comes to its
latter stages, more focus was put on longer-term initiatives that will
stand the Group in good stead in the years to come. In November,
the Committee had a fascinating talk from the Director of Operations
at the UK’s National Cyber Security Centre (NCSC), about the NCSC’s
perception and analysis of the cyber threat that faces the UK.
The Group continues to improve its cyber security controls. Building
on our initial rollout of Microsoft Defender for Endpoint in 2020, we
extended this to servers as well as endpoints, giving us ever-deeper
security insight into our IT assets. In addition, we invested in technology
that allows us to patch application software on endpoints in a more
automated way across the internet, rather than requiring a VPN
connection. Both of these controls stood us in good stead during
the coronavirus pandemic, when almost all colleagues were working
remotely. Our SOC implemented its latest detection suite across our
networks, and we continue to benefit from novel detection methods
and techniques as the SOC’s “customer zero”; as those detection
techniques are refined, they are rolled out into our commercial offering.
In terms of our global data protection programme and internal data
privacy activities, we are developing a three year strategy to align
the approach across the business, continue to improve our privacy
maturity, and support in light of the rapidly changing regulatory
landscape. Considerations include the newly approved Standard
Contractual Clauses and their requirement for detailed information
security provisions to be documented for each service line, as well
as updating internal agreements to secure our global business in
terms of facilitating data transfers. Noteworthy highlights since our
previous report include:
• A suite of tools has been created to enable Data Protection by
Design to continue, and to make the assessment process more
efficient and easier for the business to engage with. These include
a Data Protection Impact Assessment (DPIA) triage form, and
DPIA light and DPIA full templates, with guidance also produced.
The data protection team has been working closely with IT to
embed this into its processes
• The expansion of the data protection and privacy team’s remit to
encompass data governance, including the appointment of Data
Protection Officers to partner with North America and APAC,
respectively, with appointment of a Data Protection Manager
in NCC Europe, headed up by the Chief Data Protection and
Governance Officer
• Bespoke gap analysis tool created covering all principles and
articles within GDPR, which flexes to accommodate the
complexity of our different business areas/service lines
• Assessment of the situation with the UK adequacy decision and
the additional safeguards required to ensure the free flow of data
from the EU to the UK should adequacy be revoked, as well as
planning for the impact of the recent issue of the new Standard
Contractual Clauses by the EU Commission
Committee meetings
During this financial year, the Committee met three times and the
attendance of individual Committee members at the Cyber Security
Committee meetings is shown in the table below. Unless otherwise
indicated, all Directors held office throughout the year.
Meetings attended
Attendee
Chris Stone
Chris Batterham
Jonathan Brooks 1
Jennifer Duvalier
1 Was absent for July 2020’s meeting due to illness.
Chris Stone
Chair, Cyber Security Committee
14 September 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
99
GovernanceGovernance
�Remuneration Committee report
Annual statement
Looking beyond
the pandemic
Our new Remuneration Policy
will balance an increase to variable
remuneration with a reduction in the
threshold vesting level for the LTIP
and an increase to the toughness of
the LTIP’s stretch EPS target. At the
same time, if the new Policy is approved,
we will immediately reduce Executive
Director pension contributions to the
workforce level of 4.5%, and adopt a
more demanding post-employment
shareholding policy.
Jonathan Brooks
Committee Chair
On behalf of your Board, I am pleased to present our Directors’
Remuneration Report (DRR) for the year ended 31 May 2021.
The report is divided into three sections: an Annual Statement,
our Directors’ Remuneration Policy and the Annual Report on
Remuneration, which sets out the actual application of the Policy.
Annual Statement
2020/21 was another busy year for the Remuneration Committee
and we had seven meetings in total. The Committee, which
remained unchanged for the third year in succession, comprised
Chris Batterham, Jennifer Duvalier and me as Chair. Our Board
Chair, Chris Stone, also attended all the meetings. We invited our
remuneration consultants, Chief People Officer, CEO, CFO, and
other executives to meetings as required.
Consultation with shareholders following 2020 AGM
The arrival of the Covid-19 pandemic at the start of 2020 obliged us
to wrestle with the immediate impact to our business of a significant
period of uncertainty. The impact of the pandemic fell late on in the
financial year and it was immediately apparent that forecasting the
financial effects for both the end of the 2019/20 financial year as
well as the 2020/2021 financial year would be extremely difficult,
although we are pleased that we did not furlough any staff, make
any staff redundant or reduce our dividend. As a Committee, and
mindful of the desire to keep colleagues appropriately rewarded
for their performance and incentivised to deliver the best outcomes
for our shareholders during such a difficult period, we took some
immediate action to address this period of uncertainty. Firstly, we
2020/21 highlights
• Consultation with shareholders following the 2020 AGM
• Development of Remuneration Policy for 2021–24 and
a second consultation with shareholders
• Launch of a new Restricted Share Plan to broaden
colleague share ownership
2021/22 priorities
• Implement our new Remuneration Policy following
approval at the AGM
• Integrate Iron Mountain remuneration practices into
the Group
• Consider the introduction of ESG measures
• Continue to ensure our incentive arrangements
support the Group’s long-term strategy
* The Directors consider that Adjusted operating profit less a proforma
amortisation charge in respect of certain cloud-based software arrangements
is comparable to Adjusted operating profit previously reported. See Strategic
Report for further details and a reconciliation between Adjusted operating
profit of £39.2m and Adjusted operating profit less a proforma amortisation
charge in respect of certain cloud-based software arrangements of £36.2m.
100
�applied our discretion and replaced the formulaic assessment of
the financial underpin to the non-financial element of the 2019/20
bonus with a non-formulaic assessment. Secondly, we decided that
the non-financial element of the annual bonus for 2020/21 should
have a weighting of 40% of the total, compared with the previous
year’s figure of 25%. Thirdly, we decided that for 2020/21, we
would divide the year in two for bonus target setting purposes, with
one set of bonus targets based on the first six months’ performance
and a revised target being set for the second half of the year. While
many shareholders recognised this pragmatic approach, we were
disappointed that a significant minority of others voted against our
Annual Remuneration Report in 2020.
Immediately after the AGM, I therefore engaged with all major
shareholders who voted against the resolutions to better understand
their reasons for doing so. There were two main reasons which
explained their objections: some did not feel that the application
of discretion during the year to replace the annual bonus profit
underpin for 2019/20 was appropriate, while others did not support
the increased weighting on non-financial measures in the annual
bonus from 25% to 40% for 2020/21.
The Remuneration Committee acknowledged these views in its
statement in early February 2021, and whilst it still considers its
decisions were appropriate and pragmatic in the exceptional
circumstances of the pandemic, emphasised that the weighting on
non-financial measures in the annual bonus would revert to 25% of the
total in 2021/22 and that a profit underpin would be applied in future.
Development of Remuneration Policy for 2021–24 and
separate consultation with shareholders
During the 2020/21 financial year, we operated within the Remuneration
Policy that was approved by shareholders at the 2020 AGM.
With the arrival of the Covid-19 pandemic, changes to the
Remuneration Policy last year were minimal and we flagged at the
time that we planned on submitting a new Policy this year. The aim
of these changes was to reflect the strong performance of the
business and development of the senior team over a number of
years and ensure that the remuneration of our senior team is
appropriately positioned against a highly competitive market for
talent within the sectors in which NCC Group operates. We refined
some changes with our remuneration consultants and then
undertook a period of consultation with shareholders in March and
April 2021, who were supportive of our approach. Our proposed
new Remuneration Policy can be found in the next section of this
report and will be voted upon at our AGM in November.
Its main features are to make phased increases to the variable pay
opportunity for our CEO and CFO. The first of the proposed changes
will take place in 2021/22 and increase the level of LTIP from
100% of salary to 175% and 150% of salary for the CEO and CFO,
respectively. Implementation of the second increase will be take place
in 2022/23 when the annual bonus opportunity for both the CEO
and CFO will increase from 100% to 125% of salary. The Committee
considers this phased approach to be appropriate in the current
environment and these increases will be balanced by a reduction
in the threshold vesting level for the LTIP and an increase to the
toughness of the LTIP’s stretch EPS target. At the same time, if the
new Policy is approved, we will immediately reduce their pension
contributions to the workforce level of 4.5% and adopt a more
demanding post-employment shareholding policy. The overall effect
of these changes will result in levels of total remuneration that are
at or below the market level. Further details can be seen in the
next section of the report.
With respect to base pay, for the 2020/21 financial year, average
salaries in the Group rose by approximately 2.9% but we decided to
increase the salary of the CEO and CFO by 1% to take effect from
September 2020. For 2021/22, salaries increased by an average
of 3.1% and we increased the CEO’s salary by 3%, taking his base
salary to £465,000 with effect from 1 June 2021.
For the CFO, recognising that his salary is well below the level that
the Committee considers to be appropriate given his performance
and experience in the role, we consulted with shareholders to increase
his pay over a two year period. In June 2021 his salary increased
to £308,000, representing an increase of 4.9% above the average
workforce increase (i.e. 8% in total). In June 2022, we also intend to
increase his salary by up to 3% above the average workforce figure.
While these increases will still result in a below market salary, when
combined with the proposed increases to variable remuneration this
should bring his overall remuneration closer to market levels.
Launch of a new below Board Restricted Share Plan
to broaden colleague share ownership
As a Board, we remain committed to broadening share ownership
throughout the Group, both as a reward and retention tool. During
the year, we introduced our Restricted Share Plan (RSP), authorisation
for which had been granted at the 2020 AGM. An increased number
of colleagues were made a share award dependent on their continuing
service within the Group for a period of up to three years. RSPs are
extremely common in the technology sector in the USA, where we
have increased our presence in the last few years, and we expect
to issue more RSPs annually.
In addition, we also offered colleagues the opportunity to participate in
our Save As You Earn/stock purchase share plans in the UK, the US,
Canada, the Netherlands, Australia, Denmark and Spain. Once again,
these proved popular in terms of take-up and participation levels.
Non-Executive Director and Chairman’s fees
In line with our Remuneration Policy, Non-Executive Director fees
are reviewed annually. During the year, the Non-Executive Director
fees were reviewed (by the Company Chair, CEO and CFO) and
increases were proposed with effect from 1 June 2021, being the
first increases for three years. In addition, as social distancing
restrictions are being progressively removed it was decided to
reinstate the travel expense allowance with effect from 1 June 2021.
This had been withdrawn in March 2020 at the start of the pandemic
when physical Board meetings were not possible.
The Remuneration Committee also reviewed the Chairman’s fees using
data provided by our remuneration consultants. As a result the Chairman’s
fees were increased for the first time since his appointment in 2017.
Details of these fees and allowances are given in the Annual Report
on Remuneration on page 110.
Performance related pay – bonus
The annual bonus for the year ended 31 May 2021 for both the
Chief Executive Officer and Chief Financial Officer was based on the
satisfaction of stretching financial and strategic targets. This resulted
in an overall payment of 92% of base salary for the CEO and 87%
of base salary for the CFO. With respect to the financial targets,
as we reported in the Annual Report 2020, in light of the impact
of the pandemic and the difficulty in estimating its short-term impact
on the business, we decided to divide the 2020/21 financial year
into two, with the first six months of the year qualifying for up to a
30% financial bonus if the half year Adjusted operating profit less
a proforma amortisation charge in respect of certain cloud-based
software arrangements * achieved £17.0 million, with the financial
target for the second half of the year being based on a reforecast
which took place in November 2020, and an Adjusted operating profit
less a proforma amortisation charge in respect of certain cloud-based
software arrangements * of £19.0m being required for a further 30% bonus.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
101
GovernanceGovernance�Remuneration Committee report continued
Annual statement continued
Performance related pay – bonus continued
The targets for both halves of the 2020/21 financial year, were
exceeded, resulting in a total financial bonus for the year of 60%,
the maximum for this element.
For the 2020/21 financial year, the strategic objectives for both the
CEO and CFO were given a weighting of 40% in total. The bonus
earned was judged to be 32% for the CEO and 27% for the CFO.
The strategic objectives covered three areas:
• Broadening the product portfolio: the broad objective was to
offer the complete portfolio of products and services tailored to
specific customer sectors and to be able to deliver this globally.
This was broken down by market with specific revenue objectives
for different products (20%)
• Sustainability: to act as a responsible corporate citizen to ensure
our future. This included objectives with respect to training of
future leaders in the Group, diversity targets for recruitment,
the development of action plans to improve engagement with
underrepresented groups and the assessment of customer
and colleague experience (10%)
• Specific improvements and efficiencies: these were delivered
through strategic programmes with the objective of placing data
and process re-engineering at the heart of the business and
included the development of global support functions and certain
identified key hires, as well as specific global product lines (10%)
Further detail on performance against strategic objectives
is provided later in the report.
For both the CEO and CFO, 35% of the actual bonuses achieved will be
deferred into nominal cost share options and will vest after two years.
Clawback and malus provisions are also in place for the annual bonus.
For 2021/22, the Committee will change the annual bonus
weightings back to its more normal weightings of 75% financial
and 25% non-financial. For the financial bonus, as in previous years,
it will be set within a tight range with bonuses between 15% and
75% of base salary being calculated by linear interpolation. For
2021/22, we will introduce a revenue target component for both
the Assurance and Software Resilience businesses to complement
the targets on Adjusted operating profit.
Strategic targets for 2021/22
For the CEO, the strategic targets will be grouped under the
following broad headings:
• Integration of Iron Mountain IPM division: this will include
specific targets for systems, people, customer and operating
model integration (10% in total)
• Strategic objectives within the Assurance business: these
will include specific targets for the development of the MDR and
Remediation businesses (10% in total)
Performance related pay – LTIP
The grant of the 2020–23 LTIPs was delayed as a result of extended
prohibited periods including those connected to the acquisition of
the Iron Mountain IPM division, as a result of which the grants which
would ordinarily have been made in the autumn of 2020 were not
made until May 2021. The awards will vest subject to demanding
EPS, cash and relative TSR targets outlined later in this report.
The LTIP outcome for those LTIPs issued in 2018 was an award
equivalent to 40% of the maximum award, which in the case of the
CEO constituted an award of 78,914 shares, and the CFO
constituted an award of 49,779 shares.
Our LTIP award for 2021–24 will be granted after our next AGM
in November and subject to shareholder approval of the revised
Remuneration Policy, the Committee intends to make awards of
up to 175% of base salary for the CEO and 150% for the CFO
compared to 100% of base salary for both executives as at present.
These will vest after three years as long as a number of demanding
performance targets are satisfied. As in previous years, 60% of the
potential award will be based on the achievement of a demanding
EPS target, 30% on the achievement of certain cash targets
and 10% on relative TSR targets. We plan to issue LTIPs to the
Executive Directors shortly after the 2021 AGM in November 2021.
Clawback and malus provisions are in place for the LTIP.
In order to further align executives with shareholders, executives
are required to retain any LTIP vested shares (net of tax) for a
period of two years. After this holding period, all vested shares must
also be retained if the shareholding requirement has not been met.
In addition, our new post-employment shareholding policy requires
executives to retain the lower of the value of their holding on
cessation or 200% of salary for the first year following cessation,
reducing to 100% of salary for the second year following cessation.
It is envisaged that this will be managed through a restricted account
maintained by NCC’s registrars and the Company Secretariat.
At the AGM in October 2020, 51.53% of shareholders voted in
favour of the adoption of the Annual Report on Remuneration.
The 2021 Annual Statement and Annual Report on Remuneration
will be put to an advisory vote at the AGM on 4 November 2021,
providing shareholders with the opportunity to express their support
on how the Committee has implemented the Remuneration Policy
this year. As always, the Committee remains committed to
engagement and transparency and I welcome the opportunity
for discussion of the Group’s remuneration with any shareholder,
at our AGM or at any other time during the year.
During the coming year, we intend to focus on embedding our
2021–24 Remuneration Policy along with continuing to focus
on the Committee’s responsibilities under the 2018 UK Corporate
Governance Code (the ‘Code’).
These include:
• Sustainability objectives: these will include objectives with
respect to diversity targets, colleague retention in certain areas,
and corporate social responsibility (5% in total)
• Ensuring that the Remuneration Policy continues to support and
incentivise the achievement of our strategy and considering the
incorporation of ESG measures
For the CFO, the strategic objectives will be similar but, instead of
strategic objectives within the Assurance business, he will have
objectives related to the effective configuration and optimisation of
our integrated systems to meet the evolving needs of the business.
• Setting the remuneration for the Executive Committee (i.e. the
layer of senior management immediately below Board level) and
monitoring the success of the Restricted Share Plan
• Ensuring that the Committee takes into account workforce remuneration
and related policies when setting executive remuneration
* The Directors consider that Adjusted operating profit less a proforma amortisation
charge in respect of certain cloud-based software arrangements is comparable to
Adjusted operating profit previously reported. See Strategic Report for further details
and a reconciliation between Adjusted operating profit of £39.2m and Adjusted
operating profit less a proforma amortisation charge in respect of certain cloud-based
software arrangements of £36.2m.
Jonathan Brooks
Chair, Remuneration Committee
14 September 2021
102
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Directors’ remuneration policy
The Remuneration Committee determines the Company’s policy on the remuneration of the Executive Directors and (from 1 June 2019)
the Executive Committee (ExCom). The principles which underpin the Remuneration Policy for the Company are to:
• Ensure Executive Directors’ rewards and incentives are directly aligned with the interests of the shareholders in order to reinforce the
strategic priorities of the Group, optimise the performance of the Group and create long-term sustained growth in shareholder value,
without encouragement to take undue risk
• Provide the level of remuneration required to attract, retain and motivate Executive Directors and senior executives of an appropriate
calibre
• Ensure a proper balance of fixed and variable performance related components, linked to short and longer-term objectives and delivered
in a mix of cash and shares
• Reflect market competitiveness, taking account of the total value of all the benefit elements
Our remuneration strategy has been designed to reflect the needs of a complex multinational organisation, which has grown both organically
and by acquisition.
Remuneration for the Executive Directors is structured so that the variable pay elements (annual bonus and long-term incentives) form a
significant proportion of the overall package. This provides a strong link between the remuneration paid to Executive Directors and the
performance of the Group, as well as providing a strong alignment of interest between the Executive Directors and shareholders.
For the purposes of section 226D-(6)(b) of the Companies Act 2006, this Policy, if approved, will take effect from the date of the 2021 AGM
on 4 November 2021.
Current Policy table for Executive Directors
Purpose and link to short
and long-term strategic
objectives
Salary
Operation (including framework to assess performance)
Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
To attract, retain and
reward high calibre
Executive Directors
The Remuneration Committee reviews salaries for Executive
Directors and also the Executive Committee (ExCom) annually
unless responsibilities change.
Details of current Executive
Director salaries are set out on
page 110.
N/A
Pay reviews take into account Group and personal performance.
Salaries are set on appointment and benchmarked periodically
against market data for companies operating in IT services,
management consulting and relevant high tech sectors, which,
although not directly comparable, provide an indicative range.
In setting appropriate salary levels the Committee takes into
account pay and employment conditions of colleagues elsewhere
in the Group, alongside the impact of any increase to base
salaries on the total remuneration package.
Any changes are normally effective from 1 June each year.
Salary increases are normally
in line with those for other
colleagues but also take
account of other factors such
as changes to responsibility,
development and the
complexity of the role.
Benefits
To attract, retain and
reward high calibre
Executive Directors
Benefits in kind currently include the provision of a car or car
allowance, payment of private fuel, car insurance, private medical
insurance, life assurance and permanent health insurance.
Executive Directors may be invited to participate in the Sharesave
Scheme approved by HMRC or other benefits introduced for
all colleagues.
Market-competitive benefits.
N/A
SAYE Sharesave Scheme
subject to HMRC-approved
limits.
Pension
To provide a
competitive benefit,
which attracts high
calibre executives
and allows flexible
retirement planning to
suit individual needs
Executive Directors are entitled to a Company pension
contribution, which is paid into the Group defined contribution
personal pension scheme.
They can also opt to have the same level of contribution made
in the form of a cash contribution.
For both the current CEO and CFO, cash contributions in lieu
of a pension are paid.
Until 30 November 2021: up
to 10% of base salary as a
contribution into the Group
scheme or base salary
supplement of 10% of
base salary.
From 1 December 2021:
capped at the level of the
majority of the workforce
(currently 4.5%).
Alignment
of Executive
Directors’
pensions with
the wider
workforce
from
1 December
2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
103
GovernanceGovernance�Remuneration Committee report continued
Directors’ remuneration policy continued
Current Policy table for Executive Directors continued
Purpose and link to short
and long-term strategic
objectives
Annual bonus
To drive and reward
sustainable business
performance
Operation (including framework to assess performance)
Maximum opportunity
125% of base salary.
A lower maximum of 100%
of base salary will be
operated in 2021/22.
Based on a range of stretching targets measured over one year.
This might include, but not exclusively, profit measures and other
strategic objectives such as cash management, brand development,
customer satisfaction and retention, business unit sales growth
and colleague engagement. Performance below the minimum
performance target results in no bonus. No more than 20% of
the maximum opportunity is paid for achievement of the threshold
performance targets. Payments rise from the threshold payment
to 100% of the maximum opportunity for levels of performance
between the threshold and maximum targets. The rate of the
rise and the various payment targets are determined annually
by the Committee.
The Committee has discretion to reduce the formulaic
bonus outcome if individual performance is determined
to be unsatisfactory or if the individual is the subject of
disciplinary action.
At least 35% of any bonus payment is normally deferred into
shares or nominal cost share options which vest after a two year
period. Dividend equivalents are paid on vesting share options.
Malus and clawback provisions are in place for both cash and
deferred elements.
Long Term Incentive Plan
To drive long-term
performance in line
with Group strategy
and incentivise
through share
ownership
Awards have a performance period of at least three years and
normally must be held for a further two years after vesting.
The level of vesting is determined by measures appropriate to the
strategic priorities of the business. At least half of any award will
normally be subject to financial performance measures. Measures
might include, but not exclusively, EPS, cash flow and relative
TSR metrics.
Award over shares with a
face value at grant of 175%
of salary p.a. with awards to
the CFO normally capped at
150% of salary.
The Remuneration Committee has the discretion to determine
the number of measures to be used.
Performance below the threshold target results in no vesting.
For performance between the threshold target and maximum
performance target, vesting starts at 15% and rises to 100%
of the shares vesting.
Should a change in control of the Group occur, crystallisation of any
LTIP awards is within the discretion of the Remuneration Committee.
Malus and clawback provisions are in place.
Changes since
last Directors’
Remuneration
Policy
With effect
from
2022/23, the
intention is to
increase the
opportunity to
125% of
salary for both
the CEO and
CFO.
For any
awards made
following the
2021 AGM,
the intention
is to increase
the award to
175% for the
CEO, and to
150% for
the CFO.
104
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Purpose and link to short
and long-term strategic
objectives
Operation (including framework to assess performance)
Maximum opportunity
Executive Director shareholding requirement
To align the interests
of Executive
Directors with the
interests of all
of the Company’s
shareholders
The Executive Directors are expected to build and retain a
shareholding in the Group at least equivalent to 200% of base
salary. Executives will be required to retain all vested deferred
bonus shares and LTIP shares released from the holding period
until they have attained the minimum shareholding requirement
and even then they may normally only sell when they have held
vested LTIP shares for a minimum period of two years.
N/A
For the avoidance of doubt, Executive Directors are permitted
to sell sufficient shares in order to meet any tax or withholding
obligation arising from vesting shares.
Retention of shares post-employment: Executives will be
expected to retain the lower of their holding on cessation or
200% of salary for the first year following cessation, reducing to
100% of salary for the second year. Only shares granted from the
conclusion of the 2021 AGM will count towards this requirement.
Changes since
last Directors’
Remuneration
Policy
For any
awards made
following the
2021 AGM,
the post-
employment
shareholding
policy will
require 200%
of base salary
to be held in
the first year
post-
employment,
falling to
100% for the
second year.
Choice of performance measures and target setting
For both the annual bonus and LTIPs, the objective of our Policy is to choose performance measures which help drive and reward the
achievement of our strategy and which also provide alignment between executives and shareholders. The Committee reviews metrics
annually to ensure they remain appropriate and reflect the future strategic direction of the Group.
Targets for each performance measure are set by the Committee with reference to internal plans and external expectations. Performance
is generally measured so that incentive payouts increase pro rata for levels of performance in between the threshold and maximum
performance targets.
With regard to the annual bonus, the Remuneration Committee believes that a simple and transparent scheme with sufficiently stretching
targets and an element of bonus deferral prevents short-term decisions being made and ensures that the executives are focused on the
delivery of sustainable business performance. For 2021/22, overall Adjusted operating profit and revenue growth by division have been
selected as the principal financial measures, with non-financial measures selected that support the delivery of our key in-year strategic goals.
With regard to the LTIP, the Committee believes in setting demanding objectives, which reward steady, progressive growth, in order to
incentivise and encourage long-term growth and enhance shareholder value. EPS, cash conversion and relative TSR have been chosen for
the awards to be granted in 2021/22 as these meet these criteria and are aligned with our strategy.
Performance measures and targets are disclosed in the Annual Report on Remuneration. In cases where targets are commercially sensitive,
for example annual profit targets for the annual bonus, they will normally be disclosed retrospectively in the year in which the bonus is paid.
Differences in Remuneration Policy for colleagues and Executive Directors
The principles behind the Remuneration Policy for Executive Directors are cascaded down through the Group and their aims are to attract
and retain the best staff and to focus their remuneration on the delivery of long-term sustainable growth by using a mix of salary, benefits,
bonus and longer-term incentives.
As a result, no element of the Executive Director Remuneration Policy is operated exclusively for Executive Directors other than the
post-employment shareholding policy:
• The annual performance related pay scheme for Executive Directors is largely the same as that of the Executive Committee and other
senior managers within the business and all are aligned with similar business objectives
• Participation in the LTIP is extended to the Executive Committee and other senior managers where possible although restricted shares
rather than performance shares are typically granted at levels below the Executive Committee
• The pension scheme is operated for all permanent colleagues and from 1 December 2021 the Executive Directors will receive the same
level of contribution as the majority of other colleagues
The main difference between pay for Executive Directors and colleagues is that, for Executive Directors, the variable element of total
remuneration is greater while the total remuneration opportunity is also higher to reflect the increased responsibility of the role. In addition,
we have the ability to grant awards of restricted shares to Executive Committee members. This will enable us to be competitive in certain
markets, most notably the USA, where such plans are very much part of any executive remuneration package.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
105
GovernanceGovernance�Remuneration Committee report continued
Directors’ remuneration policy continued
Non-Executive Director Policy table
Purpose and link to
short and long-term
strategic objectives
Fees
Operation (including framework to assess performance)
Maximum opportunity
To attract, reward and
retain experienced
Non-Executive
Directors
Fees for the Non-Executive Directors are determined by the
Board within the limits set by the Articles of Association and are
based on information on fees paid in similar companies, taking
into account the experience of the individuals and the relative
time commitments involved.
There will be separate disclosures of fees paid for chairing the
Audit and Remuneration Committees and for acting as Senior
Independent Director or for other additional responsibilities.
Fees for the Non-Executive Directors are reviewed annually.
Additional fees may be paid in certain circumstances such as
taking on extra duties, or if exceptionally the time commitment
is significantly increased.
An expenses allowance is paid or alternatively any reasonable
business related expenses (including tax thereon) can be
reimbursed if determined to be a taxable benefit.
Current fee levels are set out
on page 110.
The overall fee limit will be
within the current £750,000
limit set out in the Company’s
Articles of Association,
approved on 25 September
2019, which is subject to
increase on 25 September
each year by the same
percentage increase as the
percentage increase in the
General Index of Retail Prices
for all items (or such other
comparable index as may be
substituted for it from time to
time before such anniversary)
in the 12 months immediately
preceding such date.
Changes since
last Directors’
Remuneration
Policy
The overall fee
limit is now
£750,000.
Extra fees
may be paid
in certain
circumstances
such as taking
on extra
duties.
Approach to recruitment
The principle applied in the recruitment of a new Executive Director is for the remuneration package to be set in accordance with the terms
of the approved Remuneration Policy for existing Executive Directors in force at the time of appointment. Further details of this Policy for
each element of remuneration are set out below.
Pay element
Approach
Areas of flexibility
Salary
Set to reflect the executive’s skills and
experience, the Company’s intended pay
positioning and the market rate for the
applicable role.
Benefits and
pension
Benefits will be provided in line with those offered
to other Executive Directors, taking account of
local market practice, with relocation expenses
or arrangements provided if necessary.
The Committee will have the discretion to allow phased salary
increases over a period of time for newly appointed Directors,
even though this may involve increases in excess of the rate for
the wider workforce and inflation in circumstances where starting
salary was below median levels.
Tax equalisation may also be considered if an Executive
Director is adversely affected by taxation due to their
employment with the Company. The Company may also pay
legal fees and other costs incurred by the individual. These
would all be disclosed. Pension would be set in line with the
workforce level.
The aggregate ongoing incentive opportunity
offered to new recruits will be no higher than
that offered under the annual bonus plan and
the LTIP to the existing Executive Directors.
Different performance measures and targets may be set
initially for the annual bonus plan, taking into account the
responsibilities of the individual and the point in the financial
year at which they join.
Incentive
opportunity
“Buyout” awards
Sign-on bonuses are not generally offered by the Group but,
at Board level, the Committee may offer additional cash and/or
share-based “buyout” awards when it considers these to be in
the best interests of the Company and, therefore, shareholders,
including awards made under Listing Rule 9.4.2R. Any such
“buyout” payments would be based solely on remuneration lost
when leaving the former employer and would reflect the delivery
mechanism such as cash, shares, options, time horizons and
performance requirements attaching to that remuneration.
In addition, any other ongoing remuneration obligations
existing prior to appointment may continue, provided that they
are put to shareholders for approval at the first AGM following
their appointment.
Transitional
arrangements
for internal
appointments
to the Board
In the case of an internal appointment, any variable
pay element awarded in respect of the prior role
may be allowed to pay out according to its terms
on grant, adjusted as relevant to take into account
the appointment.
106
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Approach to service contracts and letters of appointment
The Committee’s policy is to offer service contracts for Executive Directors with notice periods of between six and 12 months exercisable
by either party. In addition, the Executive Directors are subject to a non-compete clause from the date of termination, where enforceable.
All Non-Executive Directors’ appointments are terminable on at least three months’ notice on either side.
The Executive Directors and Non-Executive Directors offer themselves for re-election at the AGM every year.
Policy on payment for loss of office
Payments on termination for Executive Directors are restricted to the value of salary and contractual benefits for the duration of the notice
period. It is the policy of the Remuneration Committee to seek to mitigate termination payments and pay what is due and fair. There are no
predetermined special provisions for Executive Directors with regard to compensation in the event of loss of office. The Company may also
pay an amount considered to be reasonable by the Committee where loss of office is due to redundancy or in respect of fees for legal advice
for the outgoing Director or to settle or compromise any legal claims. Assistance with outplacement may also be provided.
Elements of variable remuneration would be treated as follows:
Pay element
Approach
Areas of flexibility
Annual bonus
Determined on a case-by-case basis. When the Committee
determines that the payment of an annual bonus is
appropriate, the annual bonus payment is typically:
• Prorated for the period of time served from the start of
the financial year to the date of termination and not for
any period in lieu of notice or garden leave
• Subject to the normal bonus targets, tested at the end
of the year, and would take into account performance
over the notice period
• Subject to deferral of 35% of the value
The Committee has the discretion to pay cash bonus
amounts or allow deferred bonus awards to vest on
cessation or whether they lapse. If the Committee
exercises this discretion, it can also determine if the
vesting should be prorated to reflect time served since
the beginning of the deferral date. The same
discretionary principle would apply to the payment
of dividend equivalents on any shares that have
been deferred, but not yet vested.
Long Term
Incentive Plan
Unvested awards will normally lapse upon cessation
of employment.
The Committee has discretion to allow awards to vest
at the normal vesting date or earlier. If the Committee
exercises this discretion, awards are normally prorated to
reflect time served since the date of grant and based on
the achievement of the performance criteria. The holding
period detailed above will apply to such incentives.
All-colleague share
schemes
The Executive Directors, where eligible for participation in
all-colleague share schemes, participate on the same
basis as for other colleagues.
None.
Illustration of remuneration scenarios
The chart below details the hypothetical composition of each Executive Director’s remuneration package and how it could vary at different
levels of performance under the new Remuneration Policy set out above.
2,500
2,000
1,500
0
0
0
£
1,000
500
0
£2,188,000
£1,781,000
£856,000
14%
27%
£502,000
46%
56%
26%
21%
£1,354,000
£1,123,000
£576,000
12%
27%
£353,000
41%
51%
27%
23%
100%
59%
28%
23%
100%
61%
32%
26%
Minimum
Target
Maximum
Maximum +
50% share
price growth
Minimum
Target
Maximum
Maximum +
50% share
price growth
Chief Executive Officer
Chief Financial Officer
Long-term incentives
Annual bonus
Fixed pay
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
107
GovernanceGovernance�Remuneration Committee report continued
Directors’ remuneration policy continued
Illustration of remuneration scenarios continued
Note that the charts are indicative, as actual amounts may depend on share price. Assumptions made for each scenario are as follows:
• Minimum. Fixed remuneration only: salary, benefits and pension. Salary based on 2021/22 salary and benefits based on 2020/21
disclosed benefit amounts
• Target. Fixed remuneration plus “target” annual bonus opportunity of 50% of salary for both the Chief Executive Officer and Chief Financial
Officer, plus 15% vesting of the maximum award under the Long Term Incentive Plan. NCC does not use the concept of a “target” bonus;
however, in order to be fully compliant with the regulations an assumption of 50% of the maximum for 2021/22 has been used
• Maximum. Fixed remuneration plus maximum annual bonus opportunity equivalent to 100% of salary for both the Chief Executive
Officer and Chief Financial Officer for 2021/22, as well as 100% vesting of the maximum award under the Long Term Incentive Plan,
being 175% of salary for the CEO and 150% of salary for the CFO. Note that from 2022/23 it is intended that the maximum annual
bonus will increase from 100% of salary to 125% of salary
• Effect of a 50% increase in share price. Same assumptions as for the maximum scenario, but with the additional assumption that the
value of LTIP awards increases by 50% as a result of share price appreciation over the performance period
Statement of consideration of employment conditions elsewhere in the Group
The Remuneration Committee does not consult directly with colleagues when determining the Remuneration Policy for Executive Directors.
However, as stated above, the annual bonus and LTIP are operated for other colleagues to ensure alignment of objectives across the Group
and the terms of the pension scheme (save for the contribution entitlements) are the same for all permanent colleagues. In addition, the
Committee compares information on general pay levels and policies across the Group when setting Executive Director pay. Jennifer Duvalier
undertakes regular colleague engagement sessions where colleagues are able to ask about Executive Director pay. During the year no
questions or concerns on Executive pay were raised to Jennifer (please see page 80 for further information).
How shareholder views are taken into account
The Remuneration Committee considers shareholder feedback received on the Directors’ Remuneration Report each year and guidance
from shareholder representative bodies more generally. Shareholders’ views are key inputs when shaping remuneration policy. When any
material changes are proposed to the Remuneration Policy, the Remuneration Committee Chair will inform major shareholders in advance
and will generally offer a meeting to discuss these.
Key areas of discretion in the Remuneration Policy
The Committee operates the Group’s variable incentive plans according to their respective rules and in accordance with HMRC rules where
relevant. To ensure the efficient administration of these plans, the Committee will apply certain operational discretions. These discretions are
implicit in the Policy stated above, but we have listed them for clarity. These include, but are not limited to, the following:
• Selecting the participants in the incentive plans on an annual basis
• Determining the timing of grants of awards and/or payments
• Determining the quantum of awards and/or payments (within the limits set out in the Policy table)
• Reviewing performance against annual bonus and LTIP performance metrics
• Determining the extent of payout or vesting based on the assessment of performance
• Making the appropriate adjustments required in certain circumstances, for instance for changes in capital structure
• Determining “good leaver” status for incentive plan purposes and applying the appropriate treatment
• Undertaking the annual review of weighting of performance measures and setting targets for the incentive plans, where applicable, from
year to year
• Discretion to override formulaic outcomes of the incentive schemes if an event occurs which results in the annual bonus plan or LTIP
performance conditions and/or targets being deemed no longer appropriate (e.g. material acquisition or divestment); the Committee will
have the ability to adjust appropriately the measures and/or targets and alter weightings, provided that the revised conditions are not
materially less challenging than the original conditions
• Discretion to override formulaic vesting outcomes if they are judged by the Committee not to be an accurate reflection of Company performance
Legacy arrangements
For the avoidance of doubt, in approving the Remuneration Policy, authority is given to the Company to honour any commitments entered into with
current or former Directors before the current legislation on remuneration policies came into force or before an individual became a Director, such
as the payment of outstanding incentive awards, even where it is not consistent with the policy prevailing at the time such commitment is fulfilled.
Details of any payments to former Directors will be set out in the Annual Report on Remuneration as they arise.
External directorships for Executive Directors
Executive Directors may accept one external non-executive directorship with the prior agreement of the Board, provided it does not conflict
with the Group’s interests and the time commitment does not impact upon the Executive Director’s ability to perform their primary duty. The
Executive Directors may retain the fee from external directorships.
108
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Annual report on remuneration
This part of the report has been prepared in accordance with Part 3 of The Large and Medium-sized Companies and Groups (Accounts and
Reports) (Amendment) Regulations 2013 as amended and 9.8.8R of the Listing Rules.
The following report will be subject to an advisory shareholder vote at the 2021 AGM, which is scheduled to be held on 4 November 2021.
The information on pages 109 to 118 has been audited where indicated.
How will the Remuneration Policy be implemented in the year ending 31 May 2022?
Executive Directors’ base salaries
The Committee has decided to award a salary increase to the Chief Executive Officer of 3%, which is in line with the average increase for
the workforce of 3.1%. As set out in the Annual Statement, the base salary of the Chief Financial Officer is significantly below the market
level for comparable roles and a base salary increase of approximately 4.9% above the level of the workforce with effect from 1 June 2021.
The table below details the Executive Directors’ salaries as at 31 May 2021 and salaries which took effect from 1 June 2021:
Chief Executive Officer
Chief Financial Officer
Base salary
at 31 May
2021
£000
Base salary
at 1 June
2021
£000
451
285
465
308
% change
3%
8%
Pension and benefits
There will be no changes to benefits provision. Effective 1 December 2021, and conditional on the approval of the Directors’ Remuneration
Policy at the 2021 AGM, the CEO’s and CFO’s pension provision will reduce from 5% of base salary and 10% of base salary, respectively,
to the level of the wider workforce, which is currently 4.5%. These contributions are cash payments in lieu of formal pension contributions.
Annual bonus
The annual bonus maximum for the Chief Executive Officer and the Chief Financial Officer in 2021/22 will be 100% of salary with 75%
based on the achievement of certain Adjusted operating profit and revenue targets and 25% based on the achievement of strategic targets
as outlined on page 102.
A financial underpin will apply to the revenue and non-financial bonus targets.
To the extent they are no longer commercially sensitive, these targets will be disclosed in next year’s report.
In addition, to ensure that this bonus opportunity results in shareholder alignment and provides greater retention value, 35% of any bonus
payment will be deferred into nominal cost share options for two years.
The bonus, nominal cost share options and associated dividend equivalents are also subject to malus and clawback provisions.
Long Term Incentive Plan (LTIP)
Subject to approval of the new Remuneration Policy it is intended that awards with a maximum value of 175% and 150% of base salary
to the CEO and CFO respectively will be made under the LTIP shortly following the 2021 AGM.
These will be subject to a two year post-vesting holding period for the Executive Directors. As well as the holding period, the executives have
to achieve a shareholding requirement of 200% of salary (post shares sold to cover any tax) before they can sell any shares that vest, with
these awards also counting towards the post-employment shareholding requirement. The awards are also subject to malus and
clawback provisions.
The vesting of these LTIP awards will be based on earnings per share (60%), a cash flow metric (30%) and a relative total shareholder return
metric (10%). 15% of each element will vest at the threshold performance level, rising to 100% vesting at maximum. The proposed targets
are as follows:
Metric
Earnings per share growth
Average cash conversion
Relative TSR vs FTSE 250
(excluding investment trusts)
Weight
60%
30%
10%
Threshold (15% vests)
Maximum (100% vests)
9% p.a.
70%
Median
22.5% or higher
80% or higher
Upper quartile or above
For performance between threshold and maximum, awards vest on a straight-line basis.
The Committee believes that these three measures are transparent, easy to understand, easy to track and communicate, cost effective
to measure and fundamentally aligned to the Group’s strategic goals.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
109
GovernanceGovernance�Remuneration Committee report continued
Annual report on remuneration continued
Non-Executive Directors’ remuneration
In line with the current Policy, Non-Executive Director fees are reviewed annually.
Annualised fees (inclusive of travel allowance of £8,200 for the Chair and £4,750 for other Non-Executive Directors which was waived in 2020/21)
Chris Stone
Chris Batterham
Jonathan Brooks
Mike Ettling
Jennifer Duvalier
As at
1 June
2021
£000
158
75
65
55
60
As at
1 June
2020
£000
147
64
58
51
51
How has the Remuneration Policy been implemented in the year ended 31 May 2021?
This section sets out how the Remuneration Policy was implemented in 2020/21. The key implementation decisions during the year related to:
• Review of salary increases for Executive Directors
• The determination of annual bonus outcomes for the 2020/21 performance period
• The performance targets and value of awards granted under the LTIP, which will vest in 2023
Further detail on these decisions, together with other information on payments made to Directors, is set out in the following sections.
Single total figure of remuneration (audited)
The detailed emoluments received by the Executive and Non-Executive Directors for the year ended 31 May 2021 are below:
Director
Chris Stone
Adam Palser
Tim Kowalski 6
Chris Batterham
Jonathan Brooks
Jennifer Duvalier 7
Mike Ettling
Total
Salary/
Non-Executive
Director fees 1
£000
138
145
450
447
284
282
59
63
53
57
51
50
46
50
Benefits 2
£000
Pension
benefits 3
£000
Total
fixed pay
£000
Annual
bonus 4
£000
Long-term
incentive 5
£000
–
–
16
16
31
17
–
–
–
–
–
–
–
–
–
–
22
22
28
28
–
–
–
–
–
–
–
–
138
145
488
485
343
327
59
63
53
57
51
50
46
50
–
–
414
103
247
56
–
–
–
–
–
–
–
–
–
–
218
273
137
–
–
–
–
–
–
–
–
–
Total
variable
pay
£000
–
–
632
376
384
56
–
–
–
–
–
–
–
–
Total
£000
138
145
1,120
861
727
383
59
63
53
57
51
50
46
50
1,081
1,094
47
33
50
50
1,178
1,177
661
159
355
273
1,016
313
2,194
1,609
Year ended
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
31 May 2021
31 May 2020
1
2
3
4
5
The Chair and Non-Executive Directors each receive an allowance paid as part of their base fees of £8,200 and £4,750 respectively, to cover all travel and expenses related to their
roles on the Board. In light of Covid-19 and the fact that Board meetings were being held virtually, these allowances were not paid between 1 June 2020 and 31 May 2021.
Taxable benefits include the provision to every Executive Director of a car or car allowance, payment of private fuel, car insurance, private medical insurance, life assurance and
permanent health insurance. In 2020/21, Tim Kowalski switched from receiving a car allowance to a leased vehicle at no additional cost to the Group. The P11D value of the leased
vehicle is higher than the monthly cash value of the car allowance which he forfeited.
Pension benefits include employer contributions to the Group pension scheme and payments in lieu of pension contributions. The Company provided pension payments in lieu
of pension contributions for two Executive Directors during the year ended 31 May 2021.
Annual bonus payments for performance in the relevant financial year; 35% of this bonus is deferred into nominal cost share options for two years. Dividend equivalents accrue
on these shares.
Long-term incentive awards vesting under the LTIP. 78,914 shares vested to Adam Palser and 49,773 shares vested to Tim Kowalski with respect to the LTIP granted in 2018
which had a performance period ending on 31 May 2021. These have been valued using a share price of £2.76 which is the three month average share price over March, April
and May 2021. These shares were awarded based on a share price of £2.21 on the day before the date of grant. As a result, the change in share price since the date of grant has
resulted in an increase in value of £43,402.70 and £27,375.15 respectively. With regard to the LTIP awards with a performance period ending on 31 May 2020, 93,533 shares
vested to Adam Palser which have been valued using the share price at the date of vesting of £2.92.
6 Tim Kowalski was appointed as Chief Financial Officer on 23 July 2018.
7 Jennifer Duvalier’s fee was increased by £5,000 with effect from 1 June 2020 to reflect her additional responsibilities for engaging with colleagues on behalf of the Board.
110
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Additional information in respect of the single total figure of remuneration
Annual bonus
2020/21 annual bonus (audited)
For the year ended 31 May 2021, the maximum potential bonus opportunity for Adam Palser was 100% of salary. For Tim Kowalski, the
maximum potential bonus opportunity was also 100% of salary. For the year ended 31 May 2021, bonuses of 92% and 87% of base salary
respectively were payable.
The actual bonus awarded to Adam Palser was £413,876 and to Tim Kowalski was £247,071 based on the achievement of the
performance conditions set out below. 35% of each payment will be deferred into nominal cost share options for two years, with the
remaining 65% paid in cash. The performance measures and targets are set out below.
Financial targets – up to 60% of the bonus
30 November 2020
Adjusted operating
profit less a proforma
amortisation charge in
respect of certain
cloud-based software
arrangements *
31 May 2021
Adjusted operating
profit less a proforma
amortisation charge in
respect of certain
cloud-based software
arrangements *
Strategic targets
Performance targets
Threshold
Maximum
Actual
Threshold
Maximum
Actual
£11.5m
£12.5m
£17.0m
£16.0m
£19.0m
£19.2m
Weighting (% of salary)
Weighting (% of salary)
Payout (% of salary)
Weighting (% of salary)
Weighting (% of salary)
Payout (% of salary)
The strategic targets were set individually
for the Executive Directors based on key
strategic objectives for the year in their area
of responsibility – see below
Weighting (% of salary)
Payout (% of salary)
Adam Palser
Tim Kowalski
6%
30%
30%
6%
30%
30%
40%
32%
6%
30%
30%
6%
30%
30%
40%
27%
Payout (% of salary)
92%
87%
Total bonus
£413,876
£247,071
Amount paid in cash
£269,019
£160,596
Amount deferred in shares
£144,857
£86,475
* The Directors consider that Adjusted operating profit less a proforma amortisation charge in respect of certain cloud-based software arrangements is comparable to Adjusted
operating profit previously reported. See Strategic Report for further details and a reconciliation between Adjusted operating profit of £39.2m and Adjusted operating profit less
a proforma amortisation charge in respect of certain cloud-based software arrangements of £36.2m.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
111
GovernanceGovernance�Remuneration Committee report continued
Annual report on remuneration continued
Additional information in respect of the single total figure of remuneration continued
Annual bonus continued
Strategic targets – up to 40% of the bonus
The table below highlights the key strategic targets and achievements for each Executive Director. Bonus target ranges have been disclosed
to the extent possible, but the achievement of some areas is determined by the Committee based on its judgement of performance.
Maximum % of bonus Target and performance conditions
20%
Broaden the portfolio (20%)
EaaS orders (5%) – Target range of £1.5m to £2.0m. Exceeded max target by +10%.
Remediation revenue (5%) – Target range of £1.0m to £1.5m. Exceeded max target by +40%.
MDR revenue growth (5%) – Target range of 15% to 20% growth. Positive double-digit growth
was achieved but below the target range.
Hyperscaler (2%) – Target to certify 43 new consultants and deploy them successfully. Target
was exceeded with more than 43 consultants certified and deployment resulting in launch of
Sentinel offering, sales growth, and strong pipeline.
Data (3%) – Target of progress towards (1) being able to benchmark clients’ cyber maturity and
underpin FY22 revenues and (2) improved data analytics and machine learning to satisfy our
more demanding MDR clients and underpin future revenue growth. Both objectives were met
and exceeded as models have been developed and even deployed to meet both objectives.
Sustainability (10%)
Diversity (3%) – Evidence of a comprehensive programme to nurture and promote diversity and inclusion
including: effective steering committees, improved hiring practices, rollout of unconscious bias training and
awareness raising/engagement programme. Target achieved and exceeded as all objectives achieved and
demonstrating success.
Diversity (2%) – Evidence of greater diversity and inclusion in the workforce, especially in leadership roles.
Target achieved and exceeded by improving hiring practices which has resulted in the number of men
employed for every woman reducing by over 50% at senior levels and by 11% overall.
Reduce attrition (3%) – Target range for a reduction of 1% to 2%. Performance below threshold.
Clear measurement of colleague and customer engagement (2%) – achieved.
Key hires (5%) – Progress against recruitment/upgrade plan measured through: assessment of number
and quality of hires, team progress against development plans, and how these changes have improved
reporting deliverables. Partial achievement and progress made.
Improvement and efficiencies (10%)
Overheads as % revenue (3%) – Target to reduce overheads/revenue vs. prior year – achieved
and exceeded.
Creation of an EU division (2%) – Evidence of the successful creation of a single (Continental)
European division. Achieved – new MD in place and management team confirmed.
Global resourcing (3%) – 3% awarded if there is >20% increase in cross-border delivery
(demonstrating our global way of operating). Achieved and exceed with an increase of over 100%.
Creation of “Global Professional Services” and “Global Managed Services” business to underpin
future growth and efficiency (2%). Set-up of global product lines with strategic business plans in
place and initial progression tracked against these. Achieved.
Finance function (7%) – Evidence of team improvements and efficiencies including: systems installation
to time/quality/risk targets, assessment, design, and delivery of new reporting requirements for Europe
and GPS/GMS, improvement in timings/accuracy/quality of month end and end of year reporting and
quality of analyst presentations. Evidence of progress in all areas and improvement in quality of analyst
presentations, but too early to judge the success of all actions taken. As a result, a partial outcome was
awarded.
5%
5%
5%
2%
3%
3%
2%
3% (CEO)
2% (CEO)
5% (CFO)
3%
2% (CEO)
3% (CEO)
2% (CEO)
7% (CFO)
Total
31 May 2021
Adam Palser
Tim Kowalski
5%
5%
0%
2%
5%
5%
0%
2%
3%
3%
15%
15%
3%
3%
2%
2%
0%
2%
–
–
–
2%
7%
7%
3%
2%
3%
2%
3%
–
–
–
–
2%
10%
32%
5%
27%
112
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Long Term Incentive Plan vesting
The LTIP awards made in August 2018 vested in May 2021. Adam Palser and Tim Kowalski were beneficiaries of these and achieved
a vesting of 40% of the award of 197,285 and 124,434 shares respectively, being 78,914 and 49,773 shares respectively:
Executive
Number of
LTIP awards 1
Basis
Performance condition
Adam Palser
197,285
Tim Kowalski
124,434
100% of
base salary
Vesting determined by:
• Growth in Adjusted EPS 3 over the performance period
• Average cash conversion ratio ³ over the performance period
• TSR over the performance period vs FTSE 250 comparator group
The performance conditions for these awards are set out below:
Performance period
1 June 2018
to 31 May 2021
Proportion
Component
Metric
Threshold
Maximum
vesting
Actual
performance
Actual %
vested
60%
30%
Adjusted
EPS 3
Average growth over
a three year period
Cash
conversion 3
Average cash conversion
ratio ³ over three years
9%
20%
8.2%
0%
70%
80%
109.3%
30%
Vesting basis
Straight line between
threshold and maximum
Straight line between
threshold and target,
then target and maximum
10%
TSR
TSR over three years vs
FTSE 250 comparator group
(excluding investment trusts)
Median
Upper
quartile
Above
upper
quartile
10%
Straight line between
threshold and maximum
Long-term incentives granted during the year (audited)
During the financial year, the Executive Directors were granted awards subject to the performance conditions set out below. The awards were
as follows:
Executive
Number of
LTIP awards 1
Adam Palser
151,876
Basis
Face value 2
Performance condition
100% of base
salary
£447,000
Vesting determined by:
• Growth in Adjusted EPS ³ over the performance
period
• Average cash conversion ratio ³ over the
performance period
• TSR over the performance period vs FTSE 250
comparator group
Tim Kowalski
95,875
100% of base
salary
£282,000
As above
The performance conditions for these awards are set out below:
Proportion
Component
Metric
Threshold
Threshold
vesting
9%
20%
Target
N/A
Target
vesting
N/A
Maximum
Maximum
vesting
20%
100%
70%
20%
75%
50%
80%
100%
Performance period
1 June 2020
to 31 May 2023
1 June 2020
to 31 May 2023
Vesting basis
Straight line
between threshold
and maximum
Straight line
between threshold
and target, then
target and
maximum
Median
20%
N/A
N/A
Upper
quartile
100%
Straight line
between threshold
and maximum
60%
30%
Adjusted
EPS 3
Cash
conversion ³
Average growth
over a three year
period
Average cash
conversion ratio ³
over three years
10%
TSR
TSR over
three years vs
FTSE 250
comparator group
(excluding
investment trusts)
1 LTIP awards are structured as nominal cost options.
2 Based on a share price of £2.94, which was the closing mid-market price of the Company’s shares on the day before the date of grant.
3
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 187 and 188.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
113
GovernanceGovernance�Remuneration Committee report continued
Annual report on remuneration continued
SAYE options granted in the year
The Group operates an HMRC-approved SAYE scheme. All eligible colleagues, including Executive Directors, may be invited to participate
on similar terms for a fixed period of three years. During the year Adam Palser and Tim Kowalski did not join any new SAYE schemes.
Neither Executive Director participated in the 2020 or 2021 SAYE schemes as both contribute the maximum £500 per month to the 2018
SAYE scheme.
Directors’ interests in shares (audited)
The tables below set out details of the Executive Directors’ outstanding share awards, which will vest in future years subject to performance
conditions and/or continued service.
Summary of maximum LTIP awards outstanding
Adam Palser
Tim Kowalski
Includes only unvested and unexercised LTIP options.
1
2 £2.92 was the sale price.
Total LTIP
options held at
31 May
2020 1
Granted
during the
period
Exercised
during the
period
Share price
on date of
exercise
Lapsed
during the
period
Total LTIP
options
held at
31 May
2021 1
536,156
151,876
93,533
£2.92 2
(118,371)
476,128
279,310
95,875
–
–
(74,655)
300,530
All awards granted under the LTIP are subject to continued employment and the satisfaction of the performance conditions as set out above.
The awards were all nominal cost options.
Share ownership (audited)
The beneficial and non-beneficial interests of the current Directors in the share capital of NCC Group plc at 31 May 2021 are set out below:
Beneficial interests
in ordinary shares 1
Maximum share awards
subject to performance
conditions 2
Share options 3
Deferred Bonus Plan 4
Vested but unexercised
nil-cost options
Total
31 May
2021
31 May
2020
31 May
2021
31 May
2020
31 May
2021
31 May
2020
31 May
2021
31 May
2020
31 May
2021
31 May
2020
31 May
2021
31 May
2020
Chris
Stone
Adam
Palser
Tim
Kowalski
162,843 124,382
–
–
–
–
–
–
–
–
162,843 124,382
94,502
23,779
397,214 442,623
10,273
10,273
53,458
52,225
78,914
93,533
634,361 622,433
48,964
23,614
250,751 279,310
10,273
10,273
27,173
20,462
49,773
Chris
Batterham 55,000
50,000
Jonathan
Brooks
Jennifer
Duvalier
Mike
Ettling
50,000
50,000
19,115
9,500
50,000
50,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
386,934 333,659
55,000
50,000
50,000
50,000
19,115
9,500
50,000
50,000
1 This information includes holdings of any connected persons.
2 These awards represent the outstanding LTIP interests, included in the table above, which are due to vest in either July/August 2022 or July/August 2023.
3 Representative SAYE scheme interests, which are due to vest in October 2021.
4
Nominal cost share options granted under the 2018–20, 2019–21 and 2020–22 Deferred Bonus Plans on 23 August 2018, 4 September 2019 and 20 May 2021, subject
to a service condition, tax and National Insurance.
Shareholding requirements
The Executive Directors are expected to build and retain a shareholding in the Group equivalent to at least 200% of base salary. Executives
will normally be required to retain all vested deferred bonus shares and LTIP shares released from the holding period, until they have attained
the minimum shareholding requirement and, even then, only when they have held vested LTIP shares for a minimum period of two years.
Executive Directors will also be required to retain all shares vesting from SAYE schemes. For the avoidance of doubt, Executive Directors
are permitted to sell sufficient shares in order to meet any tax obligation arising from vesting shares.
114
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�The percentages within this table have been calculated using a three month average share price (1 March 2021 to 31 May 2021) of £2.76 and
include Adam Palser’s and Tim Kowalski’s vested 2018–2021 LTIP of 78,914 and 49,773 shares respectively on a net of tax and National
Insurance basis, and all unvested deferred bonus plans on a net of tax and National Insurance basis.
Adam Palser
Tim Kowalski
Appointment terms for new Directors
No new Directors were appointed within the year.
Shareholding
as at
31 May
2021
(% of salary)
Shareholding
requirements
(% of salary)
Requirement
met
200%
200%
101%
87%
No
No
Relative importance of the spend on pay
The following table sets out the percentage change in distributions to shareholders and colleague remuneration costs.
Colleague remuneration costs 1
Dividends 2
31 May
2021
£m
174.3
13.0
31 May
2020
£m
170.1
12.9
% change
2.5%
0.8%
1 Based on the figure shown in Note 7 to the Consolidated Financial Statements.
2
Based on the total cash returned to shareholders in the year ended 31 May 2021 through dividends, as shown in Note 10 to the Consolidated Financial Statements (excluding the
proposed 2021 final dividend).
Percentage increase in the remuneration of the Directors
The table below shows the movement in the salary or fees, benefits and annual bonus for each Director between the current and previous
financial year compared to the equivalent changes for all colleagues of the Company.
The comparator group for salaries and benefits is all colleagues in the UK – there were no benefit policy changes in this time.
The comparator group for the bonus is those in the senior management population who also have an annual scheme and excludes those
on commission and incentive plans.
Director
Chris Stone 1
Adam Palser 2
Tim Kowalski 2
Chris Batterham 1
Jonathan Brooks 1
Jennifer Duvalier 1
Mike Ettling 1
All colleagues
% increase
in salary
% increase
in benefits
% increase
in annual bonus
–
1%
1%
–
–
–
–
3.1%
–
–
–
–
–
–
–
–
–
303%
341%
–
–
–
–
173%
1 Pay decreased for the Chair and Non-Executives during the year as they were not paid the travel allowance.
2
These increases represent the change in bonus payment from 2019/20 to 2020/21. For Adam Palser, this was an increase from £103,000 to £414,000 (i.e. from 23%
of maximum to 92% of maximum). For Tim Kowalski, this was an increase from £56,000 to £247,000 (i.e. from 20% of maximum to 87% of maximum).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
115
GovernanceGovernance�Remuneration Committee report continued
Annual report on remuneration continued
Chief Executive pay compared to pay of UK colleagues
The following table shows the ratio between the single total figure of remuneration (STFR) of the Chief Executive for 2020/21 and the
lower quartile, median and upper quartile pay of our UK colleagues. The salary and total pay and benefits for the lower quartile, median
and upper quartile colleagues are also shown.
Total pay ratio
Financial year
2019/20
2020/21
Salary (£000)
Total pay and benefits (£000)
Method
25th percentile
pay ratio
50th percentile
pay ratio
75th percentile
pay ratio
Option B
Option B
18:1
27:1
12:1
18:1
8:1
11:1
CEO 25th percentile 50th percentile 75th percentile
450
1,120
38
41
55
61
84
99
CEO pay ratio
Option B was chosen to calculate the CEO pay ratio. This option uses the most recent gender pay gap information to determine the relevant
colleague at the 25th, 50th and 75th percentile. We have omitted joiners and leavers from the data to ensure that the data is on a like-for-
like basis. This option was chosen in preference to the other possibilities as it uses the most accurate and comprehensive data currently
available. It refers to gender pay data as at April 2020.
The CEO pay ratio has increased compared to the prior year. This increase is not attributable to a change in remuneration for the CEO, pay
and benefits for colleagues as a whole, or a change in the composition of our workforce. Instead, the change in CEO pay ratio is attributable
to the increase in share price over the financial year and the strong financial performance which increased payments from our variable
incentive plans. As CEO pay places greater weight on “at risk” variable remuneration, Company performance has a greater impact on CEO
pay than on pay for the median colleague, which leads to greater year-on-year variations.
The pay ratio is consistent with the pay, reward and progression policies currently in place at NCC. A common pay structure operates
throughout our organisation in the United Kingdom with a greater focus on performance related pay for more senior levels.
Performance graph and table
The following graph shows the total shareholder return, with dividends reinvested, from 31 May 2011 against the corresponding changes
in a hypothetical holding in shares in both the FTSE All Share and FTSE 250 Indices.
The FTSE All Share and FTSE 250 Indices represent broad equity indices. The Company is a constituent member of the FTSE All Share
Index and the Committee has adopted the FTSE 250 Index for part of its LTIP performance measure. Both indices give a market
capitalisation-based perspective.
During the year, the Company’s share price varied between £1.492 and £3.075 and ended the financial year at £2.96.
Ten year historical TSR performance is the growth in the value of a hypothetical £100 holding over ten years. It has been calculated for
NCC Group plc, and the FTSE All Share and FTSE 250 Indices (excluding investment trusts) based on spot values.
)
£
(
e
u
a
V
l
500
400
300
200
100
0
£136
£122
£100
£337
£205
£245
£205
£209
£257
£198
£390
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
NCC Group
FTSE All Share
FTSE 250 (excluding investment trusts)
The share price was £1.586 on 1 June 2020 and £2.96 on 31 May 2021.
Year ended 31 May
116
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�The table below shows the total remuneration for the Chief Executive over the same ten year period, including share awards valued at the
date they vested.
Year ended 1, 2, 3
31 May 2021
31 May 2020
31 May 2019
31 May 2018 1
31 May 2018 2
31 May 2017
31 May 2016
31 May 2015
31 May 2014
31 May 2013
31 May 2012
31 May 2011
Total
remuneration
£000
1,120
861
679
292 1
257 2
610
1,091
993
1,089
1,118
1,074
1,222
Annual bonus
% of maximum 4
Long-term
incentives
% of max imum 5
92
23
48
32.5
32.5
–
70
73
73
– 6
85
67
40
52
–
–
–
–
20
15
50
63
70
54
1 Adam Palser was appointed on 1 December 2017. The total remuneration figure above is in respect of the period from 1 December 2017 to 31 May 2018.
2
During the year ended 31 May 2018, Brian Tenner acted as Interim Chief Executive Officer for the period 1 June 2017 to 30 November 2017. The total remuneration figure above
is the total remuneration received in relation to that six month period.
3 Relates to the former CEO in the period above between 1 June 2010 and 31 May 2017.
4 Note that this shows the annual bonus payments as a percentage of the maximum opportunity.
5 This shows the LTIP vesting level as a percentage of the maximum opportunity.
6
In 2012/13 the former CEO waived his right to a bonus, which would have been equal to 32% of salary. This was equivalent to 50% of the maximum bonus opportunity.
Membership and attendance
The Remuneration Committee membership consists solely of Non-Executive Directors and comprises Jonathan Brooks as Chair,
Chris Batterham and Jennifer Duvalier.
The Company Chair, Chief Executive Officer, Chief Financial Officer, Chief People Officer and Company Secretary attend the Remuneration
Committee by invitation of the Chair of the Committee from time to time and assist the Committee with its considerations. No Director
is involved in setting their personal remuneration.
The attendance of individual Committee members at Remuneration Committee meetings is shown in the table below:
Attendee
Jonathan Brooks 1
Chris Batterham
Jennifer Duvalier
Meetings attended
1 Jonathan Brooks missed the July 2020 Committee meeting as he was taken ill on the day of the Committee meeting. Jennifer Duvalier chaired the July 2020 meeting.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
117
GovernanceGovernance
�Remuneration Committee report continued
Annual report on remuneration continued
Adviser to the Committee
During the year, the Committee received advice on senior executive remuneration from Alvarez and Marsal (A&M) and was comfortable
that the advice was objective and independent. A&M is a member of the Remuneration Consultants Group and is a signatory to its Code
of Conduct. The total fee charged in 2020/21 for providing advice in relation to executive remuneration was £59,100. A&M did not provide
any other services to the Company during the year.
The Committee reviews the performance and independence of its adviser on an annual basis.
Service contracts and letters of appointment
The service contracts and letters of appointment of the current Directors include the following terms:
Date of contract
Notice period
Executive
Adam Palser
Tim Kowalski
Non-Executive
Chris Stone
Chris Batterham
Jonathan Brooks
Jennifer Duvalier
Mike Ettling
29 November 2017
16 July 2018
31 March 2017
9 April 2015
13 March 2017
25 April 2018
21 September 2017
12 months
6 months
3 months
3 months
3 months
3 months
3 months
Dilution
The LTIP has a dilution limit, for new and treasury shares, of 10% of the issued ordinary share capital of the Company in any ten year
period for any share option scheme operated by the Company. As at 31 May 2021 the Company had utilised 15,956,413 (31 May 2020:
15,250,101) ordinary shares through LTIP, DABS, SAYE, CSOP, ISO, RSP and ESPP awards counting towards the 10% limit which
represents 5.17% (2020: 5.47%) of the issued ordinary share capital of the Company. To clarify, this figure of 5.17% includes both
discretionary and all-colleague share schemes.
Statement of shareholder voting
The following votes were received from the shareholders in respect of the Directors’ Remuneration Report and in respect of the
Remuneration Policy:
Remuneration Report
(2020 AGM)
Remuneration Policy
(2020 AGM)
For 1
Against
Total votes cast (for and against excluding
withheld votes)
Votes withheld 2
Total number of votes
102,161,835
96,087,573
198,249,408
12,904,409
Total votes cast (including withheld votes)
211,153,817
%
of votes cast
51.53
48.47
Total number of votes
163,090,941
37,158,392
200,249,333
10,904,484
211,153,817
Includes Chair’s discretionary votes.
1
2 A vote withheld is not a vote in law and is not counted in the calculation of the proportion of votes cast “for” and “against” a resolution.
Approved by the Board and signed on its behalf:
%
of votes cast
81.44
18.56
Jonathan Brooks
Chair, Remuneration Committee
14 September 2021
118
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Directors’ report
The Directors
present their report
The Directors present their report and the Group and Company
Financial Statements of NCC Group plc (the ‘Company’) and its
subsidiaries (together the ‘Group’) for the financial year ended
31 May 2021.
Principal activities
The Company is a public limited company incorporated in England,
registered number 4627044, with its registered office at XYZ
Building, 2 Hardman Boulevard, Spinningfields M3 3AQ.
The principal activity of the Group is the provision of independent
advice and services to customers through the provision of Software
Resilience and cyber assurance services. The principal activity of the
Company is that of a holding company.
Going concern
The Directors have acknowledged guidance published in relation
to going concern assessments.
The Group’s business activities, together with the factors likely to affect
its future development, performance and position, are set out in the
Business Review and Financial Review. The Group’s financial position,
cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis
which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance
forecasts for the 12 month period ending September 2022 which
indicate that, taking account of severe but plausible downsides and
the anticipated impact of Covid-19 on the operations of the Group
and its financial resources, the Group and Company will have
sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving credit
facility which matures in June 2024. The Group is required to comply with
financial covenants for leverage (net debt to Adjusted EBITDA 1) and
interest cover (Adjusted EBITDA 1 to interest charge) which are tested
bi-annually at 31 May and 30 November each year. As at 31 May 2021,
the Group had drawn down £33.8m for working capital requirements.
Subsequent to the year end and shareholder approval on 1 June,
the Group acquired on 7 June the IPM business for $220m; the US
acquisition was funded through an equity placing in May of £70.2m
(net proceeds) combined with a new three year $70m term loan,
existing cash balances and our existing revolving credit facility.
The impact of the acquisition on the Group’s financial performance,
covenants and business model has therefore been considered within
this going concern assessment. As at 2 June 2021, following the
acquisition of the IPM business, the Group had drawn down £75.5m
of its revolving credit facility and was due to incur further transaction
costs of £6.4m. As at 31 August 2021, cash, net debt (excluding
lease liabilities) 1 and headroom amounted to £43.6m, £74.7m and
£80.5m respectively.
1
See Note 3 for an explanation of Alternative Performance Measures (APMs) and
adjusting items. Further information is also contained within the Chief Financial
Officer’s Review and the Glossary of terms on pages 187 and 188.
Although the Group has demonstrated resilience to the challenging
environment resulting from Covid-19, the Directors acknowledge that
the financial performance of the Group has been adversely impacted
to a certain degree since the commencement of the pandemic, and for
this reason the base case forecast for 2021 reflects this assessment.
The continuing macro-economic risks and potential changes in
government policies (on the severity of enforced lockdowns worldwide)
could have a continued effect on the Group’s performance. However,
trading throughout the pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible
scenarios as follows:
1.
2.
The performance of FY22 continues to be similar to that of
2021, including the impact on regional and international
operations of the Group and a potential reduction in growth.
An additional impact of Covid-19 during a two month period
from January to February 2022 which coincides with a similar
economic pandemic pattern as 2021.
3.
Potential impact of customers‘ inability to pay during a specified period.
4.
5.
Failure of execution of the strategy, loss of key customers and
a number of acquisition related risks crystallising (for example
increased customer churn, integration and cash collection issues).
Software Resilience performance does not return to growth and
the Assurance business experiences similar impact of Covid-19
on its performance as 2021.
These scenarios have been modelled individually and also in
combination in order to assess the Group’s ability to withstand
multiple challenges, although the Directors do not believe a scenario
combining all these risks to be plausible. The impact of these
sensitivities has been reviewed against the Group’s projected cash
flow position, available bank facilities and compliance with financial
covenants. In the instance that a combination of the above scenarios
arise, mitigating actions would be required to ensure that the Group
remains liquid and financially viable, which might include a reduction
of planned capital expenditure, freezing pay and recruitment and not
paying a dividend to shareholders. All of the mitigating actions are
within the Directors’ control. These forecasts, including the severe
but plausible downsides, show that the Group is able to operate
within its available banking facilities, with no forecasted covenant
breaches, and that the Group will have sufficient funds to meet its
liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other
Group trading entities for financial support. Having reviewed the
current trading performance, forecasts, other Group trading entities‘
financial support, debt servicing requirements, total facilities and risks,
the Directors are confident that the Company and the Group will have
sufficient funds to continue to meet their liabilities as they fall due for
a period of at least 12 months from the date of approval of these
Financial Statements. Accordingly, they continue to adopt the going
concern basis of accounting in preparing the Group’s Financial
Statements for the year ended 31 May 2021.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
119
GovernanceGovernance�Directors’ report
Directors’ report continued
Results and dividends
The Group’s and Company’s audited Financial Statements for the
financial year ended 31 May 2021 are set out on pages 133 to 186.
The Company is not aware of any agreements between
shareholders that may result in restrictions on the transfer
of securities and/or voting rights.
The Directors propose a final dividend of 3.15p per ordinary share,
which, together with the interim dividend of 1.5p per ordinary share
paid on 5 March 2021, makes a total dividend of 4.65p for the year.
The Directors may refuse to register a transfer of shares in
certificated form that are not fully paid up or otherwise in
accordance with the Articles.
Authority to purchase own shares
At the AGM held on 20 October 2020, shareholders authorised the
Company to make market purchases of up to 27,906,500 ordinary
shares representing approximately 10% of the issued share capital.
This authority was not used during the financial year ended 31 May
2021. At the 2021 AGM, shareholders will be asked to give a
similar authority.
The Company does not currently hold any ordinary shares in treasury.
Directors
Biographical details of the Company’s current Directors are set out
on pages 74 and 75. Subject to law and the Company’s Articles of
Association, the Directors may exercise all of the powers of the
Company and may delegate their power and discretion to Committees.
The Company’s Articles of Association give the Directors power
to appoint and replace Directors. Under the terms of reference of
the Nomination Committee, any appointment to the Board of the
Company must be recommended by the Nomination Committee
for approval by the Board. The Articles of Association also require
one-third of the Directors to retire by rotation each year end and
each Director must offer themself for re-election at least every
three years. However, in accordance with previous years and in
accordance with best practice, all Directors will submit themselves
for re-election at the AGM each year. During the year, no Director
had any material interest in any contract of significance in the
Group’s business.
Directors’ and Officers’ insurance and indemnities
The Company maintains Directors’ and Officers’ liability insurance,
which provides appropriate cover for any legal action brought against
its Directors (including those who served as Directors or Officers
during 2020/21). This cover was in place throughout the financial
year ended 31 May 2021 and up to the date of this Directors’ Report.
The Directors of the Company have also entered into individual deeds
of indemnity with the Company which constitute as qualifying third
party indemnity provisions for the purposes of section 234 of the
Companies Act 2006.
The deeds were in effect during the course of the financial year
ended 31 May 2021 for the benefit of the Directors and, at the date
of this report, are in force for the benefit of the Directors in relation
to certain losses and liabilities which they may incur (or have
incurred) in connection with their duties, powers or office.
The final dividend will be paid on 12 November 2021, subject
to approval at the AGM on 4 November 2021, to shareholders
on the register at the close of business on 15 October 2021.
The ex-dividend date is 14 October 2021.
Post-Balance Sheet events
On 1 June 2021, shareholder approval was passed for the
acquisition of the IPM business of Iron Mountain, comprising
substantially all of the assets of Iron Mountain Intellectual Property
Management, Inc. together with certain other assets of affiliates of
Iron Mountain exclusively related to the IPM business. Details of
assets acquired that are subject to provisional fair value adjustments
will be reported for the year ending 31 May 2022. The acquisition
for a total consideration of $220m was funded through an equity
gross placing of £72.6m (see Note 27) on 17 May 2021 combined
with a new three year $70m term loan, existing cash balances and
our revolving credit facility. The term loan was entered into on
12 May 2021 but not drawn down until 2 June 2021. See further
details within Note 34 to the consolidated Financial Statements.
Share capital and control
At the AGM held on 20 October 2020, the Directors were granted
authority to allot up to 93,021,700 ordinary shares representing
approximately a third of the Company’s issued share capital. In
addition, the Directors were granted authority to allot a further
93,021,700 ordinary shares, again representing approximately a
third of the Company’s issued share capital, solely to be used in
connection with a pre-emptive rights issue.
As at 31 May 2021, the Company’s issued ordinary share capital
comprised 308,956,045 ordinary shares with a nominal value of
1p each, of which no ordinary shares were held in treasury.
During the year ended 31 May 2021, 2,140,474 shares in the
Company were issued further to the exercise of options pursuant
to the Company’s share option schemes.
The holders of ordinary shares are entitled, among other rights, to
receive the Company’s Annual Reports and Accounts, to attend and
speak at general meetings of the Company, to appoint proxies and
to exercise voting rights.
Details of the movements of the called up share capital of the
Company are set out in Note 27 to the Financial Statements and
the information in this Note is incorporated by reference and forms
part of this Directors’ Report.
All rights and obligations attaching to the Company’s ordinary shares
are set out in the Company’s Articles of Association (the ‘Articles’),
copies of which can be obtained from the Companies House
website or by writing to the Company Secretary. Unless otherwise
provided in the Articles, the terms of issue of any shares, any
restrictions from time to time imposed by laws or regulations (for
example insider trading laws) or pursuant to the UK Market Abuse
Regulations whereby certain Directors, officers and colleagues of
the Group require the approval of the Company to deal in ordinary
shares of the Company, any shareholder may transfer any or all of
their shares.
120
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Colleagues
The Group uses a number of ways to engage with its colleagues on
matters that impact them and the performance of the Group. These
include briefings by members of the Executive Committee, regular
team meetings, the Group’s intranet site, global communications and
update emails which together provide, among other information,
an awareness of the financial and economic factors affecting the
Company’s performance. Further information on how the Directors
engage with colleagues along with how colleague interests are
taken into account during decision making can be found within
the Corporate Governance Report on page 80.
We conduct a colleague engagement survey to ensure all
colleagues are given a voice in the organisation. In 2018, using
insights from our survey and subsequent colleague engagement, we
defined new values for the organisation. Details of these values are
set out in the Sustainability Report on page 60.
We offer colleagues the opportunity to purchase ordinary shares in
the Company through participation in the Company’s Save As You
Earn Scheme. At the 2019 AGM, shareholders also approved a
Share Incentive Plan. Both schemes help to encourage colleague
interest in the performance of the Group.
Equal opportunities
The Group is committed to providing equality of opportunity to all
colleagues without discrimination and applies fair and equitable
employment policies which seek to promote entry into and
progression within the Group. Appointments are determined
solely by application of job criteria, personal ability, behaviour
and competency.
In the opinion of the Directors, all colleague policies are deemed
to be effective and in accordance with their intended aims.
Disabled persons
Disabled persons have equal opportunities when applying for
vacancies, with due regard to their aptitudes and abilities.
Procedures ensure that disabled colleagues are fairly treated in
respect of training and career development. For those colleagues
becoming disabled during the course of their employment, the
Group is supportive so as to provide an opportunity for them
to remain with the Group, wherever reasonably practicable.
Political donations
During the year the Company made no political donations
(2020: £nil).
Sustainability Report
The Company’s Sustainability Report on pages 53 to 68 provides an
update on the Group’s policies and activities in respect of its wider
stakeholders, including colleagues; community, environmental,
ethical and health and safety issues; and modern slavery.
Overseas branches
As at 31 May 2021, the Group had no overseas branches.
Research and development
We are committed to using innovative, cost effective and practical
solutions for providing high quality services and we recognise the
importance of ensuring that we focus our investment on the
development of technology. The Group’s research and development
expenditure is predominantly associated with computer and
software systems.
Change of control
In the event of a change of control of the Company, the Group
and each of its lenders shall enter into negotiation for a period to
determine how the Group’s loan facilities may continue and if after
negotiation there is no agreement the lender has the right to cancel
the commitment.
There are no agreements between the Company and its Directors
or colleagues providing for compensation for loss of office or
employment (whether through resignation, purported redundancy
or otherwise) that occurs because of a takeover bid.
Disclosure of information to the auditor
The Directors who held office at the date of approval of this
Directors’ Report confirm that, so far as they are each aware, there
is no relevant audit information of which the Company’s auditor
is unaware; and each Director has taken all reasonable steps to
ascertain any relevant audit information and ensure the auditor
is aware of such information.
Reappointment of auditor
The Board approved the Audit Committee’s recommendation to put
a resolution to shareholders recommending the reappointment of
KPMG LLP as the Company’s auditor and KPMG LLP has indicated
its willingness to accept the reappointment as auditor to the
Company. The Audit Committee, in its recommendation, confirmed
that (1) the recommendation was free from influence by a third
party and (2) no contractual term of the kind mentioned in Article
16(6) of the EU Regulation 537/2014 has been imposed on the
Company. A resolution to reappoint KPMG LLP as auditor will be
put to the members at the AGM.
Annual General Meeting
The notice of the Company’s AGM to be held at 2pm on
4 November 2021 at its head office at XYZ Building, 2 Hardman
Boulevard, Spinningfields, Manchester M3 3AQ, along with details
of the business to be proposed and explanatory notes, will be
available on the Group’s website together with the Annual Report
and Accounts. All shareholders will be notified by post or email, at
their request, when the documents have been made available.
Although the Company is not expecting to be legally restricted in
terms of attendance at the AGM, the Board remains committed to
protecting the health and wellbeing of its shareholders and of the
general public. Therefore, it is regrettably the opinion of the Board
that due to the increase in the number of Covid-19 cases reported
in the UK, shareholders should not physically attend the AGM.
Accordingly, the Board strongly urges shareholders to consider
whether travelling to and attending the AGM would be necessary
under the current circumstances. In any event, attendees may be
required to wear face coverings and will be required to keep a
distance between themselves and other attendees.
The Company will arrange for the AGM to be convened with the
minimum necessary quorum, to conduct the necessary business of the
AGM. The Company therefore strongly encourages all shareholders
to appoint the Chair of the Meeting as their proxy and to submit
their voting instructions electronically in advance of the Meeting,
in accordance with the instructions contained in the Notice of AGM.
Capitalised interest
During the period, no interest was capitalised by the Group
(2020: £nil). The tax benefit on this amount was £nil (2020: £nil).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
121
GovernanceGovernance�Directors’ report continued
Reporting requirements
The following sets out the location of additional information forming part of the Directors’ Report which is incorporated by reference into
this report:
Reporting requirement
Location
Board’s assessment of the Group’s internal control systems
Details of uses of financial instruments and specific policies
for managing financial risk
Corporate Governance Report on pages 70 to 86 and Audit
Committee Report on page 92
Note 25 (Financial Instruments) on pages 173 to 177
Directors’ interests
Directors’ Remuneration Report on page 114
Directors’ Responsibilities Statement
Directors’ Responsibilities Statement on page 123
Directors’ remuneration including disclosures required by
Schedule 5 and Schedule 8 of SI2008/410 – Large and
Medium-sized Companies and Groups (Accounts and Reports)
Regulations 2008
Directors’ Remuneration Report on pages 109 to 118
DTR4.1.8.R – Management Report – the Directors’ Report
and Strategic Report comprise the management report
Directors’ Report on pages 119 to 122 and Strategic Report
on pages 1 to 68
Going concern statement
Chief Financial Officer’s Review on page 39 and going concern
section within Note 1 on pages 140 to 151
Greenhouse gas emissions and energy consumption
Sustainability Report on page 57
Likely future developments of the business and Group
Strategic Report on pages 9 to 13
LR 9.8.4 (4) – Long-term incentive schemes
Directors’ Remuneration Report on pages 109 and 113 to 115
LR 9.8.6 (2) – Substantial shareholders
Statement on corporate governance
Shareholder relations section of Corporate Governance Report on
page 87
Corporate Governance Report, Audit Committee Report, Nomination
Committee Report and Directors’ Remuneration Report on pages 70
to 118. Statement of compliance with the UK Corporate Governance
Code is on page 72
Strategic Report – Companies Act 2006 section 414A-D
Strategic Report on pages 1 to 68
The Strategic Report on pages 1 to 68 and this Directors’ Report on pages 119 to 122 have been approved and authorised for issue by the
Board. They were signed on its behalf by:
Adam Palser
Chief Executive Officer
14 September 2021
Tim Kowalski
Chief Financial Officer
14 September 2021
122
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Responsibility statement of the Directors in respect
of the annual financial report
We confirm that to the best of our knowledge:
• The Financial Statements, prepared in accordance with the
applicable set of accounting standards, give a true and fair view
of the assets, liabilities, financial position and profit or loss of the
Company and the undertakings included in the consolidation
taken as a whole
• The Strategic Report includes a fair review of the development
and performance of the business and the position of the issuer
and the undertakings included in the consolidation taken as a
whole, together with a description of the principal risks and
uncertainties that they face
We consider the Annual Report and Accounts, taken as a whole,
is fair, balanced and understandable and provides the information
necessary for shareholders to assess the Group’s position and
performance, business model and strategy.
For and on behalf of the Board
Adam Palser
Chief Executive Officer
14 September 2021
Tim Kowalski
Chief Financial Officer
14 September 2021
Directors’ responsibilities statement
Statement of Directors’ responsibilities in
respect of the Annual Report and Accounts
and the Financial Statements
The Directors are responsible for preparing the Annual Report and
Accounts and the Group and Parent Company Financial Statements
in accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and Parent
Company Financial Statements for each financial year. Under that
law they are required to prepare the Group Financial Statements in
accordance with International Accounting Standards in conformity
with the requirements of the Companies Act 2006 and applicable
law and have elected to prepare the Parent Company Financial
Statements on the same basis. In addition the Group Financial
Statements are required under the Financial Conduct Authority’s
Disclosure Guidance and Transparency Rules (DTRs) to be prepared
in accordance with International Financial Reporting Standards adopted
pursuant to Regulation (EC) No 1606/2002 as it applies in the
European Union (‘IFRSs as adopted by the EU’).
Under company law the Directors must not approve the Financial
Statements unless they are satisfied that they give a true and fair
view of the state of affairs of the Company and of the Group’s profit
or loss for that period. In preparing each of the Group and Parent
Company Financial Statements, the Directors are required to:
• Select suitable accounting policies and then apply
them consistently
• Make judgements and estimates that are reasonable, relevant
and reliable
• State whether they have been prepared in accordance with
International Accounting Standards in conformity with the
requirements of the Companies Act 2006 and, as regards the
Group Financial Statements, International Financial Reporting
Standards adopted pursuant to Regulation (EC) No 1606/2002
as it applies in the European Union (‘IFRSs as adopted by the EU’)
• Assess the Group and Parent Company’s ability to continue
as a going concern, disclosing, as applicable, matters related
to going concern
• Use the going concern basis of accounting unless they either
intend to liquidate the Group or the Parent Company or to cease
operations, or have no realistic alternative but to do so
The Directors are responsible for keeping adequate accounting
records that are sufficient to show and explain the Parent Company’s
transactions and disclose with reasonable accuracy at any time the
financial position of the Parent Company and enable them to ensure
that its Financial Statements comply with the Companies Act 2006.
They are responsible for such internal control as they determine is
necessary to enable the preparation of Financial Statements that
are free from material misstatement, whether due to fraud or error,
and have general responsibility for taking such steps as are
reasonably open to them to safeguard the assets of the Group
and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also
responsible for preparing a Strategic Report, Directors’ Report,
Directors’ Remuneration Report and Corporate Governance
Statement that comply with that law and those regulations.
The Directors are responsible for the maintenance and integrity of
the corporate and financial information included on the Company’s
website. Legislation in the UK governing the preparation and
dissemination of Financial Statements may differ from legislation
in other jurisdictions.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
123
GovernanceGovernance
�Financial
statements
Resilient financial performance
IN THIS SECTION
125 Independent auditor’s report
133 Consolidated income statement
133 Consolidated statement of comprehensive (loss)/income
134 Consolidated balance sheet
135 Consolidated cash flow statement
136 Consolidated statement of changes in equity
137 Company balance sheet
138 Company cash flow statement
139 Company statement of changes in equity
140 Notes to the Financial Statements
ADDITIONAL INFORMATION
187 Glossary of terms – Alternative Performance Measures (APMs)
189 Glossary of terms – other terms
191 Other information
192 Financial calendar
124
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Independent auditor’s report
to the members of NCC Group plc
1 Our opinion is unmodified
We have audited the financial statements of NCC Group plc
(“the Company”) for the year ended 31 May 2021 which comprise
the consolidated income statement, consolidated statement of
comprehensive income, consolidated balance sheet, consolidated
cash flow statement, consolidated statement of changes in equity,
company balance sheet, company cash flow statement, company
statement of changes in equity, and the related notes, including the
accounting policies in note 1.
In our opinion:
• the financial statements give a true and fair view of the state of
the Group’s and of the parent Company’s affairs as at 31 May 2021
and of the Group’s profit for the year then ended;
• the Group financial statements have been properly prepared in
accordance with international accounting standards in conformity
with the requirements of the Companies Act 2006;
• the parent Company financial statements have been properly
prepared in accordance with international accounting standards in
conformity with the requirements of, and as applied in accordance
with, the provisions of, the Companies Act 2006; and
• the financial statements have been prepared in accordance with
the requirements of the Companies Act 2006 and, as regards the
Group financial statements, Article 4 of the IAS Regulation to the
extent applicable.
Basis for opinion
We conducted our audit in accordance with International Standards
on Auditing (UK) (“ISAs (UK)”) and applicable law. Our responsibilities
are described below. We believe that the audit evidence we have
obtained is a sufficient and appropriate basis for our opinion. Our
audit opinion is consistent with our report to the audit committee.
We were first appointed as auditor by the directors on 1 November
2013. The period of total uninterrupted engagement is for the eight
financial years ended 31 May 2021. We have fulfilled our ethical
responsibilities under, and we remain independent of the Group in
accordance with, UK ethical requirements including the FRC Ethical
Standard as applied to listed public interest entities. No non-audit
services prohibited by that standard were provided.
Overview
Materiality:
Group financial
statements as a whole
£1.2m (2020: £0.8m)
4.5% (2020: 5.0%) of normalised Group
profit before tax
Coverage
87% (2020: 93%) of the total profit and
losses that make up Group profit before tax
Key audit matters
Recurring risks:
vs 2020
Recoverability of goodwill
in EU Assurance cash
generating unit (‘CGU’)
Fox IT long term fixed price
contract accounting
Assurance revenue
recognition in the cut
off period
Recoverability of parent
company investments and
intercompany receivables
Event driven risks:
Accounting treatment of costs
related to cloud-based
software arrangements
Recognition of US research
and development (‘R&D’)
tax credits
New
New
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
125
Financial statements
�Independent auditor’s report continued
to the members of NCC Group plc
2 Key audit matters: our assessment of risks of material misstatement
Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the financial statements
and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by us, including those which
had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement
team. We summarise below the key audit matters, in decreasing order of audit significance, in arriving at our audit opinion above, together
with our key audit procedures to address those matters and, as required for public interest entities, our results from those procedures. These
matters were addressed, and our results are based on procedures undertaken, in the context of, and solely for the purpose of, our audit of
the financial statements as a whole, and in forming our opinion thereon, and consequently are incidental to that opinion, and we do not
provide a separate opinion on these matters.
The risk
Our response
Accounting treatment of costs
related to cloud-based
software arrangements
Costs related to cloud-based
software £5.1m (2020 restated:
£7.9m)
Refer to page 91 (Audit Committee
Report), page 142 (accounting
policy) and page 151, page 156,
pages 160–161 and pages 184–185
(financial disclosures)
Accounting treatment
Previously, the Group capitalised internal
and external costs in respect of cloud-based
software arrangements.
In April 2021 the IFRS Interpretations
Committee (‘IFRIC’) published an agenda
decision on configuration and customisation costs
incurred in implementing Software-as-a-Service
(SaaS) arrangements. This IFRIC decision has
been considered by the Group and the Group
have identified that a change in accounting policy
in respect of the capitalisation of certain costs
associated with SaaS arrangements is required.
The risk is that the accounting policy change is
not appropriately applied to both the current and
prior years.
Recognition of US R&D
Tax Credits
US R&D net current tax benefit £2.7m
and US R&D deferred tax asset £0.4m
Uncertain tax position
The Group submits R&D tax claims in the US.
These claims are open to challenge by the
Internal Revenue Service (‘IRS’).
Refer to page 91 (Audit Committee
Report), page 151 (accounting policy)
and page 152, pages 158–159 and
page 168 (financial disclosures)
Unutilised tax credits of £1.0m remain open to
challenge by the IRS as at 31 May 2021 and utilised
tax credits of £7.2m. The Group have recognised
a provision against these balances to reflect the
uncertain tax position, therefore the net tax
creditor and net deferred tax asset recognised in
the accounts are £2.7m and £0.4m respectively.
Therefore a risk exists in relation to the
accounting estimation applied by management.
The basis on which the Group has claimed R&D
tax credits involves a technical assessment of
which party is bearing economic risk in research
contracts entered into with third parties.
The risk has increased in year following the
increase in quantum of claims, resulting in a high
risk of material misstatement. The Group have
engaged an external expert to assess these claims.
The effect of these matters is that, as part
of our risk assessment, we determined that the
US R&D tax credit accounting has a high degree
of estimation uncertainty with a potential range
of outcomes greater than our materiality for the
financial statements as a whole. The financial
statements (note 2) disclose the range estimated
by the Group.
Our procedures included:
• Accounting clarity: We assessed the accounting clarification of
the IFRIC April 2021 decision against the proposed change in
the Group’s accounting policy
• Test of detail: We agreed a sample of costs related to
cloud-based software arrangements to supporting documentation,
including labour costs to timesheets and other relevant project
information to understand the nature of the items and considered
this against the accounting standards and related interpretations
• Personnel enquiries: We interviewed selected employees who
were assigned to projects to corroborate the nature of the work
performed and considered this against the accounting standards
and related interpretations
• Assessing transparency: We assessed the adequacy of
the Group’s related disclosures in respect of the change in
accounting policy and the judgements taken by management
Our results
We found the accounting treatment of costs related to cloud-based
software arrangements to be acceptable.
Our procedures included:
• Inspecting correspondence: We inspected correspondence
with the Group’s tax advisors for both the current and
historic claims
• Assessment of experts: We assessed the competence,
capabilities and objectivity of the external tax experts engaged
by the Group
• Tests of detail: Together with our own tax specialists, we
challenged the appropriateness of recognition of the US R&D
tax credits and the basis on which the claims have been
made, focussing on economic risk and who bears this under
the contractual arrangements entered into by the Group.
We have challenged the findings of management’s experts,
including performing sample testing on the findings of
management’s experts
• Assessing transparency: We assessed the adequacy of the
Group’s related disclosures in respect of the uncertain tax
position and the estimation uncertainty
Our results
We found the recognition of US R&D Tax Credits and the related
disclosures to be acceptable.
126
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�2 Key audit matters: our assessment of risks of material misstatement continued
The risk
Our response
Recoverability of goodwill in
respect of EU Assurance cash
generating Unit (‘CGU’)
Goodwill £64.7m (2020: £64.3m
before current year change in CGUs)
Refer to page 90 (Audit Committee
Report), pages 142–143 (accounting
policy) and page 152 and pages
161–163 (financial disclosures)
Fox IT long term fixed price
contract accounting
Revenue associated with long term
contracts £1.8m (2020: £1.1m)
Provision for long term contracts
£1.1m (2020: £0.2m)
Refer to page 91 (Audit Committee
Report), page 149 (accounting
policy) and page 152 and page 170
(financial disclosures)
Forecast based valuation
There is inherent uncertainty involved in
forecasting and discounting future cash flows,
which are the basis of the assessment of
goodwill recoverability. The outcome could vary
significantly if different assumptions were
applied in the model.
There is a risk of error, due to the judgemental
and complex nature of the impairment model.
This risk currently is specific to the EU
Assurance Cash generating unit (‘CGU’). This
is a result of limited headroom historically in
the impairment model and the sensitivity of the
value in use calculation to reasonably possible
changes in key assumptions.
We consider that the value-in-use calculation
of EU Assurance has a high degree of
estimation uncertainty, specifically around the
revenue growth assumptions, with a potential
range of reasonable outcomes greater than our
materiality for the financial statements as a
whole, and possibly many times that amount.
The financial statements (note 12) disclose the
sensitivity estimated by the Group.
Our procedures included:
• Historical comparison: We assessed the reasonableness of the
forecast used, by considering the Group’s forecasting accuracy by
comparing actual results in the year to the Group’s previous forecast
for the year
• Benchmarking assumptions: We challenged, with the support
of our own valuation specialists, the risk adjusted discount rates,
having regard for market observable data with regard to risk free
rates and returns on equity for comparator companies. We also
evaluated the revenue growth assumptions and the long-term
growth rates into perpetuity, comparing to external sources of data
including industry growth rates and internal sources including the
order book
• Sensitivity analysis: We performed breakeven analysis on the key
assumptions, including the revenue compound annual growth rate
(“CAGR”) and the discount rate
• Comparing valuations: We compared the sum of the discounted
cash flows to the Group’s market capitalisation adjusted for debt to
assess the reasonableness of the value in use calculations
• Assessing transparency: We assessed whether the Group’s
disclosures regarding the sensitivity of the impairment assessment
to changes in key assumptions reflected the risks inherent in the
valuation of the goodwill
Accounting treatment and
subjective estimates
The contractual arrangements that underpin
the measurement of revenue and associated
profit, within the long-term contracts within Fox
IT can be complex. These involve judgements
around the accounting treatment and
subjective estimates, which form the basis
of both the in-year and future recognition
of revenue and profit.
Incentives and pressures to meet market
expectations, increase the risk of fraudulent
revenue recognition. The significant risk relates
to fixed price long term contracts that are not
completed as at the balance sheet date.
Within Fox IT, the forecasts used in assessing
the contract outturn positions are inherently
judgemental, due to the uncertainty involved in
forecasting future cash flows, including costs
to complete.
Furthermore, where the fixed price contracts are
loss-making or low margin, these assumptions
may have a significant impact on the recognition
of revenue and profit in the period and may result
in impairment of related contract assets or further
onerous contract provisions being required.
The financial statements (note 2) disclose
the sensitivity estimated by the Group.
Our results
We found the carrying value of the goodwill related to the EU
Assurance CGU to be acceptable (2020 result: acceptable).
Our procedures included:
• Test of detail: For a sample of the selected contracts, we agreed
costs incurred to date (such as direct costs, labour charges and
hardware costs) to purchase orders and challenged the internal
hours charged, to assess the stage of completion
• Personnel enquiries: We corroborated forecasts used in the
long-term contract accounting through discussions with operational
management for the same sample of contracts regarding their
expectations for the contracts, including forecast costs to complete
and the timetable to completion for these contracts. We also periodically
attended regular project meetings throughout the year to observe
the project teams and challenge
• Historical comparison: We assessed the forecasting accuracy of
costs to complete by comparing actual results in the year to what
was previously forecast
• Assessing transparency: We assessed the completeness and
accuracy of the matters covered in the disclosures relating to Fox IT
long term contract accounting and assessed the adequacy of the
Group’s disclosures about the sensitivity of the impact of reasonably
possible changes in the key assumptions in the long term contract
accounting
Our results
We found the accounting treatment and estimates of the revenue
associated with long term contracts and the provisions for long term
contracts and the related disclosures to be acceptable (2020 result:
acceptable).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
127
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
2 Key audit matters: our assessment of risks of material misstatement continued
The risk
Our response
Assurance revenue
recognition in the cut
off period
Contract assets – accrued income
£21.3m; (2020: £17.6m)
Contract liabilities – deferred income
£32.6m; (2020: £29.7m)
Refer to pages 144–149
(accounting policy) and pages 166
and 171 (financial disclosures)
2021/2022 sales
Incentives and pressures to meet market
expectations, increase the risk of fraudulent
revenue recognition.
There is a specific risk around the cut-off
period at the year end, with regards to ensuring
revenue, including accrued and deferred income
are recognised in the correct accounting period.
This is a particular risk for projects in the
assurance business, where projects are ongoing
at the year end and there are judgements taken
in determining completion and progress to date.
Recoverability of parent
company’s investments
in subsidiaries and
intercompany receivables
Investments – £151.8m
(2020: £78.3m)
Intercompany receivables £162.6m
(2020: £142.0m)
Refer to page 144 and 151
(accounting policy) and pages 166
and 182 (financial disclosures)
Low risk, high value
The carrying amount of the Parent Company’s
investments in subsidiaries and intercompany
receivables represents 48% (2020: 34%) and
52% (2020: 63%) respectively of the
Company’s total assets.
Their recoverability is not at a high risk of
significant misstatement or subject to significant
judgement. However, due to their materiality in
the context of the Parent Company financial
statements, this is the area that had the greatest
effect on our overall Parent Company audit.
Our procedures included:
• Tests of detail: We agreed a sample of revenue transactions within
the cut off period pre and post year end to supporting documentation
to assess whether these have been recorded in the correct accounting
period. This also included specific item testing of a sample of items
held in accrued and deferred income at the year end. We performed
an assessment of whether over and under statements of revenue,
accrued income and deferred income identified through these
procedures were material
• Analytic Sampling: We also used data & analytics tools to identify
journals with unusual account combinations involving revenue and
performed testing over the identified items. This included procedures
to understand the nature and substance of the transaction and
obtaining supporting documentation
Our results
We found the recognition of Assurance revenue in the cut-off period
to be acceptable (2020 result: acceptable).
Our procedures included:
• Tests of detail: We compared the carrying amount of investments
and intercompany receivables with the relevant subsidiaries’ draft
balance sheet as at 31 May 2021 to identify whether their net
assets, being an approximation of their minimum recoverable
amount, were in excess of their carrying amount and assessing
whether those subsidiaries have historically been profit-making
• Assessing subsidiary audits: We assessed the work performed
by the group and subsidiary audit team on a sample of those
subsidiaries and considering the results of that work, on those
subsidiaries’ profits and net assets
Our results
We found the Group’s assessment of the recoverability of the
parent company’s investment in subsidiaries to be acceptable
(2020 result: acceptable).
For each of the key audit matters reported, we performed the detailed tests above rather than seeking to rely on any of the Group’s controls.
This is because our knowledge of the design of these controls indicated that we would not be able to obtain the required evidence to support
reliance on controls.
We continue to perform procedures over going concern and the impact of uncertainties due to the UK exiting the European Union on our
audit. However, following the Group’s trading in the period, as well as the UK’s departure from the European Union and the end of the
transition period in January 2021, we have not assessed these as one of the most significant risks in our current year audit and, therefore,
they are not separately identified in our report this year.
128
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�3 Our application of materiality and an overview of the
scope of our audit
Materiality for the Group financial statements as a whole was set
at £1.2 million (2020: £0.8 million), determined with reference to
a benchmark of Group profit before tax, normalised to exclude
individually significant items as disclosed in note 5 of £27.5 million
(2020: profit before tax of £16.1 million, as stated in the accounts
before the prior period restatement), of which it represents 4.5%
(2020: 5.0%).
Materiality for the Parent Company financial statements as a
whole was set at £0.3 million (2020: £0.3 million), determined
with reference to a benchmark of Company total assets, of which
it represents 0.1% (2020: 0.1%).
In line with our audit methodology, our procedures on individual
account balances and disclosures were performed to a lower
threshold, performance materiality, so as to reduce to an acceptable
level the risk that individually immaterial misstatements in individual
account balances add up to a material amount across the financial
statements as a whole.
Performance materiality was set at 65% (2020: 65%) of materiality for
the financial statements as a whole, which equates to £0.78 million
(2020: £0.5 million) for the Group and £0.2 million (2020: £0.2 million)
for the parent company. We applied this percentage in our
determination of performance materiality based on the level of identified
misstatements and control deficiencies during the prior period.
We agreed to report to the Audit Committee any corrected or
uncorrected identified misstatements exceeding £60,000
(2020: £40,000), in addition to other identified misstatements
that warranted reporting on qualitative grounds.
Of the Group’s 41 (2020: 23) reporting components, we subjected
8 (2020: 10) to full scope audits for Group purposes.
We conducted reviews of financial information (including enquiry)
at a further 4 (2020: 4) non-significant components as these
components were not individually financially significant enough
to require an audit for Group reporting purposes but a review was
performed to provide further coverage over the Group’s results.
The components within the scope of our work accounted for the
percentages illustrated opposite.
For the residual components, we performed analysis at an
aggregated group level to re-examine our assessment that there
were no significant risks of material misstatement within these.
The Group team instructed component auditors as to the significant
areas to be covered, including the relevant risks detailed above and
the information to be reported back. The Group team approved the
component materialities, which ranged from £0.22m to £0.55m
(2020: £0.10m to £0.63m), having regard to the mix of size and risk
profile of the Group across the components. The work on 1 of the
41 components (2020: 1 of the 23 components) was performed by
component auditors and the rest, including the audit of the Parent
Company, was performed by the Group team.
The Group team held video and telephone conference meetings
with 1 (2020: 1) component location in the Netherlands to assess
the audit risk and strategy as well as updates on performance.
Video and telephone conference meetings were also held with
the component auditors for the Netherlands. At these meetings,
the audit findings reported to the Group team were discussed in
more detail, and any further work required by the Group team was
then performed by the component auditor.
Normalised Group profit
before tax
£27.5m (2020: £16.1m)
96++4++II
Normalised PBT
Group materiality
Group revenue
8
9
86
86
Group total assets
94%
(2020: 95%)
I86+86+
86+86+
I96+96+
92+92+
95%
(2020: 98%)
92
96
3
2
Group materiality
£1.2m (2020: £0.8m)
£1.2m
Whole financial
statements materiality
(2020: £0.8m)
£0.78m
Whole financial
statements
performance materiality
(2020: £0.5m)
£0.55m
Range of materiality
at 8 components
(£0.22m–£0.55m)
(2020: £0.10m to
£0.63m)
£0.06m
Misstatements reported
to the audit committee
(2020: £0.04m)
6
2
87
87
Total profits and losses
that made up Group profit
before tax
89%
(2020: 93%)
I87+87+
87+87+
I80+80+
88+88+
Total profits and losses that
made up Group profit before
individually significant items
and tax
90%
(2020: 93%)
10
88
80
2
Full scope for group audit purposes 2021
Reviews of financial information (including enquiry) 2021
Full scope for group audit purposes 2020
Reviews of financial information (including enquiry) 2020
The US components were audited remotely by the Group audit team.
Residual components
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
129
Financial statements8
8
+
+
6
6
+
+
I
9
9
+
+
5
5
+
+
I
I
2
2
+
+
11
11
+
+
I
6
6
+
+
7
7
+
+
I
I
3
3
+
+
5
5
+
+
I
2
2
+
+
2
2
+
+
I
I
2
2
+
+
10
10
+
+
I
10
10
+
+
10
10
+
+
I
I
�Independent auditor’s report continued
to the members of NCC Group plc
4 Going concern
The Directors have prepared the financial statements on the going
concern basis as they do not intend to liquidate the Group or the
Company or to cease their operations, and as they have concluded
that the Group’s and the Company’s financial position means that
this is realistic. They have also concluded that there are no material
uncertainties that could have cast significant doubt over their ability
to continue as a going concern for at least a year from the date of
approval of the financial statements (“the going concern period”).
We used our knowledge of the Group, including the post-year end
acquisition of trade and assets of Iron Mountain Intellectual Property
Management Inc., its industry, and the general economic environment
to identify the inherent risks to its business model and analysed how
those risks might affect the Group’s and Company’s financial resources
or ability to continue operations over the going concern period. The
risk that we considered most likely to adversely affect the Group’s
and Company’s available financial resources, and metrics relevant
to debt covenants, over this period was in respect of the economic
impact of COVID-19, with uncertainty remaining over the full range
of possible effects on the Group’s financial and operational
performance. We also considered less predictable but realistic
second order impacts, such as the erosion of customer confidence.
We considered whether these risks could plausibly affect the
liquidity or covenant compliance in the going concern period by
comparing severe, but plausible downside scenarios that could arise
from these risks, individually and collectively, against the level of
available financial resources and covenants indicated by the Group’s
financial forecasts.
Our procedures also included:
• A review of the availability of cash and the cash flow forecasts to
determine whether the assumptions are realistic, achievable and
consistent with the external and internal environment; we
assessed loan covenant compliance to consider the headroom
forecast for each financial covenant;
• An evaluation of sensitivities over the level of financial resources
indicated by the Group’s financial forecasts, taking account of
reasonably possible (but not unrealistic) adverse effects that
could arise from the risks identified individually and collectively;
• An assessment of the adequacy of the going concern disclosure
in note 1 to the financial statements.
Our conclusions based on this work:
• we consider that the directors’ use of the going concern basis
of accounting in the preparation of the financial statements
is appropriate;
• we have not identified, and concur with the directors’ assessment
that there is not, a material uncertainty related to events or
conditions that, individually or collectively, may cast significant
doubt on the Group’s or Company’s ability to continue as a going
concern for the going concern period;
• we have nothing material to add or draw attention to in relation to
the directors’ statement in note 1 to the financial statements on the
use of the going concern basis of accounting with no material
uncertainties that may cast significant doubt over the Group and
Company’s use of that basis for the going concern period, and we
found the going concern disclosure in note 1 to be acceptable; and
• the related statement under the Listing Rules set out on page
119 is materially consistent with the financial statements and our
audit knowledge.
However, as we cannot predict all future events or conditions and
as subsequent events may result in outcomes that are inconsistent
with judgements that were reasonable at the time they were made,
the above conclusions are not a guarantee that the Group or the
Company will continue in operation.
5 Fraud and breaches of laws and regulations
– ability to detect
Identifying and responding to risks of material misstatement
due to fraud
To identify risks of material misstatement due to fraud (“fraud risks”)
we assessed events or conditions that could indicate an incentive or
pressure to commit fraud or provide an opportunity to commit fraud.
Our risk assessment procedures included:
• Enquiring of directors, the audit committee and internal audit;
and inspection of policy documentation as to the Group’s
high-level policies and procedures to prevent and detect fraud,
including the internal audit function, and the Group’s channel
for “whistleblowing”, as well as whether they have knowledge
of any actual, suspected or alleged fraud
• Reading Board, audit committee and remuneration
committee minutes
• Considering remuneration incentive schemes and performance
targets for directors including the EPS target for management
remuneration
• Using analytical procedures to identify any unusual or
unexpected relationships
We communicated identified fraud risks throughout the audit team
and remained alert to any indications of fraud throughout the audit.
This included communication from the Group to the component
audit team of relevant fraud risks identified at the Group level and
request to the component audit team to report to the Group audit
team any instances of fraud that could give rise to a material
misstatement at Group.
As required by auditing standards, and taking into account possible
pressures to meet expectations of third parties, we perform procedures
to address the risk of management override of controls and the risk of
fraudulent revenue recognition, in particular the risk that Assurance
revenue is recorded in the wrong period and the risk that Group and
component management may be in a position to make incorrect
accounting entries, and the risk of bias in accounting estimates and
judgements such as provisions against long term contracts.
On this audit we do not believe there is a fraud risk related to
Software resilience revenue recognition because there is minimal
opportunity for manipulation since the revenue stream is relatively
straightforward and is typically based on annual agreements which
set out the period over which revenue is to be recognised.
We did not identify any additional fraud risks.
Further detail in respect of Assurance revenue recognition and Fox
IT long term fixed price contracts are set out in the key audit matter
disclosures in section 2 of this report.
We also performed procedures including:
• Cut-off sample testing around the year end over assurance
revenue, accrued income and deferred income;
• Assessing significant accounting estimates for bias;
• Identifying journal entries to test for all full scope components
using data analytics tools based on risk criteria and comparing
the identified entries to supporting documentation. These
included those posted to unusual accounts.
130
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�5 Fraud and breaches of laws and regulations
– ability to detect continued
Identifying and responding to risks of material misstatement
due to non-compliance with laws and regulations
We identified areas of laws and regulations that could reasonably
be expected to have a material effect on the financial statements
from our general commercial and sector experience, and through
discussion with the directors and other management (as required
by auditing standards), and discussed with the directors and other
management the policies and procedures regarding compliance
with laws and regulations.
As the Group is regulated, our assessment of risks involved gaining
an understanding of the control environment including the entity’s
procedures for complying with regulatory requirements.
We communicated identified laws and regulations throughout our
team and remained alert to any indications of non-compliance
throughout the audit. This included communication from the Group to
the component audit team of relevant laws and regulations identified
at the Group level, and a request for component auditors to report
to the Group team any instances of non-compliance with laws and
regulations that could give rise to a material misstatement at Group.
The potential effect of these laws and regulations on the financial
statements varies considerably.
Firstly, the Group is subject to laws and regulations that directly
affect the financial statements including financial reporting
legislation (including related companies legislation), distributable
profits legislation and taxation legislation, and we assessed the
extent of compliance with these laws and regulations as part of
our procedures on the related financial statement items.
Secondly, the Group is subject to many other laws and regulations
where the consequences of non-compliance could have a material
effect on amounts or disclosures in the financial statements, for
instance through the imposition of fines or litigation. We identified
the following areas as those most likely to have such an effect:
health and safety, employment law and certain aspects of company
legislation recognising the nature of the Group’s activities and its
legal form. Auditing standards limit the required audit procedures to
identify non-compliance with these laws and regulations to enquiry
of the directors and other management and inspection of regulatory
and legal correspondence, if any. Therefore if a breach of
operational regulations is not disclosed to us or evident from
relevant correspondence, an audit will not detect that breach.
We assessed the legality of the distribution in the period based on
the level of distributable reserves available when the distributions
were approved.
Context of the ability of the audit to detect fraud or breaches
of law or regulation
Owing to the inherent limitations of an audit, there is an unavoidable
risk that we may not have detected some material misstatements
in the financial statements, even though we have properly planned
and performed our audit in accordance with auditing standards.
For example, the further removed non-compliance with laws and
regulations is from the events and transactions reflected in the
financial statements, the less likely the inherently limited procedures
required by auditing standards would identify it.
misstatement. We are not responsible for preventing non-compliance
or fraud and cannot be expected to detect non-compliance with all
laws and regulations.
6 We have nothing to report on the other information
in the Annual Report
The directors are responsible for the other information presented
in the Annual Report together with the financial statements.
Our opinion on the financial statements does not cover the other
information and, accordingly, we do not express an audit opinion
or, except as explicitly stated below, any form of assurance
conclusion thereon.
Our responsibility is to read the other information and, in doing so,
consider whether, based on our financial statements audit work, the
information therein is materially misstated or inconsistent with the
financial statements or our audit knowledge. Based solely on that
work we have not identified material misstatements in the other
information.
Strategic report and directors’ report
Based solely on our work on the other information:
• we have not identified material misstatements in the strategic
report and the directors’ report;
• in our opinion the information given in those reports for the
financial year is consistent with the financial statements; and
• in our opinion those reports have been prepared in accordance
with the Companies Act 2006.
Directors’ remuneration report
In our opinion the part of the Directors’ Remuneration Report to be
audited has been properly prepared in accordance with the
Companies Act 2006.
Disclosures of emerging and principal risks and longer-term viability
We are required to perform procedures to identify whether there is a
material inconsistency between the directors’ disclosures in respect
of emerging and principal risks and the viability statement, and the
financial statements and our audit knowledge.
Based on those procedures, we have nothing material to add or
draw attention to in relation to:
• the directors’ confirmation within the Viability Statement on page
48 that they have carried out a robust assessment of the
emerging and principal risks facing the Group, including those
that would threaten its business model, future performance,
solvency and liquidity;
• the Principal Risks and Uncertainties disclosures describing these
risks and how emerging risks are identified, and explaining how
they are being managed and mitigated; and
• the directors’ explanation in the Viability Statement of how they
have assessed the prospects of the Group, over what period
they have done so and why they considered that period to be
appropriate, and their statement as to whether they have a
reasonable expectation that the Group will be able to continue
in operation and meet its liabilities as they fall due over the period
of their assessment, including any related disclosures drawing
attention to any necessary qualifications or assumptions.
In addition, as with any audit, there remained a higher risk of
non-detection of fraud, as these may involve collusion, forgery,
intentional omissions, misrepresentations, or the override of internal
controls. Our audit procedures are designed to detect material
We are also required to review the Viability Statement, set out on
page 48 under the Listing Rules. Based on the above procedures,
we have concluded that the above disclosures are materially
consistent with the financial statements and our audit knowledge.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
131
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
6 We have nothing to report on the other information
in the Annual Report continued
Disclosures of emerging and principal risks and longer-term
viability continued
Our work is limited to assessing these matters in the context of
only the knowledge acquired during our financial statements audit.
As we cannot predict all future events or conditions and as
subsequent events may result in outcomes that are inconsistent
with judgements that were reasonable at the time they were made,
the absence of anything to report on these statements is not a
guarantee as to the Group’s and Company’s longer-term viability.
Corporate governance disclosures
We are required to perform procedures to identify whether there is a
material inconsistency between the directors’ corporate governance
disclosures and the financial statements and our audit knowledge.
Based on those procedures, we have concluded that each of the
following is materially consistent with the financial statements and
our audit knowledge:
• the directors’ statement that they consider that the annual report
and financial statements taken as a whole is fair, balanced and
understandable, and provides the information necessary for
shareholders to assess the Group’s position and performance,
business model and strategy;
• the section of the annual report describing the work of the Audit
Committee, including the significant issues that the Audit
Committee considered in relation to the financial statements,
and how these issues were addressed; and
• the section of the annual report that describes the review of
the effectiveness of the Group’s risk management and internal
control systems.
We are required to review the part of the Corporate Governance
Statement relating to the Group’s compliance with the provisions of
the UK Corporate Governance Code specified by the Listing Rules
for our review. We have nothing to report in this respect.
7 We have nothing to report on the other matters on
which we are required to report by exception
Under the Companies Act 2006, we are required to report to you if,
in our opinion:
• adequate accounting records have not been kept by the parent
Company, or returns adequate for our audit have not been
received from branches not visited by us; or
• the parent Company financial statements and the part of the
Directors’ Remuneration Report to be audited are not in
agreement with the accounting records and returns; or
• certain disclosures of directors’ remuneration specified by law
are not made; or
• we have not received all the information and explanations we
require for our audit.
We have nothing to report in these respects.
8 Respective responsibilities
Directors’ responsibilities
As explained more fully in their statement set out on page 123,
the directors are responsible for: the preparation of the financial
statements including being satisfied that they give a true and fair
view; such internal control as they determine is necessary to enable
the preparation of financial statements that are free from material
misstatement, whether due to fraud or error; assessing the Group
and parent Company’s ability to continue as a going concern,
disclosing, as applicable, matters related to going concern; and
using the going concern basis of accounting unless they either
intend to liquidate the Group or the parent Company or to cease
operations, or have no realistic alternative but to do so.
Auditor’s responsibilities
Our objectives are to obtain reasonable assurance about whether the
financial statements as a whole are free from material misstatement,
whether due to fraud or error, and to issue our opinion in an auditor’s
report. Reasonable assurance is a high level of assurance, but does
not guarantee that an audit conducted in accordance with ISAs
(UK) will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered
material if, individually or in aggregate, they could reasonably be
expected to influence the economic decisions of users taken
on the basis of the financial statements.
A fuller description of our responsibilities is provided on the FRC’s
website at www.frc.org.uk/auditorsresponsibilities.
9 The purpose of our audit work and to whom we owe
our responsibilities
This report is made solely to the Company’s members, as a body, in
accordance with Chapter 3 of Part 16 of the Companies Act 2006.
Our audit work has been undertaken so that we might state to the
Company’s members those matters we are required to state to them
in an auditor’s report and for no other purpose. To the fullest extent
permitted by law, we do not accept or assume responsibility to
anyone other than the Company and the Company’s members, as
a body, for our audit work, for this report, or for the opinions we
have formed.
Frances Simpson (Senior Statutory Auditor)
for and on behalf of KPMG LLP, Statutory Auditor
Chartered Accountants
1 St. Peter’s Square
Manchester
M2 3AE
United Kingdom
14 September 2021
132
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Consolidated income statement 1
for the year ended 31 May 2021
Revenue
Cost of sales
Gross profit
Administrative expenses
Depreciation and amortisation
Other administrative expenses
Individually Significant Items
Total administrative expenses
Operating profit
Finance costs
Profit before taxation
Taxation
Profit for the year attributable to the owners of the Company
Earnings per ordinary share
Basic EPS
Diluted EPS
Notes
4
4
4
5
4
8
6
9
11
2021
£m
270.5
(159.9)
2020
(restated) 2, 3
£m
263.7
(159.3)
110.6
104.4
(19.7)
(60.9)
(12.7)
(93.3)
17.3
(2.5)
14.8
(4.8)
10.0
(23.6)
(60.3)
(7.9)
(91.8)
12.6
(3.0)
9.6
(3.2)
6.4
3.6p
3.5p
2.3p
2.3p
Consolidated statement of comprehensive (loss)/income
for the year ended 31 May 2021
Profit for the year attributable to the owners of the Company
Other comprehensive (loss)/income
Items that may be reclassified subsequently to profit or loss (net of tax)
Cash flow hedges – effective portion of changes in fair value
Foreign exchange translation differences
Total other comprehensive (loss)/income
Total comprehensive (loss)/income for the year (net of tax) attributable to the owners of the Company
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
2021
£m
10.0
2020
(restated) 2
£m
6.4
(0.8)
(11.6)
(12.4)
(2.4)
–
4.0
4.0
10.4
Footnotes for consolidated Financial Statements
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information
is also contained within the Glossary of terms on pages 187 and 188.
2 See Note 34 for an explanation of the prior year restatement recognised in relation to the adoption of the IFRIC agenda decision on cloud configuration and
customisation costs in April 2021.
3 Results for the year ended 31 May 2020 have been re-presented to include adjusting items within statutory results.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
133
Financial statements
�Consolidated balance sheet
at 31 May 2021
Non-current assets
Goodwill
Intangible assets
Property, plant and equipment
Right-of-use assets
Investments
Deferred tax asset
Total non-current assets
Current assets
Inventories
Trade and other receivables
Current tax receivable
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Borrowings
Lease liabilities
Current tax payable
Derivative financial instruments
Provisions
Contract liabilities – deferred revenue
Total current liabilities
Non-current liabilities
Borrowings
Lease liabilities
Deferred tax liabilities
Provisions
Contract liabilities – deferred revenue
Total non-current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Hedging reserve
Merger reserve
Currency translation reserve
Retained earnings
31 May 2021
£m
Notes
31 May 2020
1 June 2019
(restated) 2
(restated) 2
£m
£m
12
12
13
14
15
18
16
17
24
19
24
20
25
21
22
24
20
18
21
22
27
27
27
27
27
27
182.9
193.1
189.4
21.0
11.5
23.8
0.3
2.0
29.0
13.9
28.7
0.3
2.3
38.3
16.9
26.5
0.3
2.2
241.5
267.3
273.6
1.1
68.7
4.5
116.5
190.8
432.3
45.2
–
5.1
4.0
0.8
2.4
43.6
101.1
33.2
29.3
1.2
0.6
0.7
65.0
166.1
266.2
3.1
223.2
(0.8)
42.3
20.3
(21.9)
0.9
73.4
0.6
95.0
169.9
437.2
46.4
–
5.3
–
–
2.0
39.5
93.2
99.2
32.9
2.9
1.7
1.4
138.1
231.3
205.9
2.8
150.9
–
42.3
31.9
0.7
61.6
0.6
34.9
97.8
371.4
31.6
5.0
5.2
–
–
0.2
36.2
78.2
50.1
30.5
5.4
1.3
–
87.3
165.5
205.9
2.8
149.8
–
42.3
27.9
(22.0)
(16.9)
Total equity attributable to equity holders of the Parent
266.2
205.9
205.9
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 14 September 2021. They were signed
on its behalf by:
Adam Palser
Chief Executive Officer
14 September 2021
Tim Kowalski
Chief Financial Officer
14 September 2021
134
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Consolidated cash flow statement
for the year ended 31 May 2021
Cash flows from operating activities
Profit for the year
Adjustments for:
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Share-based payments
Amortisation of customer contracts and relationships
Amortisation of software and development costs
Impairment of right-of-use assets
Lease financing costs
Other financing costs
Foreign exchange
Acquisition of businesses – transaction costs
Individually Significant Items (non-cash impact)
Profit on disposal of right-of-use assets
Profit on sale of intangible assets
Loss on sale of property, plant and equipment
Research and development UK tax credits
Research and development US tax credits
Income tax expense
Increase in provisions
Cash inflow for the year before changes in working capital
Decrease/(increase) in trade and other receivables
Increase in inventories
(Decrease)/increase in trade and other payables
Cash generated from operating activities before interest and taxation
Interest element of lease payments
Other interest paid
Taxation paid
Net cash generated from operating activities
Cash flows from investing activities
Purchase of property, plant and equipment
Software and development expenditure
Net proceeds from sale of intangible assets
Net cash used in investing activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Principal element of lease payments
Drawdown of borrowings (net of deferred issue costs)
Issue costs related to borrowings
Repayment of borrowings
Equity dividends paid
Net cash (used in)/generated from financing activities
Net increase in cash and cash equivalents
Cash and cash equivalents at beginning of year
Effect of foreign currency exchange rate changes
Cash and cash equivalents at end of year
Reconciliation of net change in cash and cash equivalents to movement in net cash/(debt) 1
Net increase in cash and cash equivalents
Change in net debt 1 resulting from cash flows (net of deferred issue costs)
Interest incurred on borrowings
Interest paid on borrowings
Non-cash movements (release of deferred issue costs)
Effect of foreign currency on cash flows
Foreign currency translation differences on borrowings
Change in net cash/(debt) 1 during the year
Net debt 1 at start of year excluding lease liabilities
Net cash/(debt) 1 at end of year excluding lease liabilities
Lease liabilities
Net cash/(debt) 1 at end of year
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
Notes
13
14
26
12
12
14
8
8
5
9
9
27
10
24
2021
£m
10.0
4.4
5.9
2.8
6.4
3.0
–
1.2
1.3
1.5
(1.2)
7.6
(0.2)
(0.5)
0.2
(0.6)
1.9
2.9
0.7
47.3
4.7
(0.2)
(5.5)
46.3
(1.2)
(1.1)
(5.1)
38.9
(2.7)
(2.1)
0.5
(4.3)
72.6
(6.0)
–
–
(60.4)
(13.0)
(6.8)
27.8
95.0
(6.3)
116.5
2021
£m
27.8
60.4
(1.1)
1.1
(0.2)
(6.3)
5.8
87.5
(4.2)
83.3
(34.4)
48.9
2020
(restated) 2
£m
6.4
5.8
6.0
1.4
8.8
3.0
1.1
1.2
1.8
–
–
–
(0.1)
–
–
(0.6)
0.5
2.7
0.8
38.8
(11.0)
(0.2)
19.2
46.8
(1.2)
(1.6)
(4.8)
39.2
(2.8)
(2.5)
–
(5.3)
1.1
(5.3)
44.3
(1.0)
–
(12.9)
26.2
60.1
34.9
–
95.0
2020
£m
60.1
(43.3)
(1.6)
1.6
(0.2)
–
(0.6)
16.0
(20.2)
(4.2)
(38.2)
(42.4)
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
135
Financial statements
�Consolidated statement of changes in equity
for the year ended 31 May 2021
Share
capital
£m
Share
premium
£m
Hedging
reserve
£m
Notes
Balance at 1 June 2019 (as reported)
2.8
149.8
Impact of change in accounting policy in respect
of cloud configuration and customisation costs
(Note 34)
Balance at 1 June 2019 (as restated) 2
Profit for the year (as restated) 2 (Note 34)
Other comprehensive income for the year
Total comprehensive income for the year
(restated) 2
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Share-based payments
Shares issued
10
26
27
Total contributions by and distributions
to owners
–
2.8
–
149.8
–
–
–
–
–
–
–
–
–
–
–
–
1.1
1.1
Balance at 31 May 2020 (restated) 2
2.8
150.9
Profit for the year
Other comprehensive income for the year
Total comprehensive income for the year
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Share-based payments
Tax on share-based payments
Shares issued
Total contributions by and distributions
to owners
Balance at 31 May 2021
10
26
26
27
–
–
–
–
–
–
0.3
0.3
3.1
–
–
–
–
–
–
72.3
72.3
223.2
Merger
reserve
£m
42.3
Currency
translation
reserve
£m
Retained
earnings
£m
Total
£m
27.9
(14.0)
208.8
–
–
(2.9)
(2.9)
42.3
27.9
(16.9)
205.9
–
–
–
–
–
–
–
–
4.0
4.0
–
–
–
–
6.4
–
6.4
6.4
4.0
10.4
(12.9)
(12.9)
1.4
–
1.4
1.1
(11.5)
(10.4)
42.3
31.9
(22.0)
205.9
–
–
–
–
–
–
–
–
–
(11.6)
(11.6)
10.0
–
10.0
10.0
(12.4)
(2.4)
–
–
–
–
–
(13.0)
(13.0)
2.8
0.3
–
2.8
0.3
72.6
(9.9)
62.7
–
–
–
–
–
–
–
–
–
–
–
–
(0.8)
(0.8)
–
–
–
–
–
(0.8)
42.3
20.3
(21.9)
266.2
The accompanying Notes 1 to 35 are an integral part of these consolidated Financial Statements.
136
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Company balance sheet
at 31 May 2021
Company no: 4627044
Non-current assets
Investments in subsidiary undertakings
Trade and other receivables
Total non-current assets
Current assets
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Total current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Merger reserve
Retained earnings
Total equity
Notes
2021
£m
2020
£m
33
17
24
19
27
27
27
27
151.8
162.6
314.4
0.6
0.6
78.3
142.0
220.3
6.8
6.8
315.0
227.1
13.5
13.5
13.5
13.0
13.0
13.0
301.5
214.1
3.1
223.2
42.3
32.9
301.5
2.8
150.9
42.3
18.1
214.1
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 14 September 2021. They were signed
on its behalf by:
Adam Palser
Chief Executive Officer
14 September 2021
Tim Kowalski
Chief Financial Officer
14 September 2021
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
137
Financial statements
�Company cash flow statement
for the year ended 31 May 2021
Cash flows from operating activities
Profit for the year
Cash inflow for the year before changes in working capital
Increase in trade and other receivables
Increase in trade and other payables
Net cash generated from operating activities
Cash flows from investing activities
Investments in subsidiary undertakings
Net cash used in investing activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Equity dividends paid
Net cash generated from/(used in) financing activities
Net (decrease)/increase in cash and cash equivalents
Cash and cash equivalents at beginning of year
Cash and cash equivalents at end of year
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
Notes
28
32
27
10
2021
£m
2020
£m
25.0
25.0
(20.6)
0.5
4.9
(70.7)
(70.7)
72.6
(13.0)
59.6
(6.2)
6.8
0.6
6.0
6.0
(0.6)
13.0
18.4
–
–
1.1
(12.9)
(11.8)
6.6
0.2
6.8
138
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Company statement of changes in equity
for the year ended 31 May 2021
Balance at 31 May 2019 and 1 June 2019
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
Balance at 31 May 2020
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
Balance at 31 May 2021
Notes
Share
capital
£m
Share
premium
£m
2.8
149.8
Merger
reserve
£m
42.3
10
27
10
27
–
–
–
–
–
–
–
–
–
–
1.1
1.1
–
–
–
–
–
–
2.8
150.9
42.3
–
–
–
–
72.3
72.3
–
–
–
–
–
–
–
–
–
–
0.3
0.3
3.1
Retained
earnings
£m
Total
£m
21.9
216.8
6.0
6.0
6.0
6.0
(12.9)
(12.9)
3.1
–
(9.8)
18.1
25.0
25.0
3.1
1.1
(8.7)
214.1
25.0
25.0
(13.0)
(13.0)
2.8
–
(10.2)
2.8
72.6
62.4
223.2
42.3
32.9
301.5
The accompanying Notes 1 to 35 are an integral part of these Financial Statements.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
139
Financial statements�Notes to the Financial Statements
for the year ended 31 May 2021
1 Accounting policies
Basis of preparation
NCC Group plc (the ‘Company’) is a company incorporated in the UK, with its registered office at XYZ Building, 2 Hardman Boulevard,
Manchester M3 3AQ. The Group Financial Statements consolidate those of the Company and its subsidiaries (together referred to as the
‘Group’). The principal activity of the Group is the provision of independent advice and services to customers through the supply of cyber
assurance and Software Resilience services. The Parent Company Financial Statements present information about the Company as a
separate entity and not about the Group. These Financial Statements have been approved for issue by the Board of Directors on 14 September 2021.
These Group and Parent Company Financial Statements were prepared in accordance with International Accounting Standards in conformity
with the requirements of the Companies Act 2006 and these Group Financial Statements were also in accordance with International
Financial Reporting Standards adopted pursuant to Regulation (EC) No 1606/2002 as it applies in the European Union (‘IFRSs as adopted
by the EU’). On publishing the Parent Company Financial Statements here together with the Group Financial Statements, the Company is
also taking advantage of the exemption in s408 of the Companies Act 2006 not to present its individual Income Statement and related
notes that form a part of these approved Financial Statements.
Brexit
Management has reviewed the impact of Brexit on the Financial Statements. The Group has so far proven structurally resilient to any
significant disruption caused by Brexit. The main risks to the Group from Brexit continue to be any reduction in demand from an economic
slowdown as well as real or perceived differences in data protection standards which impact our global ways of working. On this basis,
management has concluded that the impact should be limited; this includes any impact on the IFRS 9 expected credit loss model.
Management also notes no changes to this assessment from a post-Balance Sheet event perspective.
Covid-19
Management has reviewed the potential impact of Covid-19 on the Financial Statements. Accordingly, consideration has been given to the
impact on the IFRS 9 expected credit loss model, IFRS 15 collectability assessments, IFRS 16 lease term assessments (no material impact
on lease term assessment), the annual impairment review and the going concern and viability assessments.
New and amended accounting standards that have been issued but are not yet effective
At the date of authorisation of these Financial Statements, the following standards and interpretations were in issue but have not been
applied in these Financial Statements as they were not yet mandatory:
• IFRS 17 ‘Insurance Contracts’
• ‘Classification of Liabilities as Current or Non-Current’ (Amendments to IAS 1)
• Interest Rate Benchmark Reform (Amendments to IFRS 9, IAS 39 and IFRS 7)
• Amendments to IAS 37 ‘Onerous Contracts – Cost of Fulfilling a Contract’
• Conceptual Framework – ‘Amendments to References to the Conceptual Framework in IFRS Standards’
• Amendments to IAS 16 ‘Property, Plant and Equipment – Proceeds Before Intended Use’
• Annual Improvements to IFRS Standards 2018–2020 Cycle – Amendments to IFRS 1 ‘First-time Adoption of International Financial
Reporting Standards’, IFRS 9 ‘Financial Instruments’, IFRS 16 ‘Leases’, and IAS 41 ‘Agriculture’
These IFRSs are not expected to have a material impact on the Group’s consolidated financial position or performance of the Group.
Application of significant new or amended EU-endorsed accounting standards
The following amended standards and interpretations were also effective during the year; however, they have not had a material impact
on our consolidated Financial Statements.
• Amendments to IFRS 3 ‘Definition of a Business’
• Amendments to IAS 1 and IAS 8 ‘Definition of Material’
• Covid-19 Related Rent Concessions – Amendment to IFRS 16
Application of IFRIC agenda decisions
In April 2021, the IFRS Interpretations Committee (IFRIC) published an agenda decision on the clarification of accounting in relation
to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) as follows:
• Amounts paid to the cloud vendor for configuration and customisation that are not distinct from access to the cloud software are
expensed over the SaaS contract term
• In limited circumstances, other configuration and customisation costs incurred in implementing SaaS arrangements may give rise to an
identifiable intangible asset, for example, where code is created that is controlled by the entity
• In all other instances, configuration and customisation costs will be expensed as the customisation and configuration services are received
See Notes 12 and 34 for further details.
Basis of measurement
The consolidated Financial Statements have been prepared on the historical cost basis except for consideration payable on acquisitions,
the revaluation of certain financial instruments and investments.
Functional and presentation currency
The Group and Company Financial Statements are presented in millions of Pounds Sterling (£m) because that is the currency of the
principal economic environment in which the Group operates.
140
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�1 Accounting policies continued
Going concern
The Directors have acknowledged guidance published in relation to going concern assessments.
The Group’s business activities, together with the factors likely to affect its future development, performance and position, are set out in the
Business Review and Financial Review. The Group’s financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending September 2022 which indicate
that, taking account of severe but plausible downsides and the anticipated impact of Covid-19 on the operations of the Group and its financial
resources, the Group and Company will have sufficient funds to meet their liabilities as they fall due for that period.
The Group is financed primarily by a £100m committed revolving credit facility which matures in June 2024. The Group is required to comply
with financial covenants for leverage (net debt to Adjusted EBITDA 1) and interest cover (Adjusted EBITDA 1 to interest charge) which are tested
bi-annually at 31 May and 30 November each year. As at 31 May 2021, the Group had drawn down £33.8m for working capital requirements.
Subsequent to the year end and shareholder approval on 1 June, the Group acquired on 7 June the IPM business for $220m; the US
acquisition was funded through an equity placing in May of £70.2m (net proceeds) combined with a new three year $70m term loan, existing
cash balances and our existing revolving credit facility. The impact of the acquisition on the Group’s financial performance, covenants and
business model has therefore been considered within this going concern assessment. As at 2 June 2021, following the acquisition of the
IPM business, the Group had drawn down £75.5m of its revolving credit facility and was due to incur further transaction costs of £6.4m.
As at 31 August 2021, cash, net debt (excluding lease liabilities) 1 and headroom amounted to £43.6m, £74.7m and £80.5m respectively.
Although the Group has demonstrated resilience to the challenging environment resulting from Covid-19, the Directors acknowledge that the
financial performance of the Group has been adversely impacted to certain degree since the commencement of the pandemic, and for this
reason the base case forecast for 2021 reflects this assessment. The continuing macro-economic risks and potential changes in government
policies (on the severity of enforced lockdowns worldwide) could have a continued effect on the Group’s performance. However, trading
throughout the pandemic has demonstrated resilience.
The Directors have prepared a number of severe but plausible scenarios as follows:
1.
2.
The performance of FY22 continues to be similar to that of 2021, including the impact on regional and international operations of the
Group and a potential reduction in growth.
An additional impact of Covid-19 during a two month period from January to February 2022 which coincides with a similar economic
pandemic pattern as 2021.
3.
Potential impact of customers’ inability to pay during a specified period.
4.
5.
Failure of execution of the strategy, loss of key customers and a number of acquisition related risks crystallising (for example increased
customer churn, integration and cash collection issues).
Software Resilience performance does not return to growth and the Assurance business experiences similar impact of Covid-19 on its
performance as 2021.
These scenarios have been modelled individually and also in combination in order to assess the Group’s ability to withstand multiple challenges,
although the Directors do not believe a scenario combining all these risks to be plausible. The impact of these sensitivities has been reviewed against
the Group’s projected cash flow position, available bank facilities and compliance with financial covenants. In the instance that a combination of the
above scenarios arise, mitigating actions would be required to ensure that the Group remains liquid and financially viable, which might include a
reduction of planned capital expenditure, freezing pay and recruitment and not paying a dividend to shareholders. All of the mitigating actions are within
the Directors’ control. These forecasts, including the severe but plausible downsides, show that the Group is able to operate within its available banking
facilities, with no forecasted covenant breaches, and that the Group will have sufficient funds to meets its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. Having reviewed the current
trading performance, forecasts, other Group trading entities’ financial support, debt servicing requirements, total facilities and risks, the Directors
are confident that the Company and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at
least 12 months from the date of approval of these Financial Statements. Accordingly, they continue to adopt the going concern basis of
accounting in preparing the Group’s Financial Statements for the year ended 31 May 2021.
Business combinations
Business combinations are accounted for by applying the acquisition method at the acquisition date, which is the date on which control is
transferred to the Group. The Group controls an entity when the Group is exposed to, or has rights to, variable returns from its involvement
with the entity and has the ability to affect those returns through its power over the entity.
Acquisitions
The Group measures goodwill at the acquisition date as:
• The fair value of the consideration transferred; plus
• The recognised amount of any non-controlling interests in the acquiree; plus
• If the business combination is achieved in stages, the fair value of the existing equity interest in the acquiree; less
• The fair value of the identifiable assets acquired and liabilities assumed.
When the excess is negative, a bargain purchase gain is recognised immediately in profit or loss. The consideration transferred does not
include amounts related to the settlement of pre-existing relationships. Such amounts generally are recognised in the Income Statement.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
141
Financial statements�1 Accounting policies continued
Acquisitions continued
Costs related to the acquisition, other than those associated with the issue of debt or equity securities, are expensed as incurred.
Any deferred or contingent consideration payable is recognised at fair value at the acquisition date. If the contingent consideration is classified as equity,
it is not remeasured and settlement is accounted for within equity. Otherwise, subsequent changes to the fair value of contingent consideration are
recognised in the Income Statement. On a transaction-by-transaction basis, the Group elects to measure non-controlling interests either at their fair
value or at their proportionate interest in the recognised amount of the identifiable net assets of the acquiree at the acquisition date.
Subsidiaries
Subsidiaries are entities controlled by the Group. The Financial Statements of subsidiaries are included in the consolidated Financial
Statements from the date that control commences until the date that control ceases.
Control is achieved where the Company has the power to govern the financial and operating policies of an investee entity so as to obtain
benefits from its activities. Intercompany transactions and balances between subsidiaries are eliminated on consolidation.
Intangible assets and goodwill
Goodwill represents amounts arising on acquisition of subsidiaries. In respect of business acquisitions that have occurred since 1 June 2004, goodwill
represents the difference between the cost of the acquisition and the fair value of the net identifiable assets acquired including identifiable intangible
assets. Identifiable intangibles are those which can be sold separately or which arise from legal rights regardless of whether those rights are separable.
In respect of acquisitions prior to 1 June 2004, goodwill is included at its deemed cost, which represents the amount recorded under UK
GAAP at 31 May 2004 which was broadly comparable, save that only separable intangibles were recognised and goodwill was amortised.
Goodwill is stated at cost less any accumulated impairment losses. Goodwill is allocated to cash generating units and is not amortised but is
tested annually for impairment. In respect of equity accounted investees, the carrying amount of goodwill is included in the carrying amount
of the investment in the investee.
Research and development
Expenditure on research activities is recognised in the Income Statement as an expense as incurred. Expenditure on development activities
is capitalised as “development costs” if the product or process is technically and commercially feasible, if the Group has the technical ability
and sufficient resources to complete development, if future economic benefits are probable and if the Group can measure reliably the
expenditure attributable to the intangible asset during its development. Development activities involve a plan or design for the production
of new or substantially improved products or processes.
Software costs
The Group capitalises “software costs” in accordance with the criteria of IAS 38. Software costs comprise third party costs and internal
employee time costs for internal system developments. Capitalised amounts are initially measured at cost and amortised on a straight-line
basis over the period for which the developed system is expected to be in use as a business platform. Software costs incurred as part of a
service agreement are only capitalised when it can be evidenced that the Group has control over the resources defined in the arrangement.
The expenditure capitalised includes the cost of materials, direct labour, overhead costs that are directly attributable to preparing the asset
for its intended use and capitalised borrowing costs. Other development expenditure is recognised in the Income Statement as an expense
as incurred. Software customisation and configuration costs relating to software not controlled by the Group are expensed over the period
such services are received. Software costs are stated at cost less accumulated amortisation and less accumulated impairment losses.
Intangible assets
Expenditure on internally generated goodwill is recognised in the Income Statement as an expense as incurred.
Intangible assets that are acquired by the Group are stated at cost less accumulated amortisation and less accumulated impairment losses.
Subsequent expenditure
Subsequent expenditure is capitalised only when it increases the future economic benefits embodied in the specific asset to which it relates.
All other expenditure, including expenditure on internally generated goodwill, is recognised in the Income Statement as an expense as incurred.
Amortisation
Amortisation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of intangible assets unless
such lives are indefinite. Intangible assets with an indefinite useful life and goodwill are systematically tested for impairment at each Balance
Sheet date. Intangible assets are amortised from the date they are available for use. The estimated useful lives are as follows:
Acquired customer contracts and relationships
– between three and ten years
Software
Capitalised development costs
– between three and five years
– between three and five years
Financial instruments
Financial assets and financial liabilities, in respect of financial instruments, are recognised in the Group Balance Sheet when the Group
becomes a party to the contractual provisions of the instrument.
Classification and measurement of financial assets and liabilities
Classification of financial assets is generally based on the business model in which the financial asset is managed and its contractual cash
flow characteristics. A financial asset is measured at amortised cost if it is held with the objective of collecting the contractual cash flows
and its contractual terms give rise on specified dates to cash flows that are solely payments of principal and interest on the principal
amount outstanding. All other financial assets are measured at fair value through other comprehensive income or the Income Statement.
142
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�1 Accounting policies continued
Financial assets at amortised cost
Trade and other receivables
Trade receivables and other receivables that have fixed or determinable payments that are not quoted in an active market are classified
as financial assets measured at amortised cost.
Under the IFRS 9 “expected credit loss” model, a credit event (or impairment “trigger”) no longer needs to occur before credit losses are recognised.
The Group analyses the risk profile of trade receivables based on past experience and an analysis of the receivables’ current financial
position, potential for a default event to occur, adjusted for specific factors, general economic conditions of the industry in which the
receivables operate and assessment of both the current and the forecast direction of conditions at the reporting date. A default event
is considered to occur when information is obtained that indicates that a receivable is unlikely to be paid to the Group.
Credit risk is regularly reviewed by management to ensure the expected credit loss (ECL) model is being appropriately applied.
The Group has performed the calculation of ECL separately for each business unit.
Financial liabilities at amortised cost
Trade payables
Trade payables are other financial liabilities initially measured at fair value and subsequently measured at amortised cost.
Impairment of non-financial assets
The carrying amounts of the Group’s non-financial assets, other than deferred tax assets, are reviewed at each reporting date to determine whether
there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is estimated. For goodwill, and intangible
assets that have indefinite useful lives or that are not yet available for use, the recoverable amount is estimated each year at the same time.
The recoverable amount of an asset or cash generating unit is the greater of its value in use and its fair value less costs to sell. In assessing
value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market
assessments of the time value of money and the risks specific to the asset.
For the purpose of impairment testing, assets that cannot be tested individually are grouped together into the smallest group of assets that
generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups of assets (the ‘cash
generating unit’). The goodwill acquired in a business combination, for the purpose of impairment testing, is allocated to cash generating
units (CGUs). Subject to an operating segment ceiling test, for the purposes of goodwill impairment testing, CGUs to which goodwill has
been allocated are aggregated so that the level at which impairment is tested reflects the lowest level at which goodwill is monitored for
internal reporting purposes. Goodwill acquired in a business combination is allocated to groups of CGUs that are expected to benefit from
the synergies of the combination.
An impairment loss is recognised if the carrying amount of an asset or its CGU exceeds its estimated recoverable amount. Impairment losses are
recognised in the Income Statement. Impairment losses recognised in respect of CGUs are allocated first to reduce the carrying amount of any
goodwill allocated to the units, and then to reduce the carrying amounts of the other assets in the unit (group of units) on a pro rata basis. An
impairment loss in respect of goodwill is not reversed. In respect of other assets, impairment losses recognised in prior periods are assessed at each
reporting date for any indications that the loss has decreased or no longer exists. An impairment loss is reversed if there has been a change in the
estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent that the asset’s carrying amount does not
exceed the carrying amount that would have been determined, net of depreciation or amortisation, if no impairment loss had been recognised.
Related party transactions
Details of related party transactions are set out in Note 32 to these Financial Statements.
Property, plant and equipment
Property, plant and equipment assets are carried at cost less accumulated depreciation and any recognised impairment in value. To the
extent that borrowing costs relate to the acquisition, construction or production of a qualifying asset, borrowing costs are capitalised as part
of the cost of that asset. Depreciation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives
of each part of an item of plant and equipment as follows:
Computer equipment
– between three and five years
Plant and equipment
– between three and five years
Furniture
– between three and five years
Fixtures and fittings
Motor vehicles
– five years
– four years
Property, plant and equipment is also tested for impairment whenever there is an indication of potential impairment.
Leases
At inception of a contract, the Group assesses whether a contract is, or contains, a lease. A contract is, or contains, a lease if the contract
conveys the right to control the use of an identified asset for a period of time in exchange for consideration. To assess whether a contract
conveys the right to control the use of an identified asset, the Group assesses whether:
• The contract involves use of the identified asset; this may be specified explicitly or implicitly and should be physically distinct or represent
substantially all of the capacity or a physically distinct asset. If the supplier has a substantive substitution right, then the asset is not identified
• The Group has the right to obtain substantially all of the economic benefits from use of the asset and throughout the period of use
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
143
Financial statements
�1 Accounting policies continued
Leases continued
• The Group has the right to direct the use of the asset. The Group has this right when it has the decision-making rights that are most
relevant to changing how and for what purpose the asset is used. In rare cases where all the decisions about how and for what purpose
the asset is used are predetermined, the Group has the right to direct the use of the asset if either:
• The Group has the right to operate the asset
• The Group designed the asset in a way that predetermines how and for what purpose it will be used
The Group recognises a right-of-use asset and a lease liability at the lease commencement date. The right-of-use asset is initially measured
at cost, which comprises the initial amount of the lease liability adjusted for any lease payments made at or before the commencement date,
and an estimate of costs to dismantle and remove the underlying asset or to restore the underlying asset or the site on which it is located,
less any lease incentives received.
The right-of-use asset is subsequently depreciated using the straight-line method from the commencement date to the earlier of the end
of the useful life of the right-of-use asset or the end of lease term. The estimated useful lives of right-of-use assets are determined on
the same basis as those of property, plant and equipment. In addition, the right-of-use asset is periodically reduced by impairment losses,
if any, and adjusted for certain remeasurements of the lease liability.
The lease liability is initially measured at the present value of the lease payments that are not paid at the commencement date, discounted
using the interest rate implicit in the lease or, if that rate cannot be readily determined, the Group’s incremental borrowing rate.
The lease liability is measured at amortised cost using the effective interest method. It is remeasured when there is a change in future lease
payments arising from a change in an index or rate, if there is a change in the Group’s estimate of the amount expected to be payable, or if
the Group changes its assessment of whether it will exercise a purchase, extension or termination option.
When the lease liability is remeasured in this way, a corresponding adjustment is made to the carrying amount of the right-of-use asset, or
is recorded in the Income Statement if the carrying amount of the right-of-use asset has been reduced to zero. The Group has elected not
to recognise right-of-use assets and lease liabilities for short-term leases that have a lease term of 12 months or less and leases of low
value assets, including certain IT equipment. The Group recognises the lease payments associated with these leases as an expense on
a straight-line basis over the lease term.
Lease rental costs in respect of short-term leases (less than one year) and low value assets which are exempt from being accounted
for under IFRS 16 are charged to the Income Statement on a straight-line basis over the period of the lease.
Investments
Investments in subsidiaries are carried at cost less impairment. Investments in property and unlisted shares are carried at cost less
impairment, which is based on the fair value at acquisition.
Inventory
Inventory is held at the lower of cost or net realisable value.
Revenue recognition
Summary
The Group provides independent global cyber assurance security and Software Resilience services.
The revenue streams in relation to Assurance include:
• Global Professional Services (GPS) – global cyber security consultancy services
• Global Managed Services (GMS) – operational cyber defence, incident response, scanning, simulation and managed
security operations centres (SOCs)
• Product sales – sale of own manufactured and/or resale of third party products
The revenue streams in relation to Software Resilience include:
• Escrow contract services – securely maintain in “escrow” the long-term availability of business critical software and applications
• Verification services – verify source code, and provide a fully managed secure service and result validation
While the detailed recognition is contract specific, and set out in the table on pages 145 to 148, in most cases:
• GPS revenues are recognised on an input method over time
• GMS revenues are bifurcated according to the separate performance obligations (see pages 146 and 147)
• Product sales are recognised when control passes, usually on delivery
• Escrow contract revenues are recognised over time
• Verification services are recognised on the completion of the verification service
Revenue is presented net of VAT and other sales related taxes.
Revenue is measured based on the consideration specified in a contract with a customer. The Group recognises revenue when it transfers
control over a good or service to a customer.
144
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�1 Accounting policies continued
Revenue recognition continued
Summary continued
Due to the nature of the Group’s activities, the Group transaction price for the majority of its contracts is entirely variable consideration as
these contracts are on a time and material basis, using set contractual rates per hour/day worked, giving rise to no estimation or reversal risk
at period end. The Group does not have any material obligations in respect of returns, refunds or warranties. The impact of any financing
component within contracts with customers has been assessed and concluded to be immaterial.
On contract inception, the probability of collectability is assessed across the Group and, unless there is a significant change in facts and
circumstances, revenue is recognised. During the year, no instances have been identified where reassessment of the collectability has had
to be reassessed, nor have there been any new contracts with customers for which the collection of consideration has not been assessed
at inception as probable. This current year assessment also takes into account the impact of Covid-19 on the Group’s customer base.
Detailed policies
The following table provides information about the nature and timing of the satisfaction of performance obligations in contracts with
customers by reportable segments, including significant payment terms, and the related revenue recognition policies.
Assurance
Revenue stream
Nature
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Global
Professional
Services (GPS)
GPS is the Group’s core
consulting service
represented by consultants
providing cyber security
consultancy services to
a customer over time or
to a set deliverable.
Some contracts may contain
multiple services (e.g. cyber
security assessment and
certified product evaluation
services). These will be
identified as separate
performance obligations,
and the transaction price
allocated to each of these is
determined by using the fixed
contract rate based upon
day rates, being the relative
standalone selling price basis.
Specifically, the contract terms
range from time and materials
(based upon consultants’ time
and expenses) and discrete
statements of work, whereby
the customer benefits gradually
over the period over which
the work is performed, unless
there is a set deliverable (for
example a defined security
assessment report).
The Group in certain
situations operates on agreed
customer terms which allow
the Group to recover any
abortive revenue from its
customer in the event that
a customer terminates a
contract before the contract
or deliverable is complete.
The customer simultaneously
receives the benefits of the
consulting services provided by
the Group over the period over
which the work is performed
and one promise (performance
obligation) is identified. Work is
performed on a daily basis.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
No discounts or retrospective
rebates are provided.
Where a set deliverable is required
and the customer receives the
incremental benefit at the end of
the work when the deliverable is
transferred to the customer, this
represents one performance
obligation. In this situation, the
contract will have no abortive
revenue rights; therefore, the
Group has no right to consideration
for performance to date.
Invoicing will usually be on
completion of the set deliverable
and payable within 30 days.
The customer simultaneously
receives and consumes the benefits
of the consulting services provided
by the Group over the period over
which the work is performed by the
Group and one performance
obligation is identified.
Invoices in relation to the abortive
revenue will be recognised when
aborted. Invoices are usually
payable within 30 days.
Revenue is recognised on an input basis
to measure the satisfaction of performance
obligations over time. This is done according
to the number of days worked in comparison
to the total contracted number of days of the
performance obligation. The work performed
occurs on a daily basis (for example security
assessment of a customer’s security environment).
It is considered that as the customer benefits
over time based on consultants’ time, the input
method faithfully depicts the Group’s
performance towards complete satisfaction
of the single performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of days.
Revenue is recognised at a point in time,
on completion of the performance
obligation deliverable.
It is considered that as the customer benefits
once the set deliverable is received, the point
in time method faithfully depicts the Group’s
performance towards complete satisfaction
of the single performance obligation.
Transaction price is determined by fixed
contract rates.
Revenue is recognised on an input
basis to measure the satisfaction of
performance obligations over time.
This is done according to the number of days
worked in comparison to the total contracted
number of days of the performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of consultancy days.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
145
Financial statements�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Global Managed
Services (GMS)
These services provide
operational cyber defence,
incident response, scanning,
simulation and managed
security operations centres
(SOCs). Services are typically
for an extended delivery
duration, with contract
lengths varying up to a
maximum of five years.
The proposition will also
provide the customer with
software licence(s) to enable
these services to occur.
On this basis, the Group
operates two types of
contracts:
• A Managed Service
Provider (MSP) model
whereby the customer
is supplied with one
complete integrated
service including the
software licence(s)
• A reseller model whereby
the Group sources the
software licence(s) on
behalf of the customer
and provides the
Managed Detection
and Response services
These services will also
include set-up fees. Set-up
fees represent workshops,
design, and configuration to
create a “connection”
between systems.
Following services going live,
the Group will also provide a
certain level of professional
service consultancy days
based on a day rate
(post-go-live fees).
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
The customer will benefit from
the services over the period
of the contract.
The amount of revenue recognised in relation
to software licence(s) depends on whether
the Group acts as an agent or as a principal.
However, the type of contract
will depend on how the customer
benefits from the software
licence(s).
Where a MSP model is selected
by the customer, the Group
recognises three performance
obligations:
• Set-up fees
• Post-go-live fees
• Combined monitoring cyber
and licence service
The MSP model is considered to
be under a principal arrangement
whereby the Group controls the
service prior to transfer.
Where a reseller model is selected
by the customer, the Group
recognises four performance
obligations:
• Sourced software licence(s)
• Set-up fees
• Post-go-live fees
• Monitoring cyber service
The reseller model is considered
to be under an agency
arrangement whereby the
customer receives the benefit and
control of the licence on delivery.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
The Group acts as principal when the Group
controls the specified software licence or
service prior to transfer (MSP model).
When the Group acts as a principal the revenue
recorded is the gross amount billed. The
transaction price is determined by a contract
price (cost plus mark-up). The transaction price
for the overall service is outlined within the
customer contract. In certain scenarios, the
contract will outline the price for each
performance obligation, which is considered to
be the standalone selling price of the services/
goods, and the transaction price is allocated
to each performance obligation on this basis.
Where the contract does not stipulate the price
per performance obligation, management
determines the relative standalone selling price
for each performance obligation based on a
market assessment approach for the services
provided in comparison to market prices, and
the contract transaction price is allocated to each
performance obligation in proportion to those
standalone selling prices.
Under a reseller model, the Group’s
responsibility is to arrange for a third party to
provide a specified software licence(s) to the
customer. In these cases, the Group is acting
as an agent and the Group does not control the
relevant licence(s) before it is transferred to the
customer. In particular, the Group does not have
inventory risk, have access to its source code or
hold the IP rights.
When the Group is acting as an agent, the
revenue is recorded at the net amount retained
(commission) at a point in time as the customer
receives immediate benefit from access to the
licence and the Group does not have any further
obligations in relation to the provision of the
licence. The commission transaction value
represents the mark-up on the licence provided.
Set-up fees are recognised over time of the
set-up. In particular, the level of administrative tasks
involved in the set-up process is considered
immaterial and therefore the work performed
is considered a distinct promised service and
incremental benefit of the installation to the
customer. The fees are based on day rates
incurred (defined by an in-house day rate sales
pricing matrix). Accordingly, the charge out rates
are recognised and allocated to these tasks
when performed akin to technical professional day
rate services. These rates are considered to be the
standalone selling prices and are not discounted
or reduced for other services.
146
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Global Managed
Services (GMS)
continued
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Post-go-live fees are recognised on delivery
of consultancy services over time as the customer
obtains incremental benefit from the hours
provided. Revenue is recognised on an input
basis (day rates) to measure the satisfaction
of performance obligations over time.
Transaction price is determined by fixed
contract rates based upon day rates and
number of post-go-live consultancy days.
One performance obligation, being a combined
monitoring cyber and licence service, is identified
in relation to the MSP model monitoring service.
Revenue is recognised over the contract length as
the software and monitoring process is an overall
service, whereby the Group retains control of the
licence and provides a complete monitoring service
to the customer. If the customer cancels the
contract, the Group will retain control of the licence.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily and
therefore revenue is recognised on straight-line basis
as the performance obligation is satisfied over time.
The transaction price is determined by fixed
contract rates for the combined services.
Revenue in relation to the reseller model
monitoring service is recognised over the
contract length on a straight-line basis as the
performance obligation is satisfied over time.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily on
straight-line basis.
Revenue is recognised when control of the
product is transferred to the customer. This occurs
upon delivery under the contractual terms.
On certain sales of third party products, the control
of the product is considered to pass from the
vendor to the end customer and in these cases the
Group acts as an agent, and hence only records a
commission on sale as opposed to gross revenue
and costs of sale.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
147
Product sales
This revenue represents the
sale of own manufactured
and/or resale of third party
products with no connection
to other Group services.
The customer only benefits from
the products on delivery.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
Financial statements�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Long-term fixed
price contracts
This revenue represents
the long-term development
and/or manufacture of
specialised software and
hardware solutions.
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Revenue is recognised on an input basis to
measure the satisfaction of the performance
obligation over time. This is done according to
total costs incurred in comparison to the total
expected costs to be incurred to satisfy the
performance obligation. This input measure
is driven by the nature of the activities carried
out in satisfying the performance obligation.
The transaction price is fixed within the terms
of the contractual arrangement.
Delivery of the product is
considered to represent one
performance obligation.
The development and/or
manufacturing work carried out by
the Group is not considered to create
an asset with an alternative use to
the entity. The Group is entitled to
payment as performance of the
contract is completed. On this basis,
revenue is recognised over time.
Invoices are raised based on
achievements of pre-defined
milestones in the contract.
Invoices are usually payable
within 30 days.
Software Resilience
Escrow contract
services
These services securely
maintain in “escrow” the
long-term availability of
business critical software and
applications while protecting
the intellectual property rights
(IPR) of technology partners.
The service will include
set-up time which is
administrative in nature.
The customer benefits from
the escrow service evenly over
a contract period, usually at
least a year and potentially
up to three years.
The service represents one
performance obligation.
Invoices are raised based
on an agreed invoicing profile
with the customer.
Invoices are usually payable
within 30 days.
Revenue is recognised over time on a straight-
line basis representing the service delivery
agreement. The nature of the agreement gives
rise to the customer having the benefit of
software resilience if and when required over
the contract period. Revenue is recognised on
a straight-line basis as the pattern of benefit to
the customer as well as the Group’s efforts to
fulfil the contract are generally even throughout
the period.
The transaction price is determined by
a contract price.
Set-up time is not considered distinct and
a separate performance obligation due to
the administrative nature and therefore is
recognised over the period of the contract.
Verification
services
These services verify source
code based upon an agreed
scope between all parties,
and provide a fully managed
secure service and result
validation, typically delivered
over a short period of
time (days).
These include SaaS services
and ICANN services.
The customer benefits from the
verification service on completion
because the source code will only
have been fully verified/validated
at that point.
Revenue is recognised on completion
of the verification services.
Transaction price is determined by fixed
contract rates based upon day rates and
number of verification days.
The service represents one
performance obligation.
Invoices are raised monthly
or based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
Contract costs
Contract costs comprise incremental sales commissions paid to sales agents which can be directly attributed to an acquired or retained
contract. Capitalised commission costs are amortised on a systematic basis that is consistent with the transfer to the customer of the
services when the related revenues are recognised. In all other cases, all internal and external costs of obtaining the contract are
recognised as incurred.
Costs directly incurred in fulfilling a contract with a customer, which comprise labour hours on long-term contracts, are recognised as an
asset to the extent they are recoverable. Such costs are amortised on a systematic basis that is consistent with the transfer to the customer
of the services when the related revenues are recognised.
148
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�1 Accounting policies continued
Accrued income
Accrued income represents the Group’s rights to consideration for work completed but not billed at the reporting date. Remaining balances
are transferred to receivables when the rights become unconditional.
Deferred revenue
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time.
Long-term loss-making contracts
Long-term contracts are reviewed annually to establish if the contract is onerous in nature. In particular, the long-term contract becomes an
onerous contract when the unavoidable costs (i.e. the lower of the cost of fulfilling the contract and any compensation or penalties arising from
failure to fulfil it) exceed the economic benefits expected to be received under the contract. The assessment of cost to fulfil includes costs that
relate directly to the contract and includes direct costs of production, direct costs of supplies/hardware from external suppliers (materials), direct
labour in relation to performance obligations and if appropriate any potential contractual fine dependent on items (performance obligations) not
being delivered/performed. Any assets dedicated to the specific contract are also tested for potential impairment.
Determination and presentation of operating segments
The Group determines and presents operating segments based on the information that is provided to the Board, which acts as the Group’s
chief operating decision maker (CODM) in order to assess performance and to allocate resources.
An operating segment is a component of the Group that engages in business activities from which it may earn revenues and incur expenses,
including revenues and expenses that relate to transactions with any of the Group’s other components. An operating segment’s results are
reviewed regularly by the CODM to make decisions about resources to be allocated to the segment and to assess its performance.
The Group reports its business in two key segments: the Assurance division and the Software Resilience division. The two reporting segments
provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group of services.
The operating segments are grouped into the reporting segments on the basis of how they are reported to the CODM. Operating segments are
aggregated into the two reportable segments based on the types and delivery methods of services they provide, common management structures,
and their relatively homogeneous commercial and strategic market environments. Both of the Group’s divisions (segments) are run by a senior
executive team; those teams make all decisions on resource allocation, product development, marketing and areas for focus and investment.
Allocation of central costs
Some costs are collected and managed in one location but are actually incurred on behalf of multiple operating segments or reporting
segments. These costs are then allocated to the reporting segments. The allocation is based on logical or activity driven cost algorithms.
The allocation is necessary to give an accurate picture of the consumption of resources by each reporting segment.
Individually Significant Items
Individually Significant Items are identified as those items that based on their size and nature and/or incidence are assessed to warrant
separate disclosure to provide supplementary information to support the understanding of the Group’s financial performance. Individually
Significant Items typically comprise costs/profits/losses on material acquisitions/disposals/business exits, fundamental reorganisation/
restructuring programmes and other significant one-off events. Individually Significant Items are considered to require separate presentation
in the notes to the Financial Statements in order to fairly present the financial performance of the Group.
Foreign currencies
Transactions in foreign currencies are recorded using the appropriate monthly exchange rate ruling at the date of the transaction. Monetary
assets and liabilities denominated in foreign currencies are retranslated using the exchange rate ruling at the Balance Sheet date and the
gains or losses on translation are included in the Income Statement.
The assets and liabilities of overseas subsidiaries denominated in foreign currencies are retranslated at the exchange rate ruling at the Balance
Sheet date. The income statements of overseas subsidiary undertakings are translated at the weighted average exchange rates for the financial
year. Gains and losses arising on the retranslation of overseas subsidiary undertakings are taken to the currency translation reserve. They are
released to the Income Statement upon disposal of the subsidiary to which they relate.
Foreign currency differences arising from the translation of qualifying cash flow hedges are recognised in OCI to the extent that the hedges are effective.
Derivative financial instruments and hedge accounting
The Group holds derivative financial instruments to hedge its foreign currency risk exposures. Derivatives are initially measured at fair value.
Subsequent to initial recognition, derivatives are measured at fair value, and changes therein are generally recognised in profit or loss. The
Group designates certain derivatives as hedging instruments to hedge the variability in cash flows associated with highly probable forecast
transactions arising from changes in foreign exchange rates. At inception of designated hedging relationships, the Group documents the risk
management objective and strategy for undertaking the hedge. The Group also documents the economic relationship between the hedged
item and the hedging instrument, including whether the changes in cash flows of the hedged item and hedging instrument are expected
to offset each other.
Cash flow hedges
When a derivative is designated as a cash flow hedging instrument, the effective portion of changes in the fair value of the derivative
is recognised in OCI and accumulated in the hedging reserve. The effective portion of changes in the fair value of the derivative that is
recognised in OCI is limited to the cumulative change in fair value of the hedged item, determined on a present value basis, from inception
of the hedge. Any ineffective portion of changes in the fair value of the derivative is recognised immediately in profit or loss.
The Group designates only the change in fair value of the spot element of forward exchange contracts as the hedging instrument in cash
flow hedging relationships. The change in fair value of the forward element of forward exchange contracts (forward points) is separately
accounted for as a cost of hedging and recognised in a costs of hedging reserve within equity.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
149
Financial statements�1 Accounting policies continued
Cash flow hedges continued
When the hedged forecast transaction subsequently results in the recognition of a non-financial item, the amount accumulated in the
hedging reserve and the cost of hedging reserve is included directly in the initial cost of the non-financial item when it is recognised.
For all other hedged forecast transactions, the amount accumulated in the hedging reserve and the cost of hedging reserve is reclassified
to profit or loss in the same period or periods during which the hedged expected future cash flows affect profit or loss.
If the hedge no longer meets the criteria for hedge accounting or the hedging instrument is sold, expires, is terminated or is exercised, then
hedge accounting is discontinued prospectively. When hedge accounting for cash flow hedges is discontinued, the amount that has been
accumulated in the hedging reserve remains in equity until, for a hedge of a transaction resulting in the recognition of a non-financial item,
it is included in the non-financial item’s cost on its initial recognition or, for other cash flow hedges, it is reclassified to profit or loss in the
same period or periods as the hedged expected future cash flows affect profit or loss.
If the hedged future cash flows are no longer expected to occur, then the amounts that have been accumulated in the hedging reserve
and the cost of hedging reserve are immediately reclassified to profit or loss.
Employee benefits – defined contribution pensions
The Group operates a defined contribution pension scheme. The assets of the scheme are kept separate from those of the Group in an
independently administered fund. The amount charged as an expense in the Income Statement represents the contributions payable to
the scheme in respect of the accounting period.
Short-term benefits
Short-term employee benefit obligations are measured on an undiscounted basis and are expensed as the related service is provided. A liability
is recognised for the amount expected to be paid under short-term cash bonus or profit-sharing plans if the Group has a present legal or
constructive obligation to pay this amount as a result of past service provided by the employee and the obligation can be estimated reliably.
Share-based payment transactions
Share-based payments in which the Group receives goods or services as consideration for its own equity instruments are accounted for
as equity settled share-based payment transactions, regardless of how the equity instruments are obtained by the Group.
The grant date fair value of share-based payment awards granted to employees is recognised as an employee expense, with a corresponding
increase in equity, over the period that the employees become unconditionally entitled to the awards. The fair value of the options granted is
measured using an option valuation model, taking into account the terms and conditions upon which the options were granted.
The amount recognised as an expense is adjusted to reflect the actual number of awards for which the related service and non-market
vesting conditions are expected to be met, such that the amount ultimately recognised as an expense is based on the number of awards that
do meet the related service and non-market performance conditions at the vesting date. For share-based payment awards with non-vesting
conditions, the grant date fair value of the share-based payment is measured to reflect such conditions and there is no true-up for
differences between expected and actual outcomes.
Share-based payment transactions in which the Group receives goods or services by incurring a liability to transfer cash or other assets that
is based on the price of the Group’s equity instruments are accounted for as cash settled share-based payments. The fair value of the amount
payable to employees is recognised as an expense, with a corresponding increase in liabilities, over the period in which the employees become
unconditionally entitled to payment. The liability is remeasured at each Balance Sheet date and at settlement date. Any changes in the fair
value of the liability are recognised as personnel expense within the Income Statement.
Where the Company grants options over its own shares to the employees of a subsidiary it recognises in its individual Financial Statements,
an increase in the cost of investment in that subsidiary equivalent to the equity settled share-based payment charge is recognised in respect
of that subsidiary in its consolidated Financial Statements with the corresponding credit being recognised directly in equity.
Holiday or vacation pay
The Group recognises a liability in the Balance Sheet for any earned but not yet taken holiday entitlement for staff. Earned holiday is
calculated on a straight-line basis over a holiday year which can vary by business unit. Taken holiday is based on actually taken holiday.
Any movement in the liability between the opening and closing balance in the year is recorded as an employee cost or a reduction in
employee costs in the Income Statement in the year.
Borrowings
Borrowings are recognised initially at fair value less attributable transaction costs. Subsequent to initial recognition, borrowings are stated
at amortised cost with any difference between cost and redemption value being recognised in the Income Statement over the period of the
borrowings on an effective interest basis.
Finance costs
Finance costs are recognised within the Income Statement in the year in which they are incurred.
Provisions
Provisions are determined by discounting the expected future cash flows at a pre-tax rate that reflects current market assessments
of the time value of money and the risks specific to the liability. The unwinding of the discount is recognised as finance cost.
150
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�1 Accounting policies continued
Taxation
Taxation on the profit or loss for the year comprises current and deferred taxation. Taxation is recognised in the Income Statement except
to the extent that it relates to items recognised directly in equity, in which case it is recognised in equity.
Current tax is the expected tax payable or receivable on the taxable income or loss for the year, using tax rates enacted or substantively
enacted at the Balance Sheet date, and any adjustment to tax payable in respect of previous years.
Deferred tax is provided on temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and
the amounts used for taxation purposes. The following temporary differences are not provided for: the initial recognition of goodwill; the initial
recognition of assets or liabilities that affect neither accounting nor taxable profit other than in a business combination; and differences
relating to investments in subsidiaries to the extent that they will probably not reverse in the foreseeable future. The amount of deferred tax
provided is based on the expected manner of realisation or settlement of the carrying amount of assets and liabilities, using tax rates enacted
or substantively enacted at the Balance Sheet date. A deferred tax asset is recognised only to the extent that it is probable that future
taxable profits will be available against which the temporary difference can be utilised.
R&D tax credits are recognised for the UK tax jurisdiction within administrative expenses and within income tax for the US tax jurisdiction.
Intra-group financial instruments
Where the Company enters into financial guarantee contracts to guarantee the indebtedness of other companies within the Group, the
Company considers these to be insurance arrangements and accounts for them as such. In this respect the Company treats the guarantee
contract as a contingent liability until such time as it becomes probable that the Company will be required to make a payment under the guarantee.
Cash and cash equivalents
Cash and cash equivalents comprise cash in hand and deposits repayable on demand. Bank overdrafts that are repayable on demand form part of
the Group’s cash management and are included as a component of cash and cash equivalents for the purpose only of the Statement of Cash Flows.
Treasury shares
NCC Group plc shares held by the Group are deducted from equity as “treasury shares” and are recognised at cost. Consideration received
for the sale of such shares is also recognised in equity, with any difference between the proceeds from sale and the original cost being taken
to reserves. No gain or loss is recognised in the Income Statement on the purchase, sale, issue or cancellation of equity shares.
2 Critical accounting judgements, key sources of estimation uncertainty and other estimates
The preparation of Financial Statements requires management to exercise judgement in applying the Group’s accounting policies. Different
judgements would have the potential to change the reported outcome of an accounting transaction or Statement of Financial Position. It also
requires the use of estimates that affect the reported amounts of assets, liabilities, income and expenses. Actual results may differ from
these estimates. Estimates and underlying assumptions are reviewed on an ongoing basis, with changes recognised in the period in which
the estimates are revised and in any future periods affected. The table below shows those areas of critical accounting judgements and
estimates that the Directors consider material and that could reasonably change significantly in the next year.
Accounting area
Carrying value of goodwill
Control of IPM Software Resilience business
Recognition of research and development tax credits
Intangible assets – cloud-based software and development costs
Accounting
judgement?
Accounting
estimate?
No
Yes
No
Yes
Yes
No
Yes
No
2.1 Critical accounting judgements
Information about critical accounting judgements made in applying accounting policies that have the most significant effects on the amounts
recognised in the consolidated Financial Statements are as follows.
Control of IPM Software Resilience business
A key judgement in the year ended 31 May 2021 is the acquisition date for the purchase of the IPM Software Resilience business.
Management considers shareholder approval of the transaction constitutes a change in control and therefore the date of shareholder
approval is considered to be the acquisition date for the transaction.
Shareholder approval was granted on 1 June 2021 and the IPM Software Resilience business will be consolidated into the Group results
from that date.
Intangible assets – cloud-based software and development costs
When the Group incurs customisation and configuration costs, as part of a service agreement, judgement is also required in assessing whether
the Group has control over the resources defined in the arrangement. Management has considered the IFRS Interpretations Committee (IFRIC)
agenda decision in April 2021 on the clarification of accounting in relation to these costs. The costs expensed amount to £5.1m (2020: £7.9m).
See further details in Notes 12 and 34 in relation to a prior year restatement.
Development activities involve a plan or design for the production of new or substantially improved products or processes. Judgement is
required in determining whether the project is technically and commercially feasible; judgement is required in assessing the future economic
benefit and viability of the project.
Such judgements are inherently subjective and can have a material impact on determining whether such costs should be capitalised.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
151
Financial statements�2 Critical accounting judgements, key sources of estimation uncertainty and other estimates continued
2.2 Estimation uncertainties
Information about estimation uncertainties that have a significant risk of resulting in a material adjustment to the carrying values of assets
and liabilities within the next financial year is addressed below.
Whilst every effort is made to ensure that such estimates and assumptions are reasonable, by their nature they are uncertain, and as such
changes in estimates and assumptions may have a material impact. Estimates and assumptions used in the preparation of the Financial
Statements are continually reviewed and revised as necessary at each reporting date.
Carrying values of goodwill
The Group has significant balances relating to goodwill at 31 May 2021 as a result of acquisitions of businesses in previous years.
The carrying value of goodwill at 31 May 2021 is £182.9m (2020: £193.1m). Goodwill balances are tested annually for impairment.
Tests for impairment are primarily based on the calculation of a value in use for each CGU.
This involves the preparation of discounted cash flow projections, which require significant estimates of both future operating cash flows
and an appropriate risk-adjusted discount rate.
The commercial viability of individually capitalised development project costs is also part of the overall assessment of carrying values.
Future cash flow estimates are based on two critical estimates: the rate of revenue growth and the discount rate, particularly in relation
to the Europe Assurance CGU which is the most sensitive to movements in estimates.
The calculation of an appropriate discount rate to apply to the future cash flow estimate is itself an estimate. While some aspects of discount
rate calculations can be more mechanical in nature (such as using the 30 year gilt yield as a proxy for the risk free rate) others, such as entity
or sector-specific risk adjustments, rely more on management estimates. The discount rate is also a key component in assessing the terminal
value which is often an important part of any valuation.
Sensitivity analysis on what are regarded as reasonably possible changes is provided in Note 12.
Recognition of research and development tax credits
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be
uncertainty. The most significant source of uncertainty arises from claims for US research and development (R&D) tax credits relating to
historical periods. Uncertainty arises as a result of a degree of uncertainty concerning the interpretation of US legislation and because the
statute of limitations has not expired. The basis on which the Group has claimed R&D tax credits involves a technical assessment of which
party bears the economic risk in any research contracts entered into with third parties. This assessment is a key estimate. It is considered
“probable” that the US taxation authority would accept the uncertain tax treatment in relation to the utilised tax credits recognised.
For the periods ending 31 May 2017 to 31 May 2021, the aggregate net current tax benefit included in the Income Statement relating to the
R&D US tax credits is £2.7m (2020: £4.3m). The gross deferred tax asset relating to the R&D US tax credits is £1.0m (2020: £0.8m), although
due to the uncertainty we have made a provision of £0.6m (2020: £0.8m) against this asset. The aggregate gross amount of US R&D tax
credits recognised amounts to £8.2m (2020: £5.1m) and we have made a provision of £5.1m (2020: £0.8m) against this gross position.
It is considered reasonably possible that the outcome relating to historical claims ranges from a potential increase of tax credits of £5.1m
to a potential reduction of £3.1m.
2.3 Other estimates
Long-term loss-making contracts
Some aspects of the Group’s revenue are derived from relatively long-term fixed price contracts. On this basis, estimation uncertainty
is disclosed in relation to one contract:
• An onerous provision recognised during the year ended 31 May 2020 of £0.2m has increased during the period by a further £1.9m,
of which £1.7m has been utilised leaving a closing balance of £0.4m of a total provision for loss-making contracts of £1.1m (see Note 21).
This additional provision relates to a European contract and has been caused by Covid-19 disruption and some project management
challenges. Management prepares projections, which, due to the complexity of the contract, require estimates and accounting judgement
of both revenue and cost recognition (including the number of performance obligations). Revenue is recognised based on the input
method of IFRS 15 in relation to total costs and therefore management has to estimate the number of hours still required to complete the
long-term projects and associated labour cost to complete. Due to the level of estimation and dependency on hours remaining to complete
the performance obligation, sensitivity analysis on what is regarded a reasonably possible scenario for this contract is provided below:
• A 20% increase in total labour hours to the project would give rise to a further provision of up to £0.2m
3 Alternative Performance Measures (APMs) and adjusting items
The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined terms
under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not intended to be
a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the current year results and
comparative periods where provided.
This presentation is also consistent with the way that financial performance is measured by management and reported to the Board, and
the basis of financial measures for senior management’s compensation schemes, and provides supplementary information that assists the
user in understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure that the Annual
Report and Accounts give a fair, balanced and understandable view of the Group’s performance, cash flows and financial position. IAS 1
‘Presentation of Financial Statements’ requires the separate presentation of items that are material in nature or scale in order to allow
the user of the accounts to understand underlying business performance.
152
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�3 Alternative Performance Measures (APMs) and adjusting items continued
As discussed in the prior year Annual Report and in accordance with FRC guidelines, the Group no longer presents a Consolidated Income
Statement showing adjusting items separately. In the prior year, the Group disclosed adjusting items of £10.2m relating to amortisation
of acquisition intangibles (2020: £8.8m) and share-based payments (2020: £1.4m) as a separate column on the face of the Consolidated
Income Statement. This is no longer disclosed in this way to simplify the Group’s results. However, as the Group manages internally its
performance at an adjusted operating profit level (before amortisation of acquisition intangibles, share-based payments and Individually
Significant Items), which management believes better represents the underlying trading of the business, this information is still disclosed as
an APM within this Annual Report. This APM is reconciled to statutory operating profit, together with the consequently Adjusted basic EPS
(before amortisation of acquisition intangibles, share-based payments and Individually Significant Items and tax effect thereon) to statutory
basic EPS.
This change has removed the following adjusted measures from the Group’s narrative reporting and disclosures:
• Adjusted profit before taxation
• Adjusted taxation
Following this revision to APMs, the Group has the following APMs/non-statutory measures:
• Adjusted EBITDA (reconciled below)
• Adjusted operating profit (reconciled below)
• Adjusted basic EPS (pence) (reconciled in Note 11)
• Net cash/(debt) excluding lease liabilities (reconciled below)
• Net debt (reconciled below)
• Cash conversion (reconciled below)
• Constant currency revenue
These measures provide supplementary information that assists the user to understand the financial performance, position and trends of the
Group. Further detail is included within the glossary of terms to this Annual Report which provides supplementary information that assists the
user in understanding theses APMs/non-statutory measures.
The Group reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account
constant foreign exchange rates year on year. This involves translating comparative numbers to current year rates for comparability to enable
a growth factor to be calculated. In addition, the Group also reports these regions on a local currency basis to demonstrate the revenue
performance on a local basis. As these measures are not statutory revenue numbers, management consider these to be APMs.
Adjusted EBITDA and Adjusted operating profit
The calculation of Adjusted EBITDA and Adjusted operating profit is set out below:
Operating profit
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Amortisation of customer contracts and relationships (acquired intangibles)
Amortisation of software and development costs
Individually Significant Items (Note 5)
Share-based payments charge (Note 26)
Adjusted EBITDA
Depreciation and amortisation (excluding amortisation charged on acquired intangibles)
Adjusted operating profit
2021
£m
17.3
4.4
5.9
6.4
3.0
12.7
2.8
52.5
(13.3)
39.2
2020
(restated) 2
£m
12.6
5.8
6.0
8.8
3.0
7.9
1.4
45.5
(14.8)
30.7
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
153
Financial statements�3 Alternative Performance Measures (APMs) and adjusting items continued
Net cash/(debt)
The calculation of net cash/(debt) is set out below:
Cash and cash equivalents (Note 24)
Borrowings (Note 24)
Net cash/(debt) excluding lease liabilities
Lease liabilities
Net cash/(debt)
Cash conversion ratio
The calculation of the cash conversion ratio is set out below:
Cash generated from operating activities before interest and taxation (A)
Adjusted EBITDA (B)
Cash conversion ratio (%) (A)/(B)
2021
£m
116.5
(33.2)
83.3
(34.4)
48.9
2020
£m
95.0
(99.2)
(4.2)
(38.2)
(42.4)
2021
£m
46.3
52.5
2020
(restated) 2
£m
46.8
45.5
88.2%
102.9%
4 Segmental information
The Group is organised into the following two (2020: two) reportable segments: Assurance and Software Resilience. The two reporting
segments provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group
of services. The operating segments are grouped into the reporting segments on the basis of how they are reported to the chief operating
decision maker (CODM) for the purposes of IFRS 8 ‘Operating Segments’, which is considered to be the Board of Directors of NCC Group
plc. Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide,
common management structures, and their relatively homogeneous commercial and strategic market environments. Performance is measured
based on reporting segment profit, which comprises Adjusted operating profit 1 and adjusting items are not allocated to business segments..
Interest and tax are also not allocated to business segments and there are no intra-segment sales.
Segmental analysis 2021
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Assurance
£m
Software
Resilience
£m
Central and
head office
£m
233.9
(149.5)
84.4
36.1%
(45.4)
39.0
(9.4)
29.6
–
–
–
36.6
(10.4)
26.2
71.6%
(9.5)
16.7
(0.7)
16.0
–
–
–
29.6
16.0
–
–
–
–
(3.2)
(3.2)
(3.2)
(6.4)
(12.7)
(6.4)
(2.8)
(28.3)
Group
£m
270.5
(159.9)
110.6
40.9%
(58.1)
52.5
(13.3)
39.2
(12.7)
(6.4)
(2.8)
17.3
154
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�4 Segmental information continued
Segmental analysis 2020 (restated) 2
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Segmental analysis 2021
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Segmental analysis 2020 (restated) 2
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Assurance
£m
Software
Resilience
£m
Central and
head office
£m
226.2
(149.3)
76.9
34.0%
(43.9)
33.0
(10.7)
22.3
–
–
–
37.5
(10.0)
27.5
73.3%
(10.0)
17.5
(0.6)
16.9
–
–
–
–
–
–
–
(5.0)
(5.0)
(3.5)
(8.5)
(7.9)
(8.8)
(1.4)
22.3
16.9
(26.6)
Assurance
£m
Software
Resilience
£m
Central and
head office
£m
6.0
69.3
(94.9)
–
13.5
(4.5)
2.1
349.5
(66.7)
Assurance
£m
4.7
88.0
Software
Resilience
£m
Central and
head office
£m
0.2
18.4
12.3
330.8
Group
£m
263.7
(159.3)
104.4
39.6%
(58.9)
45.5
(14.8)
30.7
(7.9)
(8.8)
(1.4)
12.6
Group
£m
8.1
432.3
(166.1)
Group
£m
17.2
437.2
(73.9)
(14.5)
(142.9)
(231.3)
The Central and head office cost centre is not considered to be a separate operating segment nor part of any other operating segment as it
does not generate any revenues. Included within Central and head office are assets and liabilities not specifically allocated to the reporting
segments and include investments, head office tangible and intangible assets, deferred tax assets and liabilities, right-of-use assets and
associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions. Central and head office assets and
liabilities are disclosed to allow a reconciliation back to the Group’s assets and liabilities.
During the year, management has amended its segment disclosure to reflect the way the performance of the business is reported to the CODM
and managed. The performance of the APAC region was previously included within Europe and APAC. For the year ended 31 May 2021,
the APAC region is now included together with the UK segment until it becomes such a size that warrants separate reporting to the CODM.
In addition, with the continuing growth and formation of a European division we have changed geographical segments in line with how this
information is reported to the Board and managed today and have represented prior year figures on a like-for-like basis.
The net book value of non-current assets is analysed geographically as follows:
UK and APAC
North America
Europe
Total non-current assets
2021
£m
172.0
60.5
9.0
241.5
2020
(restated) 2
£m
188.3
68.6
10.4
267.3
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
155
Financial statements�4 Segmental information continued
Revenue is disaggregated by primary geographical market, by category and timing of revenue recognition as follows:
Revenue by originating country
UK and APAC
North America
Europe
Total revenue
Revenue by category
Services
Products
Total revenue
Timing of revenue recognition
Services and products transferred over time
Services and products transferred at a point in time
Total revenue
Assurance
£m
Software
Resilience
£m
102.7
82.7
48.5
233.9
25.2
7.3
4.1
36.6
Assurance
£m
Software
Resilience
£m
228.3
5.6
233.9
47.9
186.0
233.9
36.6
–
36.6
24.0
12.6
36.6
2021
Total
£m
127.9
90.0
52.6
270.5
2021
Total
£m
264.9
5.6
270.5
71.9
198.6
270.5
Assurance
£m
Software
Resilience
£m
98.8
82.4
45.0
226.2
25.9
7.8
3.8
37.5
Assurance
£m
Software
Resilience
£m
215.7
10.5
226.2
41.4
184.8
226.2
37.5
–
37.5
25.7
11.8
37.5
2020
Total
£m
124.7
90.2
48.8
263.7
2020
Total
£m
253.2
10.5
263.7
67.1
196.6
263.7
There are no customer contracts in either 2021 or 2020 which account for more than 10% of segment revenue.
5 Individually Significant Items
The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently unusual
in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately identified and
excluded from adjusted results (as explained in Note 3).
Individually Significant Items (ISIs)
Cloud configuration and customisation costs
Costs directly attributable to the acquisition of the IPM Software Resilience business
Total ISIs
2021
£m
5.1
7.6
12.7
2020
(restated) 2
£m
7.9
–
7.9
Cloud configuration and customisation costs
These costs relate to the material spend previously capitalised in relation to the Group’s Securing Growth Together digital transformation
programme that have now been expensed following the adoption of the IFRIC agenda decision. The costs meet the Group’s policy for ISIs.
See Note 34 for further details in relation to the prior year restatement.
Costs directly attributable to the acquisition of the IPM Software Resilience business
These costs are directly attributable to the material acquisition of the IPM Software Resilience business (see Note 35) and are therefore
considered to meet the Group’s policy for ISIs. The nature of the costs includes legal, accountancy, due diligence and other advisory services.
156
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�6 Expenses and auditor’s remuneration
Continuing activities
Profit before taxation is stated after charging/(crediting):
Amounts receivable by auditor and its associates in respect of:
Audit of these Financial Statements
Audit of Financial Statements of subsidiaries pursuant to legislation
Total audit 4
Amortisation of development costs (Note 12)
Amortisation of software costs (after the adoption of the IFRIC agenda decision on cloud configuration
and customisation costs) (Note 12)
Amortisation of acquired intangibles (Note 12)
Depreciation of property, plant and equipment (Note 13)
Depreciation of right-of-use assets (Note 14)
Impairment of right-of-use assets (Note 14)
Costs directly attributable to the acquisition of the IPM Software Resilience business (included within ISIs) (Note 5)
Cloud configuration and customisation costs (Note 5)
Credit losses recognised on financial assets
Cost of inventories recognised as an expense
Foreign exchange losses
Lease rental costs charged:
– Hire of property, plant and equipment 5
Research and development expenditure
Profit on disposal of intangible assets
Profit on disposal of right-of-use assets
Loss on sale of property, plant and equipment
2021
£m
2020
(restated) 2
£m
0.7
0.1
0.8
2.0
1.0
6.4
4.4
5.9
–
7.6
5.1
0.8
1.1
1.5
0.1
0.5
(0.5)
(0.2)
0.2
0.4
0.1
0.5
2.0
1.0
8.8
5.8
6.0
1.1
–
7.9
0.7
0.5
–
0.5
0.6
–
(0.1)
–
4 The only non-audit service provided by the auditor was for the interim review at 30 November 2020, for which the fee was £75,000 (2020: £50,000).
5 The charge to the Income Statement in respect of lease rental costs relates entirely to short-term leases for which the Group has taken the exemption allowed from
applying the principles of IFRS 16.
7 Staff numbers and costs
Directors’ emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of 2021
were £2.2m (2020: £1.6m). Employer contributions to pensions for Executive Directors for qualifying periods were £nil (2020: £50,000).
The Company provided pension payments in lieu of pension contributions for two Executive Directors during the year ended 31 May 2021
amounting to £50,000. The aggregate net value of share awards granted to the Directors in the period was £0.7m (2020: £0.7m). The net
value has been calculated by reference to the closing mid-market price of the Company’s shares on the day before the date of grant. During
the year, 104,526 share options were exercised by Directors (2020: nil) and their gain on exercise of share options was £88,000 (2020: £nil).
The average monthly number of persons employed by the Group during the year, including Directors, is analysed by category as follows:
Operational
Administration
Total
The aggregate payroll costs of these persons were as follows:
Wages and salaries
Share-based payments (Note 26)
Social security costs
Other pension costs (Note 31)
Total payroll costs
Number of employees
2021
1,523
374
1,897
2020
1,518
355
1,873
2021
£m
2020
£m
152.5
148.4
2.8
13.7
5.3
1.4
14.7
5.6
174.3
170.1
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
157
Financial statements�8 Finance costs
Interest payable on bank loans and overdrafts
Interest expense on lease liabilities
Finance costs
The above finance costs relate entirely to liabilities not at fair value through profit or loss.
9 Taxation
Recognised in the Income Statement
Current tax expense
Current year
Adjustment to tax expense in respect of prior periods
Impact of prior year US R&D tax credits
Foreign tax
Total current tax
Deferred tax expense
Origination and reversal of temporary differences
Movement in tax rate
Recognition of previously unrecognised deductible timing differences
Impact of prior year US R&D tax credits
Adjustment to tax expense in respect of prior periods
Total deferred tax
Tax expense on continuing operations
Reconciliation of effective tax rate
Profit before taxation
Current tax using the UK corporation tax rate of 19% (2020: 19%)
Effects of:
Items not (assessable)/deductible for tax purposes
Adjustment to tax charge in respect of prior periods
Impact of prior year US R&D tax credits
Impact of current year US R&D tax credits
Differences between overseas tax rates
Movements in temporary differences not recognised
Movement in tax rate
Total tax expense
2021
£m
1.3
1.2
2.5
2021
£m
(0.8)
(0.4)
2.7
4.3
5.8
(0.7)
0.4
–
(0.8)
0.1
(1.0)
4.8
2021
£m
14.8
2.8
(0.5)
(0.3)
1.9
(0.3)
0.7
0.1
0.4
4.8
2020
£m
1.8
1.2
3.0
2020
(restated) 2
£m
2.0
(0.6)
–
4.4
5.8
(2.7)
(0.3)
(0.4)
0.5
0.3
(2.6)
3.2
2020
(restated) 2
£m
9.6
1.8
0.9
(0.3)
0.5
–
0.9
(0.3)
(0.3)
3.2
Current and deferred tax recognised directly in equity was a credit of £0.3m (2020: £nil).
In the March 2021 budget the UK government announced that legislation will be introduced in the Finance Bill 2021 to increase the main
rate of UK corporation tax from 19% to 25%, effective 1 April 2023. This rate was substantively enacted on 24 May 2021 and therefore
the deferred tax balances as at 31 May 2021 are generally measured at a rate of 25%.
158
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�9 Taxation continued
Application of IFRIC agenda decisions
During the year, the Group has reviewed its accounting policy to align with IFRIC guidance issued in April 2021 in relation to
Software-as-a-Service (SaaS) costs previously capitalised; following this review certain costs previously capitalised in relation to
cloud-based arrangements have been expensed and amortisation charged on those assets has been reversed. This had the impact
on the UK tax charge in the prior year of £1.2m. See Note 34 for further details on this prior year restatement.
Tax uncertainties
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be
uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to historical periods. Uncertainty arises
as a result of a degree of uncertainty concerning interpretation of US legislation and because the statute of limitations has not expired. For the
periods ending 31 May 2017 to 31 May 2021, the aggregate net current tax benefit to the Income Statement relating to the US R&D tax
credits is £2.7m (2020: £4.3m). The gross deferred tax asset relating to the US R&D tax credits is £1.0m (2020: £0.8m), although due to the
uncertainty we have made a partial provision of £0.6m (2020: £0.8m) against this asset. The aggregate gross amount of US R&D tax credits
recognised amounts to £8.2m (2020: £5.1m) and we have made a provision of £5.1m (2020: £0.8m) against this gross position.
10 Dividends
Dividends paid and recognised in the year
Dividends per share paid and recognised in the year
Dividends per share proposed but not recognised in the year
2021
£m
13.0
4.65p
3.15p
2020
£m
12.9
4.65p
3.15p
The proposed final dividend for the year ended 31 May 2021 of 3.15p per ordinary share on approximately 309.8m ordinary shares (approximately
£10m) was approved by the Board on 14 September 2021 and will be recommended to shareholders at the AGM on 4 November 2021. The
dividend has not been included as a liability as at 31 May 2021. The payment of this dividend will not have any tax consequences for the Group.
11 Earnings per ordinary share
Earnings per ordinary share are shown on a statutory and an adjusted basis to assist in the understanding of the performance of the Group.
Statutory earnings (A)
Basic weighted average number of shares in issue (C)
Dilutive effect of share options
Diluted weighted average shares in issue (D)
2021
£m
10.0
Number
of shares
m
281.2
1.5
282.7
2020
(restated) 2
£m
6.4
Number
of shares
m
278.0
2.5
280.5
For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the period
during which the options are outstanding.
Earnings per ordinary share
Basic (A/C)
Diluted (A/D)
2021
Pence
3.6
3.5
2020
(restated) 2
Pence
2.3
2.3
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
159
Financial statements�11 Earnings per ordinary share continued
Adjusted basic EPS 1 is reconciled as follows:
Statutory earnings (A)
Amortisation of acquired intangibles
Share-based payments
Individually Significant Items (see Note 5)
Tax effect of above items
Adjusted earnings (B)
Adjusted earnings per ordinary share
Basic (B/C)
Diluted (B/D)
12 Goodwill and intangible assets
Cost
At 1 June 2019 – restated 2
Additions – restated 2
Transfers
Disposals
Effects of movements in exchange rates
At 31 May 2020 – restated 2
Additions
Disposals
Effects of movements in exchange rates
At 31 May 2021
Accumulated amortisation
At 1 June 2019 – restated 2
Charge for year – restated 2
Disposals
Effects of movements in exchange rates
At 31 May 2020 – restated 2
Charge for year
Disposals
Effects of movements in exchange rates
At 31 May 2021
Net book value
At 31 May 2021
At 31 May 2020 – restated 2
2021
£m
10.0
6.4
2.8
12.7
(5.1)
26.8
2021
Pence
9.5
9.5
Goodwill
£m
Software
£m
Development
costs
£m
Customer
contracts and
relationships
£m
Intangibles
subtotal
£m
2020
(restated) 2
£m
6.4
8.8
1.4
7.9
(3.4)
21.1
2020
(restated) 2
Pence
7.6
7.5
Total
£m
255.6
–
–
–
3.7
259.3
–
(10.2)
(10.2)
20.7
1.0
0.2
(9.1)
–
12.8
1.7
–
–
238.9
14.5
(66.2)
–
–
–
(66.2)
–
10.2
–
(18.9)
(1.0)
9.1
–
(10.8)
(1.0)
–
–
(56.0)
(11.8)
182.9
193.1
2.7
2.0
12.7
1.3
(0.2)
(2.3)
–
11.5
0.6
–
(0.4)
11.7
(7.5)
(2.0)
2.3
(0.1)
(7.3)
(2.0)
–
0.3
(9.0)
2.7
4.2
87.1
120.5
376.1
–
–
–
1.1
88.2
–
(13.0)
(2.1)
2.3
–
2.3
–
(11.4)
(11.4)
1.1
4.8
112.5
371.8
2.3
(13.0)
(2.5)
2.3
(23.2)
(12.7)
73.1
99.3
338.2
(55.8)
(8.8)
–
(0.8)
(82.2)
(11.8)
11.4
(0.9)
(148.4)
(11.8)
11.4
(0.9)
(65.4)
(83.5)
(149.7)
(6.4)
13.0
1.3
(9.4)
13.0
1.6
(9.4)
23.2
1.6
(57.5)
(78.3)
(134.3)
15.6
22.8
21.0
29.0
203.9
222.1
160
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�12 Goodwill and intangible assets continued
Development costs are capitalised in accordance with IAS 38 development criteria. For this reason, these are not regarded as realised losses.
Application of IFRIC agenda decisions
During the year, the Group has reviewed its accounting policy to align with IFRIC guidance issued in April 2021 in relation to Software-as-a-Service
(SaaS) costs previously capitalised; following this review of costs previously capitalised for the year ended 31 May 2020 of £7.9m relating to
cloud-based arrangements have now been expensed and amortisation of £1.4m charged on those assets has been reversed. Consequentially,
the net impact on operating profit for the year ended 31 May 2020 is £6.5m. In addition, costs of £0.2m have been reclassified to prepayments.
For the year ended 31 May 2019, the Group identified £3.6m of costs previously capitalised under cloud computing arrangements that should
be expensed and £0.1m of amortisation was charged, which is to be reversed. See Note 34 for further details on this prior year restatement.
Cash generating units (CGUs)
Goodwill and intangible assets are allocated to CGUs in order to be assessed for potential impairment. CGUs are defined by accounting standards
as the lowest level of asset groupings that generate separately identifiable cash inflows that are not dependent on other CGUs. The Directors have
reviewed the continuing applicability of the judgements made in the prior year in determining the CGUs within the Group and in allocating goodwill
to these CGUs. The assessment of CGUs is a key accounting judgement as set out in Note 2 of the consolidated Financial Statements.
During the year, the Group revised its CGUs as follows:
• On 1 June 2020, Virtual Security Research LLC (VSR) was merged into NCC Group Security Services Incorporated, which forms part of the
North America Assurance CGU, and following this merger VSR no longer exists as a standalone entity. VSR continues to be included within
the North America segment. From this date, the VSR business no longer generates independent cash flows since its resources are now
pooled with the remainder of the US Assurance technical delivery teams and its support functions are delivered by the shared US Assurance
functions. Furthermore, VSR is no longer reported separately from the rest of the US business. On the basis of the above, management has
concluded that the VSR business is no longer a standalone CGU and has been subsumed into the North America Assurance CGU
• During the year, the Group ceased measuring and forecasting the performance of the Payment Software Company Inc. business (PSC),
which now forms part of the North America Assurance segment. On the basis of the above, management has concluded that the PSC
business is no longer a standalone CGU as it is not capable of generating independent cash flows and has been subsumed into the
North America Assurance CGU
• During FY21, the Group has rearranged its operations so that there is now a European-wide Assurance operation, combining the Fort
business unit previously included within the UK Assurance CGU and the Fox-IT business unit under a single management and reporting
structure, known as Europe Assurance. As part of the integration measuring and forecasting of performance is done at the Europe
Assurance level and operations such as the sales and delivery teams and support functions have been integrated such that independent
cash flows are no longer identifiable below the Europe Assurance level. On this basis, management has concluded that the cash flows
associated with Fox-IT and Fort should now be combined to form a single CGU
The CGUs and the allocation of goodwill to those CGUs are shown below:
Cash generating units
UK Software Resilience
North America Software Resilience
Europe Software Resilience
Total Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Total Assurance
Total Group
Goodwill
2021
£m
Goodwill *
2020
£m
22.9
7.5
7.2
37.6
44.2
36.4
64.7
22.9
8.7
7.5
39.1
47.3
42.4
64.3
145.3
182.9
154.0
193.1
* The prior year comparative figures have been re-presented to reflect the change in CGUs in the year described above.
Impairment review
Goodwill is tested for impairment annually at the level of the CGU to which it is allocated. In each of the tests carried out as at 31 May 2021,
the recoverable amount of the CGUs concerned was measured on a value in use basis (VIU). VIU represents the present value of the future
cash flows that are expected to be generated by the CGU to which the goodwill is allocated.
Capitalised development and software costs are included in the CGU asset bases when performing the impairment review. Capitalised
development projects and software intangible assets are also considered, on an asset-by-asset basis, for impairment where there are
indicators of impairment. During the year, management carried out a detailed review of the capitalised product portfolio and, based on
cash flow projections for the respective projects, concluded that no impairment was required.
VIU calculations are an area of material management estimation as set out in Note 2 to the consolidated Financial Statements. These
calculations require the use of estimates, specifically: pre-tax cash flow projections; long-term growth rates; and a pre-tax discount rate.
Further detail in relation to these key assumptions used in the Group’s goodwill annual impairment review is as follows:
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
161
Financial statements�12 Goodwill and intangible assets continued
Pre-tax cash flow projections
Pre-tax cash flow projections are based on the Group’s budget for the forthcoming financial year and longer-term three year strategic plans
to 2024. The budget and three year strategic plan are compiled by the business unit management teams using a detailed, bottom-up
process with respect to revenue, margin and overheads, taking into account factors specific to that business unit as well as wider economic
factors such as industry growth expectations and the impact of Covid-19.
The Group’s revenue forecasts are developed using the most reliable data available, such as the size of the existing contract base and details
of confirmed orders, as well as assumptions over key operational inputs to underpin the forecast for each revenue stream. The combined
effect of these individual assumptions on the overall growth rate assumed for each area of the business is then compared to management’s
experience of growth and the industry’s expected growth rate.
For cost forecasts, the majority of which are people related, headcount changes are forecast for delivery and sales staff in order that there
are sufficient resources to support the forecasted required revenue delivery capacity as well as to deliver against sales targets, whilst also
factoring in payroll inflation expectations. Overhead costs are also forecast using a bottom-up process.
Forecasts go through a detailed review process and are subject to challenge at each stage of review, including by the Executive Committee.
Ultimately the forecasts are approved by the Board.
Assumptions have then been applied for expected revenue, margin growth, overheads and Adjusted EBITDA ¹ for the subsequent two years
from the end of 2024. Adjusted EBITDA ¹ is considered a proxy for operating cash flow before changes in working capital. Pre-tax cash flow
projections also include assumptions on working capital and capital expenditure requirements for each CGU.
These assumptions are based on management’s experience of growth and knowledge of the industry sectors, markets and the Group’s
internal opportunities for growth and margin enhancement. The projections beyond five years into perpetuity use an estimated long-term
growth rate. Management has taken into account the impact of Covid-19 in formulating the above assumptions, and the underlying
uncertainty of Covid-19 has been reflected in the assumptions underpinning the cash flow forecasts for each CGU rather than the pre-tax
discount rates used in the impairment test.
Forecast working capital and capital expenditure included within the pre-tax cash flow projections are based on management’s expectations
of future expenditure required to support the Group and current run rate requirements.
The revenue growth rate is considered a critical estimate by management. Revenue growth is considered to be the most critical estimate,
rather than Adjusted EBITDA 1 growth which was used in the prior year, due to the Group’s relatively stable overhead base and high
operating leverage. The table below summarises the cumulative average growth rate (CAGR) assumed for revenue over the five year
forecast period to 2026 for each CGU:
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Revenue
CAGR (%)
2021
Revenue
CAGR (%)
2020
5.8
12.3
11.4
9.0
10.4
11.7
5.5
1.2
5.1
8.3
8.3
13.1
The revenue % growth for Europe Assurance is considered by management to be appropriate for the specific industry to which the CGU operates.
Management has considered available external market data in determining the revenue growth rates over the five year forecast period.
Long-term growth rates
To forecast growth beyond the detailed cash flows into perpetuity, a long-term average growth rate ranging between 1.5 and 1.7%
(2020: between 1.9 and 2.5%) has been used based on the specific geography of the CGU, as shown in the table below. This range
represents management’s best estimate of a long-term annual growth rate aligned to an assessment of long-term GDP growth rates.
A higher sector-specific growth rate would be a valid alternative estimate. A different set of assumptions may be more appropriate in future
years dependent on changes in the macro-economic environment. These rates are not greater than the published International Monetary
Fund average growth rates in gross domestic product for the next five year period in each relevant territory in which the CGUs operate.
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
162
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Growth rate
(%)
2021
Growth rate
(%)
2020
1.7
1.6
1.5
1.7
1.6
1.5
1.9
2.5
1.9
1.9
2.5
1.9
Notes to the Financial Statements continuedfor the year ended 31 May 2021�12 Goodwill and intangible assets continued
Pre-tax discount rates
Discount rates can change relatively quickly for reasons both inside and outside of management’s control. Those outside management’s
direct control or influence include changes in the Group’s Beta, changes in risk free rates of return and changes in Equity Risk Premia.
The discount rates are determined using a capital asset pricing model and reflect current market interest rates, relevant equity and size risk
premiums and the risks specific to the CGU concerned. On this basis, specific discount rates are used for each CGU in the VIU calculation
and the rates reflect management’s assessment on the level of relative risk in each respective CGU. The table below summarises the pre-tax
discount rates used for each CGU:
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Pre-tax
discount rate
(%)
2021
Pre-tax
discount rate
(%)
2020
12.9
15.3
13.6
13.0
14.2
13.7
15.4
13.5
13.6
11.6
13.5
12.7
Sensitivity analysis
Sensitivity analysis has been performed in respect of certain scenarios where management considers a reasonably possible change in key
assumptions could occur. The following key assumptions are considered to carry the greatest level of sensitivity to forecasts:
• Revenue is the primary cash flow driver (since due to the Group’s operating leverage, revenue is the key driver of Adjusted EBITDA ¹,
considered as a proxy for operating cash flow before changes in working capital and capital expenditure), and a key contributor to VIU
• The discount rate for each CGU: both factors inside and outside of management’s control impact the discount rate and can have
a significant impact on the VIU calculation
With the exception of the Europe Assurance CGU, the outcome of applying sensitivity analysis in respect of the above inputs indicated that
there is no reasonably possible scenario in which the carrying value of goodwill would be considered impaired. With respect to the Europe
Assurance CGU, management has considered the impact of Covid-19 on the challenging growth targets for this CGU and believes a
reasonably possible change in the key assumptions of a 1.7% pts reduction in the revenue CAGR or a 1% pts increase in the discount rate
would significantly reduce the headroom or give rise to an impairment. The impact of these changes in assumptions is illustrated in the table
below, together with the change in each assumption that would result in the VIU falling below the carrying amount.
It is noted that, whilst a 1.7% pts reduction in the revenue CAGR would give rise to a potential impairment of goodwill, it is expected that any
such deterioration in expected growth rates would also lead to a reduction in expected future costs. This expected future cost reduction has
not been factored into the calculations illustrated below.
Sensitivity analysis £m
Carrying value of assets (goodwill, development and software costs, right-of-use assets)
Total VIU
Surplus over carrying value of assets
Assumptions used in VIU calculation:
Five year CAGR
Impact of reduction of 1.7% pts to five year revenue CAGR on VIU
Change required in five year revenue CAGR % for VIU to fall below carrying value
Pre-tax discount rate
Impact of 1% pts increase in pre-tax discount rate on VIU
Change required in pre-tax discount rate for VIU to fall below carrying value
Impact of both 1.7% pts reduction to revenue CAGR and 1% pts increase in pre-tax discount rate on VIU
Europe Assurance
31 May 2021
31 May 2020
76.9
95.1
18.2
72.9
92.3
19.4
11.7%
13.1%
(43.4)
0.7%
N/A
0.7%
13.7%
12.7%
(7.9)
2.6%
(47.6)
(8.1)
2.5%
N/A
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
163
Financial statements
�13 Property, plant and equipment
Cost
At 1 June 2019
Additions
Disposals
Movement in foreign exchange rates
At 31 May 2020
Additions
Disposals
Movement in foreign exchange rates
At 31 May 2021
Depreciation
At 1 June 2019
Charge for year
Disposals
Movement in foreign exchange rates
At 31 May 2020
Charge for year
Disposals
Movement in foreign exchange rates
At 31 May 2021
Net book value
At 31 May 2020
At 31 May 2021
Computer
equipment
£m
Fixtures,
fittings and
equipment
£m
Motor
vehicles
£m
19.6
21.1
2.9
(2.8)
–
(0.1)
(0.3)
0.3
19.7
21.0
1.8
(0.1)
(0.6)
0.9
(3.6)
(1.0)
0.2
–
(0.1)
–
0.1
–
–
–
Total
£m
40.9
2.8
(3.2)
0.3
40.8
2.7
(3.7)
(1.6)
20.8
17.3
0.1
38.2
(14.6)
(3.0)
2.6
(0.3)
(9.3)
(2.8)
0.6
–
(0.1)
(24.0)
–
–
–
(5.8)
3.2
(0.3)
(15.3)
(11.5)
(0.1)
(26.9)
(2.8)
0.2
0.4
(17.5)
4.4
3.3
(1.6)
3.3
0.7
(9.1)
9.5
8.2
–
–
–
(4.4)
3.5
1.1
(0.1)
(26.7)
–
–
13.9
11.5
164
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�14 Right-of-use assets
Cost
At 1 June 2019
Additions
Disposals
At 31 May 2020
Additions
Reclassifications from provisions
Disposals
At 31 May 2021
Depreciation
At 1 June 2019
Charge for year
Impairment charge
At 31 May 2020
Charge for year
At 31 May 2021
Net book value
At 31 May 2020
At 31 May 2021
Land and
buildings
£m
Motor
vehicles
£m
24.6
11.0
(2.8)
32.8
3.1
(1.4)
(0.7)
33.8
–
(4.9)
(1.1)
(6.0)
(4.8)
(10.8)
26.8
23.0
1.9
1.1
–
3.0
–
–
–
3.0
–
(1.1)
–
(1.1)
(1.1)
(2.2)
1.9
0.8
Total
£m
26.5
12.1
(2.8)
35.8
3.1
(1.4)
(0.7)
36.8
–
(6.0)
(1.1)
(7.1)
(5.9)
(13.0)
28.7
23.8
The impairment charge of £1.1m in the prior year relates to leased properties which are not currently occupied by the Group, which have
been tested for impairment separately rather than within the CGU impairment tests. The impairment charge is based on the estimated
recoverable amount of the right-of-use asset at the assumed date of disposal or termination of the lease, which is considered to be £nil.
15 Investments
Interest in unlisted shares
Group
2021
£m
0.3
Group
2020
£m
0.3
The investment in unlisted shares relates to a 3.35% ordinary shareholding in an unlisted company acquired as part of the Accumuli
acquisition. The investment’s carrying value at acquisition date was considered appropriate to use as the fair value. The Directors consider
there has been no change in the year.
16 Inventory
Goods for resale
Group
2021
£m
1.1
Group
2020
£m
0.9
The Group holds stock of certain critical components for key customers in relation to our own product sales (as opposed to third party
products). The carrying value of inventory is expected to be recovered or settled within one year. There have been no write-downs of
inventory in the year (2020: £nil).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
165
Financial statements�17 Trade and other receivables
Current
Trade receivables
Prepayments
Deferred contract costs
Other receivables
Contract assets – accrued income
Non-current
Amounts owed by Group undertakings
Total
Disclosed as follows:
Current assets
Non-current assets
Group
2021
£m
35.2
8.7
–
1.9
22.9
–
68.7
68.7
–
68.7
Group
2020
(restated) 2
£m
Company
2021
£m
Company
2020
£m
41.6
10.8
2.1
0.9
18.0
–
73.4
73.4
–
73.4
–
–
–
–
–
162.6
162.6
–
162.6
162.6
–
–
–
–
–
142.0
142.0
–
142.0
142.0
The carrying value of trade and other receivables classified at amortised cost approximates fair value.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the customer
in relation to a long-term onerous contract (see Note 21). No impairment charge has been recognised during the year.
No credit losses have been recognised in respect of amounts owed by Group undertakings (Parent Company only) in the year (2020: £nil)
since they are not considered material.
Amounts owed by Group undertakings in the Parent Company Balance Sheet have been disclosed as repayable after more than one year.
Although these are repayable on demand, the disclosure as non-current is based on management’s expectation of the timing of repayment.
The ageing of trade receivables and other receivables at the end of the reporting period was:
Group
Trade receivables:
Not past due
Past due 0–30 days
Past due 31–90 days
Past due more than 90 days
Other receivables:
Not past due
Contract assets:
Not past due
Total
The Company had no trade receivables (2020: £nil).
Gross
2021
£m
Expected
credit losses
2021
£m
Net
2021
£m
24.3
6.6
3.7
2.3
36.9
(0.1)
24.2
(0.1)
(0.1)
(1.4)
(1.7)
6.5
3.6
0.9
35.2
Gross
2020
£m
19.6
14.4
6.5
3.6
44.1
1.9
–
1.9
0.9
23.1
61.9
(0.2)
(1.9)
22.9
60.0
18.0
63.0
Expected
credit losses
2020
£m
–
(0.1)
(0.2)
(2.2)
(2.5)
–
–
(2.5)
Net
2020
£m
19.6
14.3
6.3
1.4
41.6
0.9
18.0
60.5
166
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�17 Trade and other receivables continued
The standard period for credit sales varies from 30 days to 60 days. Trade receivables which are over 30 days past due are considered to
be credit impaired. The Group assesses creditworthiness of all trade debts on an ongoing basis providing for expected credit losses in line
with IFRS 9. The Group has considered credit risk rating grades; these are based on the ageing categories above. Covid-19 has not had
a material impact on the collection of trade receivables, and consequently has not materially impacted our forward looking estimates for
expected credit losses. New customers are subject to stringent credit checks.
The movement in the expected credit losses of trade and other receivables is as follows:
Balance at 1 June
Released/(charged) to the Income Statement
Balance at 31 May
Group
2021
£m
(2.5)
0.8
(1.7)
Group
2020
£m
(1.8)
(0.7)
(2.5)
18 Deferred tax assets and liabilities (Group)
Deferred tax assets and liabilities on the Consolidated Statement of Financial Position are offset in accordance with IAS 12. A summary
of this, offset with significant jurisdictions, is shown below:
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Deferred tax asset/(liability)
Analysed as follows:
Non-current assets
Non-current liabilities
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Deferred tax (liability)/asset
Analysed as follows:
Non-current assets
Non-current liabilities
UK
£m
0.6
0.1
0.3
(1.7)
0.7
–
–
–
–
UK
£m
0.4
0.1
0.3
(1.8)
0.2
–
(0.8)
–
(0.8)
2021
US
£m
Netherlands
£m
Denmark
£m
–
4.5
0.2
(3.9)
0.7
–
1.5
1.5
–
0.3
0.2
–
(1.9)
0.2
–
(1.2)
–
(1.2)
–
–
–
–
–
0.5
0.5
0.5
–
2020 (restated) 2
US
£m
Netherlands
£m
Denmark
£m
0.1
6.0
0.2
(4.6)
0.2
–
1.9
1.9
–
0.4
–
0.1
(2.7)
0.1
–
(2.1)
–
(2.1)
–
–
–
–
–
0.4
0.4
0.4
–
Total
£m
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
2.0
(1.2)
Total
£m
0.9
6.1
0.6
(9.1)
0.5
0.4
(0.6)
2.3
(2.9)
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
167
Financial statements�18 Deferred tax assets and liabilities (Group) continued
Movement in deferred tax during the year:
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
1 June
2020
(restated) 2
£m
0.9
6.1
0.5
(9.0)
0.5
0.4
(0.6)
1 June
2019
(restated) 2
£m
0.4
5.1
–
(10.2)
0.6
0.4
(3.7)
Recognised
in income
£m
Exchange
differences
£m
Recognised
in equity
£m
Adjustment to
opening reserves
£m
31 May
2021
£m
–
(0.8)
–
0.8
0.9
0.1
1.0
–
(0.5)
–
0.7
(0.1)
–
0.1
–
–
–
–
0.3
–
0.3
–
–
–
–
–
–
–
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
Recognised
in income
£m
Exchange
differences
£m
Recognised
in equity
£m
Adjustment to
opening reserves
£m
31 May
2020
£m
0.5
0.8
–
1.4
(0.1)
–
2.6
–
0.2
–
(0.2)
–
–
–
–
–
–
–
–
–
–
–
–
0.5
–
–
–
0.5
0.9
6.1
0.5
(9.0)
0.5
0.4
(0.6)
The Group has recognised a deferred tax asset of £0.5m (2020: £0.4m) on tax losses as management considers it probable that future taxable
profits will be available against which it can be utilised. The Group has not recognised a deferred tax asset on £25.6m (2020: £13.9m) of tax losses
carried forward in the UK (£21.8m), Australia (£2.8m), North America (£0.5m) and Singapore (£0.3m) due to current uncertainties over their future
recoverability (and in the case of the UK and North America because of specific legislative restrictions). A deferred tax asset of £1.0m (2020: £0.8m)
in respect of R&D tax claims submitted in North America has been partially provided against due to uncertainty with regard to recoverability;
an amount of £0.6m has been provided (2020: £0.8m).
No deferred tax liability is recognised on temporary differences of £0.2m (2020: £0.3m) relating to the unremitted earnings of overseas subsidiaries
as the Group is able to control the timing of the reversal of these temporary differences and it is probable that they will not reverse in the
foreseeable future.
19 Trade and other payables
Trade payables
Non-trade payables
Accruals
Amounts owed to Group companies
Total
Group
2021
£m
3.3
7.9
34.0
–
45.2
Group
2020
£m
10.8
11.7
23.9
–
46.4
Company
2021
£m
Company
2020
£m
–
–
–
13.5
13.5
–
–
–
13.0
13.0
The carrying value of trade and other payables classified as financial liabilities measured at amortised cost approximates fair value.
168
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�20 Lease liabilities
At 1 June 2019
Additions
Disposals
Lease payments
Interest expense
At 1 June 2020
Additions
Disposals
Lease payments
Interest expense
At 31 May 2021
Analysed as follows:
Current
Non-current
The maturity of lease liabilities is as follows:
Less than one year
Two to five years
More than five years
Total lease liabilities
Land and
buildings
£m
33.6
9.6
(2.9)
(5.4)
1.1
36.0
1.3
(0.9)
(5.9)
1.1
31.6
Motor
vehicles
£m
2.1
1.1
–
(1.1)
0.1
2.2
1.8
–
(1.3)
0.1
2.8
2021
£m
5.1
29.3
2021
£m
5.1
15.8
13.5
34.4
Total
£m
35.7
10.7
(2.9)
(6.5)
1.2
38.2
3.1
(0.9)
(7.2)
1.2
34.4
2020
£m
5.3
32.9
2020
£m
5.3
15.7
17.2
38.2
The total cash outflow for leases in the year was £7.3m (2020: £7.0m), which consists of £7.2m (2020: £6.5m) lease payments disclosed
above and £0.1m (2020: £0.5m) lease payments charged to the Income Statement in respect of short-term leases.
The Group has used its incremental borrowing rate of 3.3% (2020: 3.3%) as the discount rate for the calculation of the lease liabilities.
Some leases contain break clauses or extension options to provide operational flexibility. Potential future undiscounted lease payments
not included in the reasonably certain lease term, and hence not included in lease liabilities, total £4.0m (2020: £4.0m).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
169
Financial statements�21 Provisions
Balance as at 31 May 2019 and 1 June 2019
Provision transferred to right-of-use assets on implementation of IFRS 16
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2020 and 1 June 2020
Reclassification to right-of-use assets
Reclassification
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2021
Analysed as follows (2021):
Current
Non-current
Analysed as follows (2020):
Current
Non-current
Lease
incentives
£m
Loss-making
contracts
£m
Onerous
property costs
£m
Other
provisions
£m
4.1
(4.1)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
0.2
–
0.2
–
1.7
1.9
(2.7)
1.1
1.1
–
0.2
–
4.1
(2.6)
2.1
(0.7)
2.9
(1.4)
–
1.0
(0.8)
1.7
1.1
0.6
1.2
1.7
–
–
0.6
–
0.6
–
–
–
(0.4)
0.2
0.2
–
0.6
–
Total
£m
8.2
(6.7)
2.9
(0.7)
3.7
(1.4)
1.7
2.9
(3.9)
3.0
2.4
0.6
2.0
1.7
The lease incentives provision represents capital contributions towards fit-out costs and rent-free incentives. In the prior year on the
implementation of IFRS 16, the opening provision of £4.1m has been transferred and offset against the associated right-of-use assets.
The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply contracts
and is expected to be completed in 2022. During the year, revenue has been recognised in relation to this long-term contract of £1.8m.
The onerous property costs provision relates to vacant premises in Reading and unused floors in the Manchester head office building.
In the prior year on the implementation of IFRS 16, the opening provision of £2.6m relating to the onerous rent costs has been transferred
and offset against the associated right-of-use asset. The provision of £1.7m (2020: £2.9m) at 31 May 2021 includes £1.2m (2020: £2.5m)
of non-rent costs relating to the onerous properties including service charges and insurance and also the estimated costs of disposing
or terminating these leases which includes rent incentives, renovation costs and letting fees. The provision at 31 May 2021 also includes
estimated dilapidations liabilities of £0.5m (2020: £0.4m) relating to the Group’s leased premises. Both of these provisions are expected
to unwind over the period of the relevant leases (2021–2034).
Other provisions of £0.2m (2020: £0.6m) include reorganisation costs to which the Group was committed at the Balance Sheet date
and are expected to be incurred within the next financial year.
170
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�22 Contract liabilities – deferred revenue
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred revenue
is analysed as follows and is considered a contract liability:
Analysed as follows:
Current
Non-current
Group
2021
£m
43.6
0.7
44.3
Group
2020
£m
39.5
1.4
40.9
Revenue recognised in the year ended 31 May 2021 that was included in the contract liability at 1 June 2020 amounted to £39.5m (2020: £35.3m).
The Group has taken advantage of the IFRS 15 practical expedient not to disclose when revenue will unwind for all contracts less than
12 months in length. The increase in deferred revenue in the year is due to the growth of the Assurance division.
23 Contract balances
The following table provides information about receivables, contract assets and contract liabilities from contracts with customers.
Receivables, which are included in trade and other receivables
Contract assets – accrued income
Contract costs – costs to obtain
Contract costs – costs to fulfil an onerous contract
Contract liabilities – deferred income
Group
2021
£m
35.2
22.9
0.4
–
Group
2020
£m
41.6
18.0
0.4
2.1
(44.3)
(40.9)
Note
17
17
17
17
22
Receivables represent invoiced services usually payable within 30 days whereby performance obligations have been satisfied.
Accrued income represents the Group’s rights to consideration for work completed but not billed at the reporting date. Remaining balances
are transferred to receivables when the rights become unconditional. Credit losses of £0.1m (2020: £nil) have been recognised in respect
of contract assets. The increase in accrued income in the year is due to the growth of the Assurance division.
The contract assets were not impacted by any impairment charge. The contract assets are transferred to receivables when the rights become
unconditional. This usually occurs when the Group issues an invoice to the customer. Invoices usually become payable within 30 days.
The contract costs to obtain of £0.4m (2020: £0.4m) represent incremental sales commissions to obtain specific contracts.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the customer
in relation to a long-term onerous contract.
Contract liabilities primarily relate to advanced consideration received from customers, for which revenue is recognised over time in line
with the respective performance obligation.
No information is provided about remaining performance obligations at 31 May 2021 or at 31 May 2020 that have an original expected
duration of one year or less, as allowed by IFRS 15.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
171
Financial statements�24 Cash and cash equivalents and borrowings
Cash and cash equivalents
Cash and cash equivalents comprise:
Cash at bank and in hand
Borrowings are analysed as follows:
Non-current liabilities:
Revolving credit facility
Total borrowings
The maturity profile is as follows:
Less than one year
Two to five years
Total borrowings
Maturity
2024
Group
2021
£m
116.5
Group
2021
£m
33.2
33.2
Group
2021
£m
–
33.2
33.2
Group
2020
£m
95.0
Group
2020
£m
99.2
99.2
Group
2020
£m
–
99.2
99.2
Company
2021
£m
0.6
Company
2020
£m
6.8
Company
2021
£m
Company
2020
£m
–
–
–
–
Company
2021
£m
Company
2020
£m
–
–
–
–
–
–
In June 2019, the Group renegotiated its previous term loan and multi-currency revolving credit facilities into a new fully revolving credit
facility (RCF) of £100m with a new five year term up to June 2024, on similar terms (pricing and covenants). The interest payable on drawn
down funds ranges from 0.9% to 2.0% above LIBOR subject to the Group’s leverage (net debt 1 to Adjusted EBITDA ¹) ratio. Under the new
arrangements, the Group can request an additional accordion facility to increase the total size of the revolving credit facility by up to £75m.
The Group is required to comply with financial covenants for leverage (net debt 1 to Adjusted EBITDA 1), interest cover (Adjusted EBITDA 1 to
interest charge) and provisions relating to guarantor coverage such that guarantors must exceed a prescribed threshold of the Group’s gross
assets and Adjusted EBITDA 1. Covenants are tested bi-annually at 31 May and 30 November each year. Arrangement fees incurred of
£1.0m are being amortised over the term. Since the new facility is on broadly similar pricing terms to the previous facility, the refinancing has
been accounted for as a non-substantial modification with no gain or loss arising on modification.
On 12 May 2021, the Group entered into a new Term Loan Facility Agreement. The facility made available under the Facility Agreement (the ‘Term
Facility’) is a $70m amortising term loan facility, to fund the acquisition of the IPM Software Resilience business. The rate of interest on each loan under
the Term Facility is the percentage rate per annum which is equal to the aggregate of a compounded rate based on the secured overnight financing
rate (SOFR) administered by the Federal Reserve Bank of New York and the margin (based on a leverage ratchet varying from 1.40% to 2.65% per
annum). The Term Facility is repaid in annual instalments of $23.3m on each of 10 June 2022 and 10 June 2023, with a final instalment of $23.4m
payable on 10 June 2024. Arrangement fees incurred of £0.3m will be amortised over the term. The Term Facility Agreement also contains financial
covenants relating to leverage and interest cover and provisions relating to guarantor coverage consistent with the RCF.
The RCF is drawn in short to medium-term tranches of debt that are repayable within 12 months of draw-down. These tranches of debt can
be rolled over provided certain conditions are met, including compliance with all loan terms. The Group considers that it is highly unlikely it
would not be in compliance and therefore be unable to exercise its right to roll over the debt. The Directors therefore believe that the Group
has the ability and the intent to roll over the drawn RCF amounts when due and consequently has presented the RCF as a non-current liability.
As at 31 May 2021, the Group had committed bank facilities of £149.3m (2020: £100.0m), of which £33.8m (2020: £100.0m) had been
drawn under these facilities, leaving £115.5m (2020: £nil) of undrawn facilities. Unamortised arrangement fees of £0.6m (2020: £0.8m)
have been offset against the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2021 of £33.2m (2020: £99.2m).
The fair value of borrowings is not materially different to its amortised cost.
172
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�25 Financial instruments
Loans and borrowings
Non-current
Variable rate:
Revolving credit facility
Bank term loan
Current
Variable rate:
Bank term loan
Total loans and borrowings (excluding lease liabilities)
Cash
Net cash/(debt 1) (excluding lease liabilities)
Non-current
Lease liabilities
Current
Lease liabilities
Net cash/(debt 1)
Reconciliation of movements in liabilities to cash flows arising from financing activities
Group
Revolving credit facility/bank term loan:
Drawdown on facility
Repayment of facility
Transaction costs
Release of deferred arrangement fees
Foreign exchange movement
Movement in borrowings
IFRS 16 lease liability:
IFRS 16 transition adjustment
New leases entered into
Leases terminated
Principal element of lease payments
Interest element of lease payments
Interest cost (non-cash)
Movement in lease liabilities
Group
2021
£m
Group
2020
£m
Company
2021
£m
Company
2020
£m
(33.2)
(99.2)
–
–
(33.2)
(99.2)
–
–
–
–
(33.2)
(99.2)
116.5
83.3
95.0
(4.2)
(29.3)
(32.9)
(5.1)
48.9
(5.3)
(42.4)
–
–
–
–
–
–
0.6
0.6
–
–
0.6
–
–
–
–
–
–
6.8
6.8
–
–
6.8
2021
£m
2020
£m
12.0
(72.4)
–
0.2
(5.8)
(66.0)
–
3.1
(0.9)
(6.0)
(1.2)
1.2
(3.8)
44.3
–
(1.0)
0.2
0.6
44.1
35.7
10.7
(2.9)
(5.3)
(1.2)
1.2
38.2
Financial risk management
The Group has exposure to the following risks from its use of financial instruments:
• Credit risk
• Liquidity risk
• Currency risk
• Interest rate risk
The Board has overall responsibility for establishing appropriate management of exposure to risk. The Audit Committee oversees how
management identifies and addresses risks to the Group.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
173
Financial statements�25 Financial instruments continued
Capital management
The Board’s policy is to maintain a strong capital base so as to maintain investor, creditor and market confidence and to sustain future
development of the business.
The Group monitors capital on the basis of the gearing ratio. This ratio is calculated as net cash/(debt) 1 divided by total capital. Net cash/(debt) 1
is calculated as total borrowings as shown in the Consolidated Balance Sheet, less cash and cash equivalents. Total capital is calculated as
equity, as shown in the Consolidated Balance Sheet, plus net debt 1. As at 31 May 2021 the Group’s gearing ratio was (45.5)% (2020: 1.9%).
Financial instruments policy
All instruments utilised by the Company and Group are for financing purposes. The financial management and treasury activities of the
Group are controlled centrally for all operations with local finance teams responsible for day-to-day banking activities.
Fair value of financial instruments
As at 31 May 2021 the Group and Company had no other financial instruments other than those disclosed below. In addition, no embedded
derivatives have been identified. There have been no transfers between levels in the year.
The following table presents the Group’s financial assets and liabilities that are measured at fair value by level of fair value hierarchy:
• Quoted prices (unadjusted) in active markets for identical assets or liabilities (level 1)
• Inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (that is, as prices)
or indirectly (that is, derived from prices) (level 2)
• Inputs for the asset or liability that are not based on observable market data (unobservable inputs) (level 3)
Borrowings are held at amortised cost which is considered to equate to fair value. All other assets and liabilities are held at either fair value
or their carrying value which approximates to fair value.
Financial assets at fair value through profit or loss
Derivative financial instruments – cash flow hedge
Total financial instruments
Level 1
£m
–
–
–
2021
Level 2
£m
0.3
(0.8)
(0.5)
Level 3
£m
Level 1
£m
–
–
–
–
–
–
2020
Level 2
£m
0.3
–
0.3
Level 3
£m
–
–
–
Credit risk
Credit risk is the risk of financial loss to the Group if a customer or counterparty to a financial instrument fails to meet its contractual
obligations and arises principally from the Group’s receivables from customers. The Group’s exposure to credit risk is influenced mainly
by the individual characteristics of each customer.
Exposure to credit risk
The carrying value of financial assets represents the maximum credit exposure. The maximum exposure to credit risk at the reporting date was:
Trade receivables
Other receivables
Accrued income
Cash and cash equivalents
Total
Group
2021
£m
35.2
1.9
22.9
116.5
176.5
Group
2020
£m
41.6
0.9
18.0
95.0
155.5
Company
2021
£m
Company
2020
£m
–
–
–
0.6
0.6
–
–
–
6.8
6.8
The maximum exposure to credit risk for trade receivables and other receivables at the reporting date by geographic region was:
Debtors by geographical segment
UK and APAC *
North America
Europe
Total
Group
2021
£m
17.0
11.0
9.1
37.1
Group
2020
(restated) 2
£m
21.9
13.5
7.1
42.5
Company
2021
£m
Company
2020
£m
–
–
–
–
–
–
–
–
* With the continuing growth and formation of a European division we have changed geographical segments in line with how this information is reported to the Board and
managed on an ongoing basis and have restated prior year figures on a like-for-like basis. The APAC division was previously included within the segment Europe and APAC.
174
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�25 Financial instruments continued
Exposure to credit risk continued
The maximum exposure to credit risk at the reporting date by business segment was:
Debtors by business segment
Assurance
Software Resilience
Total
Group
2021
£m
30.0
7.1
37.1
Group
2020
£m
35.4
7.1
42.5
Company
2021
£m
Company
2020
£m
–
–
–
–
–
–
The trade receivables of the Group typically comprise many amounts due from a large number of customers and represent a spread of industry
sectors. The largest amount due from a single customer at the reporting date represented 3.9% (2020: 9.2%) of total Group receivables.
The prior year figure is considered to be exceptionally high due to a high value of sales in the latter part of the year ended 31 May 2020
which were substantially settled by cash receipts. All of the Group’s cash is held with financial institutions of high credit rating.
The provisions in respect of trade receivables are used to record expected credit losses. The Group has dedicated credit control teams
which regularly review customer debt balances to assess the risk of recovery.
Liquidity risk
Liquidity risk is the risk that the Group will not be able to meet its financial obligations as they fall due. The Group manages and minimises
liquidity risk by using global cash management solutions and actively monitoring both actual and projected cash outflows to ensure that
it will have sufficient liquidity to meet its liabilities when due and have headroom to provide against unforeseen obligations.
In response to Covid-19, the Group has undertaken regular detailed reviews of both the potential short-term effects of the pandemic on
working capital and the longer-term forecast liquidity position. Cash collections have remained strong and, though the Group took advantage
of governmental tax payment deferrals during the year, these have been unwound as at 31 May 2021. Longer term, the Group has assessed
its liquidity forecast as part of the viability assessment and its ability to continue trading as a going concern. For further detail on the Group’s
assessment of liquidity risk refer to the Viability Statement on page 48.
The following are the contractual maturities of financial liabilities, including interest payments, of the Group:
At 31 May 2021
Borrowings
Lease liabilities
Trade and other payables
At 31 May 2020
Borrowings
Lease liabilities
Trade and other payables
Carrying
amount
£m
Contractual
cash flows
£m
(33.2)
(34.4)
(45.2)
(99.2)
(38.2)
(46.4)
(34.7)
(39.6)
(45.2)
(104.4)
(44.8)
(46.4)
<1 year
£m
(0.3)
(6.3)
(45.2)
(1.1)
(6.4)
(46.4)
1–2
years
£m
(0.3)
(5.7)
–
(1.1)
(5.6)
–
2+
years
£m
(34.1)
(12.8)
–
(102.2)
(13.5)
–
5+
years
£m
–
(14.8)
–
–
(19.3)
–
The contractual cash flows for borrowings disclosed above relate to the Group’s RCF facility, which terminates in June 2024. The contractual
cash flows include an estimate of the interest payable based on the assumption that the facility was fully drawn at £100m, and is calculated
based on SONIA plus a margin of 0.9% based on the current leverage ratio.
Currency risk
The Group is exposed to currency risk on sales, purchases, cash and borrowings that are denominated in a currency other than the respective
functional and presentational currency of the Group. The Group’s management reviews the size and probable timing of settlement of all
financial assets and liabilities denominated in foreign currencies. The Group’s exposure to currency risk is as follows:
Trade receivables
Other receivables
Cash and cash equivalents
Borrowings
Lease liabilities
Trade and other payables
Sterling
£m
14.8
0.8
85.0
(30.4)
(21.5)
(27.3)
EUR
£m
9.1
–
16.1
–
(2.1)
(7.6)
Total
21.4
15.5
2021
USD
£m
10.4
0.6
7.3
(2.8)
(8.6)
(6.9)
–
Other
£m
0.9
0.5
8.1
–
(2.2)
(3.4)
3.9
Total
£m
35.2
1.9
116.5
(33.2)
(34.4)
(45.2)
40.8
Sterling
£m
16.9
0.7
30.3
(49.9)
(24.2)
(20.9)
(47.1)
2020
USD
£m
17.6
–
40.0
(49.3)
(10.6)
(9.0)
EUR
£m
5.0
–
17.7
–
(2.5)
(13.2)
Other
£m
2.1
0.2
7.0
–
(0.9)
(3.3)
Total
£m
41.6
0.9
95.0
(99.2)
(38.2)
(46.4)
7.0
(11.3)
5.1
(46.3)
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
175
Financial statements�25 Financial instruments continued
Currency risk continued
A change in exchange rate of 10% would have an impact of £15.2m (2020: £14.8m) on revenue, £2.7m (2020: £1.9m) on operating profit,
£8.1m (2020: £7.9m) on net assets and £0.3m (2020: £4.9m) on borrowings.
The Group’s risk management policy is to hedge foreign currency exposure in respect of significant material transactions that may arise
from time to time. At 31 May 2021, the Group had entered into one cash flow hedge in respect of funds to be used as part of the acquisition
of the IPM Software Resilience business. The Group uses forward exchange contracts to hedge its currency risk, which are short term in
nature to match the maturity of the hedged item. These contracts are generally designated as cash flow hedges.
The Group designates the spot element of forward foreign exchange contracts to hedge its currency risk and applies a hedge ratio of 1:1.
The forward elements of forward exchange contracts are excluded from the designation of the hedging instrument and are separately
accounted for as a cost of hedging, which is recognised in equity in a cost of hedging reserve. The Group’s policy is for the critical terms
of the forward exchange contracts to align with the hedged item.
The Group determines the existence of an economic relationship between the hedging instrument and hedged item based on the currency,
amount and timing of their respective cash flows. Given the short-term nature of these hedges there is limited risk of ineffectiveness.
At 31 May 2021, the Group held the following instruments to hedge exposures to changes in foreign currency rates, all of which were due
to mature within one month of the Balance Sheet date.
Forward exchange contracts
Net exposure (£m)
Average GBP:USD forward contract rate
2021
£m
70.7
1.402205
2020
£m
–
–
Interest rate risk
The Group and Company finance their operations through a combination of retained profits and bank borrowings. The Group borrows and
invests surplus cash at floating rates of interest based upon bank base rate. The cash and cash equivalents of the Group and Company at
the end of the financial year were as follows:
Group
Sterling denominated financial assets
Euro denominated financial assets
US Dollar denominated financial assets
Other denominated financial assets
Total
The financial assets and liabilities of the Company at the end of the financial year were as follows:
Company
Financial assets
Sterling denominated financial assets
Amounts owed by Group undertakings
Total
Financial liabilities
Amounts owed to Group undertakings
Total
2021
£m
85.0
16.1
7.3
8.1
116.5
2020
£m
30.3
17.7
40.0
7.0
95.0
2021
£m
2020
£m
0.6
162.6
163.2
13.5
13.5
6.8
142.0
148.8
13.0
13.0
A change of 100 basis points in interest rates would result in a difference in annual pre-tax profit of £0.3m (2020: £1.0m). The Directors
do not consider that the LIBOR reform will impact the Group significantly in the medium term, apart from a change in the benchmark used
within the Group’s borrowing facilities.
176
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�25 Financial instruments continued
Interest rate risk continued
The financial liabilities of the Group and their maturity profile are as follows:
Less than one year
Two to five years
More than five years
Total
Sterling
£m
(29.5)
(39.8)
(10.0)
(79.3)
2021
USD
£m
(8.3)
(8.4)
(1.6)
EUR
£m
(8.4)
(1.2)
–
Other
£m
(4.1)
(1.5)
–
Total
£m
(50.3)
(50.9)
(11.6)
Sterling
£m
(23.6)
(57.9)
(13.5)
EUR
£m
(14.1)
(1.5)
(0.1)
2020
USD
£m
(10.4)
(55.0)
(3.5)
Other
£m
(3.6)
(0.5)
(0.1)
Total
£m
(51.7)
(114.9)
(17.2)
(9.6)
(18.3)
(5.6)
(112.8)
(95.0)
(15.7)
(68.9)
(4.2)
(183.8)
26 Share-based payments
The Company has a number of share option schemes under which options to subscribe for the Company’s shares have been granted to Directors
and employees, details of which are illustrated in the tables below. Expected term of options represents the period over which the fair value
calculations are based. The share-based payment charge for the year was £2.8m (2020: £1.4m) of which £2.3m (2020: £1.3m) related to equity
settled payments and £0.5m (2020: £0.1m) to cash settled payments. The share-based payments charge increased during the year due to
the introduction of new schemes in the year with a higher fair value than historical schemes that have reached maturity in the current year.
Company Share Option (CSOP) scheme – equity settled
Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than 10% per annum.
Options granted in September 2019 do not have any performance criteria.
Date of grant
July 2012
August 2018
August 2018
September 2019
Expected term
of options
Exercisable
between
7 years
7 years
7 years
7 years
July 2015–July 2022
August 2021–August 2028
August 2021–August 2028
September 2022–September 2029
Exercise
price
£1.36
£2.20
£2.20
£1.79
2021
Number
outstanding
58,812
49,995
18,180
363,106
Sharesave schemes – equity settled
The Company operates sharesave schemes, which are available to all employees based in the UK, the Netherlands, Denmark, Spain
and Australia, and full-time Executive Directors of the Company and its subsidiaries who have worked for a qualifying period.
Date of grant
August 2017
March 2018
August 2018
March 2019
March 2020
March 2020
May 2021
May 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
October 2020–March 2021
May 2021–October 2021
October 2021–March 2022
May 2022–October 2022
May 2023–October 2023
May 2023–October 2023
July 2023–December 2023
July 2023–December 2023
Exercise
price
£1.56
£1.58
£1.75
£0.99
£1.84
£1.84
£2.15
2021
Number
outstanding
17,352
4,488
372,284
290,598
641,870
324,827
194,391
£2.15 1,053,110
Employee stock purchase plan – equity settled
The Company operates a stock purchase plan, which is available to all US-based employees who have worked for a qualifying period.
All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at year end.
Date of grant
February 2020
May 2021
Expected term
of options
Exercisable
in
1 year
1 year
February 2021
May 2022
Exercise
price
£1.93
£2.15
2021
Number
outstanding
439,735
249,580
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
177
Financial statements�26 Share-based payments continued
Incentive Stock Option (ISO) scheme – equity settled
Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the three
years following their grant is greater than 10% per annum.
Date of grant
August 2018
September 2019
Expected term
of options
Exercisable
between
7 years
7 years
August 2021–August 2028
September 2022–September 2029
Exercise
price
£2.22
£1.82
2021
Number
outstanding
9,016
65,928
Long Term Investment Plan (LTIP) schemes – equity settled
Options granted on or after November 2017 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an increase in Group EPS of 9% over three years. If growth is equal to 20% or more per annum then
100% of the award will vest. If, however, growth is less than 9% per annum, none of the award will vest. Between these two points, vesting
is determined on a straight-line basis
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than 70%
per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum then 100% of the award will vest. If, however, cash
conversion is less than 70% per annum, none of the award will vest. Between these two points, vesting is determined on a straight-line basis
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment trusts).
If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the award will vest. If the TSR is within
the upper quartile or above, 100% of the award will vest; between the median and upper quartile, vesting is determined on a straight-line basis
Date of grant
August 2018
September 2019
March 2020
May 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
June 2021–August 2021
June 2022–August 2022
June 2022–August 2022
June 2023–August 2023
Exercise
price
2021
Number
outstanding
£nil *
860,611
£nil * 1,129,172
£nil *
194,116
£nil
682,427
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
Restricted State Unit (RSU) schemes – equity settled
Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an increase in Group EPS of 9% over three years. If growth is equal to 20% or more per annum then
100% of the award will vest. If, however, growth is less than 9% per annum, none of the award will vest. Between these two points, vesting
is determined on a straight-line basis
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than 70%
per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum then 100% of the award will vest. If, however, cash
conversion is less than 70% per annum, none of the award will vest. Between these two points, vesting is determined on a straight-line basis
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment trusts).
If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the award will vest. If the TSR is
within the upper quartile or above, 100% of the award will vest; between the median and upper quartile, vesting is determined on a straight-line basis
The options are to be settled in equity.
Date of grant
August 2018
September 2019
May 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
June 2021–August 2021
June 2022–August 2022
June 2023–August 2023
Exercise
price
£0.01
£0.01
£0.01
2021
Number
outstanding
227,501
639,465
138,554
Restricted Share Plan (RSP) – equity settled
The vesting condition for the award of RSPs relate to colleagues remaining with the Group for a certain period of time, namely two years
to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.
Date of grant
28 May 2021
Expected term
of options
Exercisable
between
Exercise
price
2021
Number
outstanding
2/3 years
50% exercisable August 2022 to August 2031,
50% exercisable August 2023 to August 2031
Nil (£0.01 in the US
and Canada)
1,200,000
178
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�26 Share-based payments continued
Deferred share scheme – equity settled
Date of grant
September 2019
May 2021
Expected term
of options
Exercisable
between
2 years
2 years
June 2021–August 2029
August 2022–April 2031
Exercise
price
2021
Number
outstanding
£nil *
£nil
61,694
18,937
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
Phantom schemes – cash settled
Phantom schemes are used to allow the grant of LTIPs to members of the Executive Committee based in certain overseas locations at a time
when the Group’s option scheme rules were not structured to allow overseas grants. The vesting conditions for the award of the phantom
schemes, related to options granted in August 2016, relate to growth in the Group’s EPS over the performance period. If growth is equal
to 25% or more per annum then 100% of the award will vest. If, however, growth is less than 10% per annum, none of the award will vest.
Between these two points, vesting is determined on a straight-line basis.
Options granted in October 2017 and November 2017 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an increase in Group EPS of 9%. If growth is equal to 20% or more per annum then 100% of the award will vest.
If, however, growth is less than 9% per annum, none of the award will vest. Between these two points, vesting is determined on a straight-line basis
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than 70%
per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum then 100% of the award will vest. If, however, cash
conversion is less than 70% per annum, none of the award will vest. Between these two points, vesting is determined on a straight-line basis
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment trusts).
If the Group’s TSR is consistent with the median group 20% of the award will vest; below this level, none of the award will vest. If the TSR is within
the upper quartile or above, 100% of the award will vest; between the median and upper quartile, vesting is determined on a straight-line basis
Options granted in September 2019 do not have any performance criteria.
Date of grant
October 2017
November 2017
September 2019
Expected term
of options
Exercisable
between
3 years
3 years
3 years
June 2020–October 2021
June 2020–November 2021
September 2022–September 2023
Exercise
price
2021
Number
outstanding
£nil *
£nil *
£nil *
113,120
8,189
67,036
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
Measurement of fair values
The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date of grant.
The fair value is spread over the period during which the employee becomes unconditionally entitled to the award, adjusted to reflect actual
and expected levels of vesting. Black Scholes and binomial models have been used to calculate the fair values of options on their grant date
for all options issued after 7 November 2002, which had not vested by 1 January 2005.
The assumptions used in the model are illustrated in the table below:
Grant date
Fair value at
measurement date
Exercise price
Expected
volatility
Option
expected term
Risk free
interest rate
CSOP scheme
July 2012–September 2019
£0.35–£0.63 £1.36–£2.20
35.0–48.0%
7 years
0.35–2.75%
Sharesave scheme
August 2017–May 2021
£0.67–£0.88 £0.99–£2.15
39.7–53.2%
3 years
0.50–2.20%
ESPP scheme
February 2020–May 2021
£0.55–£0.68 £1.93–£2.15
37.60%
1 year
0.50%
ISO scheme
LTIP scheme
RSU scheme
RSP scheme
August 2018–September 2019
£0.54–£0.65
£1.82–£2.22
40.7–48.4%
7 years
0.38–1.50%
November 2017–May 2021
£1.61–£2.87
£nil * 37.4–51.5%
3 years
0.21–2.00%
August 2018–May 2021
£1.60–£2.87
£nil *–£0.01
47.6–51.5%
3 years
0.32–2.00%
May 2021
£2.85
£nil *
N/A
10 years
N/A
Deferred shares
September 2019–May 2021
£1.84–£2.91
£nil * 40.4–55.0%
2 years
0.35–1.50%
Phantom schemes
October 2017–September 2019
£1.84–£2.75
£nil * 31.0–47.6%
3 years
1.81–1.96%
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
The expected volatility has been based on an evaluation of the historical volatility of the Company’s share price, particularly over the historical period
commensurate with the expected term. The expected term of the instruments has been based on historical experience and general option holder
behaviour. For the options granted in the year ended 31 May 2021, dividend yield assumed at the time of option grant is 2.5% (2020: 2.7%).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
179
Financial statements�26 Share-based payments continued
Reconciliation of outstanding share options
The options outstanding at 31 May 2021 have an exercise price in the range of £nil to £2.22 (2020: £nil to £2.22) and a weighted average
contractual life of three years (2020: three years).
The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share awards
during the year:
Outstanding at 1 June
Granted during the year
Exercised during the year
Forfeited in the year
Outstanding at 31 May
Exercisable at end of year
Scheme
CSOP schemes
Sharesave/SAYE schemes
ESPP schemes
ISO schemes
LTIP schemes
RSU schemes
RSP scheme
Deferred shares
Phantom schemes
2021
No (’000)
8,995
3,537
(1,821)
(1,217)
9,494
363
2021
WAEP
£0.83
£0.91
£0.88
£0.59
£0.79
£1.13
2020
No (’000)
7,326
4,438
(1,098)
(1,671)
8,995
385
2020
WAEP
£1.01
£0.88
£1.35
£1.39
£0.83
£0.99
Number of
instruments
as at
1 June 2020
543,584
Instruments
granted during
the year
Options
exercised in
the year
Forfeitures
in the year
Number of
instruments
as at
31 May 2021
–
(22,056)
(31,435)
490,093
3,363,817
1,247,501 (1,297,852)
(414,546) 2,898,920
439,735
249,580
91,426
–
–
–
–
689,315
(16,482)
74,944
3,173,813
682,427
(381,414)
(608,500) 2,866,326
1,122,146
138,554
(108,945)
(146,235) 1,005,520
–
1,200,000
–
72,687
188,345
18,937
(10,993)
–
–
– 1,200,000
–
–
80,631
188,345
8,995,553
3,536,999 (1,821,260)
(1,217,198) 9,494,094
The liability for the cash settled share-based payments at 31 May 2021 was £0.5m (2020: £0.3m).
27 Called up share capital and reserves
Allotted, called up and fully paid
Ordinary shares of 1p each at the beginning of the year
Ordinary shares of 1p each issued in the year
Ordinary shares of 1p each at the end of the year
2021
Number
of shares
2020
Number
of shares
278,909,171 277,830,625
30,046,874
1,078,546
308,956,045 278,909,171
2021
£m
2.8
0.3
3.1
2020
£m
2.8
–
2.8
During the year, 2,140,474 (2020: 1,078,546) new ordinary shares of 1p were issued as a result of the exercise of share options.
The proceeds of £2.4m (2020: £1.1m) were credited to the share premium account.
During the year, 27,906,400 (2020: nil) new ordinary shares of 1p were issued as part of funding the acquisition of the IPM Software
Resilience business. Of the gross proceeds of £72.6m, £72.3m (2020: £nil) were credited to the share premium account net of issue
costs of £2.4m. See Note 35 for further details.
As at 31 May 2021, no shares were held in treasury (2020: nil).
Share premium
The share premium account records the difference between the nominal amount of shares issued and the fair value of the consideration
received. The share premium account may be used for certain purposes specified by UK law, including to write off expenses incurred on any
issue of shares and to pay fully paid bonus shares. The share premium account is not distributable but may be reduced by special resolution
of the Company’s ordinary shareholders and with court approval.
180
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�27 Called up share capital and reserves continued
Hedging reserve
The hedging reserve comprises the effective portion of the cumulative net change in the fair value of hedging instruments used in cash flow
hedges pending subsequent recognition in profit or loss or directly included in the initial cost or other carrying amount of a non-financial
asset or non-financial liability.
Merger reserve
The merger reserve arose in 2015 from the acquisition of Accumuli plc through a share-for-share exchange in part consideration for the business.
Currency translation reserve
The results of overseas operations are translated at the average foreign exchange rates for the year, and their balance sheets are translated
at the rates prevailing at the Balance Sheet date. Exchange differences arising on the translation of opening net assets and results of overseas
operations are recognised in the currency translation reserve. All other exchange differences are included in the Income Statement.
Retained earnings
Retained earnings for the Group are made up of accumulated reserves.
For the Company, retained earnings are made up of accumulated reserves and are considered distributable reserves.
28 Profit attributable to members of the Parent Company
The profit for the year dealt with in the accounts of the Parent Company was £25.0m (2020: £6.0m).
29 Other financial commitments
Non-cancellable lease rental costs are payable as follows:
Within one year or less
2021
2020
Land and
buildings
£m
–
Other
£m
–
Land and
buildings
£m
0.1
Other
£m
–
The lease commitments disclosed above represent short-term (less than one year) leases only, for which the Group has taken the exemption
from accounting for under IFRS 16.
30 Contingencies
There are no contingent liabilities not provided for at the end of the financial year (2020: £nil). Similarly, there are no contingent assets (2020: £nil).
31 Pension scheme
The Group operates a defined contribution pension scheme that is open to all eligible employees. The pension cost charge for the year
represents contributions payable by the Group to the fund and amounted to £5.3m (2020: £5.6m).
For the Company, the pension cost charge for the year represents contributions payable by the Company to the fund and amounted to £nil
(2020: £nil).
32 Related party transactions
The Group’s key management personnel comprise the Directors of the Group. Details of the remuneration paid to key management
personnel are as follows:
Group
Salary costs (including bonus)
Share-based payments
Total
There were no other related party transactions during the year.
2021
£m
1.8
0.4
2.2
2020
£m
1.3
0.2
1.5
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
181
Financial statements�33 Investments in subsidiary undertakings
Company
At 1 June 2019
Increase in subsidiary investment for share-based charges
At 31 May 2020
Increase in subsidiary investment for share-based charges
Investment in subsidiary undertakings
At 31 May 2021
Shares in
Group
undertakings
£m
75.2
3.1
78.3
2.8
70.7
151.8
On 26 May 2021, the Company acquired 70,700,000 ordinary shares of £0.01 in NCC Group Holdings Limited for a consideration of £70,700,000.
Fixed asset investments are recognised at cost.
The undertakings in which the Company has a 100% interest at 31 May 2021 are as follows:
Subsidiary undertakings
Country of incorporation
Principal activity
Registered office
NCC Group Holdings Limited
England and Wales Holding company
XYZ Building, 2 Hardman Boulevard,
Spinningfields, Manchester M3 3AQ (XYZ)
NCC Group (Solutions) Limited
England and Wales Holding company
NCC Group Corporate Limited
England and Wales
Corporate cost centre
NCC Group Finance Limited
England and Wales
Financing company
The National Computing Centre Limited
England and Wales Dormant
NCC Group Software Resilience Limited
England and Wales Holding company
NCC Group Software Resilience
(UK) Limited
England and Wales Holding company
NCC Services Limited
England and Wales
Software Resilience
and central/
head office costs
NCC Group Escrow Limited
England and Wales Dormant
NCC Group Software Resilience
(Europe) BV
Netherlands
Holding company
NCC Group GmbH
Germany
Software Resilience
NCC Group Escrow Europe BV
Netherlands
Software Resilience
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
Van Heuven Goedhartlaan 13A, 1181LE
Amstelveen, the Netherlands
c/o Deloitte Legal Rechtsanwaltsgesellschaft
mbH, Rosenheimer Platz 6, 81669, Munich,
Bavaria, Germany
Van Heuven Goedhartlaan 13A, 1181LE
Amstelveen, the Netherlands
NCC Group Escrow Europe
(Switzerland) AG
NCC Group Software Resilience
(MEA-APAC) Limited
NCC Group FZ-LLC
Switzerland
Software Resilience
Ibelweg 18A, 6300 Zug, Switzerland
England and Wales Holding company
XYZ 1
United Arab
Emirates
Software Resilience
Office 30, Building 16, Dubai Internet City,
Dubai, UAE
NCC Group Cyber Security Limited
England and Wales Holding company
NCC Group Cyber Security (UK) Limited
England and Wales Holding company
NCC Group Security Services Limited
England and Wales
Assurance
NCC Group Audit Limited
ArmstrongAdams Limited
England and Wales
Assurance
England and Wales
Assurance
NCC Group Signify Solutions Limited
England and Wales
Assurance
NCC Group Accumuli Security Limited
England and Wales
Assurance
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
182
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021
�33 Investments in subsidiary undertakings continued
Subsidiary undertakings
Country of incorporation
Principal activity
Registered office
NCC Group Cyber Security (Europe) BV
Netherlands
Holding company
NCC Group A/S
Denmark
Assurance
NCC Group UAB
NCC Group Security Services Espana
SLU
Lithuania
Spain
Assurance
Assurance
Cyber Assurance Sweden AB
Sweden
Assurance
Fox-IT Holding B.V.
Netherlands
Holding company
Fox-IT Group B.V.
Fox-IT B.V.
Fox-IT Operations B.V.
Fox Crypto B.V.
Netherlands
Netherlands
Netherlands
Netherlands
Holding company
Assurance
Assurance
Assurance
NCC Group Cyber Security (APAC) Limited England and Wales Holding company
NCC Group Pte Limited
NCC Group Pty Limited
Singapore
Australia
Assurance
Assurance
NCC Group Japan KK
Japan
Assurance
Van Heuven Goedhartlaan 13A, 1181LE
Amstelveen, the Netherlands
2nd Floor, Svanevej 12, DK–2400 København
NV, Denmark
Vilnius, Jogailos st. 9, Lithuania
Calle Serrano Galvache, 56, Edificio Abedul,
4a planta, 28033 Madrid, Spain
c/o Advokatfirman Delphi, P.O. Box 1432, 111
84 Stockholm
Olof Palmestraat 6, 2616 LM Delft,
the Netherlands (Fox-IT 3)
Fox-IT 3
Fox-IT 3
Fox-IT 3
Fox-IT 3
XYZ 1
20 Collyer Quay, #19-03, Singapore (049319)
Level 13, 92 Pitt Street, Sydney NSW 2000,
Australia
Level 18, Yesibu Garden Place Tower, 4-20-3
Ebisu Shibuya-Ku, Tokyo
650 California Street, Suite 2950, San Francisco,
CA 94108, USA (North America HQ 2)
NCC Group (Americas) Inc.
NCC Group, LLC
USA
USA
Holding company
Software Resilience and
central/head office costs
North America HQ 2
NCC Group Cyber Security (Americas), LLC USA
Holding company
North America HQ 2
NCC Group Security Services, Inc.
NCC Group Secure Registrar, Inc.
NCC Group Domain Services, Inc.
USA
USA
USA
Assurance
Domain services
Domain services
North America HQ 2
North America HQ 2
North America HQ 2
NCC Group Security Services Corporation
Canada
Assurance
2800 Park Place, 666 Burrard Street,
Vancouver, BC V6C 2Z7, Canada
Payment Software Company, Inc.
USA
Assurance
North America HQ 2
Payment Software Company Limited
England and Wales
Assurance
XYZ 1
NCC Group Software Resilience
(Americas), LLC
USA
Holding company
North America HQ 2
NCC Group Escrow Associates, LLC
USA
Software Resilience
North America HQ 2
NCC Group Software Resilience (NA), LLC
USA
Software Resilience
North America HQ 2
The undertakings in which the Company holds less than a 100% interest at the year end are as follows:
Undertaking
Deposit AB
% interest
Country of incorporation
Principal activity
24%
Sweden
Software Resilience
The Directors consider the above ownership structure and no Board representation give rise to no significant influence over the undertaking.
Accordingly, the undertaking has not been consolidated.
1 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ.
2 650 California Street, Suite 2950, San Francisco, CA 94108, USA.
3 Olof Palmestraat 6, 2616 LM Delft, the Netherlands.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
183
Financial statements�34 Prior year restatement
In April 2021, the IFRS Interpretations Committee (IFRIC) published an agenda decision on the clarification of accounting in relation
to the configuration and customisation costs incurred in implementing Software-as-a-Service (SaaS) as follows:
• Amounts paid to the cloud vendor for configuration and customisation that are not distinct from access to the cloud software are
expensed over the SaaS contract term
• In limited circumstances, other configuration and customisation costs incurred in implementing SaaS arrangements may give rise
to an identifiable intangible asset, for example, where code is created that is controlled by the entity
• In all other instances, configuration and customisation costs will be expensed as the customisation and configuration services are received
Due to the nature of this agenda decision and the level of spend incurred in relation to the Group’s Securing Growth Together digital
transformation programme, the Group’s accounting policy in relation to such customisation and configuration costs has been reviewed and
changed to align with the IFRIC guidance issued in relation to Software-as-a-Service (SaaS) costs previously capitalised. The restatement
represents a non-cash adjustment.
The revision to the accounting policy has been accounted for retrospectively resulting in a prior year restatement.
The Group identified £17.8m additions made in the years ending 31 May 2019 and 31 May 2020 in relation to software and development costs.
£7.9m of these costs capitalised for the year ended 31 May 2020 related to cloud computing arrangements that should be expensed after the
consideration of the IFRIC guidance and a further £3.6m for the year ended 31 May 2019. In relation to the year ended 31 May 2020 assets,
£1.4m of amortisation was charged, which is to be reversed. A further £0.2m of costs capitalised are to be reclassified to prepayments.
These costs give rise to a reduction in the tax charge for the year ended 31 May 2020 of £1.2m and a corresponding increase in the Group’s
deferred tax asset.
The affected financial statement line items are as follows:
31 May 2020
Income Statement impact
Depreciation and amortisation
Individually Significant Items – expense cloud configuration and customisation costs previously capitalised
Operating profit
Profit before taxation
Taxation
Profit for the year
Basic EPS
Diluted EPS
Balance Sheet impact
Expense cloud configuration and customisation costs previously capitalised
Amounts reclassified to prepayments in relation to cloud computing arrangements (restated)
Reversal of amortisation on cloud configuration and customisation costs previously capitalised
Other intangible assets
Deferred tax assets
Total non-current assets
Trade and other receivables
Current assets
Net assets
Retained earnings
Total equity
184
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
31 May 2020
(previously
reported)
£m
Restatement
£m
31 May 2020
(restated)
£m
(25.0)
–
19.1
16.1
(4.4)
11.7
4.2p
4.2p
–
–
–
39.2
0.5
275.7
73.2
169.7
214.1
(13.8)
214.1
1.4
(7.9)
(6.5)
(6.5)
1.2
(5.3)
(1.9p)
(1.9p)
(11.5)
(0.2)
1.5
(10.2)
1.8
(8.4)
0.2
0.2
(8.2)
(8.2)
(8.2)
(23.6)
(7.9)
12.6
9.6
(3.2)
6.4
2.3p
2.3p
(11.5)
(0.2)
1.5
29.0
2.3
267.3
73.4
169.9
205.9
(22.0)
205.9
Notes to the Financial Statements continuedfor the year ended 31 May 2021�34 Prior year restatement continued
31 May 2020
Cash Flow Statement impact
Profit for the year
Amortisation of software and development costs
Income tax expense
Net cash generated from operating activities
Software and development expenditure
Net cash used in investing activities
Net increase in cash and cash equivalents
31 May 2020
(previously
reported)
£m
Restatement
£m
31 May 2020
(restated)
£m
11.7
4.4
4.4
47.1
(10.4)
(13.2)
60.1
(5.3)
(1.4)
(1.2)
(7.9)
7.9
7.9
–
6.4
3.0
3.2
39.2
(2.5)
(5.3)
60.1
A third Balance Sheet has been presented in accordance with IAS 1 to illustrate the impact in the opening Balance Sheet for the prior
financial year. The Group identified that £3.6m of costs previously capitalised under cloud computing arrangements that should be expensed
and £0.1m of amortisation was charged, which is to be reversed.
These additional costs give rise to a reduction in the tax charge for the year of £0.6m and a corresponding increase in the deferred tax asset.
The opening Balance Sheet of the prior year has accordingly been restated to correct for these, as shown below. Balances at 1 June 2019
are those disclosed after the application of IFRS16 which was adjusted prospectively on inception. The affected financial statement line
items are as follows:
1 June 2019
Balance Sheet impact
Other intangible assets
Deferred tax assets
Total non-current assets
Net assets
Retained earnings
Total equity
1 June 2019
(previously
reported)
£m
Restatement
£m
1 June 2019
(restated)
£m
41.8
1.6
276.5
208.8
(14.0)
208.8
(3.5)
0.6
(2.9)
(2.9)
(2.9)
(2.9)
38.3
2.2
273.6
205.9
(16.9)
205.9
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
185
Financial statements�35 Post-Balance Sheet events
Acquisition of IPM business
On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially all of
the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain exclusively
related to the IPM business. The primary reasons for the business combination are to:
• Scale up the Group’s core business to create a global business and platform for further growth
• Generate revenue synergies through allowing the enlarged division to offer NCC’s broader suite of established verification services as well
as the newer Escrow-as-a-Service (EaaS) cloud offering to the IPM business’s existing customer base
• Present an exciting new opportunity to sell NCC’s cyber security services from its Assurance division into the IPM business’s broad and
blue-chip customer base in the medium term
• Be accretive to earnings per share from completion, even without factoring in revenue synergies
• Result in greater strategic strength for the future
Management considers shareholder approval of the transaction constitutes a change in control and therefore the date of shareholder
approval is considered to be the acquisition date for the transaction. Shareholder approval was granted on 1 June 2021 and the IPM
Software Resilience business will be consolidated into the Group results from that date (see Note 2).
Details of assets acquired that are subject to provisional fair value adjustments will be reported for the year ended 31 May 2022. The acquisition
for a total consideration of $220m was funded through an equity gross placing of £72.6m (see Note 27) on 17 May 2021 combined with a
new three year $70m term loan (see Note 24) and the remaining $98.2m funded via existing cash balances and our revolving credit facility.
The term loan was entered into on 12 May 2021 but not drawn down until 2 June 2021.
Costs directly attributable to the acquisition of the IPM business totalling £7.6m have been expensed during the year (see Note 5).
Issue costs of £2.4m were incurred as part of the equity placing and have been credited to the share premium account (see Note 27).
186
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Notes to the Financial Statements continuedfor the year ended 31 May 2021�Glossary of terms – Alternative Performance Measures (APMs)
APMs are the way that financial performance is measured by management and reported to the Board, and the basis of financial measures
for senior management’s compensation schemes, and provide supplementary information that assists the user in understanding the
underlying trading results.
APM
Closest equivalent
IFRS measure
Adjustments to reconcile to
IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Income Statement measures:
Adjusted
operating profit
Operating profit
or loss
Operating profit or loss
before amortisation of
acquired intangibles,
share-based payments and
Individually Significant Items
Adjusted
earnings before
interest, tax,
depreciation and
amortisation
(Adjusted
EBITDA)
Operating profit or
loss
Operating profit or loss,
before adjusting items,
depreciation and
amortisation, finance
costs and taxation
Adjusted
basic EPS
Statutory basic
EPS
Statutory basic EPS before
amortisation of acquired
intangibles, share-based
payments, Individually
Significant Items and
the tax effect thereon
3
Represents operating profit before amortisation
of acquired intangibles, share-based payments
and Individually Significant Items.
This measure is to allow the user to understand the
Group’s underlying financial performance as measured
by management, reported to the Board and used as
a financial measure in senior management’s
compensation schemes.
The Directors consider amortisation of acquired intangibles
is a non-cash accounting charge inherently linked to losses
associated with historical acquisitions of businesses.
The Directors consider share-based payments to be an
adjusting item on the basis that fair values are volatile
due to movements in share price, which may not be
reflective of the underlying performance of the Group.
Individually Significant Items are items that are
considered unusual by nature or scale, and are of such
significance that separate disclosure is relevant to
understanding the Group’s financial performance
and therefore requires separate presentation in the
Financial Statements in order to fairly present the
financial performance of the Group.
3
Represents operating profit before adjusting items,
depreciation and amortisation to assist in the
understanding of the Group’s performance.
Adjusted EBITDA is disclosed as this is a measure
widely used by various stakeholders and used by the
Group to measure the cash conversion ratio.
11
Represents basic EPS before amortisation of acquired
intangibles, share-based payments and Individually
Significant Items.
This measure is to allow the user to understand the
Group’s underlying financial performance as measured
by management, reported to the Board and used as
a financial measure in senior management’s
compensation schemes.
See further details above in relation to amortisation
of acquired intangibles and share-based payments.
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
187
Additional information �Glossary of terms – Alternative Performance Measures (APMs) continued
APM
Closest equivalent
IFRS measure
Adjustments to reconcile to
IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Balance Sheet measure:
Net cash/(debt)
excluding lease
liabilities
Total borrowings
(excluding lease
liabilities) offset
by cash and
cash equivalents
Net cash/(debt)
Total borrowings
(including lease
liabilities) offset
by cash and
cash equivalents
Cash flow measure:
Cash conversion
ratio
Ratio % of net
cash flow from
operating activities
before interest
and tax divided by
operating profit
Ratio % of net cash flow
from operating activities
before interest and tax
divided by EBITDA
3
3
3
Represents total borrowings (excluding lease liabilities)
offset by cash and cash equivalents. It is a useful
measure of the progress in generating cash, strengthening
of the Group Balance Sheet position, overall net
indebtedness and gearing on a like-for-like basis.
Net cash/(debt), when compared to available borrowing
facilities, also gives an indication of available financial
resources to fund potential future business investment
decisions and/or potential acquisitions.
Represents total borrowings (including lease liabilities)
offset by cash and cash equivalents. It is a useful measure
of the progress in generating cash, strengthening of the
Group Balance Sheet position, overall net indebtedness
and gearing including lease liabilities.
Net cash/(debt), when compared to available borrowing
facilities, also gives an indication of available financial
resources to fund potential future business investment
decisions and/or potential acquisitions.
The cash conversion ratio is a measure of how effectively
operating profit is converted into cash and effectively
highlights both non-cash accounting items within
operating profit and also movements in working capital.
It is calculated as net cash flow from operating activities
before interest and taxation (as disclosed on the face
of the Cash Flow Statement) divided by EBITDA for
continued and discontinued activities.
The cash conversion ratio is a measure widely used by
various stakeholders and hence is disclosed to show the
quality of cash generation and also to allow comparison
to other similar companies.
Constant currency and local currency revenue measures:
The Group also reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account
constant foreign exchange rates year on year. This involves translating comparative numbers to current year rates for comparability to enable
a growth factor to be calculated. In addition, the Group also reports these regions on a local currency basis to demonstrate the revenue
performance on a local basis. As these measures are not statutory revenue numbers, management considers these to be APMs.
188
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Glossary of terms – other terms
Other terms
Code
Adjusted
Adjusted earnings
Definition and usage
Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how
companies should be governed, applicable to UK-listed companies including NCC Group plc.
Any result described as adjusted excludes the impact of Individually Significant Items, and any tax
on any of these items.
Adjusted earnings is defined as statutory earnings before amortisation of acquisition intangibles,
Individually Significant Items and the share-based payments charge, net of the tax effect of
these items.
Adjusted operating profit margin 1
Calculated as Adjusted operating profit divided by revenue from continuing activities.
AGM
Annual General Meeting of shareholders of the Company held each year to consider ordinary and
special business as provided in the Notice of AGM.
Alternative Performance Measure
(APM)
An Alternative Performance Measure (which is denoted in each case or use thereof by a footnote)
is a non-GAAP performance metric used by management either internally or externally to present
management’s view of the underlying business performance. They are not superior to GAAP-based
measures and are simply an alternative way of looking at performance. See Note 3 for further information.
Board
The Board of Directors of the Company (for more information see pages 74 and 75).
Cash conversion ratio 1
Calculated as cash generated from operating activities before interest and taxation divided by
Adjusted EBITDA 1, expressed as a percentage.
CDO
CEO
CFO
CISO
Cyber Defence Operations.
Chief Executive Officer.
Chief Financial Officer.
Chief Information Security Officer.
Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual
Company, or to NCC Group plc and its subsidiaries collectively.
CPO
CTO
Chief People Officer.
Chief Technology Officer.
Directors/Executive Directors/
Non-Executive Directors
The Directors/Executive Directors and Non-Executive Directors of the Company whose names
are set out on pages 74 and 75 of this report.
EBIT
EBIT margin %
EBITDA
Earnings before interest and tax.
EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue.
Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit before
Individually Significant Items and adding back depreciation and amortisation charged.
EBITDA margin %
EBITDA divided by revenue.
EPS
FCA
Financial year
FRC
Free cash flow
FRS
Earnings per share. Profit for the year attributable to equity shareholders of the Parent allocated
to each ordinary share.
Financial Conduct Authority.
For NCC Group this is an accounting year ending on 31 May.
Financial Reporting Council.
Net cash from operating activities less net capital expenditure.
A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC).
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
189
Additional information �Glossary of terms – other terms continued
Other terms
Gross profit
Definition and usage
Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads
that are supporting the business as a whole as opposed to a specific revenue item.
Gross margin %/GM %
Calculated as gross profit divided by revenue from continuing activities.
HMRC
IAS or IFRS
Individually Significant Items
KPMG
LTIP
MD
MDR
Net debt 1
Ordinary shares
SAYE/Sharesave
Her Majesty’s Revenue & Customs, the tax collecting authority of the UK.
An International Accounting Standard or International Financial Reporting Standard, as issued by
the International Accounting Standards Board (IASB). IFRS is also used as the term to describe
international generally accepted accounting principles as a whole. Financial Statements are
prepared in accordance with IFRS as adopted by the EU.
Items that the Directors consider to be material in nature, scale or frequency of occurrence that
need to be excluded when calculating some non-GAAP performance measures in order to allow
users of the Financial Statements to gain a full understanding of the underlying business
performance. See Note 5 for further information.
The Company’s external auditor, KPMG LLP.
Long Term Incentive Plan established to align the interests of senior and Executive management
with those of shareholders. The plan is formally known as the NCC Group Long Term Incentive
Plan 2013 (approved by shareholders in 2013).
Managing Director.
Managed Detection and Response.
Total borrowings offset by cash and cash equivalents.
Voting shares entitling the holder to part ownership of a company.
Save As You Earn, being a tax efficient scheme to encourage colleague share ownership.
Software Resilience
Software Resilience represents our Escrow resilience services.
Subsidiary
TSC
TSR
A company or other entity that is controlled by NCC Group.
Technical Security Consulting.
Total shareholder return, which is share price growth plus dividends reinvested (where applicable)
over a specified period of time, divided by the share price at the start of the period.
190
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�Other information
Directors
Chris Stone
Adam Palser
Tim Kowalski
–
–
–
Chris Batterham
–
Non-Executive Chair
Chief Executive Officer
Chief Financial Officer
and Company Secretary
Senior Independent
Non-Executive Director
Jonathan Brooks –
Independent Non-Executive Director
Mike Ettling
Jennifer Duvalier
–
–
Independent Non-Executive Director
Independent Non-Executive Director
Company Secretary
Tim Kowalski
Registered and head office
XYZ Building
2 Hardman Boulevard
Spinningfields
Manchester
M3 3AQ
Registered number
4627044
Registered in England and Wales
Joint brokers and corporate finance advisers
Jefferies International Limited
100 Bishopsgate
London
EC2N 4JL
Peel Hunt LLP
Moor House
120 London Wall
London
EC2Y 5ET
Auditor
KPMG LLP
1 St Peter’s Square
Manchester
M2 3AE
Solicitors
DLA Piper UK LLP
1 St Peter’s Square
Manchester
M2 3DE
Bankers
HSBC UK Bank plc
2nd Floor
4 Hardman Square
Spinningfields
Manchester
M3 3EB
National Westminster Bank plc
1 Hardman Boulevard
Manchester
M3 3AQ
ING Bank N.V. London Branch
8–10 Moorgate
London
EC2R 6DA
Registrars
Equiniti
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
191
Additional information
�Financial calendar
Ex-dividend date
Record date
AGM
Dividend payment date
2022 half year end
2022 interim statement
2022 year end
2022 year end trading pre-close statement
2022 preliminary year end statement
These dates are provisional and may be subject to change.
14 October 2021
15 October 2021
4 November 2021
12 November 2021
30 November 2021
3 February 2022
31 May 2022
June 2022
July 2022
192
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
�NCC Group plc’s commitment to environmental stewardship is reflected in this
Annual Report.
The material is derived from sustainable resources and is FSC® certified.
Printed in the UK by Geoff Neal. Both the mill and the printer are certified to
ISO 14001 (Environmental Management System) and ISO 9001 (Quality
Management System).
��