Creating
value
Strong platform for
further growth
Annual report and accounts
for the year ended 31 May 2022
�Strong platform
for further growth
NCC Group is a global cyber and software resilience
business, operating across multiple sectors, geographies
and technologies. As society’s dependence on the
connected environment and associated technologies
increases, we use our global expertise to enable
organisations to assess, develop and manage their
cyber resilience posture to confidently take advantage
of the opportunities that sustain their business growth.
Read more online: www.nccgroup.com
GOVERNANCE
74 Chair’s introduction to governance
77 Governance framework
78 Board of Directors
80 Executive Committee
82
Board composition and division
of responsibilities
93 Shareholder engagement
94 Audit Committee report
100 Nomination Committee report
103 Cyber Security Committee report
106 Remuneration Committee report
128 Directors’ report
133 Directors’ responsibilities statement
STRATEGIC REPORT
Highlights
1
2
At a glance
4 Our investment case
5 Our strategic roadmap
Chair’s statement
6
8
Business review
12 Meet the CEO
13 Our continued Covid-19 response
14 Market outlook
16 Market dynamics
18 Business model
20 Market drivers
24 Stakeholder engagement
28 Strategy and KPIs
36 Sustainability
56
64
Chief Financial Officer’s review
Principal risks and uncertainties
FINANCIAL STATEMENTS
135 Independent auditor’s report
143 Consolidated income statement
143 Consolidated statement
of comprehensive income/(loss)
144 Consolidated balance sheet
145 Consolidated cash flow statement
147 Consolidated statement of changes
in equity
148 Company balance sheet
149 Company cash flow statement
150 Company statement of changes
in equity
151 Notes to the Financial Statements
ADDITIONAL INFORMATION
203 Glossary of terms – Alternative
Performance Measures (APMs)
205 Glossary of terms – other terms
207 Other information
208 Financial calendar
�Highlights
GAAP measures
Revenue
£314.8m
.
7
0
5
2
.
0
3
3
2
.
7
3
6
2
.
5
0
7
2
.
8
4
1
3
Operating profit 1
£34.7m
Basic EPS 1
7.4p
.
7
4
3
4
7
.
.
5
9
1
.
7
3
1
.
3
7
1
.
6
2
1
9
4
.
6
3
.
5
2
.
3
2
.
18
19
20
21
22
18
19
20
21
22
18
19
20
21
22
Alternative Performance Measures 1
Net (debt)/cash excluding lease liabilities 1
Adjusted operating profit 1
£(52.4)m
£48.1m
.
3
3
8
.
)
8
7
2
(
.
)
2
0
2
(
)
2
4
(
.
.
7
3
3
.
8
0
3
.
7
0
3
.
1
8
4
.
2
9
3
Adjusted EPS 1
10.8p
2
9
.
2
8
.
6
7
.
.
8
0
1
5
9
.
18
19
20
21
.
)
4
2
5
(
22
18
19
20
21
22
18
19
20
21
22
Footnotes
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
Headlines
Record revenue and profits
as we continue to successfully
execute our strategy
IPM integration substantially
complete with the focus
to increase revenue
and profitability
Strong Assurance revenue
growth, with H2 revenue
growth momentum
Software Resilience revenue
excluding IPM acquisition 1
declined by 1.4%, however
returned to growth in H2
Gross margin increased to 42.1%
due to the impact of the IPM
acquisition, offset by overall
Assurance margins and a
decline in our existing Software
Resilience business
Net debt excluding lease
liabilities increased to £52.4m
mainly due to IPM acquisition
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
1
Strategic report
�At a glance
NCC Group is a global cyber and software resilience business
operating across multiple sectors, geographies and technologies.
As society’s dependence on the connected environment and associated technologies
increases, we use our global expertise to enable organisations to assess, manage and
develop their cyber resilience posture to confidently take advantage of the opportunities
that sustain their business growth. This includes:
Getting the basics
of cyber hygiene
correct
Knowing what
and how to
prioritise
Mitigating the scarcity
of skilled resources
needed to deliver quality
improvement, change
and operations
Getting ahead and
responding to increasing
compliance, regulatory
and legislative burden
Quantifying cyber
spend efficiency
and return
on investment
Our divisions
Across our two divisions, we deliver solutions to match our customers’ goals, budgets and risk appetite, giving them peace
of mind that their most important assets – their business, software and personal data – are safe and secure.
Assurance
Software Resilience
We demystify cyber for our customers,
and ensure:
• Our customers understand the cyber threats and
vulnerabilities across their technology environments,
supply chains, processes and products
• Our customers maintain their licence to do business,
having achieved their governance, compliance
and accreditation objectives in a changing
regulatory environment
• Our customers’ resilience against ever-increasing cyber
threats is materially improved because of implementing
remediation plans and solutions
• Our customers can reduce risk and achieve greater
resilience for less investment
• Our customers can outsource their cyber defence
operations and increase their confidence in detecting
and responding to cyber events
We protect the development, supply
and use of business critical technology
and software applications:
• Our services ensure buyers are safeguarded from
supplier failure, software vulnerabilities and unforeseen
technology disruption
• Our on-premise and cloud offering can demonstrate
robust business continuity and risk mitigation, and
suppliers benefit from enhanced credibility and
intellectual property rights protection
• Our escrow contract services secure the long-term
availability of business critical software data
and applications
• Our verification services assure customers that
the knowledge and guidance are readily available
to manage, maintain or recreate an application
from the original source, should it ever be needed
• Our cloud Escrow-as-a-Service (EaaS) offering helps
customers transition to the cloud securely, so they can
adopt the latest technology with confidence
Read more on our markets on pages 14 to 17
Read more on our markets on pages 14 to 17
2
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
What we do�We operate as one global business, with in-country delivery
tailored to local needs and cultures, as well as a powerful global
delivery team to respond quickly to our customers’ challenges.
We have a significant market presence in the UK, Europe and North America,
and a growing footprint in Asia Pacific with offices in Australia, Japan and Singapore.
Key:
Our offices
Group revenues
Assurance revenue
Software Resilience revenue
UK and Asia Pacific
£140.0m
(2021: £127.9m)
North America
£120.9m
(2021: £90.0m)
Europe
£53.9m
(2021: £52.6m)
£258.5m
(2021: £233.9m) 67+
73+
Global Professional Services £189.0m
(2021: £172.2m)
£56.3m
(2021: £36.6m)
Software Resilience contracts £38.1m
(2021: £24.0m)
Global Managed Services £58.6m
(2021: £56.2m)
Verification services £18.2m
(2021: £12.6m)
Products £10.9m
(2021: £5.5m)
Read more on our markets on pages 14 to 17
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
3
Where we operateStrategic report23
+
4
+
0
+
M
33
+
M
�Our investment case
Focused on our growth agenda, we are well positioned
for further growth, regardless of any near-term volatility.
Building on the momentum in our global markets, we are confident in our ability to create long-term value for our customers, colleagues
and shareholders.
Excellent growth prospects in the cyber market
• The cyber challenges faced by organisations will continue to
grow for the foreseeable future. They are too nuanced and
complicated to be addressed by just installing technology;
cyber services firms have a great future: assessing the
current threats and resilience posture of organisations,
delivering quantifiable improvement in resilience and
outsourcing risk through managed services.
• The runway for cyber security investment remains significant,
moving towards becoming a larger, more recurring, perhaps
even mandated, form of spend. Opinium research across
more than 1,300 cyber security decision makers in APAC,
Europe and North America confirms an expected 10.1%
increase in global cyber budgets in 2023 and beyond.
Expected
10.1%
increase in global cyber security budgets in 2023
Momentum in profitable revenue growth
• Weathering attrition and wage inflation, we demonstrate
our ability to move rapidly to grow our core, capture new
market opportunities and deliver scalable, non-linear
growth that allows us to price for the value our customers
see from working with us.
16.4%
Revenue growth following
the acquisition of IPM
42.1%
Gross margin
£34.7m
Operating profit
2.1%
Delivered day rate growth
Stand-out cash generative ability
£54.8m
Net cash generated from
operating activities
101.9%
Cash conversion 1
NCC’s research capability has made
demonstrable improvements in security
beyond its direct work on client projects.”
Trusted by enviable customers globally
• The trust and calibre of our customers – from technology
giants on the US West Coast, to financial firms and
government institutions in Europe – validate our track
record in the global cyber market.
Seven
of our top ten customers in FY21 were also seven of our top ten
customers in FY22
World-leading capability in cyber
• With four generations, from baby boomers to Gen Z,
working side by side, our global headcount has grown by
24% in the last two years. We have over 700 consultants in
our Professional Services business, and nearly 400 in our
Managed Services business.
• We are a respected hub for diverse cyber talent. Many of
our alumni now work for remarkable organisations all
around the world.
• Our global resourcing means we match skills to demand
anywhere in the world – giving us scalability and margin
improvements amidst global competition for talent.
47%
Global cross charged days increase
Real impact on the future of our industry and the
shape of our markets
• The Forrester Wave™: European Cybersecurity Consulting
Providers, Q3 2021 report celebrates our approach to research
as a differentiator in the marketplace. This has included work
on the security and privacy of vaccine passports, and the
bluetooth keys for modern vehicles like Tesla.
• Our strategic threat intelligence helps over 800 customers
in 12 industry sectors, particularly finance, industrials and
technology, to stay ahead of evolving threats like ransomware.
30% of our threat detection is based on our own research.
• We are represented on the Open Source Security
Foundation Governing Board, a member of the UK
Department for Digital, Culture, Media and Sport Secure
Connected Places External Advisory Group and part of a
£11.6m consortium to offer security advice on a blueprint
for secure Quantum Data Centres.
• As a result of our evidence-based engagement, regulators
across three continents looking after more than 2,000
financial institutions now recognise software, technology
and data escrow agreements as a viable means of
managing third party technology risk.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
4
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Our strategic roadmap
Our connected society presents a world of opportunity
It is essential for us all to proactively manage any risk to our safety and security. Our mission is to help organisations to do this by keeping
their personal data, and the technology and devices they use, as well as the critical assets and software they rely on, safe and secure.
It’s what drives our strategic roadmap:
Mission
Vision
We exist to make the world safe and more secure.
To be the leading cyber resilience provider globally. Trusted to
protect and secure our customers’ critical assets. Sought after
for our complete people-led, technology-enabled cyber and
software resilience solutions that enable our customers to thrive.
Creating growth through transformation
We don’t stand still – we continually evolve and grow through our disciplined transformation programme. As our business grows,
organically and through acquisition, we focus on creating value for our stakeholders, as one firm, focused on our mission and vision.
Our five focus areas are:
Lead the market
Win business
Deliver excellence
Support growth
Develop our people
Read more on our strategy and KPIs on pages 28 to 35
Creating value for our customers
Cyber threats are pervasive, complicated and rapidly changing and there’s no such thing as a “silver bullet”. We help our customers
navigate through the complexity of cyber risks. Through our global research capability, threat intelligence, technical expertise
and full suite of services we guide customers through the risks to achieve cyber resilience.
Assess the
cyber risk
Develop their
cyber maturity
Manage their
cyber operation
Read more on our business model on pages 18 and 19
Our Code of Ethics and values
We are guided by our Code of Ethics – treating everyone and everything with respect. We have a set of values and behaviours,
which help us make decisions without the need for a comprehensive instruction manual:
We work together
We are brilliantly creative
We embrace difference
We take responsibility
Read more on our culture on pages 47 to 49
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
5
Strategic report�Chair’s statement
Strong platform for further growth
Introduction
I am pleased to report another year of strong progress in which
NCC Group capitalised on accelerating demand throughout the
year to achieve record revenue and profits.
NCC Group’s vision is to be the leading cyber resilience provider
globally, and we have put in place the fundamentals that enable
our Group to achieve this vision. We have enhanced our delivery
capabilities, attracted brilliant people at scale and embedded an
inclusive culture across the Group, all enabling the strong growth
delivered in the year.
Assurance’s successful year was driven by our performance
in the US and UK, supported by Software Resilience’s return to
growth in the second half, as compared to the prior year second
half. The integration of IPM is substantially complete and the
business has already made a positive contribution to the Software
Resilience division’s performance, with a healthy pipeline heading
into the new financial year.
With our strong platform established and continued momentum in
the market our newly appointed CEO Mike Maddison has joined the
Group at an exciting time. Mike brings a tremendous amount of energy,
experience and industry insight to the CEO role and we look forward to
seeing the Group deliver the next phase of growth under his leadership.
The cyber security market is only travelling in one direction, and we
believe we are well positioned to capture the opportunities that this
creates, making the world safer and more secure.
See Q&A with Mike Maddison on page 12
Business performance
Overall, following the acquisition of IPM, the Group delivered
revenue growth of 16.4% (2021: 2.6%), growth in Adjusted EBITDA 1
of 12.8% to £59.2m (2021: £52.5m) and Adjusted operating profit 1
growth of 22.7% to £48.1m (2021: £39.2m). On a statutory basis,
operating profit increased by 100.6% to £34.7m (2021: £17.3m)
and profit before taxation increased 109.5% to £31.0m (2021:
£14.8m), giving rise to a statutory EPS of 7.4p (2021: 3.6p) and
Adjusted basic EPS 1 of 10.8p (2021: 9.5p) respectively.
At 31 May 2022, our cash conversion 1 was 101.9% (2021: 88.2%).
Net debt 1 amounted to £85.0m (2021: net cash of £48.9m). Net
debt (excluding lease liabilities) 1 amounted to £52.4m (2021: net
cash £83.3m). Total borrowings (including lease liabilities) offset
by cash and cash equivalents amounted to £85.0m (2021: net
cash £48.9m).
Our business performance can be found in more detail on pages 8 to 11
Strategy and sustainable business model
Our strategy, mission and vision remain unchanged, and as we
continue to successfully execute our strategy, our global delivery
model, strong customer relationships and insight-led development
of our resilience propositions create the strong platform for the
next phase of NCC Group’s growth.
Further details on our strategy and business model are provided on pages 28
to 35 and 18 and 19 respectively
The cyber security market is
only travelling in one direction,
and we believe we are well
positioned to capture the
opportunities that this creates,
making the world safer and
more secure.”
Chris Stone
Non-Executive Chair
2021/22 key activities
• Focusing on double-digit sustainable sales growth
• Managing the successful IPM integration
• Improving the diversity around our Board table and in
the executive team and completing successful searches
for a new CEO and independent Non-Executive Directors
• Continuing focus on relevant stakeholder engagement
• Evolving our sustainability agenda
2022/23 priorities
• Continued revenue growth through strong customer
relationships, evolving resilience propositions and
increased delivered day rates
• Finalisation of the full operational review of the
combined Software Resilience division to create
additional Group contribution from FY24
• Return to face-to-face and hybrid alongside virtual
ways of working
6
�Dividend
We are recommending an unchanged final dividend of 3.15p
(2021: 3.15p) per ordinary share, making a total for the year of 4.65p
(2021: 4.65p). The final dividend of approximately £9.8m will be paid
on 11 November 2022, to shareholders on the register at the close
of business on 14 October 2022. The ex-dividend date is
13 October 2022.
• Launching our Customer Insight Space programme to provide
monthly pragmatic cyber advice for senior executives
• Shareholder engagement throughout the IPM acquisition and
change in CEO
• Effective engagement with Members of Parliament and Peers
on the Computer Misuse Act
Further details on stakeholder engagement are provided on pages 24 to 27
Board governance and effectiveness
As Chair, I am responsible for providing leadership to ensure
the Board operates effectively in all aspects of its performance.
We have established an experienced Board, which actively oversees
the Group’s strategic development, monitors the delivery of its
business objectives and considers risks and mitigating actions.
Our performance and decisions made during the year are testament
to the Board’s effectiveness.
Further information on risk management and the key risk identification
procedures is set out on pages 64 to 72
Board and executive management composition
During the year, we made strides to improve the diversity around
our Board table and in the executive management team and
completed successful searches for a new CEO and independent
Non-Executive Directors.
• On 1 January 2022, Julie Chakraverty was appointed as a new
independent Non-Executive Director and became a member
of NCC Group’s Audit, Cyber Security, Nomination and
Remuneration Committees.
• On 27 January 2022, Jonathan Brooks, our independent
Non-Executive Director, retired and stepped down from the
Board, with Jennifer Duvalier taking on the role of Chair of the
Remuneration Committee and, in turn, Julie Chakraverty taking on
the role of designated Non-Executive Director to lead the Board’s
colleague engagement programme (taking over from Jennifer).
• On 17 June 2022, Adam Palser, Chief Executive Officer, stepped
down from the Board and Mike Maddison joined us on 7 July 2022
as our new Chief Executive Officer. I assumed the role of Executive
Chair for this three week period, before reverting back to my usual
role of Non-Executive Chair.
• On 1 September 2022, Lynn Fordham was appointed as a new
independent Non-Executive Director and became a member
of NCC Group’s Audit, Cyber Security, Nomination and
Remuneration Committees.
Further details on our Board composition are provided on pages 82 to 92
Further details on our executive management composition are provided
on pages 80 and 81
Stakeholder engagement
Successful stakeholder engagement is a key area of focus for
NCC Group. During the year, we have engaged with our customers,
our colleagues, our industry network and our shareholders. Certain
highlights include:
• New monthly team briefings as a way of consistently sharing
information with our colleagues and connecting them to what
is happening across our global business
• Design and launch of a new global Giving Back programme that
enables colleagues to match fund and take a day’s paid leave
to volunteer for local good causes
Colleagues
We are a people-centric business and our technical colleagues
are at the core of our customer offer, supported by agile sales
and professional functions. We seek to provide meaningful and
rewarding career paths for all our colleagues. Following our
colleague engagement survey, we will continue to create a great
place to work and focus on becoming the employer of choice in our
markets. We are also embracing more flexible ways of working and
intend to continue with that flexibility as we anticipate returning
to a hybrid office/remote way of working. In addition, through our
colleague resource groups we create conversations inherent to an
inclusive culture, and focus on making NCC Group an organisation
where everybody feels safe to be their authentic selves.
Further details on this are provided on pages 47 to 54
On behalf of the Board, I therefore offer our sincere thanks and
appreciation to all colleagues for their continued commitment and
professionalism in delivering this performance.
Sustainability
NCC Group recognises the importance of an environmental, social and
governance (ESG) framework that underpins our operations as a key
indicator of the Group’s sustainability and ethical impact. The Group has
developed an ESG framework, which continues to evolve, and has been
reflected in our 2022 Sustainalytics rating moving from the Medium
Risk category to the Low Risk category, compared to the 2021 rating.
We have also partnered with Planet Mark this year to map NCC Group’s
net zero by 2050 journey and certify our carbon footprint. In addition
to this, we are reporting for the first time against the Task Force on
Climate-Related Financial Disclosures (TCFD) framework, and laid the
foundations for launching our first green car salary sacrifice scheme for
all UK colleagues in this new financial year. We have continued to invest
in our colleague resource groups and to expand our sponsorship
activities to support making a career in cyber accessible for all.
Further details on sustainability are provided on pages 36 to 55
Outlook
• We have made a positive start to the year and are confident
in meeting management expectations for the full year.
• CEO strategy update to be unveiled at half year results.
• Unchanged final dividend of 3.15p (2021: 3.15p) per ordinary share.
Chris Stone
Non-Executive Chair
6 September 2022
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and
adjusting items. Further information is also contained within the Chief Financial Officer’s
Review and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
7
Strategic report�Business review
Strong momentum
This was a year of continued progress for our delivery
capabilities, our culture, our commitment to sustainability
and our ability to attract, develop and retain the best talent from
across the globe. In doing so, creating greater value for our
customers – from embracing cloud transformation to improving
their overall security posture, we are operating at various points
of the customers’ value chains, from design to end users.
It was a year where the decisions previously taken by the
business showed their value. Those decisions centring around
a global delivery model, investment in systems, continued
development of our resilience propositions and the acquisition
of IPM enabled the Group to deliver strong revenue growth of
17.9% at constant currency 1 (16.4% at actual rates) and
10.3% at constant currency 1 on an organic basis (revenue
excluding IPM acquisition) (+8.9% actual rates), with a strong
platform for continued double-digit revenue growth in FY23.
While there remain challenges to overcome, the Group has
never been better positioned to realise its vision – to be the
leading cyber resilience provider globally. We have created
strong foundations and momentum, evidenced by the c.15%
growth we saw in the second half of the financial year for
Assurance and c.2% growth for Software Resilience. This
propelled us forward and we enter this next phase of NCC
Group’s growth story with our new CEO, Mike Maddison.
We are excited for the future of NCC Group.
A strong performance built on investment in talent
The year started slowly. Different markets exited the pandemic at
different rates and times. There was still a sense of uncertainty from
customers around the world, which saw many project delays during
the first quarter. But this position reversed throughout the year, and
we accelerated our delivery in tandem with demand peaking in the
final quarter.
We were able to capitalise on this increased demand because we
had brought more talented colleagues into the business ahead of
the bounce back – a deliberate decision based on the belief that
cyber security spend would significantly increase once the world
returned to some level of normality. The digital risk has only increased,
ransomware is endemic, and we’ve seen a shift in mindset, driven by
regulations and also the emerging ESG agenda, that cyber resilience
is not optional but essential for sustainable and responsible business
growth. It was simply a matter of time.
Over 12 months we welcomed c.1,000 new people into the
business. While our technical attrition rate remains at a level typical
of our industry at c.21%, our global technical team grew by 271.
The fight for talent has been incredibly fierce, but we have been
able to attract brilliant people at scale. This shows the strength
of our employer brand and the steps we’ve taken to improve the
colleague experience.
But this wasn’t simply about taking talent from the competition.
We understand and embrace our role and position in the cyber
security industry. We are a creator of talent. Our mission is to make
the world safer and more secure, and part of that means helping
to solve the cyber skills shortage. It’s why we continue to develop
talent from the ground up and bring people into the industry from
different walks of life and backgrounds and with different skill sets.
This approach not only grows the overall cyber talent pool but ensures
our team better reflects the diversity of all our global communities.
Our impact on talent in the industry can be seen through our NCC
Group alumni. We are proud that they hold cyber security roles in
leading businesses across the globe. And this year we launched
our Alumni Network to maintain those connections and ensure
an ongoing dialogue with those we are proud to have developed
and supported in their cyber careers.
8
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and
adjusting items. Further information is also contained within the Chief Financial Officer’s
Review and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
2 The EU region includes our Dutch and Danish business. During FY23, the Danish
business will be reported and managed under the UK and APAC division.
�Within GMS, our new XDR service global sales orders for the
forthcoming years increased twelvefold to £11.6m. The Group has
received continued strong sales orders since the year end providing
confidence in our future growth strategy. Remediation services are
generating market traction, with 2022 revenues of £4.5m compared
to £2.1m in 2021.
In our Software Resilience division, we completed in June 2021 the
acquisition of IPM, which contributed £20.2m to revenue, delivering
an overall growth in the division of 55.1% on a constant currency 1
basis (53.8% at actual rates). Our overall Software Resilience
division results excluding IPM showed a decline in revenues for
the first half of 3.3% on a constant currency 1 basis (4.9% at actual
rates); however, as expected our second half revenue increased by
2.2% on a constant currency 1 basis (2.2% at actual rates) resulting
in an overall decline of 1.4% for the year. Our Escrow-as-a-Service
(EaaS), our cloud escrow proposition, generated sale orders of
£3.4m, an increase of 64% compared to the same period last year.
Gross profit increased by 19.9% to £132.6m (2021: £110.6m) with
gross margin percentage increasing to 42.1% (2021: 40.9%). The
margin increase was due to the impact of the IPM acquisition, offset
by overall Assurance margins declining by 0.4% pts as we focused
on sales growth and a decline in our existing Software Resilience
business by 3.2% pts following recent investment to return it to
sustainable growth.
Turning to our statutory operating profit and taking into account
all adjusting items (£13.4m), the Group has recognised an overall
operating profit of £34.7m. However, as the Group manages
its performance internally at an Adjusted operating profit 1 level,
Adjusted operating profit 1 increased by 22.7% to £48.1m
(2021: £39.2m).
Profit before taxation increased 109.5% to £31.0m (2021: £14.8m)
and profit for the year increased 130.0% to £23.0m giving rise
to a basic EPS of 7.4p (2021: 3.6p); Adjusted basic EPS amounts
to 10.8p (2021: 9.5p).
At 31 May 2022, our cash conversion 1 was 101.9% (2021: 88.2%).
Net debt 1 amounts to £85.0m (2021: net cash of £48.9m). Net debt
excluding lease liabilities 1 amounts to £52.4m (2021: net cash
£83.3m). Total borrowings (including lease liabilities) offset by cash
and cash equivalents amounts to £85.0m (2021: net cash £48.9m).
Responding to customer need
We continued to refine our services based on customer need,
contributing to a successful year in our Assurance division – particularly
in North America and the UK, with total Assurance revenue growth
of +12.1% at constant currency 1 (+10.5% at actual rates).
Our decision to create a global professional services function,
with investment in our systems to enable collaboration, has meant
customers can access our expertise more readily, utilising our global
talent base over and above just the team in their market. Global
cross charged days increased 47%. This has been transformational,
both in terms of customer experience and our capacity to handle
increased customer demand rapidly. It is a prime example of our
growing capability to truly operate as one global firm – to the
benefit of our customers.
In managed services, our newest offering using Microsoft Extended
Detection and Response (XDR) has shown significant promise. We
have the ability to quickly and simply offer 24/7 managed detection
and response (MDR) to businesses with a Microsoft infrastructure
– no matter where they are in the world. This has, in a sense,
democratised MDR and made it a more natural purchasing decision.
With so much of the market still untapped there is opportunity
to scale further. In addition, NCC’s Microsoft Cloud Business has
shown growth over the last twelve months, resulting in significant
Azure Consumed Revenue (ACR) being driven back to Microsoft.
This ongoing partnership goes from strength to strength, with NCC
also embedded in the Microsoft Intelligent Security Association, and
with a nomination for the Microsoft MSSP Program. NCC is now
recognised as one of Microsoft UK’s fastest growing Cloud Security
Partners and we are looking forward to extending that into Europe,
North America & Asia-Pacific.
In our Software Resilience division, the acquisition of IPM at the
start of the financial year led to increased scale. The integration is
substantially complete, and our new colleagues have added to the
brilliant talent already present in the team. We have seen appetite
from the IPM client base for our Escrow-as-a-Service (EaaS) cloud
escrow proposition, with a healthy pipeline moving into FY23.
Financial performance summary
Group revenues increased by 17.9% on a constant currency basis 1
and at 16.4% (2021: 2.6%) at actual rates. Group revenues
excluding the recent IPM acquisition 1 increased by 10.3% on
a constancy currency basis 1, 8.9% at actual rates.
In our Assurance business, the North American and UK and
APAC Assurance businesses grew on a constant currency basis 1 by
14.6% and 11.8% respectively (13.8% and 11.6% at actual rates)
and our EU region 2 increased 8.0% on a constant currency basis 1
(2.7% at actual rates). Global Professional Services grew by 11.0%
to £189.0m on a constant currency basis 1 (9.8% at actual rates)
with delivered day rates increasing by 2.1% (H2 delivered day
rates increased by 3.5%). Global Managed Services (GMS) grew
by 6.7% to £58.6m on a constant currency basis 1 (4.3% at actual rates).
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
9
Strategic report�Business review continued
Financial performance summary continued
Following the acquisition of IPM, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m respectively. Management
is required to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the level of deferred revenue acquired
of £12.1m. This has resulted in a downward adjustment to the book value of IPM’s deferred revenues reflecting the fair value of service still
to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher for the 12 months ended 31 May 2022.
On this basis, management has set out below unaudited proforma information to show the consequential impact on the Group results for
the year ended 31 May 2022. This unaudited proforma information will not be applicable for 2023 and forthcoming financial years. It is
consistent with the way that financial performance is measured by management and reported to the Board, the basis of financial measures
for senior management’s compensation schemes and financial covenants. We consider these proforma measures reflect the potential
revenue performance of the Group once a full 12 month period has been completed post acquisition and this information is relevant for use
by investors, securities analysts and other interested parties as supplemental measures of future potential revenue performance. In the future
periods there would also be some associated costs and therefore impact on future gross margin and other metrics. However, since statutory
measures can differ significantly from the proforma measures we encourage you to consider these figures together with statutory reporting
measures noted. This information is disclosed below and reconciled to profit after taxation:
2022
2022 unaudited proforma 4
2021
Revenue
Cost of sales
Gross profit
Gross margin %
Administrative expenses 2
Adjusted EBITDA 1
Depreciation and amortisation 3
Assurance
£m
Software
Resilience
£m
258.5
56.3
(166.2)
(16.0)
92.3
40.3
35.7% 71.6%
(53.2)
(17.5)
39.1
(7.2)
22.8
(0.8)
Adjusted operating profit 1
22.0
Adjusted operating margin % 12.3% 39.1%
(0.9)
Individually Significant Items
31.9
–
Amortisation of
acquired intangibles
Share-based payments
(0.9)
(2.1)
(4.8)
(0.3)
Central
and
head
office
£m
–
–
–
–
(2.7)
(2.7)
(3.1)
(5.8)
n/a
–
(2.9)
(1.5)
Software
Resilience
revenue
adjustment
£m
4.4
–
4.4
100.0%
–
4.4
–
4.4
Group
£m
314.8
(182.2)
132.6
42.1%
(73.4)
59.2
(11.1)
48.1
15.3%
100.0%
(0.9)
(8.6)
(3.9)
–
–
–
Group
unaudited
proforma
£m
Assurance
£m
Software
Resilience
£m
319.2
233.9
36.6
(182.2)
(149.5)
(10.4)
137.0
42.9%
(73.4)
63.6
(11.1)
52.5
16.4%
(0.9)
(8.6)
(3.9)
84.4
26.2
36.1% 71.6%
(45.4)
39.0
(9.4)
29.6
(9.5)
16.7
(0.7)
16.0
12.7% 43.7%
–
(7.6)
(1.3)
(1.5)
–
(0.1)
Central
and
head
office
£m
–
–
–
–
(3.2)
(3.2)
(3.2)
(6.4)
n/a
(5.1)
(5.1)
(1.2)
Operating profit/(loss)
28.9
16.0
(10.2)
34.7
4.4
Operating margin %
11.2% 28.5%
n/a
11.0%
100.0%
39.1
12.2%
26.8
8.3
(17.8)
11.5% 22.7%
n/a
Finance costs
Profit before taxation
Taxation
Profit after taxation
EPS
Basic EPS
Adjusted EPS
(3.7)
31.0
(8.0)
23.0
–
4.4
(1.1)
3.3
(3.7)
35.4
(9.1)
26.3
7.4p
10.8p
1.1p
1.1p
8.5p
11.9p
Group
£m
270.5
(159.9)
110.6
40.9%
(58.1)
52.5
(13.3)
39.2
14.5%
(12.7)
(6.4)
(2.8)
17.3
6.4%
(2.5)
14.8
(4.8)
10.0
3.6p
9.5p
Footnotes
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms.
2 Administrative expenses excluding depreciation and amortisation, Individually Significant Items, amortisation of acquired intangibles and share-based payments.
3 Depreciation and amortisation excludes amortisation of acquired intangibles.
4 This represents unaudited proforma results.
Securing Growth Together (SGT)
Over the last three years the business has implemented the SGT programme which has now finished and has provided the foundations
for future growth and the systems to allow timely information and control. As previously noted, the programme incurred cost overruns
and the Group is now focused on the next phase of system optimisation to support future revenue growth and profitability.
10
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Helping build a more sustainable world
Sustainability moved higher up our agenda with Executive
responsibility appointed at the start of the financial year.
It is fundamental to our mission of making the world safer
and more secure.
We have continued to follow the recognised framework of ESG,
and this year made material progress in each area.
Environmental: We partnered with Planet Mark this year and are
driving forward a top-down engagement programme to map NCC
Group’s net zero by 2050 journey. In addition to this, we’re reporting
for the first time against the Task Force on Climate-Related Financial
Disclosures (TCFD) framework, and we laid the foundations for
launching our first green car salary sacrifice scheme for all UK
colleagues in FY23.
Social: We’ve continued to invest in our colleague resource groups,
with two new groups being formed to support accessibility and
giving something back. And we’ve continued to expand our
sponsorship activities to support making a career in cyber
accessible for all.
Governance: While our focus has been reporting against TCFD
for our own business, we have been, through our public affairs team,
looking ahead at cyber resilience related regulations that may
impact our customers, and looking at our how we design solutions
to meet those future needs.
Recognition of our efforts in this executive-led focus was reflected
in our 2022 Sustainalytics rating moving from the Medium Risk
category to the Low Risk category, compared to the 2021 rating.
Sustainable growth through investment in resilience
This was a year that brought into sharp focus why resilience is,
and will continue to be, so central to our organisation.
For our customers, it’s driven by the macro environment. Investing
in cyber resilience is the only way to adapt to society’s increasing
dependence on a complex connected environment. The threat
landscape has never been more challenging. But we have continued
to refine our offer to provide organisations around the world with a
level of resilience that helps them face that threat and move forward
with confidence.
This was a year that really showed the significant value of having
built a resilient team: a team that has successfully adapted to a
constantly changing external environment; a team that has reacted
admirably to significant change over this financial year – and in
previous years – as we put the fundamentals in place to enable
NCC Group to achieve its vision; and a team that is more inclusive,
open and diverse than ever before, and therefore better able to
handle the challenges we face each day.
We are not complacent about the work still to do on all fronts;
however, we are confident that with our track record and focus on
resilience, we provide the platform for continued sustainable growth
to create value for all our stakeholders.
Chris Stone
Non-Executive Chair
6 September 2022
11
Strategic report�Meet the CEO
Chief Executive Officer’s review continued
Q A&
with Mike Maddison
Mike Maddison joined NCC Group as CEO on
7 July 2022, taking over from Adam Palser, who
stepped down on 17 June 2022 after four and
a half years at the helm. As Mike prepares to lead
NCC Group on this next phase, in this Q&A we find
out a bit more about Mike and his ambition for
the future.
Q What first attracted you to NCC Group?
Q What lessons do you think organisations can learn
NCC Group has a long pedigree of technical excellence.
For me it is a real jewel in the crown of the global technology
industry. Cyber resilience is the defining risk of the digital age
and NCC Group is well placed to play a pivotal role to help
clients, whether in the private or public sector, to navigate that
risk and help them capitalise on the opportunities of the digital
world. The attraction for me was therefore to work with
colleagues to deliver amazing outcomes for our clients.
Q What are your priorities as you settle
into your new role?
My initial priorities are to engage with colleagues to learn
about the business. I am also very keen to listen to our clients
to understand their needs and expectations so we can build
on the excellent reputation the Company has and develop
strategies to build capability to deliver sustainable growth
in the market.
Q What are you most excited about for the year ahead?
It’s incredibly difficult to pick out a few things I am most excited
about. I am expecting the year to go incredibly quickly as I get
to meet teams across the business operating in diverse
markets for a huge variety of clients. Despite knowing the cyber
resilience industry I am very much looking forward to getting to
see the sort of work we are doing in the market as I am sure
that will be a revelation.
from the pandemic?
The pandemic has accelerated the digital transformation
agenda in both the public and private sector. The use of
technology is moving at an ever-increasing pace and one of the
implications of this is the profile of cyber risks. This digital risk
is consistently seen as one of the top risks by corporate CEOs
and governments and that is a significant opportunity for NCC
Group. I think it is also important to reflect on the change the
pandemic brought to our ways of working, the role of the office
and indeed the expectations from our clients on how they are
supported and how work is delivered. Finally, I would say the
pandemic was difficult for many of us and brought into sharp
relief the need for balance in our lives and the importance
of wellbeing.
Q How would you describe your leadership style?
It’s always difficult to boil leadership down into a short summary.
I would say by nature and background I believe fundamentally
in teamwork and collaboration. I really enjoy whiteboarding
problems and coming up with the answer. Personal interactions
and relationships are incredibly important to me.
Q What do you do to invest in your own wellbeing
in what is a demanding job?
I make a conscious effort to break from work and spend time
with my family. I have two grown-up children who are working
away so finding those opportunities for us all to come together
to have quality time is incredibly important. I find this helps me
recharge and get some perspective. It’s a cliché but it is all too
easy to get caught up in the day to day and not be able to see
the wood for the trees.
12
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Our continued Covid-19 response
Secure growth in the pandemic
Our priorities since the start
of the pandemic are colleague
welfare and customer safety and
we have successfully managed
our business through another
year of uncertainty.
We have two clear objectives
that guide our actions:
• Maintain a strong balance
sheet to ensure we can
seize opportunities to
secure future growth
• Maintain the capacity
and capability to meet
future demand
We work towards these objectives
using five strategic pillars:
Anticipate
Be resilient
Objective
Plan for different outcomes and track
KPIs to inform our decision making
How we responded
• Scenario planning
• Contingency plans with different
levels of response
• Data-led insights from
our new systems
• Regular communication
Objective
Ensure the safety of our colleagues
and customers, and maintain
continuous operations
How we responded
• Global systems to ensure
colleagues delivering customer
work were supported to do
so remotely
• Managed safe return to offices
and provision for critical need
operations on site where it was
safe and permitted to do so
• Provided colleagues with wellbeing
and mental health resources to
support longer-term remote working
Stay profitable
Exploit any downtime
Prepare for the bounce back
Objective
Proactively sell remote services, and
careful control of costs and cash
Objective
Strengthen the firm every day through
research and development
Objective
Preserve capability and capacity
to invest selectively for the future
How we responded
• The majority of our services
can be delivered remotely
• Provided advice and guidance to
customers with practical solutions
to protect their operations
• Continued to invest in our service
offerings to support short-term and
longer-term needs in preparing for
the emerging future
How we responded
• Invested 4,841 days on technical
security research, which contributed
significantly to conference
presentations, vulnerability advisories,
research papers, blog posts and
open-source tools being released
• Launch of our new innovation
delivery centre, which is focused
on bringing future cyber and
software resilience solutions to
market, quickly and efficiently
How we responded
• Acquisition of IPM Software
Resilience business, to provide
increased scale
• Acquisition of critical computer
system safety advisory business,
Adelard, to provide enhanced
capability into the operational
technology and industrial control
systems space
• Extended our Next Generation
Talent programme into North America
• Increased investment into our
Remediation and Microsoft XDR
service offerings with the
appointments of new Commercial
Directors for each proposition
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
13
Strategic report�Market outlook
Market outlook
It’s easy to see why NCC Group’s
cyber security consulting and
software resilience solutions
should find plenty of opportunities
to mitigate the risks of
global businesses.”
Damindu Jayaweera
Head of Technology Research at Peel Hunt
History, as they say, rhymes. The 1970s, for example, are
remembered for disruptive events. Yet, the rise of “progressivism”
in the West that shifted the status quo, rampant inflation that
triggered a deep recession and events that redrew the geopolitical
landscape did not get in the way of the economic and technological
progress of that decade.
In fact, innovations across video games (e.g. Atari Pong),
communication (e.g. ARPANET email and Motorola cell phone),
storage (e.g. IBM floppy disk), content distribution (e.g. Philips VCR
and Sony Walkman) and computing (e.g. Apple computer) during the
1970s are still powering the structural growth trajectories that we
see today.
If we assume the S&P 500 Index is a reflection of economic
progress, the chart below should remind us why great companies
like NCC Group should remain focused on their growth agenda,
whatever the near-term volatility is.
Chart 1: Rise of the S&P 500 Index over the long term through
geopolitical shocks
Source: Peel Hunt
S&P 500 Index levels
Russia invades Crimea
London bombings
Arab Spring
Second Gulf War
First Gulf War
Iran-Contra affair
9/11
Brexit
US–China trade war
Iran hostage crisis
Orange Revolution – Ukraine
Iraq invades Kuwait
6,400
3,200
1,600
800
400
200
100
50
Recent years have brought about disruption on a scale that felt
greater than those of the 1970s. For example, at the start of the
Covid-19 pandemic, Microsoft CEO Satya Nadella talked about how
“we have seen two years’ worth of digital transformation in two months.”
While the initial boost will create a difficult comparator for delivering
growth this year, the pandemic-induced “new normal” for technology
investment, including that related to cyber security, is unlikely to go
back to pre-pandemic levels. For example, quarterly cloud services
spend grew by c.$14bn in the two years to 1Q20. It then went on
to grow by $25bn in the two subsequent years to 1Q22.
With significant digital gaps still weighing on user, colleague and
citizen experiences across public and private sectors, we think
the runway for technology, including cyber security, investment
remains significant.
As an example, cyber security modus operandi in the private
sector, we believe, lags that of the public sector. Techniques and
technologies that can overcome this gap, for example machine
learning powered attack simulations, remain firmly in the “peak of
inflated expectations” phase of the “hype-curve”. Over the coming
periods, such techniques and technologies will move to the “plateau
of productivity”, providing growth tailwinds to the companies that
are involved in the domain. Cyber security spend will move towards
becoming a larger, more recurring, perhaps even mandated, form
of spend.
While long-term opportunities are unperturbed, the fall-out from
near-term disruptors like inflation presents more nuanced
opportunities. This year, monetary policy pivoted from thinking of
inflation as “transitory” to something that needs containment. This
was all too late for containing some asset bubbles like those in
the cryptocurrency world and unrest seen in places like Sri Lanka.
Arguably this is also too late to contain some of the rampant wage
inflation we are seeing in the technology sector.
1975
1980
1985
1990
1995
2000
2005
2010
2015
2020
14
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�As technology companies struggle to make the right human capital
decisions, companies like NCC Group are better able to navigate
this type of environment having weathered the high attrition and
wage inflation that is endemic to the cyber security sector. In
essence, some companies like NCC Group are endowed with
better DNA to navigate an inflationary environment.
Another near-term disruptor is the risk of a recession, or even
stagflation. Alongside inflation, the rapid undoing of the globalised
Western soft power is feeding this sombre outlook. From the
US–China trade war triggered bifurcation of the semiconductor supply
chain to the fall-out from the Russia–Ukraine conflict, the global trade
that underpins global GDP growth is now rife with uncertainty.
This is epitomised by the symbolism of McDonald’s pulling out of
Russia after three decades and its relevance to the author Thomas
Friedman’s famous 1990s assertion that “no two countries that both
have a McDonald’s have ever fought a war against each other”.
This is changing how businesses look at risk. For example, supply
chains are moving from lean methodologies like “just in time” to
prioritising supply chain security. Similarly cyber security has taken
more of a centre stage when it comes to operational risks. Russia’s
outsized cyber capabilities were allegedly behind the very destructive
2017 NotPetya cyber-attack impacting over five dozen countries
with total estimated damage running into double-digit billions of
dollars. Couple this with the IP risks stemming from various trade
wars, it’s easy to see why NCC Group’s cyber security consulting
and software resilience solutions should find plenty of opportunities
to mitigate the risks of global businesses.
While much of what was discussed so far is a potential tailwind
for NCC Group and its investors, not all near-term disruptors are
tailwinds. The value of a company is determined by the future free
cash flows (FCF) it could generate over the course of its lifetime.
This value is calculated by “discounting” back all future FCF back
to the present day using the cost of capital. As monetary policy
results in a higher interest rate outlook, the cost of capital will rise.
The inverse correlation between valuation and cost of capital will
mean a reduction to the present value of these assets. We are
already seeing this with the de-rating of publicly listed companies,
as their future FCF are worth less in today’s money.
“Valuation” is a relative thing, and over the long run, companies that
produce strong, predictable and growing FCF tend to appreciate
in value regardless of the monetary (e.g. interest rate outlook) or
fiscal (e.g. taxation) regime. This is the ethos behind the idea that
the stock market is a voting machine near term and a weighing
machine longer term.
At the very start, we mentioned how history tends to rhyme. The
“Nifty-Fifty” bubble of the early 1970s is a perfect example of this
voting vs weighting machine idea. As the charts demonstrate, the
global names that constituted the “Nifty-Fifty” didn’t deliver much
shareholder return during the inflationary environment of the 1970s.
But the long-term holder will have experienced nearly 40x returns
by 2021. This is why all stakeholders of NCC Group should remain
focused on the long-term growth opportunity ahead of them while
being nimble about short-term disruptions.
Chart 2: Nifty-Fifty stocks struggled over the near term…
Source: Reuters
Relative S&P performance
1.2
1.0
0.8
0.6
0.4
0.2
0.0
3
7
r
p
A
3
7
g
u
A
3
7
c
e
D
4
7
r
p
A
4
7
g
u
A
4
7
c
e
D
5
7
r
p
A
5
7
g
u
A
5
7
c
e
D
6
7
r
p
A
6
7
g
u
A
6
7
c
e
D
7
7
r
p
A
7
7
g
u
A
7
7
c
e
D
8
7
r
p
A
8
7
g
u
A
8
7
c
e
D
9
7
r
p
A
9
7
g
u
A
9
7
c
e
D
P&G
Eli Lilly
J&J
Pepsi
CocaCola
Xerox
Pfizer
IBM
Amex
Merck
Disney
S&P 500
Chart 3: Only to materially outperform over the long term
Source: Reuters
Relative S&P performance
140.0
120.0
100.0
80.0
60.0
40.0
20.0
0.0
2
0
n
a
J
3
0
b
e
F
4
0
r
a
M
5
0
r
p
A
6
0
y
a
M
7
0
n
u
J
8
0
l
u
J
9
0
g
u
A
0
1
t
p
e
S
1
1
t
c
O
2
1
v
o
N
3
1
c
e
D
5
1
n
a
J
6
1
b
e
F
7
1
r
a
M
8
1
r
p
A
9
1
y
a
M
0
2
n
u
J
1
2
l
u
J
P&G
Eli Lilly
J&J
Pepsi
CocaCola
Xerox
Pfizer
IBM
Amex
Merck
Disney
S&P 500
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
15
Strategic report
�Market dynamics
Market dynamics
The ever-changing threat landscape and exponential digital
transformation, coupled with society’s continued reliance on digital
technologies and increasing regulatory and legislative requirements,
mean investment in cyber and software resilience is not optional
and NCC Group’s addressable market continues to grow.
Changing threat
landscape
Exponential digital
transformation
Society’s ever-growing
reliance on digital
technologies
Increasing regulatory
and legislative
requirements
A changing threat landscape
The global geopolitical environment fuels a buoyant cyber resilience
market. Strategic competition continues from China, and hostile
threats from Iran, North Korea and more notably Russia as the war
with Ukraine intensifies. This, coupled with emerging offensive
capabilities in other nation states and organised crime groups,
creates a volatile state of unpeace that organisations need to
prepare for, navigate and defend against.
Our own threat intelligence revealed ransomware attacks almost
doubled in 2021, rising by 92.7%, with the most targeted regions
being North America and Europe.
While we saw the most targeted sectors in 2021 being industrials,
and public and consumer cyclicals, the scourge of ransomware
continues as a distinct threat to organisations of all sizes. Software
supply chain attacks inflict mass disruption in all geographies; the
real-world kinetic impact of recent cyber-attacks has catapulted
a deeper awareness of the threat to our digital lives into the
mainstream.
Read more on pages 20 and 21
Source: NCC Group Annual Threat Report 2021.
Society’s ever-growing reliance on digital technologies
There is no slow-down of the exponential digital transformation,
with more and more investment being made in technologies – from
government funding in education to encourage digital innovation
start-ups to improving efficiency through automation and developing
solutions to reduce harm on the environment. This all relies on
software and cloud consumption being scalable, and the digital
supply chains upon which our connected environment depends
are complex and interdependent.
In 2021 we saw the impact of this reliance in the ransomware
attack on the Colonial Pipeline, which is responsible for
approximately 45% of the fuel delivered to the East Coast of the
United States. The exfiltration of 100 gigabytes of data by attack
group DarkSide, prior to infecting the IT network with ransomware
and demanding a payment of 75 bitcoins (c.$4.4m) in ransom fees,
prompted the shutdown of the company’s infrastructure.
Source: NCC Group Annual Threat Report 2021.
Increasing regulatory and legislative requirements
Focus on and expectations of ensuring the continuity of essential
services – and with it a renewed awareness of the crucial
importance of digital business continuity planning – continue
to be a priority.
And while citizens rightly expect organisations to act responsibly, so
legislators and regulators acknowledge that the defence and resilience
of schools and hospitals, banks and insurers, water treatment
facilities and gas pipelines are too important to be left to chance.
16
�Although competition for customers and talent is also
growing, our continued portfolio evolution and differentiation
enable us to take advantage of the tremendous opportunities
the cyber services market offers, fuelling our growth now
and in the future.
Cyber resilience is a key component of ESG and sustainability
measures, which make knowledge of and compliance with required
governance an integral element of any organisation’s licence
to operate.
In the past 12 months some of the developments we’ve seen include:
• Publication of the UK government’s Cyber Security Strategy for
the public sector, following the launch of its National Cyber
Strategy in December 2021
• The Monetary Authority of Singapore revised its 2013 Technology
Risk Management guidelines, requiring financial institutions
to have oversight of all third party providers, system and software
development and guidance on board and senior management roles.
And the International Organization of Securities Commissions
(IOSCO) launched a consultation into embedding resilience by
design into the financial system
• This year saw the European Commission and the United States
government announce a new Trans-Atlantic Data Privacy
Framework. Currently EU to US transfers of personal data require
the exporter to adopt an approach that provides for appropriate
safeguards to a standard that is of “essential equivalence”. While
just a statement of intent, this is a good example of where
legislation and regulations could make it easier for organisations
to comply and protect their stakeholders
• The Digital Operational Resilience Act (DORA) is expected
to come into effect in 2023 and aims to simplify and update
the rules on ICT risk management in the face of rapid
technology adoption. Similar legislation has been introduced
to the UK Parliament
Read more on page 23
NCC Group’s continued portfolio evolution
and differentiation
Through our combined cyber and software resilience solutions
we enable our customers to confidently innovate and embrace
new technologies to build responsible, sustainable and resilient
organisations that thrive and succeed.
Our service orientated research and development, and strategic
investments to meet our customers’ current and future challenges
have allowed and will allow us to:
• Innovate to integrate Microsoft XDR to manage threat monitoring
and detection for Microsoft customers
• Differentiate our Remediate service through investment in
technical depth, expertise, scale and global footprint to assess
existing risk position, and prioritise and fix security weaknesses
as part of a structured security improvement plan
• Enhance our offering into the operational technology and
industrial control systems space with the acquisition of Adelard
– a critical computer system safety advisory business
• Provide expertise to address continued innovation in cloud-
delivered services through our Software Resilience capabilities
Our tenure, stability and reputation mean we remain an attractive
destination for global talent at all stages of the career and we
continue to invest in creating a world-class environment in which
everybody is welcome and can be successful.
For more information about life at NCC see pages 47 to 54
Growing competition
for customers
and talent
Continued portfolio
evolution and
differentiation
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
17
Strategic report�Business model
Next phase of growth
We draw on our expertise, capabilities and global footprint to develop solutions to meet
current and future cyber challenges. We help to educate policymakers and regulators.
We give back to protect our local community services. And we share opportunities to
experience the world of cyber and inspire the next generation to secure our future.
Inputs
Sustainable growth strategy
• In a fast-moving and complex environment our
enduring strategy enables us to be agile to
continue to make sustainable investments, creating
the world’s leading cyber and software resilience,
risk mitigation and remediation specialist.
Professional and innovative colleagues
• We are a diverse global community of talented and
creative individuals, who are committed to making
the world safer and more secure.
Culture of innovation
• Research driven where every researcher is also
an active consultant. We invest in sustainable
product development, continually enhancing
our proposition to meet current and future
needs of customers.
Stronger partner relationships
• We are active members of the global cyber
and software resilience community, working
in collaboration and in partnership with key
industry players. Many successful global
partnerships have delivered integrated,
seamless solutions to customers.
Market-leading reputation
• We understand our customers’ challenges and the
risks these pose to their business. Successful
delivery to customers worldwide means we are
in a strong position to help them understand and
improve their cyber resilience posture and how
best to mitigate against evolving threats, keeping
them up to date and aligned to regulations and
compliance needs throughout.
Read more on our strategy on pages 28 to 35
A
K
Assurance
How we create value
S S E S S CYBER RIS
33+
R+D
and Threat
Intelligence
Software Resilience
Y
T
I
R
U
T
A
M
A
N
A
G
E
P CYB
TION
R M
E
D E V
A
C
R
E
Y
B
P
L
E
E
O
R
O
33+
Research and development investment
We continue to innovate and develop new technical testing capabilities
to keep pace with the rapid change in technology and threat landscapes.
Our ongoing research allows us to understand and quantify risk for our
customers about the technologies they use and the threats to the sectors
and industries in which they operate.
Read more on pages 16 and 17
Threat intelligence
Our Threat Intelligence practice develops software solutions for a broader,
more insightful look at current threat landscapes and the way they impact
organisations around the world. Gathering data on ransomware data leaks
on the dark web in real time to provide regular insights into who are the
most recent victims and use this to help inform our customers’ cyber
decision making.
Read more on how threat intelligence and research work together on page 20
18
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
34
+
33
+
I
I
34
+
33
+
I
�How we create value
33+
I Assurance
As one of the world’s leading cyber security service
providers we are best placed to help businesses assess,
develop and manage the cyber security risks they face.
Through an unrivalled suite of services, we provide
organisations with peace of mind that their most
important assets are protected.
33+
I Software Resilience
Regardless of whether the infrastructure or data is
on-premise or in the cloud, security and regulatory
compliance of business critical technology need
to be assured.
Through our data and application continuity solutions
we safeguard buyers from supplier failure, software
vulnerabilities and unforeseen technology disruption
while providing credibility and intellectual property
rights protection for software suppliers.
33+
I Assess cyber risk
A fast and global response with the ability to understand what
the problem is, using experience and/or relevant industry
frameworks. The value is not just in the assessment but in
the clear advice and guidance from the results to improve
cyber resilience.
33+
I Develop cyber maturity
We work together with our customers to help them develop
security capability or fix the issues identified during the
assess stage. It is only once these areas have been
remediated that the true return on investment will be
realised against their cyber spend.
Value creation
Colleagues
• We strive to create a safe and respectful
environment where everyone is empowered to
be their very best, able to follow their vocation
and say with conviction that what they do helps
make society safer and more secure.
Customers
• Our resilience solutions enable customers
to confidently innovate and embrace new
technologies and build responsible, sustainable
and resilient organisations that thrive and
succeed. We help our customers to defend every
point of connection and reduce their stress, and
allow them to focus on their growth.
Our network
• We engage proactively to ensure our insights
and vision deliver the best societal outcomes
in support of our mission. Our expertise provides
access to basic cyber knowledge for the
communities we live and work in.
Shareholders
• We deliver on our promise of long-term growth,
creating an inclusive and diverse workplace,
reducing our impact on the environment and
being an ethical, responsible employer and
supply chain partner.
33+
I Manage cyber operation
The ever-evolving threat landscape means that beyond the
initial assess and develop phases it is vital to continually
improve levels of security, detect incidents and react to
them. We help companies manage their own capability or
provide it through efficient security managed services.
Read more on stakeholder engagement on pages 24 to 27
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
19
Strategic report34
+
33
+
I
34
+
33
+
I
34
+
33
+
I
34
+
33
+
I
34
+
33
+
I
�Market drivers
1
Threat landscape
meets research
The scourge of ransomware continues as
a distinct threat to organisations of all sizes.
Inside the ransomware negotiation economics
When an organisation is hit by a ransomware attack, at the heart
of the nightmare is the question – to pay or not to pay?
As organisations invest to improve their
resilience against attacks, and policymakers
struggle to find effective regulatory and law
enforcement responses to ransomware gangs,
we have used our unique insight, intelligence
and research capabilities not only to assess the
scale of the threat but to understand underlying
dynamics and trends and to devise and advise
on appropriate solutions and responses.
As more nations realise that ransomware
is a threat to national security, I’m hopeful
that we’ll see a proactive, joined-up
response from governments. European
intelligence services need to come
together with their allies to develop
genuinely coordinated, proportionate
defensive and offensive cyber operations.”
Inge Bryan
Managing Director, Fox-IT
Paying a ransom or negotiating with criminals is problematic to
say the least, and not something that we recommend or endorse.
Despite some legislative efforts to ban, or require government
permission for, or reporting of, ransomware payments, a significant
percentage of ransomware-affected businesses see no other option
than to negotiate and, in the end, pay the ransom. But not much is
known about the economic backgrounds and negotiation strategies
of digital extortion.
That gap prompted our researchers Pepijn Hack and Zong-Yu Wu
to investigate negotiations that take place after the decision has
been made to pay a ransom after a successful ransomware attack.
More than 700 cases
Our researchers looked at how the most notorious ransomware
groups use economic models to maximise their profits, examined
the victims’ position during the negotiation phase and considered
what strategies ransomware victims can use to level the playing
field as much as possible.
More than 700 attacker–victim negotiations were collated between
2019 and 2020. The researchers had access to the negotiation
process between these groups and their victims and, in addition,
a large amount of data was examined. The negotiations under
investigation were partly done by a negotiator and partly handled
by the victim itself.
Our researchers found that ransomware gangs have developed
negotiation and pricing strategies to maximise their profits, based
on understanding their victims’ financial situation prior to executing
their attacks. While this leads to an unlevel playing field, ransomware
victims are not completely powerless.
We summarise our researchers’ main conclusions here but detail
comprehensively the strategies victims can deploy to counter
attackers’ advantage, as well as practical tips about the negotiating
process, in our research report.
Read more here:
research.nccgroup.com/2021/11/12/we-wait-because-we-know-you-inside-
the-ransomware-negotiation-economics
20
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Unlevel playing field
The ransomware victim is in the firm grip of its attacker – not just
because of the operational seizure but because the attacker knows
more about the victim than the victim knows about the attacker,
even down to how much might be paid if all goes well.
Still, the playing field is not as uneven as it may initially appear.
Criminals are after money and a victim which pays less than the
amount originally requested is still better for the criminal than a
victim which does not pay at all. The latter would be a waste of the
time, effort and resources the attacker had to invest to launch the
ransomware attack in the first place. So it is in the criminals’ interest
to negotiate with their victims. Moreover, the attackers are people
and people can be influenced and make mistakes.
More than 50% “discount”
Negotiations should yield maximum profit for the attacker, while the
victim is after paying as little as possible. The researchers saw that
after negotiating, victims managed to get between 10% and 90%
“discount” – the term used by the attackers. In two-thirds of the
cases examined, this discount was more than 50%.
Moreover, once payment had been received, the ransomware groups
under investigation adhered to the negotiated agreement, even if, in
one of every two cases, their decryptors did not work well enough.
Our researchers also found that the same attackers did not come
back to the same victim to “try again”.
The importance of time
In addition to money, time is also of the essence to both the victim
and the attacker. Pressure is applied to the victim to pay as soon
as possible – with threats of leaking documents or doubling the
ransom. However, in many of the cases investigated, the attacker
remained willing to extend the deadline – giving more time to the
victim to respond.
Double extortion
The research findings also apply to negotiations in case of other
forms of extortion – the “double extortion” – where there is not only
encryption of data, but also the threat of publication or selling of
stolen data. In that case, the attacker has a stronger trump card
than with ransomware alone.
Strategic Threat Intelligence
Our Strategic Threat Intelligence practice develops software
solutions for a broader, more insightful look at current threat
landscapes and the way they impact organisations around
the world. Developing a web scraper, they gather data on
ransomware data leaks on the dark web in real time to
provide regular insights into who are the most recent
ransomware victims. By recording this data and classifying
the victims by sector, we can derive additional insights
highlighting the sectors that have been targeted, and how
current ransomware threats compare to previous months.
Find out more about how to subscribe to our monthly threat
intel pulse reports here: campaign.cybersecurity.nccgroup.
com/threat-pulse.
Facts
• Ransomware attacks almost doubled in 2021, rising
by 92.7% in 2021.
• The most targeted regions were North America
(53% of attacks) and Europe (30% of attacks).
• Throughout the year, attacks were most commonly targeted
at the public (19.35%) and industrial sectors (19.35%),
followed by consumer cyclicals (16.13%).
Read our 2021 Annual Threat Report here:
campaign.cybersecurity.nccgroup.com/annual-threat-monitor
Many of the dangers which we
first identified at the start of the
pandemic snowballed in 2021,
revealing a developing threat
landscape with ransomware
attacks on the rise.”
Matt Hull
Global Lead for Strategic Threat Intelligence, NCC Group
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
21
Strategic report�Market drivers continued
2
Securing our
connected future
How can these risks be mitigated?
It is vital that security considerations span the entire lifecycle of a
BCI, from secure design to secure and safe surgery and implant
(where BCIs are invasive), secure operation and secure decommission.
Ultimately, we’d encourage that principles of security by design
are implemented to mitigate potential risks, but other
considerations include:
• Supply chain threats
• BCI interface security
• Software escrow
The convergence of mind, body and
technology is fascinating and exciting,
with a potentially huge impact on
humankind’s evolution and enlightenment,
but it’s crucial that we approach BCIs with
the same diligence as we would with any
other emerging technology.
By doing so, we can continue to realise
the benefits of our increasingly connected
world in a safe and secure way.”
Matt Lewis
Group Commercial Research Director, NCC Group
Internet of thinks: securing the brain–computer interface
From our phones to our cars to our homes, we are realising the
benefits of linking more and more aspects of our lives to the internet
in a safe and secure manner. But what would happen if we could
connect our brain to the internet?
Our research team explored this and more through the emerging
phenomenon of brain–computer interfaces (BCIs) – technologies
that provide mechanisms for monitoring and decoding activity
in the brain and send signals to the brain through stimuli.
Although it sounds like science fiction, some major technology
companies are already researching, developing and commercialising
BCIs. There are three main types of BCI – non-invasive BCIs,
partially invasive BCIs and invasive BCIs – which can be categorised
according to their physical invasiveness upon the human body and
overall proximity to the affected user’s brain.
How could they be used?
The number of potential applications and impacts on society and
industry through BCIs is extensive. A couple of examples include:
• Medical applications, such as alleviating physical disabilities by
stimulating parts of the brain concerned with motor neuron
functions to restore movement in affected limbs
• Media, gaming and entertainment applications, such as content
that is streamed directly into the brain through BCIs or enabling
users to control aspects of a video game through their thoughts
Many of these imagined applications will only be realised through
advances in neuroscience and artificial intelligence or machine
learning, but the significance of their potential impact on how
we will live and work is obvious.
What are the security and safety risks?
Putting aside the exciting aspects and opportunities of BCIs, the
reality is that they involve integrating technology with our brains –
technology can be insecure and vulnerable to attack, so the threat
model of BCIs needs to be carefully understood, particularly within
specific use-case contexts (e.g. thinking one’s password to unlock
a device).
BCIs bring with them security risks to confidentiality, integrity,
availability and safety, where they may offer mechanisms to
adversely affect the operation of a person’s brain activity which
could result in mental manipulation, long-term brain damage or
loss of life. They also have the potential to impact individual privacy
in ways that could dramatically alter our society and freedoms.
Some of the specific safety risks of BCIs include complications
during the surgical procedure to implant them, scarring on the
brain and burns through excessive heat generated from BCIs.
From a security perspective, the volume of potential threats is vast,
ranging from design, supply chain and surgical impact through to
removal and decommissioning.
22
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�3
Increasing regulatory
and legislative requirements
Following developments in recent years, the
rapidly evolving threat landscape is reflected,
too, in a significant increase in more
interventionist government regulation of cyber
security and resilience all around the world.
As the concept of a “whole-of-society” approach becomes a
fundamental element of Western governments’ responses to the
cyber challenges of the 21st century, we are seeing widespread
attempts to re-write the rulebook for many sectors that are essential
to the functioning of modern societies and economies. This includes:
• The introduction of minimum security and safety standards for
connected devices in consumer homes and enterprise environments,
as well as for near everything else we have come to accept as a
given in our digital world – from smart electric vehicle charge
points to the app stores on our mobile phones
• The strengthening of organisational cyber security, and
organisations’ incident reporting requirements, driven predominantly
via reform of the Network and Information Systems (NIS) Directive
in Europe but also through Security Legislation in Australia, and
the Cyber Incident Reporting for Critical Infrastructure Act of
2022 in the United States, amidst an ever-growing focus on how
effectively to regulate supply chain security and meaningfully
direct organisations’ responses to ransomware attacks
• The professionalisation of cyber security service provision itself
as the crucially important role of our industry in underpinning
the global digital growth agenda is ever-better understood
Add to these general trends specific sectoral developments, and
more widely relevant undertakings, and it is easy to conclude that
we are but at the foothills of what the future cyber regulatory
landscape will look like. This includes:
• Demands on financial institutions to adopt a “resilience by design”
approach to managing their third party technology risk
• Central banks’ desire to develop stable and secure digital currencies
• Efforts to introduce secure digital identities in the public sector
and beyond
• Debates about standards for quantum-resistant cryptography
• Proposals to govern and assure the ethics and cyber security
of artificial intelligence
• Discussions to restructure international data transfers
to safeguard privacy
Moreover, this increasingly complex global regulatory landscape is
complicated further by geopolitics-fuelled competition over evolving
standards for new and emerging technologies, all of which organisations
will have to navigate successfully in pursuit of their broader objectives.
In fact, cyber resilience is a key component of ESG and
sustainability measures, which make knowledge of and compliance
with required governance an integral element of any organisation’s
licence to operate.
As organisations will increasingly rely on trusted partners to help
them to secure their future growth and navigate the maze of
horizontal, sectoral and internationally overlapping rules, standards
and laws, we believe that organisations like NCC Group that advocate
for evidence-based and future-proof regulations that materially
improve security and resilience outcomes, and that deeply understand
the evolving policy landscape and respond to organisations’ changing
needs with relevant research, product development and new
propositions, are well placed to meet this growing demand globally.
Cyber resilience is a key
component of ESG and sustainability
measures, which make knowledge
of and compliance with required
governance an integral element
of any organisation’s licence
to operate.”
Katharina Sommer
Head of Public Affairs
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
23
Strategic report�Stakeholder engagement
Listening to learn
We believe that to create value for our stakeholders, we must listen to learn what their needs are,
which will secure long-term growth. With our values and behaviours at the core of how we operate,
we use insights to inform the drivers of engagement to build enduring and trusted relationships.
These listening insights are used to continually improve decision making at every level of the
organisation – from the Board down.
Colleagues
We are a people business and our colleagues around the world
each play an important role in helping to make the world safer
and more secure.
Link to strategy:
The opportunity
• Colleagues know they are contributing to our success
• Feel confident they have the skills to do their job or have the support
to learn on the job
• Know what is expected of them
• The opportunity to grow their career
• Spend quality time with their line manager and feel listened to
Highlights in 2021/22
• Listening to feedback from colleagues on giving something back,
we have created a new global programme for FY23, which includes
matched giving, the ability to take one day’s paid leave either individually
or as a team to support a charitable cause or get involved in our
sponsorship initiatives, and the creation of a global Giving Back
colleague resource group, which will drive local action
• Integration of our new colleagues following the IPM acquisition
How we listen and engage
• Monthly team briefings to support managers to engage colleagues
in our business, complementing their operational content
• People manager forums and regular town hall type events
• Internal news platform that enables sharing of approved content
direct to social media
• Online knowledge hubs to support consistent ways of working,
with Microsoft Teams for collaboration and Yammer for informal
conversations
• Elected colleague forums in the UK, Spain and Australia and Works
Councils in Europe
• Annual colleague engagement survey with local teams empowered
to drive actions
• Non-Executive Director regular engagement sessions hosted
with colleagues (see page 86)
• Colleague resource groups sponsored by Executive members
Covid-19 action
• Continued to support hybrid working arrangements while balancing
the benefits of being together and supporting wellbeing
In focus
Recognising that many of our colleagues are out and about on
client assignments, we developed and launched a new monthly
team briefing as a way of consistently sharing information and
connecting them to what is happening across our business.
Within the team briefing we also provide talking points on
subjects that support our inclusion and diversity NCC
Conversations engagement activity – from how to support
colleagues during Ramadan, to Mental Health Awareness
Month, Earth Day and International Women’s Day, for example.
Where we have important business updates, we create special
issues for team briefings that are designed to quickly empower
managers with talking points and a dialogue framework
to engage colleagues. Feedback is shared and enables
us to respond appropriately to support understanding.
See more about our culture on pages 47 to 49
24
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Link to strategy:
Lead the market
Deliver excellence
Develop our people
Win business
Support growth
Customers
Our strategy of focusing on our customers’ broader resilience
posture has resulted in more projects where we are retained
to fix and improve their cyber security than ever before.
Link to strategy:
The opportunity
• Using our research and intelligence expertise to understand the threat
and how that affects our customers’ operations in their sector
• Using our insights to develop “right-fit” solutions, which improve and
enhance our customers’ current and future cyber resilience
• The ability to work collaboratively with our customers, their partners
and broader supply chains
• Horizon scanning regulations and legislation, and contribution to
government consultations based on understanding of the future
market needs
How we listen and engage
• Active account management
• Customer satisfaction surveys and complaints procedure in place
• Industry collaboration with increased investment in sector-based
approach to understand and mitigate risks of current and
future technologies
Highlights in 2021/22
• Created Global Portfolio, a cohesive portfolio comprising a
standardised set of offerings across the Group that joins our previous
services to our evolving propositions
• Protected an ever-growing education market with the continued use
of SURF – the IT co-operative for education and research across the
Netherlands, as well as across multiple UK customers
• Created, launched and grew our cyber security improvement (CSI)
proposition globally, which includes the creation and execution of
improvement plans, ransomware planning and knowledge transfer
to help our clients create continuous improvement
• Completed the global deployment of View, our next generation cloud
platform for secure code deposits, delivering an enhanced depositing
process for software vendors, and supporting end customers to
manage their software resilience proactively
Covid-19 action
• Continued successful delivery through both remote and on-site
working, meeting our customers’ requirements despite the impact of
local restrictions
In focus
Responding to a growing need, we launched our Insight Space
to provide monthly pragmatic cyber advice for senior executives,
based on the latest issues that are keeping people awake
at night.
Our insights feature expert voices from NCC Group and
business and industry experts and topics published include:
• Managing legacy risk
• Making your cyber resilience budget work smarter
• Reducing your cyber risk alongside business-as-usual activity
• Tackling insider threats
With magazines, reports, articles and webinars there is an
excellent bank of knowledge for executives to tap into and links
are made to service offerings to make it easier for them to talk
to someone to get advice.
And it doesn’t stop there; we are now collaborating with
NatWest to provide cyber resilience focused content for its
Business Hub, which is designed to provide business customers
with easy access to thoughts and analysis from industry experts
and partners.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
25
Strategic report�Stakeholder engagement continued
Shareholders
Suppliers
We are committed to engaging with our shareholders, creating
an opportunity to understand our business, the market, how
we are responding and the opportunity to secure growth.
We engage with many different suppliers across our global
business and value the role our supply chain plays in
supporting responsible business operations.
Link to strategy:
Link to strategy:
The opportunity
• Financial performance
• Dividend
• Responsible long-term sustainable strategy
• Sound corporate governance and stewardship
How we listen and engage
• CEO and CFO regularly meet investors
• Investor roadshows after the full and half-year results
• Annual Chair engagement with investors
• Open-door policy with investors
• An Annual General Meeting
Highlights in 2021/22
• 78 investor meetings held during the year
• Shareholder engagement throughout the IPM acquisition process
including discussion on the rationale for the acquisition, with a
general meeting held on 1 June with 100% shareholder approval
for the acquisition
• Shareholder engagement on changes to the Remuneration Policy
2021–2024
• Shareholder engagement on change in CEO, as NCC Group builds
on the platform developed under previous management
The opportunity
• Long-term trusted partnerships facilitating real, sustainable
overhead cost reduction and cost of sale margin improvement
• Strong working relationships
• Fit for purpose contracts and payment terms, ensuring suppliers
deliver to acceptable service levels and protecting NCC Group
from any long-term commercial inflation
• Ensuring we have a safe and responsible supply chain to protect
our service delivery to customers and brand reputation
How we listen and engage
• We have a professional, dedicated and experienced procurement
function, which actively manages key suppliers, monitors supply
chain trends and supports the business units to achieve their
commercial targets
• Regular meetings to be held with key suppliers to better inform
them of NCC Group’s strategy and future forecasting
• Due diligence completed at the beginning of our relationship
with suppliers
• Intention to host a supplier conference (post Covid-19)
• Structured onboarding of suppliers to NCC Group
Highlights in 2021/22
• Creating value to NCC Group through working collaboratively on
business projects
• Introduction of a new system to store and manage all third party
contracts, providing greater protection against risk and enhancing
planning capabilities
• Leveraging supply chain knowledge and our live data procurement
have supported the operational business through direct
involvement of customer bids
• Introduction of a consistent global supplier onboarding and due
diligence process is underway through phased implementation
26
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Our network
We are committed to creating a conducive operating
environment to enable our growth ambitions, and to using
expertise to inform evidence-based policy making. Only by
engaging proactively can we ensure our insights and vision
deliver the best societal outcomes in support of our mission.
Link to strategy:
The opportunity
• Our expertise provides access to basic cyber knowledge for
our local communities
• Understanding and shaping new and evolving regulations and
policy proposals mean we have the right solutions to address
our customers’ future needs and requirements
• Educating policymakers and regulators engenders trust and
a sense of pride
How we listen and engage
• Working with colleagues to shape what we advocate for
• Building alliances with global think tanks and foundations, trade
associations, charities and campaign groups, to pool resources,
amplify our messages and maximise impact
• Strategic relationships with national technical authorities, and
support for government initiatives across all of our regions,
including the UK National Cyber Security Centre’s
Industry100 scheme
• Representation on senior government advisory panels,
e.g. on connected places
• Direct engagement with regulators, officials and politicians
grappling with the challenges of emerging technologies and
keeping their citizens safe
Highlights in 2021/22
• Supported the UK National Cyber Security Centre’s
flagship CyberUK conference as the inaugural Technical
Masterclass sponsor, providing real-world practical advice
to complex challenges
• Cemented NCC Group’s voice as the cyber security expert in
the UK, the Netherlands and, increasingly, wider markets: the
UK House of Lords Home Affairs and Justice Committee adopted
a significant number of our recommendations in its report on
the advent of new technologies in the justice system; and the
UK Home Office invited NCC Group to represent the private
sector perspective on ransomware at the Security & Policing
Conference 2022
• NCC Group became a formal stakeholder participant in
UN proceedings to develop a new Cybercrime Convention,
joining the ranks of Amazon, Microsoft and Meta
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
In focus
As founders of the CyberUp Campaign to reform the
UK’s Computer Misuse Act 1990 to provide better legal
protections for cyber security researchers, NCC Group is
benefiting from external recognition, and the internal sense
of pride it has generated.
NCC Group colleagues highlight that our role in the
campaign “engenders trust” from our customer base and
that protecting our colleagues is something we should all
be proud of:
• We presented the CyberUp petition to provide better legal
protections for cyber security researchers to Number 10
Downing Street.
• Engagement with Members of Parliament and Peers has
resulted in a core group of parliamentary supporters
advocating for reform whose political pressure has been
instrumental in securing the first debate on the Computer
Misuse Act to be held in Parliament since it was first
introduced over 30 years ago.
If something is really important, then
we need to be seen to be trying to
make a difference (as well as actually
making a difference). A good
example of this is the CyberUp
Campaign. Seeing the team outside
Number 10 was incredible. It makes
me proud to know NCC Group is
engaging at this level.”
Response from an NCC Group colleague to
the Group Public Affairs internal survey
April 2022
27
Strategic report
�Strategy and KPIs
Executing our strategy
We are successfully executing our strategy,
realising our vision to become the complete
provider of cyber and software resilience
solutions globally.
Lead the market
Win business
Deliver excellence
Support growth
Develop our people
This section demonstrates how we are making progress to
become a one-stop-shop that creates value for our customers,
offering them a complete set of cyber and software resilience
services, which are promoted and sold to a global market,
underpinned by research, data and quantification.
In securing NCC Group’s future, we have built on strong
foundations to create a highly engaged and diverse talent base
as we continue to:
• Broaden our portfolio, adding services and solutions across
the complete Assess – Develop – Manage cyber lifecycle
• Improve how we go to market globally, becoming easier
to engage with and buy from
Link to risks:
1 Business strategy
2 Management of strategic change
3 Global pandemic – Covid-19
4 Availability of critical information systems
5 Attracting and retaining appropriate
colleague capacity and capability
6 Information security risk (including cyber risk)
7 Quality of Management Information Systems (MIS)
and internal business processes
8 Quality and Security Management Systems
9 International trade (formerly post-Brexit)
10 Sustainability
Read more on our risks on pages 64 to 72
Read more on our business model on pages 18 and 19
28
28
�Lead the market
Case study
Deliver world-class research and thought leadership coupled with
leaders who can engage audiences and convey our message across
all channels
What we said we would do
Continue investment in high impact research
What we have achieved
• Published 100 blog posts and 40 technical advisories on our
dedicated research blog, attracting a quarter of a million visitors
• Released 20 open-source tools, and contributed to security standards
development for C, Kubernetes and post-quantum cryptography
• Our consultants have been recognised as some of Microsoft Security
Response Center’s (MSRC’s) most valuable security researchers
• Participated in UK government forums on Quantum Communications
and connected places as independent experts
• Continued to build our commercial research services resulting in
numerous engagements for large US-based technology companies
• Delivered the second of our industry acclaimed annual research reports
KPIs
4,841
research days including GMS
(2021: 6,043)
65
conference presentations,
41 at Tier 1 venues (2021: 51)
Future focus
NCC Group continues to drive the concept of “cyber as a science”
as a fundamental aspect of what we do. We see it as crucial to
build strong evidence for what works where, against which threats
and with what limitations. Similarly, being able to measure and
quantify the “before” and “after” is critical so we can truly evaluate
material changes in organisations’ resilience posture. Beyond
these fundamental drivers, we will continue our research focus on
the security of machine learning, open source, smart cities and
5G along with nascent programmes around the metaverse
ecosystem and future finance technologies.
Link to risks
1
2
4
5
6
7
8
10
Addressing the challenges of Internet
of Things security via policy, thought
leadership and research.
NCC Group works extensively on the challenges of
Internet of Things (IoT) security, driving improvement
at government level and across various industrial sectors.
The proliferation of embedded connected devices
poses a substantial risk to nations, enterprises and
consumers and the threat of exploitation is only increasing.
In the past year we have helped shape legislation
and regulation of IoT security through engaging and
educating politicians working on the Product Security
and Telecoms Infrastructure Bill in the United Kingdom.
Where the UK has led, other countries are following,
including Australia and Singapore, ensuring the
Group’s influence is seen globally.
NCC Group’s Global Chief Technical Officer
participated in several Atlantic Council forums,
a US think tank in the field of international affairs.
We proposed novel incentives for IoT device
manufacturers to drive improved cyber security, such
as using the sustainability pillars of environmental,
social and governance (ESG) and introducing forced
buyback for end-of-life devices to drive systemic change.
Our applied security research teams:
• Demonstrated fundamental weaknesses in
technologies such as Bluetooth Low Energy
with regards to relay attacks
• Discovered and exploited vulnerabilities in printers,
network attached storage, firewalls, routers,
5G core network components and embedded
cryptographic libraries
• Demonstrated weaknesses in Field Programmable
Gate Arrays (FPGAs)
• Issued guidance on the use of embedded components
in a secure manner for designers and manufacturers
29
Strategic report�Case study
We partnered with a financial services
firm to create an embedded security
partnership.
Under the Global Investment Management agreement
we are innovation partners, integrated through a
consulting framework to accelerate technical services
across the customer’s global cyber security operations.
In addition to the technical consulting services,
governance reporting is incorporated into the
partnership, feeding directly into its board for oversight
and to enhance decision making.
Insights generated by reporting across the entire
cyber operations will enable our customer to be more
proactive, measure its risk more accurately and drive
change in a sector where cyber is a material risk to
responsible and sustainable business.
Strategy and KPIs continued
Win business
Drive customer value using our deep technical skills, wide-ranging
insights and broad capability
What we said we would do
• Embed the “One Global Offer” so our immense capability can be
articulated consistently
• Through renewed, repeatable models, bring forward our ability
to fix vulnerabilities that we find, and stay with customers through
their improvement journey
• Meet our customers’ skills gap with technical experts that align
to the evolving needs of their remote/on-premise services
What we have achieved
• Created Global Portfolio, a cohesive portfolio comprising a
standardised set of offerings across the Group that joins our previous
services to our evolving propositions, and that is clearly articulated to
our customers – allowing us to upsell and cross-sell to unlock greater
customer value
• Protected an ever-growing education market with the continued use
of SURF – the IT co-operative for education and research across the
Netherlands, as well as across multiple UK customers
• To meet market demand, we’ve created, launched and grown our cyber
security improvement proposition globally, which includes remediation
teams and support for ransomware planning and incident response
• Completed the global deployment of View, our next generation cloud
platform for secure digital deposits, delivering an enhanced depositing
process for software vendors, and supporting end customers to
manage their software resilience proactively
KPIs
Revenue (£m)
£314.8m
165
orders with a value greater than £250k
(2021: 134)
.
0
3
3
2
.
7
0
5
2
.
7
3
6
2
.
5
0
7
2
.
8
4
1
3
18
19
20
21
22
£3.4m
Software Resilience cloud
proposition orders (EaaS)
(2021: £2.2m)
Future focus
We love the fact that our mission has come to life with so many
customers around the world. Our future focus is to keep them
happy and maintain an appropriate resilience position that meets
their needs against ever-changing global threats. To that end, we
look to retain the supply of value-based cyber security experts
and provide exciting new solutions to our customers, such as our
broader security improvement and Microsoft XDR offerings.
Link to risks
1
6
10
30
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Deliver excellence
Case study
Our global customers often seek us out
to provide specific skillsets at scale or
very broad skillsets at short notice.
We deliver on these requirements by leveraging our
thousands of consultants spread across North America,
Europe, Southeast Asia and Australia.
One customer based in North America undertakes
a steady stream of acquisitions of firms spread across
the globe. They trust NCC Group as their security
partner, to help assess risk, undertake cyber due
diligence, and support with resulting improvement work
post purchase. We deliver tangible value creation
at each stage of its business lifecycle.
They are attracted to NCC Group because of
our geographic reach, our global scale and our
responsiveness. They simply can’t afford to have delays
in deals because a specific skillset is required or
because they have to piece together the deal team
across multiple geographies, so we step in and work
with them to provide whatever is needed.
Our expertise helps our customer to fully assess the
risks pre-purchase and understand the costs and
timescales for undertaking improvement activities.
This prevents them from increasing their own risks
inadvertently and makes sure they don’t overpay for
assets, which might have significant flaws. Our global
scale means we can stand up this sort of broad
experience quickly and tailor the engagement based
on what we find – and the customer’s risk appetite.
Deliver consistently high quality solutions that our customers value,
fully utilising our global capability and the technical excellence of
our consultants
What we said we would do
Promote a global delivery model and embed new ways of working
with our customers, providing a distinctive service
What we have achieved
• Implemented Global Assurance, leveraging our newly created global
professional services and global managed services functions to
leverage global resourcing efficiencies, to standardise our processes
and customer offers, and deliver a consistently high quality, highly
valued service for our customers
• Expanded our technology suite across Managed Detection and
Response (MDR) to include Splunk, Carbon Black and, now,
Microsoft XDR, thus providing enhanced cyber capabilities to
Microsoft users across our customers’ growing ecosystem
KPIs
271
increase in technical specialists
(2021: 49)
13,813
days of global resourcing
(2021: 9,356 days)
Future focus
We’ve created specialist dedicated teams to support our customers in
adopting Microsoft XDR with rapid deployment options, our bespoke
Threat Intelligence feeds and industry-leading response times.
We’re looking forward to the launch of our continuous
assessment offerings, which will provide cost effective solutions
to maintain and improve security for our customers every day.
Link to risks
1
2
3
4
5
6
7
8
9
10
31
Strategic report�Case study
Historically NCC Group has had a
regionally focused sales offering, which
meant that within our sales catalogue
we had many different products.
This made it very challenging for our sales teams to find
the right product, which resulted in loss of time due to
incorrect data, impacting scheduling and invoicing and
creating missed opportunities for upsell and cross-sell,
leaving money on the table. It also meant that it was
tough for customers to unlock the full potential of
bringing these products together into cohesive offers.
The Global Portfolio project:
• Rationalised these down to standard elements used
across the whole Group
• Built a core set of services composed of these
standardised elements
• Provided programmatic linkages (via Salesforce),
which enable sales teams to match services that
our customers frequently buy together
• Created detailed training, collateral guides and
wizards to help sales teams understand the linkages
between the different types of services and how
to help provide a more complete solution set to
a customer’s actual needs
Within the first month of release in January 2022, our
cross-divisional referrals more than doubled, and that
upward trend remained roughly consistent for the
remainder of the year. While it is still too early to see
some of the downstream benefits associated with
improved data quality, we are confident this will be
reflected through future increased productivity across
the sales, delivery and finance teams.
Strategy and KPIs continued
Support growth
Provide the tools and processes that enhance how we work today,
enabling access to quality management information
What we said we would do
Create a programme delivery team to drive business ownership and
alignment across our various systems from our professional functions
through to sales and delivery
What we have achieved
Alongside business-as-usual continuous improvement, we made
significant progress on business alignment and efficiency with the:
• Implementation of our Global Portfolio, providing clear business
benefits around data quality, in support of our One Global Offer
• Implementation of Launched Cases, a single ticketing system across
all delivery businesses enabling smoother scheduling across all
regions and time zones, unlocking the global resourcing efficiencies
we leverage to support our global customers with the skillsets they
require
• Bringing together of our Global Technical Services and Securing
Growth Together systems transformation teams to improve
efficiency in system implementation and development. We’ve
created a strong platform of product managers and analysts to
drive business representation and ownership, and ensure we are
making the most of our technology related investments
• Appointment of our first Group Chief Information Officer, Rebecca Fox,
who is leading the transformation of the Global Technical Services
function to deliver for the business needs today and in the future
KPIs
Adjusted operating profit (£m) 1
Cash conversion (%) 1
£48.1m
101.9%
.
1
8
4
.
0
0
1
1
.
9
2
0
1
.
0
1
9
.
2
9
3
.
9
1
0
1
.
2
8
8
.
8
0
3
.
7
3
3
.
7
0
3
18
19
20
(restated)
21
22
18
19
20
(restated)
21
22
Future focus
Over the coming year we will continue to embed the
transformation programme into Global Technical Services,
strengthening our business-as-usual provision and maximising
the return on these systems; complete our deployment of
scheduling tool Kimble across all relevant operating areas; and
embed access to actionable, meaningful and consistent data and
reports across the organisation and at all levels through the
deployment of PowerBI.
Link to risks
1
2
3
4
5
7
9
10
32
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Develop our people
Case study
Create a positive colleague experience like no other offer in the industry,
investing in our talent and organisation to unlock our full potential
What we said we would do
• Be a hub for cyber talent, and a quirky, distinctive environment
where individuals and teams thrive
• Invest in learning and development
What we have achieved
• Launched a career framework and learning pathways pilot for our
UK Assurance delivery colleagues across technical, consulting and
management functions
• Launched the Next Generation Manager Programme in the North
America and UK Assurance divisions following its successful pilot
in Software Resilience (100% of the initial cohort are now
in manager roles)
• Promoted over 280 talented team members
• Gender decoded our job adverts and piloted the redaction of CVs
to remove unconscious bias
• Continued our partnership with Uptree and Capslock to improve the
gender diversity of our foundation and classic entry programmes
KPIs
Attrition rate (%)
20.5%
Engagement score (Best Companies)
One to Watch 2
(2021: One to Watch)
.
4
3
2
.
1
1
2
.
5
0
2
.
0
7
1
.
4
4
1
Colleague engagement score
658 2
(2021: 643)
18
19
20
21
22
Future focus
FY23 will be the year we focus on improvements to the colleague
experience at NCC Group, with investment in onboarding and
global career pathways building on our pilot in the UK, and
redefinition of a compelling colleague proposition, underpinned by
investment in leadership and management development. We are
committed to improving the gender balance in our organisation
through partnerships and outreach.
Link to risks
1
3
5
10
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting
items. Further information is also contained within the Chief Financial Officer’s Review and
the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
2 Good Organisations Ones to Watch is a special status awarded to organisations where
workplace engagement shows promising signs for the future. Achieving a Ones to Watch
status takes a BCI score of at least 600 and reflects organisations with “good” levels of
workplace engagement. For further details please refer to: www.b.co.uk/accreditation/
ones-to-watch#:~:text=Good%20Organisations%20Ones%20to%20Watch%20is%20
a%20special,reflects%20organisations%20with%20%27good%27%20levels%20of%20
workplace%20engagement.
In a world where everyone wants the
best tech talent, to meet the demands
of the exponential pace of digital
transformation, and there’s a global
skills shortage, we took the early
decision to build our own capability
to feed the growing demand for
our services and the growth of
our business.
Building on the strength of our Next Generation Talent
programme, we started searching for future cyber talent
in completely different sectors. We look for people with
the attitude and aptitude to start a career in cyber who,
with support of a tailored training programme, could
discover and unlock their full potential. Of the 115
people who joined our programmes in the UK, North
America and APAC, this included Emma, who joined
the UK programme as a former childcare specialist and
has been offered “the greatest career growth for her
future in cyber security”, and Nick, who left his job as
a recruitment consultant in Florida to start his “dream
job” with NCC Group.
In parallel, we introduced career paths linked to each
of our technical job grades focused on structured
progression for our more experienced consultants.
The promotions create space for the junior consultants
we have trained – it’s a win/win for everyone.
This resourcing engine has fuelled our growth in FY22,
creating opportunities for our colleagues and a reduced
reliance on the external labour market, and has secured
top talent to deliver for our customers.
Read more on page 35
33
Strategic report�Strategy and KPIs continued
Next Generation
Talent programme
Our Next Generation Talent programme is open
to candidates from a variety of backgrounds and
specialisms, from students to career changers
or those simply looking to move into another
area of cyber security. Candidates can expect
to learn more about network and infrastructure
testing, how to run web app assessments, applied
research, consultancy skills and much more.
The wealth of experience and knowledge
gained through the programme is invaluable and
can often lead to colleagues finding interest in
areas of cyber security they didn’t know they had.
I’m proud our global Next Generation
Talent programme is enabling us
to break the barrier and make a
career in cyber accessible. If we
are to achieve our mission of making
the world safer and more secure,
attracting new talent into our
industry is critical to ensure we
are truly representative of the
society we are protecting.
Our in-house training programme
has evolved since its launch. As we
continue to grow, we saw our Next
Generation Talent programmes
in the UK and APAC joined by
North America in January 2022.”
Ian Thomas
Managing Director
34
�Emma’s story
As a former childcare specialist, Emma Hackett
understands the importance of growth and
development. Starting out in her career at 18,
she developed a range of skills working with
5 to 11 year olds and children with disabilities
before becoming a childminder for children
aged from birth to 12 years.
A believer in life-long learning she yearned to challenge herself
and investigated how to start a career in cyber. Undertaking a
few cyber programmes, she researched qualifications needed
and found our programme. She applied and was in disbelief that
NCC Group would take a chance on her. Emma has bolstered
her learning by joining the Ladies Hacking Society, an online
community in the UK, that supports those in the industry and
those who want to join.
I have embraced this fast-paced
and exciting learning environment.
Everyone from my mentor to my
colleagues has been so supportive
of my passion. I feel so confident
in my abilities to succeed. I was
always nervous that my dyslexia
and lack of experience would
hold me back, but NCC Group
welcomed me and invests in our
teams no matter what. If I can do
it, anyone can!”
Emma Hackett
Read more stories from our 2021 UK cohort in our
diaries of a junior cyber security series
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
35
Strategic report�Sustainability
Making the world safer
and more secure for all
Sustainability is how we do business – it is our licence to operate.
Grounded in our values and principles, we’re guided by our Code
of Ethics and driven by our mission to make the world safer and
more secure for all.
Cyber resilience is an integral part of all organisations’
sustainability agendas – it’s a material risk that should be top of
mind for all, regardless of what industry or sector. We use our
global insights to help organisations assess, develop and manage
their cyber resilience posture, enabling them to confidently and
securely take advantage of the opportunities that sustain their
business growth.
We draw on our expertise, capabilities and global footprint to
develop solutions to meet current and future cyber challenges.
We help to educate policymakers and regulators. We give back
to protect our local community service and we share opportunities
to experience the world of cyber and inspire the next generation
to secure our future.
Read more on our business model on pages 18 and 19
Read more on how we manage and monitor risk in relation to sustainability on
pages 64 to 72
Sustainability is about ethical, responsible business practice,
delivering on our promise to shareholders while balancing social
and environmental factors. Our approach to sustainability is
focused on the recognised elements of environment, social and
governance (ESG). These are brought to life with our framework,
which enables us to focus our efforts on the activities that create
the greatest value for our stakeholders.
We set objectives that consider
people and the planet, and we take
responsibility for the part we play
in creating a safe and secure world
for all.”
Yvonne Harley
Global Director of Sustainability and Corporate Affairs
36
�Our key sustainability focus areas and objectives for 2023
Our sustainability
framework sets out
our global focus areas,
and we empower local
action to bring this
to life.
We have selected three areas of focus based
on the critical elements of our growth strategy.
We have not yet conducted a full materiality
assessment with our stakeholders and that
will come. For now we have drawn insights
from customers through the bid process to
determine what matters to them, from shareholder
conversations and colleague surveys and through
third parties – like Planet Mark, which we are
working with to map our net zero journey.
Our three priorities this year are:
• Creating an inclusive and diverse workplace
• Reducing our impact on the environment
• Being an ethical, responsible employer
and supply chain partner
Reducing our
impact on the
environment
T
M E N
N
O
IR
V
N
E
Focus
areas and
objectives
Creating an
inclusive and
diverse
workplace
S
O
C
I
A
L
G
OVERN A N C E
Being an ethical,
responsible employer
and supply chain partner
Environment
Social
Governance
We have partnered with Planet Mark to
support us to map out how NCC Group will
achieve the net zero requirement by 2050
and will be hosting workshops from the
Board down to achieve this.
We started the conversation last year,
hosting virtual and local conversations with
colleagues around the world. Through the
work we’ve done to report against the Task
Force on Climate-Related Financial Disclosures
(TCFD) we discovered opportunities for our
business to play a more active role in helping
other organisations to reduce their impact on
the planet.
Read more about TCFD on pages 39 to 43
Read more on pages 44 to 46
We are a people business with over 2,000
people focused on making this world safer and
more secure. To achieve this we must ensure
that our NCC Group community is as diverse as
the world we represent, so we continue to foster
partnerships that support this.
We empower local action in support of our
communities, and through our colleague
resource groups, we encourage conversations
that matter on a broad range of social topics to
make NCC Group a great and respectful
environment for all.
Read more about TCFD on pages 39 to 43
Read more about colleague
resource groups on page 52
Read more about our Giving
Back programme on pages 50 and 51
Priority targets for improvement:
• Reduction of our carbon footprint by 5%
• Improve gender diversity in recruitment
We are committed to building long-term
sustainable relationships, earning trust
through understanding the challenges our
customers have and delivering high quality
solutions to take their pain away.
We will do business fairly and use our
internal processes to assess and
consciously accept working with customers
and suppliers which align with our own
values and Code of Ethics.
We take responsibility to provide accurate
and timely information to shareholders and
always observe relevant regulations and
corporate governance principles to protect
the integrity of our business operations.
We consider the interests of all our
stakeholders when we make decisions on
the Group’s future strategy and priorities.
Read more about stakeholder
engagement on pages 24 to 27
Read more about our risk management
process on pages 64 to 67
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
37
Strategic report�Sustainability continued
Aligning to the United Nations Sustainable Development Goals
for best practice
The United Nations Sustainable Development Goals provide us with a blueprint to
achieving a better and more secure future for all. We selected the following goals,
which we felt were most relevant to our business and to our stakeholders:
3 – Good health and wellbeing
9 – Industry, innovation and infrastructure
With the increased pressures of a pandemic
and the intensity of the work we do, we put a
great deal of effort into our wellbeing
programme for colleagues.
We recognise the impact of inclusion and
diversity on wellbeing, and we encourage real
conversation about topics that matter
personally to our colleagues. And we invest in
resources and policies that further strengthen
this commitment.
Read more on pages 47 to 54
Our commitment to research, vulnerability
disclosure and threat intelligence and the
industry partnerships we foster help to provide
safe and secure by design technologies.
Working across multiple industries globally, we
have practice and sector experts to continually
research, monitor and develop future solutions
to enable sustainable and confident growth
for organisations.
Read more about our network on page 27
Read more about our strategy on pages 28 to 35
4 – Quality education
13 – Climate action
As a pure play cyber expert, we are committed
to investing in the cyber skills that will be
needed in the future. From our global research
programme, to investing in LinkedIn Learning,
we also sponsor colleagues to undertake
external accreditations. And we offer a Next
Generation Talent programme to enable a
non-traditional route into cyber.
Read more on research on pages 20 and 21
Read more about our Next Generation Talent
programme on pages 34 and 35
While not a material risk due to the nature
of our business, we believe in taking
responsibility for the part we play in protecting
the planet. We have partnered with Planet
Mark to support us on our journey and our
first priority was to certify our current carbon
footprint before we embark on a programme
to reduce our impact.
Read more about our environmental
commitment on pages 44 to 46
5 – Gender equality
16 – Peace, justice and strong institutions
Our value proposition is based on trust
and this is founded on our Code of Ethics,
considering the interests of all our
stakeholders when we make decisions
on the Group’s future strategy and priorities.
Read more about our principal risks
and uncertainties on pages 64 to 72
Read more about our governance on page 55
We are committed to building a diverse
and inclusive culture for all and we take
responsibility for playing our part in the
global challenge of not only encouraging
more women into technology, but also ensuring
a level playing field for career progression.
We are investing in early careers programmes,
our own and in partnership with others,
and with the development of policies and
resources that support colleagues at whatever
stage of life they are at, and our career paths
framework, we are building a foundation to
create a successful environment to achieve
our ambition.
Read more about gender and our other resource
groups on page 52
38
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Environment
TCFD
Climate related financial disclosure
in line with TCFD guidelines
This is NCC Group’s first year reporting against the Task Force
on Climate-Related Financial Disclosures (TCFD) requirements.
In line with listing rule 9.8.6R(8) we have produced TCFD
disclosures which are consistent with the TCFD recommendations
and recommended disclosures across the governance, strategy, risk
management and metrics and targets pillars. In assessing whether
the disclosures are consistent, we have referenced section C of the
TCFD Annex entitled ‘Guidance for All Sectors’. For strategy we
comply with disclosures (a) and (b) but for (c) we need to map out
our net zero journey and review our scenario analysis and assess
the resilience of NCC Group against our risks. This further work is
included as a target below and will be published in next year’s TCFD
report. Furthermore, for each pillar we have included a table which
describes our current disclosure, our developments achieved
in FY22 and our focus areas for FY23.
Our overall exposure to physical and transitional climate change is
considered low due to the nature of the business and can be reduced
through the strategy and journey we’ve outlined over the next few
pages. The scenario analysis for physical risks (flooding, earthquakes
and storms) does not pose a high risk as there are mitigating
controls in place and business interruption would not be significant.
We are working with Planet Mark, a sustainability certification
organisation, which has calculated and verified our carbon footprint
and helped us to identify reduction targets for the next financial
year. Through the course of our new financial year, we will also
work with it to map how we will achieve net zero by 2050.
It is worth noting that alongside the risks identified we have a
significant opportunity as the market develops and industries invest
more in climate change. For example, we currently work with
customers which specialise in developing technology for electric
vehicles, renewable energy (wind and solar), operational technology
and other technical application work. There is an opportunity to
increase revenues in these expanding areas as technology develops
to support more climate related initiatives.
Governance
TCFD recommended disclosure
NCC Group disclosure
Developments in FY22
Focus areas for FY23
Governance
A. Describe the Board’s
oversight of climate related
risks and opportunities.
• The Board takes overall
accountability for the management
of climate related risks and
opportunities and considers them
as part of its overall risk review
processes
• The Board gets updates from
the Director of Sustainability and
Corporate Affairs, who is part of the
Executive Committee
B. Describe management’s
role in assessing and
managing climate related
risks and opportunities.
• The Director of Sustainability and
Corporate Affairs advises both the
Executive Committee and Board on
climate related issues
• An ERM Committee was
established in 2021, which meets
quarterly and covers climate risk
• The Enterprise Risk
Management Committee, which
meets quarterly, has reviewed
climate related risks and
opportunities and this will be
cascaded up to the Board
as required
• Further Enterprise Risk
Management (ERM)
Committee meetings and
recommendations made to the
Board as appropriate including
progress to map out our net
zero journey
• Decision made to appoint
external specialists Planet
Mark to assist with our
carbon footprint calculation,
net zero journey and
colleague engagement
• The ERM Committee and
a TCFD working group were
established to ensure progress
was made
• Engaged with external
specialists Planet Mark to give
support as we calculate our
carbon footprint and determine
our net zero journey
• To maintain the climate related
risk register and ensure actions
are followed up
• To map NCC Group’s net
zero journey
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
39
Strategic report�Sustainability continued
Governance continued
The Board takes overall accountability for the management of all
risks and opportunities and considers climate related issues when
reviewing and guiding strategy, budgets and business plans as well
as when setting performance objectives, monitoring implementation
and performance, and overseeing major capital expenditure,
acquisitions and divestitures. Our commitment is published through
our Environment policy available on our website.
Climate related risks and opportunities are managed within our
broader sustainability framework and have executive oversight by
the Global Director of Sustainability and Corporate Affairs. All key
issues are reported up to the Board by the Executive Committee
or Enterprise Risk Management (ERM) Committee as they arise,
climate related or otherwise. Now the TCFD risks and opportunities
have been identified, and we have completed our climate related
materiality assessment, this will be incorporated into business as
usual and managed as per our risk management approach.
Since the start of calendar year 2022, climate change risk has
been discussed in the quarterly ERM Committee meetings, which
includes progress against our climate goals. To date, no climate
related issues have required Board notification. However, going
forward the effect of climate issues on future acquisitions, disposals
and major capital expenditure, as well as an update on NCC Group’s
net zero journey in particular, will be raised and discussed at all
Board meetings.
The Board and Executive Committee have both recently had climate
awareness training delivered by Planet Mark, have seen our carbon
footprint measurement and reduction targets and will be actively
involved in the net zero journey planning led by our Global Director
of Sustainability and Corporate Affairs and the role they play
in reducing our impact on climate change.
How ERM fits into the Group Committee structure
Board
t
i
d
u
a
l
a
n
r
e
t
n
I
Audit Committee
Cyber Security Committee
Enterprise Risk Management
(ERM) Committee
ExCom
E
x
t
e
r
n
a
l
a
n
d
I
S
O
a
u
d
i
t
o
r
s
40
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Strategy
TCFD recommended disclosure
NCC Group disclosure
Developments in FY22
Focus areas for FY23
Strategy
A. Describe the climate related risks
and opportunities the organisation
has identified over the short,
medium and long term.
• See tables describing risks
and opportunities
• Implemented a TCFD working
committee across the
business
• To monitor actions arising
from risk register
B. Describe the impact of climate
related risks and opportunities on
the organisation’s businesses,
strategy and financial planning.
• Not considered material to NCC
Group; however, there are
opportunities arising that should
be maximised
• Reviewed risks and
opportunities, mitigations and
associated financial impact
• To map NCC Group’s
net zero journey
C. Describe the resilience of the
organisation’s strategy, taking into
consideration different climate
related scenarios, including a 2°C
or lower scenario.
• Scenario analysis undertaken;
only two office locations at risk
of rising sea levels with
mitigations in place reducing risk
• Obtained independent risk
report on office locations at
risk from flooding and extreme
weather conditions
• To further review sea level
analysis and scenario planning
and assess if the risk changes
We are taking responsibility for reducing carbon emissions and
being able to articulate the impact of climate change – both
opportunities and risks – on our financial performance.
Climate related risks
A new strategic risk has been identified (cross-refer to Principal Risks
section) in relation to climate change within the Group’s principal risks
and uncertainties and associated operational risks beneath that.
Through our risk management framework (see Risk Management
section on pages 64 to 72), we have identified and assessed
climate related risks and categorised into the short (<1 year),
medium (1–5 years) and long term (>5 years). We have also
identified the impact that the risks have on the business, client
services and supply chain and the corresponding mitigations in
place to reduce the risk. All risks identified affect the Group in its
entirety except where specific locations have been highlighted.
Examples of the types of climate related risks and opportunities
faced by NCC Group include the following:
Transition risks
• Greenhouse gas emissions: increased costs associated with more
taxes and levies (medium term)
• Move to net zero: increased costs required to lower emissions
(long term)
• Margin risk: impact on service charge out rates and associated
erosion of profit margin due to increased costs because of
climate risk (medium term)
• Reputation: failure to comply with climate change related
(medium term)
• Regulations to achieve goals may negatively impact public
perception (medium term)
• Supply chain: increased supply costs and delayed deliveries
(medium to long term)
Physical risks
• Extreme weather (acute): causing business disruption and loss
of service delivery and therefore revenue (short to long term)
• Sea level rises (chronic): increased likelihood of flooding in Delft and
Amsterdam offices causing increased insurance premiums (long term)
Opportunities
• Resource efficiency: more efficient modes of transport, recycling,
hybrid working and efficient buildings creating less cost and
improved colleague engagement and wellbeing by removing
unnecessary travel (medium to long term)
• Energy source: use of lower-emission sources of energy, introduction
of an electric/hybrid salary sacrifice car scheme for all UK colleagues
creating reduced costs, exposure to future fossil fuel price and
improves colleague engagement and wellbeing (medium to long term)
• Market: can sell into industries which are significantly changing
due to climate change resulting in increased revenues, e.g. oil and
gas companies expanding into alternative energy, smart meters,
electric vehicles, IOT technology to reduce waste, cloud data
centres, etc. (short to medium term)
• Resilience: increased investment opportunity due to responsible,
sustainable business model (short to long term)
Scenario analysis
One of the physical risks is our office locations due to two (Amsterdam
and Delft) being at risk due to rising sea levels. We have undertaken
modelling on different scenarios (see Metrics and Targets section);
however, global temperature rises and extreme weather are not
expected to have a fundamental impact on our business model.
If sea levels rise above 5m, then the risk increases, but existing
flood defences are expected to mitigate any near-term impact and
the ability to now work remotely has been tested. Furthermore, our
leases on these offices expire between 2023 and 2025 so this risk
does not impact the useful life of the infrastructure for NCC Group.
Qualitatively, at a 4°C scenario (i.e. business as usual) our physical
risks will likely materialise without intervention from local land
management/governments. However, as we aim to align to a 2°C
world, our transition risks will need to be modelled and assessed on
an ongoing basis. Once we have mapped out our net zero journey
and timelines in calendar year 2022, we will review our scenario
analysis and assess the resilience of NCC Group against our risks,
but at this time, with the information available, we don’t believe there
is an impact on our strategy under a 2°C scenario.
Financial planning
Due to the mitigations noted in our full TCFD report, and the nature
of our industry, we do not believe the current climate related risks
pose a material financial impact to our business; however, we do
have significant opportunities that we are working to maximise. For
future acquisitions, capital expenditure, research and development
or general operating costs and revenues, we will ensure climate
related issues are considered within the financial planning process.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
41
Strategic report�Sustainability continued
Risk management
TCFD recommended disclosure
NCC Group disclosure
Developments in FY22
Focus areas for FY23
Risk management
A. Describe the organisation’s
processes for identifying and
assessing climate related risks.
• Climate related risks are
managed through our Enterprise
Risk Management framework
• Climate related risks identified
and categorised over the
short, medium and long term
• Monitor actions arising from
risk register
B. Describe the organisation’s
processes for managing climate
related risks.
• Climate related risks are
documented, mitigating actions
considered, a risk rating
assigned and associated actions
documented and followed up
• Climate related risks identified
with associated actions which
are being actively followed up
• Monitor actions arising from
risk register
C. Describe how processes for
identifying, assessing and
managing climate related risks
are integrated into the
organisation’s overall risk
management.
• Climate related risks are
managed through our Enterprise
Risk Management framework
• Climate related risks identified
with associated actions which
are being actively followed up
• Monitor actions arising from
risk register
Climate related risks are managed through our NCC Group
Enterprise Risk Management (ERM) framework as published on our
website and included in the Risk Management section in this report.
All risks are assessed and scored in terms of likelihood and impact
in line with our framework on a consistent basis.
We adopt both a “top-down strategic” and “bottom-up operational”
approach to managing risk in the pursuit of our strategic objectives.
The approach is one of collaboration and we believe this is the most
efficient and effective way to identify risks.
Having identified and assessed our climate related risks based
on short (<1 year), medium (1–5 years) and long-term (>5 years)
horizons and categorised them into physical and transition risks
(see Strategy section) we have determined that climate change
is not currently a significant risk for NCC Group. However, we have
included a climate related risk within our Principal Risks section
as it is a key reporting area; see page 71. The ERM Committee has
reviewed the risks, their mitigations, controls and associated actions
and will continue to monitor these going forward.
Secure leadership buy-in
Establish Committee oversight
Audit Com mitte e
Integrate
into reporting
Assess
financial
impacts
Ris
k
C
o
m
m
i
t
t
e
e
Perform
scenario
analysis
Adapt
ERM
Obtain
assurance
Implement
internal
control
Collaborate across
the business
Use
existing
tools
Solicit
investor
feedback
42
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Metrics and targets
TCFD recommended disclosure
NCC Group disclosure
Developments in FY22
Focus areas for FY23
Metrics and targets
A. Disclose the metrics used by
the organisation to assess
climate related risks and
opportunities in line with its
strategy and risk management
process.
B. Disclose Scope 1, Scope 2 and,
if appropriate, Scope 3
greenhouse gas (GHG)
emissions and the related risks.
C. Describe the targets used by the
organisation to manage climate
related risks and opportunities
and performance against targets.
• Greenhouse gas emissions for
2022 vs prior years
• Net zero plan is in progress
• Car fleet to be discontinued
• Physical risks review
• Climate related performance
metrics incorporated into
Directors’ remuneration
• Review of key risks and
associated metrics following
a modelling exercise
• Greenhouse gas emissions
and carbon footprint
independently verified
• To map NCC Group’s net
zero journey
• To develop the Scope 3
reporting to include impact
of working from home and
supply chain
• Greenhouse gas emissions for
2022 vs prior years
• Greenhouse gas emissions
independently verified
• Set target reductions for carbon
footprint and greenhouse gas
emissions
• NCC Group’s carbon footprint
has been independently
calculated with the base year
of 2022 to set a target for
2023
• To develop the Scope 3
reporting to include impact
of working from home and
supply chain
• To define NCC Group’s net
zero journey
Greenhouse gas emissions
Our Scope 1, Scope 2 and Scope 3 emissions were calculated
in FY22 by Planet Mark in line with the GHG Protocol Corporate
Standard. Planet Mark has calculated this from verified third party
data and invoices as part of our overall carbon certification. Note,
the certification has not been independently audited by KPMG.
The Scope 3 emissions for transmission and distribution and travel
distances were calculated using the units of energy consumption and
travel distances provided respectively multiplied by the relevant BEIS
emissions factors. Some conversions were used, for example GJ
to kWh and miles to km. Scope 3 emissions are not the full scope
in FY22 but we are working on the data requirements for this with
Planet Mark.
Net zero plan
Over the next financial year, we will work with Planet Mark
to develop our net zero plan (following the net zero standard
defined by the Science Based Targets initiative:
sciencebasedtargets.org/net-zero) and associated timelines,
including full Scope 3 emissions disclosures. This includes
verification of our carbon footprint and workshops, energiser
sessions and masterclasses for the Board, Executive and broader
colleague community.
Our net zero plan will allow us to identify areas of higher carbon
intensity and allocate targets to reduce these in line with the
Paris Agreement. Meanwhile our carbon footprint measurement
calculated for our full financial year ended 31 May 2022 has
identified our current usage, 1,253.6 tCO2e, and targets for our
total carbon footprint to reduce by 62.7 tCO2e, our total carbon
reduction to be 5% and our carbon reduction per colleague
to be 0.03 tCO2e.
Targets and metrics:
• To reduce our carbon footprint by 5% over the next financial year
• To develop our net zero plan and associated timelines by 31 May 2023
• To improve the scope of our data and analysis working
with landlords of shared buildings and our supply chain
Car fleet
We currently have several company car scheme vehicles in the UK
and the Netherlands, of which a number are already electric or hybrid.
However, in February 2022 it was agreed that in the UK we would
move from a company car scheme to a salary sacrifice scheme offering
only electric or hybrid vehicles to all colleagues. This will provide all UK
colleagues with the opportunity to afford an electric vehicle and will
help further reduce our carbon footprint for business drivers as well as
reducing the impact on local communities for social and domestic use.
Target and metric: By 2027 the car scheme will be fully electric
or hybrid and have moved to a salary sacrifice scheme.
Physical risks
We have a “Natural Hazards Assessment Network” (NATHAN)
report from our insurers, Marsh, which is an established natural
hazard mapping tool and has mapped our global locations against
the risk of earthquake, storm and flood. The report does not quantify
potential losses but identified the relative risk for our locations.
Within the United States there are four sites at high risk of
earthquakes and five at high risk of storms and there are four
locations within Europe at high risk of flooding. However, it is
important to note there are mitigating controls in place for all
these scenarios.
Our main locations at risk of flooding due to rising sea levels are
in Delft and Amsterdam. We have reviewed flooding maps under
different scenarios between 2m and 6m rises to water levels.
However, the Dutch government has a programme for flood
prevention 1 and there are safety projects in both Delft and
Amsterdam, which are focused on improving and maintaining
the current defences in place.
Directors’ remuneration
The CEO and CFO are assessed on climate related performance
metrics as outlined in the Directors’ Remuneration Report section
of this report; see pages 106 to 127. A target is set on assessing
employee engagement, diversity and corporate social responsibility.
1 Delta Programme: flood safety, freshwater and spatial adaptation | Delta Programme | Government.nl.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
43
Strategic report�Sustainability continued
Environment
Greenhouse gas emissions
The greenhouse gas (GHG) reporting period is aligned with our
financial reporting year running from 1 June to 31 May.
The reported figures detail annual GHG emissions from activities
for which NCC Group is directly responsible. Having considered
the production metrics within the business, we have concluded that
annual turnover is the most appropriate to achieve a benchmark,
which aligns with the carbon reduction policy and methodology
we will work towards in FY23.
The overall energy and carbon report was produced and verified by
Planet Mark, an independent third party, that analysed the data from
our energy suppliers and data from expense systems to calculate
overall results.
The methodology used to calculate total energy consumption and
carbon emissions has been through the extraction of consumption
data from invoices and meter reads for the financial years stated.
Previously we have used estimates if data was not available, but this
year, where there was only six months of data available from certain
office locations, this has been extrapolated for gas and electricity
usage. We have committed to improving the data collection process
required from landlords where we have managed offices in FY23.
Reducing our impact
In FY23 we are working with Planet Mark to reduce our carbon
footprint, engage our internal stakeholders and map the journey
to achieving net zero by 2050.
Electricity and heat
and steam (tCO2e)
Gas (tCO2e)
979
189
415
298
61
80
2019/20
2020/21
2021/22
2019/20
2020/21
2021/22
Company owned cars (tCO2e)
Business travel (tCO2e)
309
611
47
13
29
67
2019/20
2020/21
2021/22
2019/20
2020/21
2021/22
Emissions by type (%)
78+
Electricity: 78.1%
Heat and steam: 0.4%
Natural gas: 15.1%
Company car travel: 1.1%
Business travel: 5.3%
44
1
+
15
+
1
+
5
M
�Source
Scope 1
Gas
Company vehicles
Diesel
Petrol
Hybrid
Total Scope 1
Scope 2
Electricity
Heat and steam
Company vehicles – electric
Total Scope 2
Total Scope 1 and 2
Scope 3
Business travel
Electricity transmission and distribution losses
Heat and steam transmission and distribution losses
Total Scope 3
Total Scope 1, 2 and 3
Total GHG tCO2e
2020
2021
2022
tCO2e change
from previous
year
% change
from previous
year
61.4
80.0
189.1
109.1
136%
187.3
122.2
–
309.4
370.8
22.6
24.2
–
46.8
126.8
5.2
2.1
4.0
11.3
200.4
(17.4)
(22.1)
4.0
(35.5)
73.6
(77%)
(91%)
–
(76%)
58%
415.3
297.8
924.5
626.7
210%
–
–
415.3
786.1
–
–
297.8
424.6
611.2
29.1
–
–
–
–
4.9
1.9
931.3
1,131.7
66.7
54.9
0.3
611.2
29.1
121.9
4.9
1.9
633.5
707.1
37.6
54.9
0.3
92.8
1,397.3
453.7
1,253.6
799.9
–
–
213%
167%
129%
–
–
318%
176%
Underlying energy use
The table below shows the proportion of energy use that occurs in the UK and non-UK countries alongside the total carbon emissions.
In FY22, 24% of the Group’s energy consumption and 29% of carbon emissions arose from the UK.
FY22 energy use
FY22 carbon emissions
kWh
% of global
energy use
Total emissions
(tCO2e)
% of global
emissions
Area
UK
1,073,901.18
Non-UK
3,379,109.31
Total
4,453,010.49
View our full carbon report on our website
24%
76%
100%
362.4
891.2
1,253.6
29%
71%
100%
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
45
Strategic report�Sustainability continued
Environment continued
Eco-design in practice
We are building a network of climate change champions across our
business and our aim is to empower colleagues to unleash their
creativity and own our net zero journey. An example of this in action
sits within the corporate affairs function, where our Global Head
of Digital Communications, working with our digital partners Nexer,
is leading the development of sustainable UX and development
practices for our corporate and business websites.
This eco-design approach, anticipating and taking action to minimise
negative environmental impacts, also contributes to our governance
approach to security as well as improving our user experience and
supporting our growth strategy through increased efficiencies.
Getting started
We performed a sustainability audit, which enabled us to set
benchmarks for future improvement measures – this included
capturing the carbon footprint of our eight key website pages,
chosen by their size and number of visits.
We already use Microsoft Azure for hosting, which uses green
powered servers, using c.50% renewable power to power its data
centres. We’ve started to look at Microsoft’s Emissions Impact
Dashboard, so that we can scrutinise usage, and start to make some
logical recommendations to reduce our impact, based on what the
data is telling us, scaling down on resources where we can, in line
with users’ behaviours on the site.
This broader range of insights has enabled us to consider where
to invest development and in FY23 we will:
• Upgrade our Umbraco Content Management System and hosting,
which will run on less powerful hardware in Microsoft Azure with
the same performance, leading to both cost and energy savings
• Redesign website pages and components, based on these
broader data insights, so users can find content quicker, in fewer
clicks. We’ll also use this data to explore what devices people are
using and whether there is an opportunity to make design
decisions, such as device dark mode
Sustainability offers us the
opportunity to be innovative and
to challenge traditional design
methods and thought processes
that not only reduce our impact on
the environment but create greater
value for all our stakeholders.
Kai Kurihara
Global Head of Digital Communications
46
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Social
Our culture
Each day at NCC Group our technologists and professionals
wake up with one mission – to help make the world safer and more
secure. Together they form a phenomenal knowledge network,
collaborating, innovating and creating value for our customers.
We are guided by our Code of Ethics and our values, which define
our behaviours – treating everyone and everything with respect.
This is the foundation of our culture, and we strive to create an
environment where everyone is welcome and can be successful.
We aim to create a culture where colleagues
are empowered and supported to be their
very best, with managers and leaders who inspire
them. We provide clarity on their role and the
expectation; we invest in career development
then recognise and reward colleagues with
benefits that go beyond fair pay.
Our colleagues work on exciting projects with
brilliant people, with the opportunity to share
their expertise in our wider communities. As
a people-led business, providing support for
wellbeing is at the heart of our proposition.
Above all, we give colleagues the opportunity
to follow their vocation and say with conviction
that what they do helps make our society
safer and more secure – whatever role they
play at NCC Group.”
Michelle Porteus
Chief People Officer
Values chain
We work together
We have each other’s backs
We are brilliantly
creative
We look at things differently
We embrace
difference
We respect each other
We take responsibility
We get things done in the
right way
47
Strategic report�Sustainability continued
Our culture continued
Creating a network of active allies
In 2021 our colleague resource groups led a piece of work to
explore how we could create an environment to empower everyone
to be an active ally for all.
We selected Oakridge Training Centre as our partner, and the
concept was launched by the CEO to all colleagues in a live virtual
event in November 2021. Our campaign and training – Action Ally
– is focused on equipping colleagues with skills they can use in
both their personal and professional life to be an active ally.
Complementary to our broader inclusion and diversity annual
training, Action Ally training began in the second half of our financial
year with the Executive Committee and senior leaders. It will roll
out to all colleagues during 2022 as well as being built into our
onboarding programme to underpin our values and behaviours
and Code of Ethics.
Wellbeing
We recognise the past two years has been tough for everyone,
and as we evolve from the learnings of the pandemic, we continue
to put emphasis on creating an environment that supports
colleagues regardless of their physical or mental wellbeing.
Mental health
In addition to our standard wellbeing policies and resources such as
Employee Assistance Programmes that support colleagues at every
stage of their life, we have a Mental Health First Aid network. Over
60 colleagues around the world have undertaken accredited training
to provide support to their colleagues with their mental health. We
also offer a mental health module to managers to create awareness
and further support colleagues in the workplace.
Physical wellbeing
In addition to mental wellbeing, the pandemic has created
challenges for physical wellbeing. With restrictions still impacting
many of our operations in the first half of the last financial year,
we continued to look at changing needs for colleagues to work
confidently and safely.
Where restrictions were in place, and where permitted, we provided
a way for colleagues who had a critical need for office working
space to access this. Each of our offices has an onboarding
document that outlines the responsibility of users, and how
to stay safe in the working environment.
Flexible/hybrid working continues as an option for colleagues and
we continue to assess the evolution to our future world of work,
with our primary focus ensuring we meet our customers’ needs.
Performance management
Our ambition is to be known as a hub for cyber talent, a place
where people can develop personally and professionally. We offer
a broad range of career options across our technology, sales and
professional practices. We are creating an inclusive environment
to grow, and we have an embedded transparent performance
management process. Colleagues and their managers are
encouraged to meet on a regular basis to review performance,
with a formal and documented bi-annual process at the half-year
and full-year stage.
The performance review plays an important role in supporting
colleagues’ personal development opportunities, while providing role
purpose and clarity. The introduction of career paths to guide career
options, our commitment to internal mobility and the open approach
to vacancies support our ambition to retain our talented teams and
enhance careers within the Group.
Learning and development
We provide tools and access to learning so colleagues can take
responsibility for their own development – including LinkedIn
Learning. We build learning and development programmes to
support colleagues to develop their careers through technical
certifications, and further and higher education qualifications to build
the cyber and professional skills to secure growth in the future.
Dedicated sales and technical training academies further enhance
our offering. We are proud to have established our Next Generation
Talent programme, which provides opportunities for talented new
entrants to the cyber industry and we are ready to launch our
foundation programme encouraging greater diversity by providing an
additional non-traditional entry route into cyber. See pages 34 and 35.
Career pathways
We are investing in career pathways to support colleagues to clearly
see how they can progress and, supported by our performance
management and development process, understand what skills
and experience they need to do this.
The career pathways have been rolled out to colleagues in technical
and sales roles in the UK, across several of our professional functions,
and continue to be developed for our global business, building on
feedback from colleagues themselves, alongside professional input.
To support our mission, and to enhance our position as a hub for
cyber talent, we also continue to take part in industry conversations
relating to careers and learning and development for cyber skills and
the global skills shortage. In March 2022 we contributed to the UK’s
Department for Digital, Culture, Media and Sport’s (DCMS’s)
consultation on “Embedding standards and pathways across the
cyber profession by 2025”. NCC Group has a vital role to play
in the future of the cyber security industry.
48
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Gender diversity
We take our role as a responsible employer seriously and see the
UK requirement to publish gender pay gap figures as an important
step towards transparency around a key issue within the broader
world of business. We recognise steps need to be taken to
continually improve our gender mix at all levels as part of our
broader strategy (see page 33 for our progress).
Read our latest Gender Pay Gap Report online: www.nccgroupplc.
com/sustainability/social/gender-pay-gap.
Main Board
Male
Female
Undisclosed
71%
29%
7171+
1%7070+
75%6161+
7575+
Direct reports to the
Executive Committee
New hires in FY22
Group
39%
26%
61%
70%
24%
4%
Executive Committee
38%
6262+
62%
Alumni
In January 2022 we launched our NCC Group Alumni Network community where alumni from across our global operations can
connect with each other, stay up to date with our latest news and insights, and discuss key issues facing our industry.
As a hub for cyber talent, our alumni are involved in every part of our industry across every part of the globe. We are proud of what
they achieve and equally proud of what they’ve gone on to achieve.
One of the things I’m most proud of over eight years leading the North American
operations for NCC Group is the way in which we have facilitated the career growth
of our colleagues both within the firm and beyond it. A quick glance at our alumni
reflects extremely positively on us both in terms of the part we’ve played in the
growth of people who spent a portion of their career with us and then ultimately
the impressive positions many of them have achieved after leaving NCC Group.
As an NCC Group alumnus myself, I am proud that, through
this network, we will maintain a community where former
colleagues can reconnect and share their knowledge and
experience from the journeys their careers have taken them on.
Only by embracing different views can we think of innovative
solutions to industry challenges.”
Nick Rowe
Managing Director, North America
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
49
Strategic report
+
24
24
+
+
1
1
+
+
0
0
+
+
M
M
+
39
39
+
+
0
0
+
+
0
0
+
+
M
M
+
29
29
+
+
0
0
+
+
0
0
+
+
M
M
+
38
38
+
+
0
0
+
+
0
0
+
+
M
M
+
26
26
+
+
4
4
+
+
0
0
+
+
M
M
�Sustainability continued
Giving back
Our global Giving Back programme is designed to enable
colleagues to choose how they play their part in ensuring their local
communities benefit from our presence. It also enables colleagues
the opportunity to share their skills and expertise to support broader
societal initiatives to make the world safer and more secure for all.
Giving back day
Building on our initial pilot, we have extended our Giving back day
across the globe – offering colleagues one day’s paid leave per
annum to donate time to a charity or an approved community
organisation of their choice. Colleagues can do this individually
or as a team exercise.
Matched giving
Our matched giving enables colleagues to request matched funding
up to £500 or local equivalent once per financial year to approved
non-profit organisations, increasing the impact of colleague time,
donations and participation in fundraising initiatives.
Giving Back colleague resource group
Our colleague resource group brings together a global network
of local representatives to share ideas and resources to become
more active in their local communities.
Sponsorship initiatives
In addition to colleague-led initiatives, we are involved in several
sponsorship programmes enabling us to give something back
and secure a better future for all, from local sports teams kits,
to investing in future cyber skills development programmes.
Where possible, we encourage colleagues to actively participate
in these initiatives adding to the time we invest in supporting good
causes. Examples of existing outreach activities include:
50
Empowering Women to Lead Cyber Security programme
In 2021 we sponsored the autumn cohort of the Empowering
Women to Lead Cyber Security programme, which was supported
by ScotlandIS, the Scottish government’s Digital Directorate and
the Scottish Digital Academy.
A three month programme, it is designed to address the long-
standing lack of women working within what is seen as Scotland’s
most critical and fastest growing sector. Our sponsorship enabled
the programme organisers to offer this leadership development
opportunity free of charge to successful applicants.
Giving back through our research expertise
We have a dedicated research working group, which offers paid
research time and other resources to research projects conducted
in the public interest, to support security and privacy research for the
greater good of society which might not otherwise have resources
available to support it.
This year, our researchers focused on a deep and broad analysis
of the security and privacy implications of different vaccine
passport apps around the world, the important topic of racial
injustice in algorithmic decision making, and mobile privacy from the
perspectives of users seeking to understand private data leakage
from their favourite apps, as well as the true privacy impact of
mobile-device-management (MDM) apps that colleagues are
often asked to use in a bring-your-own-device (BYOD) scenario.
Read more about our public interest technology research in our 2021 Research
Report: research.nccgroup.com/2022/01/10/2021-annual-research-
report/#public-interest-technology
Read more about research at NCC Group on pages 20 and 21
�Sponsorship of Defcon tickets
In the United States, we sponsored two $1,500 tickets for Black Girls
Hack summer camp delegates to attend Defcon.
Uptree partnership to support diversity commitment
Uptree works closely with teachers and career advisers to connect
young people with organisations before they leave school. Through
our partnership we’ll be able to reach and engage with over 127,000
talented and diverse students across the UK. In the past year, with
pandemic restrictions lifting, we’ve welcomed students to our
Manchester HQ for cyber events, and our colleagues are also involved
in broader mentoring, volunteering and giving presentations.
Supporting JINC to improve a child’s future chances
In the Netherlands, we provide our expertise to JINC, a Dutch
non-profit organisation that strives for a society in which a child’s
background doesn’t determine their future and offers equal
opportunities and a fair chance for all.
The partnership enables our colleagues to invest in and give
something back to the local community and includes an internship,
teaching the basics of programming at schools in The Hague
and Rotterdam area, job interview training at schools in Delft and
participation in the “Boss for a Day” event, where organisations
all around the Netherlands invite children to shadow their CEO.
Developing the next generation through CyberFirst
The UK’s National Cyber Security Centre (NCSC) offers summer
courses for young people aged between 11 and 17 years of age.
We support the creation and delivery of relevant training material
that fits within the syllabus of each level, and our colleagues get
involved through virtual and face-to-face sessions with students.
Supporting universities in the UK
We sit on the Industry Advisory Boards of the University of
Gloucester, Abertay University, the University of Kent and
Birmingham City University, providing expertise for their related
cyber courses.
At the University College of London, we are a supporting industry
partner for the Centre of Doctoral Training in Data Intensive Science.
We mentor PhD students every year on a group project, in addition
to MSc students on their dissertations.
Colleagues can get involved in these programmes through the
mentoring of students, presentations and Capture the Flag
hacking events.
51
Strategic report�Sustainability continued
Colleague resource groups
Creating an inclusive and diverse community
We want to create an environment where all colleagues feel
psychologically, emotionally and physically safe to be authentic,
representative of the diversity of the world they live in, share their
personal experiences and have equal opportunities to achieve.
Our inclusion and diversity plan underpins our growth strategy and
continues to evolve as our voluntary colleague resource groups,
established in 2020, embed into our way of life at NCC.
In addition to resource groups for our four focus areas: Gender,
LGBTQIA+, Neurodiversity and Race and Ethnicity, we have
welcomed the formation of new groups for Accessibility, Climate
Change and Giving Back (see pages 50 and 51).
Colleagues who wish to create a group are supported to gauge
interest, given Executive sponsorship, and supported by the
corporate affairs team to set the foundations and engage members
and our wider stakeholders.
At the heart of this engagement is our NCC Conversations
programme, which creates opportunity for colleagues to get involved
in conversations across a broad range of topics. NCC Conversations
range from blogs and panel sessions and resources, to toolkits for
managers to lead the conversations locally.
Women’s International Network
The Women’s International Network is complementary to our
colleague resource groups and is designed to:
• Create a safe space for women to be themselves
• Inspire development of and attract more women to NCC Group
The network is for those who identify as women and who are
passionate about making NCC Group an even greater place to work.
The network connects globally via Teams and is divided into local
chapters led by senior women to ensure we have sponsorship
at the highest level.
Over the past financial year we saw the establishment of a Breast
Feeding Support Group, the launch of our Menopause Library
and Support Group, and a month long International Women’s Day
campaign, bringing colleagues together in our local offices as
well as virtual events.
Colleagues who wish to create
a group are supported to gauge
interest, given Executive sponsorship,
and supported by the corporate
affairs team to set the foundations
and engage members and our
wider stakeholders.”
52
�NCC Con
In June 2022, our celebrated NCC Con events returned
to in person, bigger and better than ever before, with around
1,300 colleagues from our Assurance technical and sales
community attending one of three events in APAC,
North America and Europe.
NCC Con is about sharing knowledge; it’s about colleague
collaboration and celebration and it’s always been a firm highlight
of our calendar. The learnings and the making of new friends,
and reconnecting with old friends, are important parts of NCC
Group’s success.
While North America and Europe were established events
pre-pandemic, this was a first for our APAC colleagues, with
the 100-strong team from Australia, Japan and Singapore
coming together.
Over the three events attendees had c.150 talks/workshops to
choose from, and for those who were unable to attend in person,
key talks were recorded and are available for colleagues to access
throughout the year.
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
150+
talks/workshops to choose from
1,300
colleagues
It’s just absolutely refreshing to be able
to connect after a few years of not having
this in-person interaction, so energising
is the word.”
Gene Meltser
I’m very proud of working at NCC Group
and making the difference we make every
single day. It’s actually one of the honours
of my life to work alongside individuals like
you all.”
Bhavana Singh
53
�Sustainability continued
NCC Diamonds -
celebrating our colleagues
Back by popular demand, and with an enhanced programme
of activity after the success of the launch in 2021, this year we
celebrated colleagues who role model our values and behaviours
through our NCC Diamonds colleague recognition programme.
The programme had over 700 nominations by colleagues across
six individual categories and one team category. Divisional winners
were celebrated and put forward to the global judging round. The
awards are testament not only to those nominated, but to those
who have taken time to write the most heart-warming references
about their colleagues.
Instilling a sense of pride and accomplishment, NCC Diamonds
highlights the value we place on the role everyone plays in making
our world safer and more secure.
In addition to colleague nominations CEO Appreciation awards
were given to:
• Melba Thomas
• Charlana Tanner
• Kelvin Mutasa
• Willemijn Rodenburg
• Chloe Kersey
And Rob Chatters was awarded the CEO Choice award.
Our 2022 NCC Diamonds
Inspiring people managers – Nic Frasse-Sombet
Nic truly understands that everyone is unique and has different
needs and ways of working; he makes sure to tailor the working
environment to individual needs, enabling them to get the best
out of themselves. He delivers a perfect balance of
understanding and empathy, with motivation and guidance.
Team – threat intelligence (Matt Hull, Ian Usher,
Daniel Farrie, Izzy Moore, Jack Hirst, Bhaskar
Dercon, Sophocles Theodorou and Matthew Griffin)
Our threat intelligence team is at the heart of our Company
mission of making the world a safer place. From its annual
and monthly threat monitor and pulse reports, to ensuring
our customers are equipped to manage emerging threats,
it is exemplar of our Global Professional Services.
Working together – Eric Baker
Eric is truly one of the backbones of NCC Group, always
respectful and supportive, never arrogant or braggart, always
conscientious of his colleagues and a huge source of positivity
in the office. It is hard to imagine someone else that embodies
the value of “working together” more than Eric.
Brilliantly creative – Sosthene Robin
We are consistently bowled over by Sosthene’s creativity with
solving technical solutions. He never fails to find new and
comprehensive ways to solve problems and achieve prompt
solutions for our customers.
Embracing difference – Dhruv Verma
Dhruv was the reason I applied to NCC Group. He let me express
my ideas without imposing or overwhelming me; he guided me
through the different practices within NCC Group until I was able
to identify an area of work that really resonated and felt comfortable.
Taking responsibility – Natasja Goosen
Natasja swiftly inherited an entirely new process that she did not
create, nor one that she was familiar with. Her professionalism,
attention to detail, responsiveness, and willingness to always help
are beyond exceptional.
Giving back – Tennisha Martin
I watch Tennisha strive for equality, for access to learning for
people who might not be able to otherwise afford it. She takes
action and responsibility and is opening so many doors for folks.
She really is a force for good.
54
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Governance
Our focus is on building long-term sustainable relationships, earning
trust through meeting our customers’ needs and delivering the
highest quality of services.
Our Code of Ethics sets the standard we uphold ourselves to and
we take pride in our approach. We consider the interests of all our
stakeholders, including colleagues, when we make decisions on the
Group’s future priorities and plans.
Anti-corruption and anti-bribery
We do not tolerate bribery and corruption. We have established
policies on anti-bribery and the receiving and giving of gifts, and
hospitality. Anti-bribery awareness is part of our colleague induction
process and regular refresher training is mandated.
Colleagues are encouraged to report any concerns to their manager
or, if required, our confidential and independent whistleblowing service.
The whistleblowing process is overseen by the Audit Committee.
We aim to engender in our colleagues principles of honesty
and integrity and the desire to work to the best of their ability.
We strive to act in a professional, honest and ethical manner in all
our dealings with our customers, colleagues, shareholders, suppliers,
and the community. Our reputation is paramount and nothing we do
should detract from or compromise our standing in the market and
the community. Our independence and impartiality as a Group are
fundamental. We have a Code of Ethics, which all colleagues are
required to adhere to.
Supply chain
Our customers and colleagues respect us for providing a trusted
service, and to achieve this we rely on supply chain partners to
support our business operations.
We are fully aware of the responsibility we have toward our
stakeholders and we seek to work with supply chain partners who
are equally aware of and proud to uphold these high standards.
Our relationship with supply chain partners is based on trust,
collaboration and continuous improvement, underpinned by
fair contracts.
We, and our customers, expect our supply chain partners (and their
supply chain) to behave ethically and securely and to treat everyone
fairly and with respect. Supply chain partners are an extension of the
NCC Group team, and our Supply Chain Code of Conduct exists to
clearly articulate the standards and behaviours we expect to see
in our supply chain partnerships.
Human rights (including anti-slavery and human
trafficking)
We recognise our responsibility to uphold and protect the rights
of individuals in all aspects of our operations across the world.
Through our published statement and our global policies, we make it
clear that we will observe and uphold the principles contained in the
Universal Declaration of Human Rights and the International Labour
Organization Fundamental Conventions.
We believe that human rights belong equally to all people without
distinction as to race, colour, sex, language, religion, political or other
convictions, national or social origin, birth or other traits. We support
freedom of association, the abolition of forced labour and the
elimination of child labour.
We have a zero-tolerance approach to modern slavery and are
committed to acting ethically and with integrity in all our business
dealings and relationships. We communicate this to all our suppliers,
contractors and business partners at the outset of the relationship
and regularly thereafter. Our Anti-Slavery and Human Trafficking
Statement is available to download from our website.
Governance and oversight
The Board recognises that robust governance and oversight are vital
to maintaining a strong business, which can weather a changing
business environment.
We have a dedicated and independent global governance function,
which has been designed to work together to ensure seamless
oversight of the control environment and management
decision making.
This team is made up of:
• Group legal services
• Information security
• Data protection
• Compliance and standards
• Health and safety
• Internal audit
The global governance function reports into the Group Board,
or its sub-committees, the Audit Committee and Cyber Security
Committee. The primary remit of the team is to validate compliance
with the Group’s policies and procedures, legislation and regulations
and good practice.
For more information please visit our Governance section online:
www.nccgroupplc.com/sustainability/governance
Read more about principal risks and uncertainties on pages 64 to 72
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
55
Strategic report�Chief Financial Officer’s review
Robust financial performance
funds future growth
Overview of financial performance
We have delivered another strong set of financial results. Group
revenues increased by 17.9% on a constant currency basis 1, and at
actual rates Group revenues increased by 16.4% (2021: 2.6%); the
difference to actual rates was mainly owing to the strengthening of
Sterling against the US Dollar. Group revenues excluding the recent
IPM acquisition increased by 10.3% on a constant currency basis 1
(8.9% at actual rates).
In Assurance, the North American and UK and APAC Assurance
businesses grew by 14.6% and 11.8% on a constant currency
basis 1 (13.8% and 11.6% at actual rates) and our EU region
increased 8.0% on a constant currency basis 1 (2.7% at actual
rates). As a result of the acquisition of IPM, Software Resilience
revenue grew by 55.1% on a constant currency basis 1 (53.8% at
actual rates). However, excluding the acquisition of IPM, Software
Resilience revenue declined by 0.6% on a constant currency basis 1
(1.4% at actual rates), mainly due to a decline in UK and US
contract revenue performance as terminations were greater than
new business sales.
Gross profit increased by 19.9% to £132.6m (2021: £110.6m) with
gross margin percentage increasing to 42.1% (2021: 40.9%). The
margin increase was due to the impact of the IPM acquisition, offset
by the underlying gross margin of our Assurance business slightly
declining by 0.4% pts, as we invested and grew our technical talent,
and a 3.2% decline in our existing Software Resilience business
gross margin as a result of the investment in people to return it to
sustainable growth.
Total administrative expenses have increased by £4.6m compared to
the prior year. The main elements were the inclusion of IPM overhead
base and integration costs of £7.0m, an increase in the amortisation
of acquired intangibles of £2.2m due to the IPM acquisition, people
and Securing Growth Together (SGT) investment, recruitment and
training of £9.7m, share-based payments of £1.1m, resumption in
non-client travel and office costs of £1.6m and a prior year profit
on disposal of £0.5m, offset by an increase in current year R&D
tax credits of £0.4m, a reduction in depreciation and amortisation
of £2.2m, a reduction in foreign exchange of £2.1m and a reduction
in Individually Significant Items of £11.8m.
Operating profit has increased by 100.6% to £34.7m (2021: £17.3m)
following an improvement in gross margin offset by increased
administrative expenses noted above. Adjusted operating profit 1
increased by 22.7% to £48.1m (2021: £39.2m). Adjusted EBITDA 1
increased by 12.8% to £59.2m (2021: £52.5m).
Our Group trading
performance benefited from
a successful and strategically
significant acquisition of IPM,
strong North America and UK
and APAC Assurance growth
and a return to growth in H2
for Software Resilience
excluding IPM.”
Tim Kowalski
Chief Financial Officer
2021/22 key activities
• Acquisition and successful integration of IPM
• Continued to demonstrate effective cash management
2022/23 priorities
• Finalise the full operational review of the combined
Software Resilience division to create additional
Group contribution from FY24 of £5m
• Effectively manage global inflationary pressures and
increase delivered day rates
• Maintain strong cash conversion and reduce
borrowings
56
�During the year, the Group has incurred £0.9m (2021: £7.6m)
of Individually Significant Items (ISIs), relating to the acquisition
of the IPM business on 7 June 2021, bringing total acquisition
costs (excluding share placing costs of £2.4m) to £8.5m. In the
prior year, Individually Significant Items also included £5.1m
relating to configuration and customisation costs associated with
the Group’s SGT transformation programme. For further detail,
please refer to Note 5 to the consolidated Financial Statements.
Acquired intangible amortisation increased during the year by
£2.2m as certain historical acquisitions became fully amortised
over their useful economic life offset by the US acquisition of the
IPM business, which created certain acquired intangibles that are
being amortised over a useful economic life of ten years (£4.8m).
Share-based payments increased during the year to £3.9m following
the introduction of new share schemes for key management beyond
the Directors.
Profit before taxation increased 109.5% to £31.0m (2021: £14.8m)
and profit for the year increased 130.0% to £23.0m (2021: £10.0m).
Following the share placing for the IPM acquisition in May 2021,
the basic EPS amounted to 7.4p (2021: 3.6p) and diluted EPS
amounted to 7.4p (2021: 3.5p). Adjusted basic EPS 1 amounts
to 10.8p (2021: 9.5p).
At 31 May 2022, our cash conversion 1 was 101.9% (2021: 88.2%).
Net debt 1 amounts to £85.0m (2021: net cash of £48.9m). Net debt
excluding lease liabilities 1 amounts to £52.4m (2021: net cash
£83.3m). Total borrowings (including lease liabilities) offset by cash
and cash equivalents amounts to £85.0m (2021: net cash £48.9m).
Following the acquisition of IPM and a reduction in our net cash
position, our Balance Sheet remains strong with headroom of
£101.9m and we have continued to demonstrate effective cash
management. Our Balance Sheet strength enables us to continue to
fund organic and inorganic opportunities as they arise, as evident by the
recent acquisitions of IPM and Adelard (for further details please refer
to Note 34 to the consolidated Financial Statements).
Turning to our Balance Sheet, goodwill, intangible assets and
deferred revenue have increased during the year following the
acquisition of IPM.
The Board is also declaring an unchanged final dividend of 3.15p
per ordinary share (2021: 3.15p). This represents a dividend equal
to that paid in the prior year as the Board is conscious of the need
to invest in initiatives to support longer-term growth and service the
debt profile following the recent acquisition.
Financial summary
Summary Income Statement 1
Revenue
Cost of sales
Gross profit
Depreciation and amortisation 2
Administrative expenses 3
Adjusted operating profit 1
Individually Significant Items
Acquired intangible amortisation
Share-based payments
Operating profit
Finance costs
Profit before taxation
Taxation
Profit for the year
EPS
Basic
Diluted
2022
£m
314.8
(182.2)
132.6
(11.1)
(73.4)
48.1
(0.9)
(8.6)
(3.9)
34.7
(3.7)
31.0
(8.0)
23.0
2021
£m
270.5
(159.9)
% change
16.4%
13.9%
110.6
19.9%
(13.3)
(58.1)
(16.5%)
26.3%
39.2
22.7%
(12.7)
(92.9%)
(6.4)
(2.8)
17.3
(2.5)
14.8
(4.8)
34.4%
39.3%
100.6%
48.0%
109.5%
66.7%
10.0
130.0%
2022
2021
Change
7.4p
7.4p
3.6p
3.5p
3.8p
3.9p
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms.
2 Depreciation and amortisation excludes amortisation of acquired intangibles.
3 Administrative expenses excluding depreciation and amortisation, Individually Significant Items, amortisation of acquired intangibles and share-based payments.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
57
Strategic report�Chief Financial Officer’s review continued
Financial summary continued
Revenue summary
Assurance
Software Resilience
Total revenue
Total revenue
Less: IPM acquisition
Revenue excluding IPM acquisition 1
Assurance
Software Resilience excluding IPM acquisition
Revenue excluding IPM acquisition 1
Operating profit summary
Assurance
Software Resilience
Central and head office
Adjusted operating profit 1
Individually Significant Items
Acquired intangible amortisation
Share-based payments
Operating profit
Operating profit margin %
2022
£m
258.5
56.3
314.8
2022
£m
314.8
(20.2)
294.6
2022
£m
258.5
36.1
294.6
2021
£m
233.9
36.6
270.5
%
change at
actual rates
10.5%
53.8%
16.4%
2021
£m
%
change at
actual rates
270.5
16.4%
–
270.5
2021
£m
233.9
36.6
270.5
n/a
8.9%
%
change at
actual rates
10.5%
(1.4%)
8.9%
2022
£m
258.5
56.3
314.8
2022
£m
314.8
(20.2)
294.6
2022
£m
258.5
36.1
294.6
2022
£m
31.9
22.0
(5.8)
48.1
(0.9)
(8.6)
(3.9)
34.7
2021
£m
230.7
36.3
267.0
% change at
constant
currency 1
12.1%
55.1%
17.9%
2021
£m
% change at
constant
currency 1
267.0
17.9%
–
n/a
267.0
10.3%
2021
£m
230.7
36.3
267.0
% change at
constant
currency 1
12.1%
(0.6%)
10.3%
2021
£m
29.6
16.0
% change
7.8%
37.5%
(6.4)
(9.4%)
39.2
22.7%
(12.7)
(92.9%)
(6.4)
(2.8)
34.4%
39.3%
17.3
100.6%
11.0%
6.4% 4.6% pts
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms.
58
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Alternative Performance Measures (APMs)
Throughout this Chief Financial Officer’s Review, certain APMs
are presented. The APMs used by the Group are not defined terms
under IFRS and may therefore not be comparable with similarly
titled measures reported by other companies. They are not intended
to be a substitute for, or superior to, IFRS measures. This presentation
is also consistent with the way that financial performance is measured
by management and reported to the Board, and the basis of financial
measures for senior management’s compensation scheme, and provides
supplementary information that assists the user in understanding
the financial performance, position and trends of the Group.
We believe these APMs provide readers with important additional
information on our business and this information is relevant for
use by investors, securities analysts and other interested parties as
supplemental measures of future potential performance. However,
since statutory measures can differ significantly from the APMs
and may be assessed differently by the reader, we encourage you
to consider these figures together with statutory reporting measures
noted. Specifically, we would note that APMs may not be comparable
across different companies and that certain profit related APMs may
exclude recurring business transactions (e.g. acquisition related
costs and certain share-based payment charges) that
impact financial performance and cash flows.
As the Group manages internally its performance at an Adjusted
operating profit level (before Individually Significant Items,
amortisation of acquired intangibles and share-based payments),
which management believes represents the underlying trading of
the business, this information is still disclosed as an APM. This
APM is reconciled to statutory operating profit, together with the
consequently Adjusted basic EPS (before Individually Significant
Items, amortisation of acquired intangibles, share-based payments
and the tax effect thereon), to statutory basic EPS.
The Group noted the following APMs/non-statutory measures:
• Adjusted EBITDA (reconciled in Note 3)
• Adjusted operating profit (reconciled in Note 3)
• Adjusted basic EPS (pence) (reconciled in Note 11)
• Net (debt)/cash excluding lease liabilities (reconciled in Note 3)
• Net (debt)/cash (reconciled in Note 3)
• Cash conversion (reconciled in Note 3)
• Constant currency revenue (reconciled in Note 3)
• Revenue excluding IPM acquisition (reconciled in Note 3)
• Software Resilience revenue excluding IPM acquisition (reconciled in
Note 3)
The above APMs are consistent with those reported for the year
ended 31 May 2021, except for the inclusion of revenue excluding
IPM acquisition and Software Resilience revenue excluding IPM
acquisition to allow stakeholders to understand the revenue performance
of the existing business for the year ended 31 May 2022 prior to
acquiring IPM in June 2021. In comparison to those APMs reported
for the period ended 30 November 2021, one APM (cash conversion
excluding IPM acquisition costs) has been removed to reduce
the level of APMs reported.
The Group also reports certain geographic regions on a constant
currency basis to reflect the underlying performance taking into
account constant foreign exchange rates period on period. This
involves translating comparative numbers to current period rates
for comparability to enable a growth factor to be calculated. As
these measures are not statutory revenue numbers, management
considers these to be APMs; see Note 3 for further details
and certain reconciliations to statutory measures.
Further detail is included within the Glossary of terms to the Financial
Statements that provides supplementary information that assists the
user in understanding these APMs/non-statutory measures.
Assurance
The Assurance division accounts for 82.1% of Group revenue (2021: 86.5%) and 69.6% of Group gross profit (2021: 76.3%).
Assurance revenue analysis – by originating country:
UK and APAC
North America
Europe
Total Assurance revenue
2022
£m
114.6
94.1
49.8
258.5
2021
£m
% change at
actual rates
102.7
82.7
48.5
11.6%
13.8%
2.7%
% change at
constant
currency 1
11.8%
14.6%
8.0%
233.9
10.5%
12.1%
Assurance revenue increased by 12.1% on a constant currency basis 1 and at 10.5% at actual rates. UK and APAC increased by 11.8% on a
constancy currency basis 1 (11.6% at actual rates) supported by growth in Professional Services. North America grew by 14.6% on a constant
currency basis 1 (13.8% at actual rates), and Europe experienced growth of 8.0% on a constant currency basis 1 (2.7% at actual rates).
From a H2 2022 2 perspective compared to the same comparator period, Assurance revenue increased by 15.1% on a constant currency
basis 1 and at 15.8% at actual rates. UK and APAC increased by 16.1% on a constancy currency basis 1 (15.8% at actual rates). North
America grew by 20.1% on a constant currency basis 1 (26.2% at actual rates); however, Europe only experienced growth of 4.6% on a
constant currency basis 1 (-0.4% at actual rates). Our H2 2022 2 performance compared to H1 2022 2 showed Assurance revenue increased
by 8.8% on a constant currency basis 1 and at 5.2% at actual rates. UK and APAC increased by 7.5% on a constancy currency basis 1
(7.3% at actual rates). North America grew by 8.9% on a constant currency basis 1 (2.3% at actual rates) and Europe experienced growth
of 11.8% on a constant currency basis 1 (6.0% at actual rates).
2 See Note 3 for a reconciliation of H1 2022 and H2 2002 revenue performance compared to the same comparator period.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
59
Strategic report�Chief Financial Officer’s review continued
Financial summary continued
Assurance continued
Assurance revenue analysed by type of service/product line:
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
Total Assurance revenue
2022
£m
189.0
58.6
10.9
258.5
2021
£m
172.2
56.2
5.5
% change
at actual
rates
% change at
constant
currency 1
9.8%
4.3%
98.2%
11.0%
6.7%
94.6%
233.9
10.5%
12.1%
Global Professional Services grew by 11.0% to £189.0m on a constant currency basis 1 (9.8% at actual rates) with delivered day rates
increasing by 2.1%.
Global Managed Services (GMS) grew by 6.7% to £58.6m on a constant currency basis 1 (4.3% at actual rates). Within GMS, the Group has
received strong sales orders since the year end providing confidence in our XDR growth strategy.
Assurance gross profit and margin are analysed as follows:
UK and APAC
North America
Europe
Assurance gross profit and % margin
2022
£m
46.4
29.8
16.1
92.3
2022
% margin
40.5%
31.7%
32.3%
35.7%
2021
£m
41.0
27.4
16.0
84.4
2021
% margin
% pts
change
39.9% 0.6% pts
33.1% (1.4% pts)
33.0% (0.7% pts)
36.1% (0.4% pts)
Gross margin declined slightly by 0.4% pts, with our UK and APAC performance margins increasing by 0.6% pts, whereas North America
and Europe gross margins declined by 1.4% pts and 0.7% pts due to investment in technical capacity to support future growth.
Software Resilience
The Software Resilience division accounts for 17.9% of Group revenues (2021: 13.5%) and 30.4% of Group gross profit (2021: 23.7%).
This increase was a result of the IPM acquisition.
Software Resilience revenue analysis – by originating country:
UK
North America
Europe
Total Software Resilience revenue
2022
£m
25.4
26.8
4.1
56.3
2021
£m
25.2
7.3
4.1
% change
at actual
rates
% change
at constant
currency 1
0.8%
0.8%
267.1%
277.5%
–
2.5%
36.6
53.8%
55.1%
In Software Resilience, we experienced an overall revenue increase of 55.1% at constant currency (53.8% at actual rates). This increase
was a result of the IPM acquisition.
Software Resilience revenue analysis – by originating country excluding the IPM acquisition:
UK
North America
Europe
Software Resilience revenue excluding IPM acquisition
2022
£m
24.5
7.5
4.1
36.1
2021
£m
25.2
7.3
4.1
36.6
% change
at actual
rates
% change
at constant
currency 1
(2.8%)
2.7%
–
(2.8%)
5.6%
2.5%
(1.4%)
(0.6%)
Excluding the effect of the IPM acquisition, revenue declined by 0.6% on a constancy currency basis 1 (1.4% at actual rates). As noted at our
half year, revenue declined by 3.3% compared to the same comparator period on a constant currency basis 1 (4.9% at actual rates) and we
expected a return to growth in the second half as sales capability was back at full strength and improved marketing automation resulted in
improved activity levels and pipeline. It has therefore been pleasing to see H2 constant currency 1 growth of 2.2% (actual rates: 2.2%) mainly
due to North America and Europe. On a local currency basis (US $), IPM revenue and profitability was 3% and 4% respectively behind our
internal budget targets, with the focus now on finalising the IPM integration, increasing revenue and profitability.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms.
60
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Software Resilience revenue analysis – by service:
Software Resilience contracts
Verification services
Total Software Resilience revenue
2022
£m
38.1
18.2
56.3
2021
£m
24.0
12.6
36.6
% change
at actual
rates
% change
at constant
currency 1
58.8%
44.4%
60.1%
45.6%
53.8%
55.1%
Analysing the service performance, contracts increased by 60.1% at constant currency 1 (58.8% at actual rates) and verification services
increased by 45.6% at constant currency 1 (44.4% at actual rates).
Software Resilience revenue analysis – by service excluding the IPM acquisition:
Software Resilience contracts
Verification services
Software Resilience revenue excluding the IPM acquisition
2022
£m
22.6
13.5
36.1
2021
£m
24.0
12.6
36.6
% change
at actual
rates
% change
at constant
currency 1
(5.8%)
7.1%
(5.0%)
8.0%
(1.4%)
(0.6%)
Excluding the effect of the IPM acquisition, contracts declined by 5.0% on a constancy currency basis 1 (5.8% at actual rates) due to UK and
US contract performance and verification services increased by 8.0% at constant currency 1 (7.1% at actual rates).
Gross profit and margin are analysed as follows:
UK
North America
Europe
Software Resilience gross profit and % margin
2022
£m
17.7
19.8
2.8
40.3
2022
% margin
69.7%
73.9%
68.3%
71.6%
2021
£m
18.4
4.9
2.9
2021
% margin
% pts
change
73.0% (3.3% pts)
67.1% 6.8% pts
70.7% (2.4% pts)
26.2
71.6%
–
Gross profit has remained flat following the higher margins obtained from the IPM acquisition trade offset by investment to address historical
execution challenges and enable Software Resilience to achieve sustainable revenue growth.
Individually Significant Items
During the year, the Group has incurred £0.9m (2021: £7.6m) relating to the acquisition of the IPM business completing on 7 June 2021,
bringing total acquisition costs (excluding share placing costs of £2.4m) to £8.5m. In the prior year, Individually Significant Items also included
£5.1m relating to configuration and customisation costs associated with the Group’s SGT transformation programme. For further detail,
please refer to Note 5 to the consolidated Financial Statements.
Finance costs
Finance costs for the period were £3.7m compared to £2.5m in 2021 due to an increase in borrowing costs following the IPM acquisition.
Finance costs include lease financing costs from IFRS 16 of £1.2m (2021: £1.2m).
Taxation
The Group’s effective statutory tax rate is 25.8% (2021: 32.4%).
The Group’s adjusted tax rate is 24.5% (2021: 27.0%).
The effective rate remains above the UK standard rate of corporation tax, reflecting the origin of a reasonable proportion of Group profits
in overseas territories with higher tax rates than the UK and the derecognition of certain deferred tax assets.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
61
Strategic report�Chief Financial Officer’s review continued
Earnings per share (EPS)
Statutory
Basic EPS
Diluted EPS
Adjusted 1
Basic EPS
Diluted EPS
Weighted average number of shares (million)
Basic
Diluted
2022
2021
7.4p
7.4p
10.8p
10.8p
309.5
310.9
3.6p
3.5p
9.5p
9.5p
281.2
282.7
The weighted average number of shares has increased mainly as a result of an increase in shares issued arising from the share placing
in May 2021 that partially funded the recent acquisition of IPM.
Cash flow and net debt 1
The table below summarises the Group’s cash flow and net debt 1:
Operating cash inflow before movements in working capital
(Increase)/decrease in trade and other receivables
Decrease/(increase) in inventories
Increase/(decrease) in trade and other payables
Cash generated from operating activities before interest and taxation
Interest element of lease payments
Other interest paid
Taxation paid
Net cash generated from operating activities
Cash flows from investing activities:
Purchase of property, plant and equipment
Software and development expenditure
Net proceeds on disposal of intangibles
Acquisition of trade and assets as part of a business combination
Equity dividends paid
Repayment of lease liabilities (principal amount)
Repurchase of shares (share-based payments)
Proceeds from the issue of ordinary share capital
Net movement
Opening net cash/(debt) 1
Non-cash movements (release of deferred issue costs)
Foreign exchange movement
Closing net (debt)/cash (excluding lease liabilities) 1
Lease liabilities
Closing net debt 1
62
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
2022
£m
49.3
(1.8)
0.2
12.6
60.3
(1.2)
(2.1)
(2.2)
54.8
(5.2)
(3.0)
–
(153.0)
(14.4)
(5.4)
(0.2)
0.8
(125.3)
83.3
(0.4)
(10.0)
(52.4)
(32.6)
(85.0)
2021
£m
47.3
4.7
(0.2)
(5.5)
46.3
(1.2)
(1.1)
(5.1)
38.9
(2.7)
(2.1)
0.5
–
(13.0)
(6.0)
–
72.6
88.2
(4.2)
(0.2)
(0.5)
83.3
(34.4)
48.9
�Net (debt)/cash 1 can be reconciled as follows:
Cash and cash equivalents
Borrowings (net of deferred issue costs)
Net (debt)/cash (excluding lease liabilities) 1
Lease liabilities
Net debt 1
The calculation of the cash conversion ratio 1 is set out below:
Net operating cash flow before interest and taxation (A)
Adjusted EBITDA 1 (B)
Cash conversion ratio 1 (%) (A)/(B)
2022
£m
73.2
(125.6)
(52.4)
(32.6)
(85.0)
2021
£m
116.5
(33.2)
83.3
(34.4)
48.9
2022
£m
60.3
59.2
2021
£m
46.3
52.5
% change/
% pts
30.2%
12.8%
101.9%
88.2% 13.7% pts
Net operating cash flow before interest and taxation includes acquisition costs of £7.3m (2021: £1.2m).
The reduction in tax paid is mainly due to the Group currently being in a net tax recoverable position following payments in advance.
Net cash capital expenditure during the period was £8.2m (2021: £4.3m), which includes tangible asset expenditure of £5.2m (2021: £2.7m)
and capitalised software and development costs of £3.0m (2021: £2.1m), which has been offset in the prior year by proceeds from the
disposal of an intangible asset for £0.5m.
Free cash flow before acquisition costs of £7.3m (net cash generated from operating activities less capital expenditure and acquisition costs)
increased by £18.1m to £53.9m.
Dividends
Dividends of £14.4m paid in the period (2021: £13.0m) comprised the final dividend for FY21 of 3.15p and the interim dividend of
1.5p per ordinary share for FY22 (2021: 1.5p). The Board is declaring an unchanged final dividend of 3.15p per ordinary share (2021: 3.15p).
This represents a dividend equal to that paid in the prior year as the Board is conscious of the need to invest in initiatives to support longer-term
growth and service the debt profile following the recent acquisition.
The final dividend of approximately £9.8m will be paid on 11 November 2022, to shareholders on the register at the close of business
on 14 October 2022. The ex-dividend date is 13 October 2022.
Tim Kowalski
Chief Financial Officer
6 September 2022
1 See Note 3 for an explanation of Alternative Performance Measures
(APMs) and adjusting items. Further information is also contained within
the Chief Financial Officer’s Review and the Glossary of terms.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
63
Strategic report�Principal risks and uncertainties
Embedded risk
management systems
Embedded risk management
systems have supported the
Group in pursuing its strategy for
sustainable and profitable growth.”
Risk management
Risk is an inherent part of doing business and risk management
is a fundamental part of good corporate governance. A successful
risk management process balances risk and reward and is
underpinned by sound judgement of their impact and likelihood.
The Board has overall responsibility for ensuring that NCC Group
has an effective risk management framework, which is aligned
to our business objectives.
The Board has established a Risk Management Policy, which has
established protocols, including:
• Roles and responsibilities for the risk management framework
• Risk scoring framework
• A definition of risk appetite
64
The integrated approach to risk management diagram on page 66
summarises the Group’s overall approach to risk management,
which is supported by a web-based tool – the Integrated Risk
Management System (IRMS). The tool is designed to follow the risk
management model described in the next section and records both
strategic and operational risk registers and tracks risk mitigation
action plans, helping embed ownership of risks and treatment
actions while also providing access to live management information,
which is used at both a Board and operational management level.
NCC Group’s approach to risk management
NCC Group adopts both a “top-down” and “bottom-up” approach
to risk, to manage risk exposure across the Group to enable the
effective pursuit of strategic objectives. The approach is summarised
in the diagram on page 65.
The approach is one of collaboration, which supports our
comprehensive approach to risk identification, from the “top down”
and “bottom up”. The Group believes that this is the most efficient
and effective way to identify its business risks.
Top down
The Board, Audit Committee and Cyber Security Committee review
risks on an ongoing basis and are supported by the Executive
Committee and subject matter specialists (including Software
Resilience, Assurance, information security, data protection and
health and safety). The Board gives consideration to the Group’s
strategic objectives and any barriers to their achievement.
Bottom up
The Board and senior leadership team engage with colleagues
at every level of the Group in recognition of the importance of
their expertise, contribution and views. In relation to matters of
wrongdoing, or risks not being recognised and adequately managed,
the Group has a robust and effective whistleblowing procedure,
which is supported by the Safecall reporting line.
�Top down
Strategic risk management
Bottom up
Operational risk management
• Establishing guidance on the Group’s approach to risk
management and establishing the parameters for risk
appetite and associated decision making
• Identification, review and management of identified
Group strategic risks and associated actions
• Ongoing consideration of:
– IT and cyber-centric risk
– Environmental risk
• Implementing and embedding the Group’s Risk
Management Policy and approach
• Directing the delivery of the Group’s identified
actions associated with managing/mitigating risk
• Identification of key risk indicators, monitoring and
taking timely action where appropriate
• Instrumental in developing the risk management
framework adopted by the Board
• Providing governance and control over the IRMS
• Conduit between the Board and the business units
– providing training and support where appropriate
• Developing and executing a risk-based internal audit
plan to assess the management of risks
• Execution of the delivery of the Group’s identified
actions associated with managing risk
• Timely reporting on the implementation and progress
of agreed action plans
• Provision of key risk indicator updates
n
w
o
d
p
o
t
e
h
t
m
o
r
f
i
k
s
i
r
g
n
g
a
n
a
M
Board
Audit Committee
Cyber Security
Committee
• Periodically assessing the effectiveness of the
embedded Group risk management process
• Challenging the content of the strategic risk register
to support a comprehensive and balanced
assessment of risk
• Reporting on the principal risks and uncertainties
of the Group
Executive Board
and
leadership team
Global governance
function, incl.
dedicated CISO
Business units
• Responsible for reviewing the operational risks across
the business units and Group
• Challenging the appropriateness and adequacy of
proposed action plans to mitigate risk
• Giving due consideration to the aggregation of risk
across the Group
• Provisioning suitable cross-functional/business unit
resource to effectively manage risk where appropriate
• Ongoing monitoring and reporting to the Board in
relation to the progress being made by the business
units in implementing agreed action plans to mitigate
strategic risk
• CISO dedicated to the identification, management,
monitoring and reporting of data security risks
• Identification and reporting of strategic risk to the Board
• Provision of reports and data relating to significant
emerging risks to the Group (internal and external)
• Implementation of risk management approach which
promotes the ongoing identification, evaluation,
prioritisation, mitigation and monitoring of
operational risk
M
a
n
a
g
n
g
r
i
s
k
i
f
r
o
m
t
h
e
b
o
t
t
o
m
u
p
Effective pursuit of strategic objectives
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
65
Strategic report
�Principal risks and uncertainties continued
C o r p o r a te governance
Identify risks
M onito r
Monitor
delivery of
action plans/
risk universe
Id
e
n
tif
y
Identify
inherent risks
and likelihood
of impact
Risk
management
model
Develop
action plans
(treat, transfer,
tolerate,
terminate)
Assess
adequacy and
effectiveness
of existing
controls
A
d
d
r
e
s
s
Assign
Director-level
sponsorship
Evaluate
mitigated risks
and likelihood
of impact
A ssess
Corporate gov e r n a n c e
Risk management model
The Board has overall responsibility for ensuring that NCC Group
adopts an effective risk management model, which is aligned to our
objectives and promotes good risk management practice. We have
therefore adopted the model described in this section and
summarised in the diagram above.
The Board, Audit Committee, Cyber Security Committee and
Executive Management team review risks on an ongoing basis
throughout the year. The appropriateness and relevance of the risks
and issues tracking system – IRMS – are monitored by the global
governance team to ensure that it continues to be updated, meets
the needs of the Group and remains in line with good risk
management practice. In addition, there is a robust process in place
for monitoring and reporting the implementation of agreed actions.
We are satisfied that the Risk Management Policy, framework and
model currently in place are sufficient to manage risk across the
Group.
The key areas of identifying, assessing, addressing and monitoring
risks are explained in more detail below:
Identify
Risks exist within all areas of our business and it is important for
us to identify and understand the degree to which their impact
and likelihood of occurrence will affect the delivery of our key
objectives. This is achieved through day-to-day working practices
and incorporates risks in both the internal and external environment.
Examples of identification include horizon scanning for legislative
and market changes, operational and delivery reviews (such as
SGT), procedures in relation to projects and change and
independent systems audits.
All identified risks are initially assessed for their “inherent” risk (risk
with no controls in place), using a scoring mechanism that accounts
for the likelihood of an event occurring and the impact that it may
have on the Group. The scoring mechanism adopted takes account
of high impact, low likelihood events and these risks are managed
in a timely manner.
In addition to ongoing risk identification, an annual exercise is
undertaken to review the Group’s strategic risk universe by the
Board. This exercise is reliant on the “top-down”, “bottom-up”
approach discussed earlier.
Assess
Post identification of the Group’s inherent risk exposure, a
comprehensive assessment of the effectiveness of current
mitigating controls is undertaken. This exercise takes account of
the design of the current control environment and the application
of these controls prior to assessing the Group’s current exposure
to risk – mitigated risk score. The Board uses a number of sources
of information to support the scoring of risk and these include,
but are not limited to:
• Management updates
• Action tracking and reporting
• Control environment policies and procedures
• Independent audit activity
• Project monitoring reports
Address
Having identified and assessed the risks faced by the Group, the
risks are scored according to likelihood of occurring and impact
to the business should they occur. The risks are then mapped
according to their rating onto a risk heat map, which reflects the
Group’s overall risk appetite set by the Board. The Group’s Risk
Management Policy then provides guidance on the expected level
of response to those risks, depending on where they sit on the risk
heat map. The heat map shows the four bandings in the different
shades of risks as set out below as well as expected actions and
responses to risks in these areas:
• Green – within appetite. Ongoing monitoring in place
• Amber – out of appetite. Some actions are required to treat
the risk to bring this within acceptable levels
• Purple – significantly out of appetite. High combination of
residual probability and impact. Management actions required,
with some urgency, to treat the risk, reducing this to acceptable
levels
• Grey/black – risks that are deemed to have such an impact
that they could theoretically impact the ability of the business
to continue in existence. If any, they would need consideration
in assessing in the Directors’ Viability Statement
An assessment of whether additional actions are required to reduce
our risk exposure is undertaken, with actions falling into the one of
four categories:
• Treat – develop an action plan (applying responsibility, deadlines
and prioritisation) that may include the implementation of additional
controls, or increase the requirement for additional assurance
over the adequacy and effectiveness of the existing controls
• Transfer – use a third party specialist to undertake the activity,
thus mitigating the risk
• Tolerate – determine the risk is within appetite
• Terminate – exit the activity
Output from the evaluation of strategic risks has resulted in
milestone plans owned by senior business leaders, or has been
used in the development of the Group’s transformation programme.
66
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�h
g
H
i
t
c
a
p
m
I
w
o
L
Low
4
7
1
8
3
10
6
9
5
2
Likelihood
High
1 Business strategy
7 Quality of Management
2 Management of strategic change
3 Global pandemic – Covid-19
4 Availability of critical information
systems
5 Attracting and retaining
appropriate colleague
capacity and capability
6 Information security risk
(including cyber risk)
Information Systems (MIS) and
internal business processes
8 Quality and Security
Management Systems
9
International trade
10 A. Sustainability
B. Climate change
Strategic
Operational
ESG
Monitor
Ongoing monitoring of risks and related actions is key to the
implementation of our risk management model and, therefore, NCC
Group is committed to making enterprise-wide risk management
part of business as usual. Examples of ongoing monitoring
of business risks include, but are not limited to:
• Annual review of the external audit strategy and plan by the Audit
Committee and Chief Financial Officer to ensure inclusion of key
financial risks
• Annual review of the annual internal audit plan to validate that
it incorporates key areas of business risk
• A review of internal audit reports issued during the period,
including a summary of progress against previously raised
management actions at each Audit Committee
• Annual review of the strategic risk register by the Enterprise Risk
Management Steering Group and Board to ensure that it includes
risks arising in year
Internal control
While risk management identifies threats to the Group achieving its
strategic objectives, internal controls are designed to provide assurance
that these objectives are being achieved, such as the effectiveness
and efficiency of operations and delivery, accurate and reliable financial
reporting, and compliance with applicable laws and regulation.
NCC Group has established a robust internal control framework,
which is made up of a number of components:
Control environment
The control environment has primarily been established taking
account of the Group’s values (working together; being brilliantly
creative; embracing difference; and taking responsibility), and
its Code of Ethics, which sets the foundations for the expected
behaviours, values and competencies for all colleagues across the
Group. The Board, Executive Committee and extended leadership
team lead by example and strive to maintain effective control
environments, while also maintaining integrity and transparency.
Risk assessments
Risk assessments are conducted at both a strategic and operational
level of the Group and support the Group in understanding the risks
that it faces and the controls in place to mitigate them. Importantly,
they provide a mechanism to identify operational improvements
and are vital in our transformational programmes.
Policies and procedures
Established policies communicate expected behaviours and these
are supported through procedures and guidelines defining required
processes and controls. This in turn supports the business to adopt
efficient and effective control environments.
Information and communication
Access to accurate and timely data is key in supporting our
colleagues to make decisions and to be well informed in order to
conduct, manage and control their areas of responsibility. During the
year, the Group has embedded its data systems following the rollout
of the Workday systems.
Activity monitoring
The minimum financial controls framework was established in FY20.
Further enhancement of the framework will be designed and
implemented in FY23 and beyond, to align with the Brydon Review
and related whitepaper issued by the Department for Business,
Energy and Industrial Strategy in March 2021.
Financial accounting and reporting follow generally accepted
accounting practices.
Group review and approval procedures exist in relation to major
areas of risk and require Executive Committee/Board approval,
including mergers and acquisitions, major contracts, capital
expenditure, litigation, treasury management and taxation policies.
Compliance with all legislation, current and new, is closely monitored.
Risk and control reporting structure
During the current financial year, NCC Group has continued to
focus on embedding the “three lines of defence” to provide a robust
internal controls structure that will support the Board, Audit
Committee, Cyber Committee, Executive Committee, and extended
leadership team with accurate and reliable information in relation
the systems of internal control.
Three lines of defence:
• First line – Group policies and procedures
• Second line – Global governance function, incorporating health
and safety; information security; data protection; risk and
regulatory compliance; standards and support; and legal
• Third line – independent challenge and assessment,
including ISO certification and internal and external audit
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
67
Strategic report�Principal risks and uncertainties continued
Principal risks and uncertainties
The Group continues to operate in a particularly dynamic and evolving marketplace. The current risk register has been developed to reflect
those factors and includes those risks that would threaten its business model, future performance, solvency or liquidity. Detailed descriptions of the
current principal risks and uncertainties faced by the Group, their potential impact and mitigating processes and controls are set out below.
A risk related to climate change (10b) has been added for FY22 and reflects the importance being placed on the risks and opportunities
in relation to climate change and related regulation on the financial performance of NCC Group. The principal risks and uncertainties are
categorised into three categories, strategic, operational and environmental, social and governance (ESG), that represent risks relating to
the Group’s business strategy, various operational risks of managing the business and various ESG/climate change risks.
The heat map provides a pictorial representation of the Group’s risks and their direction of travel.
Strategic
1. Business strategy
VR
Link to strategy:
Lead the market
Win business
Deliver excellence
Support growth
Develop our people
A comprehensive business strategy
is essential to the continued
success of the Group as we strive
to maximise shareholder value.
Accountable Executive
Mike Maddison,
Chief Executive Officer
Impact
A poor strategy or ineffective execution of a strategy
could have a material negative impact on the Group’s
financial performance and value. It would potentially
weaken the Group compared to its competitors and
risk the Group’s established position in the marketplace.
Key controls and mitigating factors
Members of the Board have significant experience
in evolving business strategies. The Board is
significantly engaged in both setting and reviewing
strategy and held a dedicated strategy session
in March 2022.
Risk movement/impact
Setting of strategy remains important to Group growth.
2. Management of strategic change
Link to strategy:
Win business
Support growth
Develop our people
As the Group adapts and executes
its strategy there are a number of
complex projects and initiatives
that not only need to be delivered
but also require understanding and
support from all colleagues.
Impact
Poor change management could lead to ineffective
implementation of projects that then cost more to
deliver, take longer to deliver and result in fewer
benefits being realised (or all three). Poor delivery of
change could ultimately impair business performance.
Accountable Executive
Mike Maddison,
Chief Executive Officer
Risk movement/impact
The Group continues to deliver projects and initiatives.
Process details remain as previously stated.
Operational
3. Global pandemic – Covid-19
Link to strategy:
Lead the market
Support growth
Develop our people
Key controls and mitigating factors
The Group has established a strategic change
management capability and this includes access
to programme management professionals and the
deployment of associated change management
processes, for example the operation of senior
change oversight committees.
NCC Group has a number of
features which give the Group a
greater resilience in the face of a
global pandemic. Failure to prepare
for this may cause disruption and
uncertainty to our business, as well
as risk the health and safety of our
people. Any disruption or uncertainty
could have an adverse effect on
our business, financial results
and operations.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
The potential impact of a pandemic globally is
closed offices, people who are unwell and unable
to work for periods of time and a slow-down
in business from our clients.
Key controls and mitigating factors
During FY22, our colleagues have continued to work
successfully from home, delivering remote client
services, and have maintained hybrid working
practices for the remainder of the year.
Risk movement/impact
Demonstrable track record of successful remote
working for both back-office functions and client
delivery. Lifting of many of the restrictions that were
put in place in relation to Covid-19.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
68
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�4. Availability of critical information systems
VR
Link to strategy:
Win business
Support growth
Develop our people
The Group is heavily reliant on
continued and uninterrupted
access to its IT systems. As well as
environmental and physical threats,
the Group is a natural target for
individuals who may seek to disrupt
the Group’s commercial activities.
Impact
If the Group’s critical systems failed, this could affect
the Group’s ability to provide services to our customers.
Risk movement/impact
The Group continues to be reliant on access to key
information systems.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Key controls and mitigating factors
The Group continues to make significant investment
in its IT infrastructure to ensure it continues to
support the growth of the organisation.
The Group has controls in place in order to reduce
the risk of actual loss of critical systems; this has
included a review of single points of failure and these
have been mitigated. Further, controls are operated
to ensure the availability of backup media in the
event of prolonged loss of systems.
Initiating to standardise and simplify while increasing
resilience, continues to be implemented. Additional
focus is given to proving the recoverability of systems
and data.
5. Attracting and retaining appropriate colleague capacity and capability
VR
Link to strategy:
Lead the market
Win business
Support growth
Develop our people
The Group would be adversely
impacted if it were unable to attract
and retain the right calibre of
skilled colleagues. Some roles
within the Group operate in highly
technical and extremely specialised
areas in which there are shortages
of skilled people.
Accountable Executive
Michelle Porteus,
Chief People Officer
Impact
Loss of key colleagues or significant colleague
turnover could result in a lack of necessary expertise
or continuity to execute the Group’s strategy.
Key controls and mitigating factors
Colleagues are offered a rewarding career structure
and attractive salary and benefits packages, which
can include participation in share schemes.
An inability to attract and retain sufficient high
calibre colleagues could become a barrier to the
continued success and growth of NCC Group.
Comprehensive communications with our colleagues
are ongoing and include all hands calls, The Wire and
Group and local communications.
Risk movement/impact
Market for cyber resource remains buoyant and
competitive and therefore, despite implementing
additional mitigation factors, the Group still prioritises
recruiting and retaining resource.
Linked to the development of our people, the Group
continues to review our values and continues to use
personal performance management processes, and
aligned development programmes, which are linked
to succession planning.
6. Information security risk (including cyber risk)
VR
Link to strategy:
Win business
Deliver excellence
Support growth
Due to the nature of the services
provided by NCC Group, clients
have a high expectation of the
systems, processes and people
handling their data.
In addition, as a cyber security
provider, NCC Group is more
exposed to its systems being
maliciously compromised.
As a result, NCC Group could
experience a malicious cyber-
attack, inadvertent disclosure and/
or compromise of confidential data
and/or any other information
security incident.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
Failure to maintain control over customer, colleague,
commercial and/or operational data could lead to a
range of impacts, including reputational damage.
The misuse of personal data, for example without the
customer’s consent, or retaining data for longer than
is necessary, may also result in reputational harm,
regulatory investigations and potential fines.
Risk movement/impact
Information and data security risk environment
continues to change and therefore key controls and
mitigating factors continue to be updated. Therefore,
no change.
Key controls and mitigating factors
The Board operates a Cyber Security Committee
chaired by the Chair of the Board which is
responsible for the ongoing oversight of this risk
and related control environments.
All colleagues globally are required to undertake
annual security training and updates to alert them
to potential methods of security breach and to their
responsibilities in safeguarding information and
reporting potential issues.
Security testing is regularly carried out on the
Group’s infrastructure and there are extensive
response plans, which were reviewed during the
year, in the event of a major security incident.
Comprehensive plans are in place and being
delivered associated with discharging our data
protection obligations.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
69
Strategic report�Principal risks and uncertainties continued
Principal risks and uncertainties continued
Operational continued
7. Quality of Management Information Systems (MIS) and internal business processes
VR
Link to strategy:
Win business
Support growth
Develop our people
We need to ensure that trusted
and relevant MIS are available
on a day-to-day basis to inform
management decisions and
drive performance.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
Suboptimal business decision making and
performance as key financial performance data
is not available or trusted.
Risk movement/impact
System standardisation is consistent across the
Group. However, we are continually reconciling
management information needs against reporting
capability of systems.
8. Quality and Security Management Systems
Link to strategy:
Win business
Support growth
We aspire to attain and retain
key internationally recognised
standards, which form an
important component for
many of our customers.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
The risk of the Group failing to retain a core
standard, e.g. 9001, 27001 or PCI, with a
consequential loss of key customer accounts
or ability to operate.
Risk movement/impact
We continue to maintain our ISO standards and
PCI certification.
9. International trade (formerly post-Brexit)
Link to strategy:
Develop our people
Failure to comply with changing EU
regulations as a result of Brexit and
related negotiated international
trade deals between the UK and
other international trading
jurisdictions may cause disruption
to our business. Any disruption
could have an adverse effect on
our business operations.
Accountable Executive
Tim Kowalski,
Chief Financial Officer
Impact
There still remains some uncertainty around the
detail of EU regulatory changes as these are
finalised and specifically the finalisation of trade
negotiations and the wider world, which may impact
some of the services delivered by the Group,
which fall under export control regulations.
Risk movement/impact
There has been little movement in relation to
international trade agreements post-Brexit.
Key controls and mitigating factors
The Group finance function has developed a
forward-facing Finance Functional Strategy.
Enhancements were identified covering system and
process standardisation. A comprehensive milestone
plan is in place and progress is tracked and reported
to each Audit Committee.
The rollout of Workday across our global finance
teams has been completed and will support the
standardisation of policies and procedures, in
addition to improving efficiency and effectiveness.
Standardised business process control standards
are in place across all parts of the Group. A control
self-assessment questionnaire was launched in
2021 and these standards are included in a
programme of internal audits.
Key controls and mitigating factors
We operate a comprehensive programme to ensure
the retention of our core standards. This includes a
portfolio of aligned policies and cascading business
processes. A programme of internal audit provides
assurance over the design and application of these
policies and procedures.
External assessors provide a further layer of review
and challenge, confirming during the year the
retention of our Quality and Security standards,
which were renewed in April 2021.
Key controls and mitigating factors
Similar to any UK company, we list post-Brexit as
a significant risk due to the continued uncertainty
surrounding the final EU post-Brexit trade deals
with Europe and other international countries, which
continue to be negotiated by the UK government.
As our operations around the world include business
entities based in continental Europe and the wider
world, we believe NCC Group is structurally resilient
to the post-Brexit trading environment. The main
risks to our business from post-Brexit are:
• Changes to export control requirements and related
tariffs being implemented, which may impact some
areas of service delivery
• Real or perceived differences in data protection
standards, which impact our global ways of working
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
70
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Environmental, social and governance
10a. Sustainability
Link to strategy:
Support growth
Develop our people
NCC Group recognises the
importance of good environmental,
social and governance (ESG)
frameworks as a key indicator
of the Group’s sustainability and
ethical impact of our business.
Accountable Executive
Yvonne Harley,
Global Director of Sustainability
and Corporate Affairs
Impact
Non-compliance with the Group’s frameworks related
to ESG will impact on our ability to display robust
working practices, grounded in good working
practice, which take account of our environment,
people and communities. This in turn could impact
on our ability to develop and maintain business
relationships and may lead to the loss of key
customer accounts and shareholder investment.
Risk movement/impact
While work has been undertaken in relation to
sustainability and related climate change risk (see
also 10b), we recognise there is more to be delivered.
Key controls and mitigating factors
The Group has developed an ESG strategy which
continues to evolve. Examples of progress to
date include:
• Ongoing review of key policies, such as
the Code of Ethics, Whistleblowing Policy,
Anti-Bribery and Corruption Policy and
Anti-Trust Policy. These policies reflect
our global footprint and are key to our
sustainability agenda
• The compliance training which incorporates
all of these policies and more has achieved
the target 100% completion
More examples are outlined in the Sustainability
section of the report.
10b. Climate change
NR
Link to strategy:
Support growth
Develop our people
NCC Group is unable to fully
articulate the impact of climate
related change on its whole
business and is therefore unable
to physically and financially
prepare for, mitigate, and adapt
and respond to any environmental
incidents which may occur as a
result of climate change as per the
recommendation of TCFD.
Accountable Executive
Yvonne Harley,
Global Director of Sustainability
and Corporate Affairs
Impact
Inability to deliver TCFD reporting requirements
resulting in loss of investor confidence.
Risk movement/impact
New.
Unable to take responsibility for the role we
play in mitigating the risk of climate change
on broader society.
Key controls and mitigating factors
Specific to climate change risks and opportunities
(including the Task Force on Climate-Related
Financial Disclosures (TCFD)).
The Group has been working toward TCFD, including:
• Identification of climate change risk on the
business pipeline and future opportunities
• Identification of climate change risk on the
financial performance of the Group
• Establishment of processes to better identify
Scope 3 GHG emissions
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
Changes to principal risks and uncertainties during FY22
Having completed the acquisition and transition of IPM into the Group, we have removed this risk from the risk register.
We have added a sub-risk to environmental, social and governance – climate change – to reflect the new regulatory requirements
of TCFD. While this is not deemed to be a material risk, we believe that it should be included to reflect its importance in setting our
sustainability agenda and strategy.
Extraordinary risk during the year
During the year, the global pandemic of Covid-19 continued on a lesser scale than in FY21.
We have continued to successfully negotiate with our clients where appropriate to work remotely, which has minimised disruption
to service delivery.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
71
Strategic report�Principal risks and uncertainties continued
Viability Statement
In accordance with the requirements of the UK Corporate Governance
Code, the aim of the Viability Statement is for the Directors to report on
the assessment of the prospects of the Group meeting its liabilities over
the assessment period, taking into account the current financial
position, outlook, principal risks and uncertainties, and key judgements
and estimates in preparing the Financial Statements.
The Directors have based their assessment of viability on the Group’s
current business model and strategic plan, which is updated and
approved annually by the Board, in line with our objectives to deliver
sustainable and profitable growth, increase shareholder value and offer
an improved service and product offering to our customers. This is
underpinned by the strategic priorities outlined on pages 28 to 35 of
the Strategic Report. The effective management of principal risks and
uncertainties is outlined within pages 64 to 72 and this assessment
emphasises those risks that could theoretically threaten the Group’s
ability to operate, or to continue in existence (with the VR designation).
The assessment period
The Directors have assessed the viability of the Group over the
three year period to May 2025, as this is an appropriate planning
time horizon given the speed of change and customer demand in
the industry and is in line with the Group’s strategic planning period.
Assessment of viability
The viability of the Group has been assessed taking into account
the Group’s current financial position, available bank facilities, and
the Board approved FY23 budget and three year strategic plan.
The Directors have produced a base case budget for FY23, which
reflects recent growth patterns in the relevant geographical regions
and operating segments and relevant growth opportunities for the
Group based on existing propositions and factors in current macro-
economic factors most specifically increasing inflationary pressures.
The Directors have also modelled the impact of certain severe but
plausible scenarios arising from the principal risks, which have the
greatest potential impact on viability in the period under review, as
set out in the table below. Further details of how these sensitivities
have been applied are provided in the going concern disclosures
in Note 1 to the Financial Statements.
The impact of these sensitivities has been reviewed against the Group’s
projected cash flow position, available bank facilities and compliance
with financial covenants over the three year viability period. The Group
financing arrangements are made up of a revolving credit facility of
£100m, which expires in June 2024, and a term loan repayable in
instalments with the final payment due in June 2024. As of 31 May 2022,
net debt (excluding lease liabilities) 1 amounted to £52.4m, which comprised
cash of £73.2m, a drawn revolving credit facility of £71.0m and the term
loan of £55.4m, with borrowings offset by arrangement fees of £0.8m.
Please see Note 1 of the Financial Statements for further discussion
of financial covenants and Note 24 of the Financial Statements for
further discussion of the Group’s financing arrangements.
The sensitivities applied under stress testing show adequate levels
of headroom against available bank facilities and financial covenants
and that no mitigating actions are required to address severe but
plausible scenarios modelled by management.
While noting that no mitigating actions are required to address severe
but plausible scenarios modelled by management, options available
include a reduction of planned capital expenditure, headcount reduction,
freezing pay and recruitment and not paying a dividend to shareholders,
all of which are within the Directors’ control and give an additional level
of headroom. Some or all of the above options may be utilised in the
case of any of the risks outlined in the table below arising.
Conclusions
Based on these severe but possible scenarios, the Directors have a
reasonable expectation that the Group and Company will be able to
continue in operation and remain commercially viable over the three
year period of assessment.
Viability risk
Risk as applied to viability assessment
Specifics of scenario modelled
Potential impact
All three of these risks are expected
to lead to a barrier to future growth,
either through lack of key talent,
failure to deliver on growth plans or
long-term reputational damage from
critical systems failures.
Failure to execute
business strategy
Inability to attract
and retain
sufficient high
calibre colleagues
Failure of critical
information
systems
Failure to maintain
control over
customer,
colleague,
commercial and/or
operational data
A cyber breach or similar data
protection issue would give rise
to short-term reputational damage
and an inability to do business in the
short term, impacting revenue and
profits.
In order to consider the impact of the risks
identified management has modelled various
scenarios in isolation and in combination
(scenarios 2 and 3 and scenarios 1 and 3)
as follows:
1) The performance of FY23 continues to be similar
to that of FY22, including the impact on regional
and international operations of the Group and
a potential reduction in double-digit revenue
growth to 9% growth and subsequent impact
on margin.
2) Software Resilience performance does not
achieve expected revenue growth in all territories
and experiences a 1% revenue decline.
3) Further inflationary pressures up to 6% arise
over the existing base case of 4% assessment
and certain day rate price rises to customers do
not occur.
Failure of execution of the strategy and loss of key
customers resulting in a reduction in revenue and
a consequential impact on profitability and cash
generation of £22.5m for FY23, rising to £44.0m
in FY27.
Poor quality of
Management
Information
Systems (MIS) and
internal business
processes
Without appropriate management
information, management may have a
lack of clarity over the impact of rising
costs and the ability of the business to
react to such rising cost levels through
price rises.
Further inflationary pressures up to 6% arise
over the existing base case of 4% assessment
and certain day rate price rises to customers do
not occur.
72
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
The impact of these sensitivities has been
reviewed against the Group’s projected cash flow
position, available bank facilities and compliance
with financial covenants over the three year
viability period. The sensitivities applied under
stress testing show adequate levels of headroom
and that no mitigating actions are required.
The impact of these sensitivities has been reviewed
against the Group’s projected cash flow position,
available bank facilities and compliance with financial
covenants over the three year viability period. The
sensitivities applied under stress testing show
adequate levels of headroom and that no mitigating
actions are required.
The impact of these sensitivities has been reviewed
against the Group’s projected cash flow position,
available bank facilities and compliance with financial
covenants over the three year viability period. The
sensitivities applied under stress testing show
adequate levels of headroom and that no mitigating
actions are required.
�Governance
As Directors we recognise the renewed focus
on the contribution that a successful company
can make to wider society in general, in addition
to generating value for shareholders, and as a
Board we want to ensure that we have effective
engagement with, and encourage participation
from, shareholders and other stakeholders
Board composition and division of responsibilities
IN THIS SECTION
74 Chair’s introduction to governance
77 Governance framework
78 Board of Directors
80 Executive Committee
82
93 Shareholder engagement
94 Audit Committee report
100 Nomination Committee report
103 Cyber Security Committee report
106 Remuneration Committee report
128 Directors’ report
133 Directors’ responsibilities statement
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
73
�Chair’s introduction to governance
A continued commitment
to good governance and
improving diversity
During the year, we have made
strides to improve the diversity
around our Board table, although
we recognise that we still have
some progress to make in terms of
improving the diversity of the Board
and our executive team (and indeed
our workforce as a whole).
Chris Stone
Non-Executive Chair
Dear Shareholder
On behalf of the Board, I am pleased to present the Corporate
Governance Report for the year ended 31 May 2022. Throughout
the year the Board has worked cohesively as a team to enable the
Company to successfully navigate a turbulent and uncertain period.
I would like to thank the Board for its wise counsel and continued
efforts during this time. The Board is composed of highly skilled
and experienced Directors from a diverse range of industries and
backgrounds, all of whom contribute towards the long-term success
of the Company and show commitment and enthusiasm in the
performance of their roles and duties. The Board believes that good
governance is key to the long-term success of the Group and is
committed to achieving high standards of governance.
This has been an important year for the Company and I am particularly
proud of the way my colleagues came together to support each other,
our customers and other stakeholders. The global pandemic continued to
present major challenges for travel and physical meetings that the Board
would have expected to conduct throughout the year, but I am pleased to
report that we were able to continue to operate smoothly and effectively
through the use of virtual means. However, we were delighted to return to
physical meetings towards the end of the year (with a particular highlight
being our trip to the Netherlands in April 2022) and we look forward to
visiting more offices and meeting more colleagues in the coming year.
The last year has continued to be one of unprecedented upheaval
and disorder with the effects of the Covid-19 pandemic and then
the war in Ukraine reaching all parts of the globe and significantly
impacting economies everywhere. We as a Board had a very busy
year dealing with the impact of the pandemic on the Group, and
also considering its impact on all of our stakeholders. By way of
a reminder, at no stage during the pandemic did we take any
government subsidies or loans (other than deferring tax payments),
nor have we made any colleagues redundant or furloughed them
during the pandemic. We have continued to pay dividends, in line
with our policy, throughout the year.
2021/22 highlights
• Continued to hear from our designated NED for workforce
engagement who reports to every Board meeting
• Recruited a new CEO (Mike Maddison)
• Recruited and onboarded a new independent Non-Executive
Director (Julie Chakraverty) who has brought a new perspective
and dynamic to our Board discussions
• Continued to focus on ESG matters, TCFD and our
carbon footprint
• Continued to support management during the integration
process of Iron Mountain’s Intellectual Property Management
(IPM) business, which forms part of our Global Software
Resilience division
• Restarted our in-person Board meetings and had trips to the
Netherlands and a UK meeting in our Cheltenham office, plus
restarted our Board and colleague dinners, giving the Board
the chance to meet with colleagues on the executive team
and the next level down
2022/23 priorities
• Onboarding our new CEO and supporting him to make
a successful start
• Continuing to focus on our stakeholders, particularly
in-person colleague engagement
• Continuing to travel regularly as a Board with a visit
to North America being a particular priority
• Undertaking Board training on carbon reduction initiatives
• A focus on diversity around the Board table with our
commitment to further improve gender and ethnic diversity
by 2024
• Undertaking our first externally facilitated Board
and Committee evaluation process
74
�We have also been engaged with the executive team in ensuring that all
of our colleagues received the best support we could give them, specific
to each of their individual needs, to manage in these new and changed
circumstances. I have been very impressed by the depth and quality
of the colleague support programme that the team has delivered.
The Board is committed to creating and maintaining a culture where
strong levels of governance thrive throughout the organisation,
specifically ensuring that we send out consistent messages on our
values and acceptable behaviours for our colleagues, our customers,
our suppliers and our advisers.
Governance standards
As a Board we have focused our attention on the requirements
of the UK Corporate Governance Code 2018 (the ‘Code’) and
are reporting against this Code in our Annual Report and Accounts.
A key focus for the 2018 Code is culture and ensuring that it aligns
with the Group’s purpose, strategy and values. Culture has been
high on the Board’s agenda for some time and the Board considers
culture to be an essential ingredient in meeting our long-term,
sustainable returns to shareholders and indeed our stakeholders.
The Board, the Executive Committee and the senior management
continue to promote our culture and standards throughout the business
and lead by example to provide a strong corporate governance framework.
One of the most significant changes to the Code affecting NCC Group
is in respect of workforce engagement. Our main stakeholder is our
colleagues and we wanted to develop meaningful mechanisms to
ensure that we, as a Board, have meaningful and regular dialogue with
our dedicated and committed workforce. This then puts us in a strong
position to deliver our strategy.
To assist us with this, during the year, Jennifer Duvalier (between
1 June to 31 December 2021) and Julie Chakraverty (from 1 January
to 31 May 2022), both Non-Executive Directors, have continued
their excellent work as our designated Non-Executive Director
for workforce engagement. Jennifer and Julie (along with other
Non-Executive colleagues, including me) have been meeting (albeit
virtually but in recent months physically) and speaking with colleagues
around the world and reporting back on findings at each Board meeting
via a dedicated agenda slot. We have not let Covid-19 be a barrier to
hearing our colleagues’ opinions around the Board table. As a people
business, this is a crucial area for us to focus on and continue to get right.
Towards the end of the 2020/21 financial year, we re-joined the
FTSE 350 and remained in the index throughout our 2021/22
Board tenure as at 31 May 2022
Chris Stone
Mike Maddison
Adam Palser
Tim Kowalski
Chris Batterham
7 years 1 month
Julie Chakraverty
Jennifer Duvalier
Mike Ettling
Lynn Fordham
5 years 2 months
0 years 0 months (appointed 7 July 2022)
4 years 6 months
3 years 10 months
5 months
4 years 1 month
4 years 8 months
31 May:
2015
2016
2017
2018
2019
2020
2021
2022
0 years 0 months (appointed 1 September 2022)
financial year so we continue to reflect on the new governance
provisions that are relevant to us.
Our approach
As individual Directors we recognise our statutory duty to act in the
way we each consider, in good faith, would be most likely to promote
the success of NCC Group for the benefit of its members as a whole,
as set out in section 172 of the Companies Act 2006. Our role as
the Board is to set the strategy of the Group and ensure that management
operates the business in accordance with this strategy. We believe
this approach will promote the Group’s long-term success and our
customers’ interests as well as create value for shareholders and
have regard to our other key stakeholders such as our colleagues.
The Board’s intention is to hand over the business to our successors
in a better and more sustainable position for the future. We recognise
the renewed focus on the contribution that a successful company can
make to wider society in general, in addition to generating value for
shareholders, and as a Board we want to ensure that we have effective
engagement with, and encourage participation from, shareholders and
other stakeholders. During the year we have continued to reflect on
who our key stakeholders are and assessed our current engagement
mechanisms to ensure the effectiveness of that engagement. We then
factor into our decision making any feedback from that engagement.
Board changes
During the year, Julie Chakraverty was appointed as an independent
Non-Executive Director on 1 January 2022, and Jonathan Brooks
retired from the Board on 27 January 2022. As announced, Adam
Palser stepped down as CEO on 17 June 2022 and Mike Maddison
has now replaced him with effect from 7 July 2022. I would like to thank
both Adam and Jonathan for their dedicated service over the years and
wish them both well for the future. We also welcome Lynn Fordham as
an independent Non-Executive Director from 1 September 2022. The
biographies of all the Board members can be found on pages 78 and 79.
Board composition and diversity
With regard to our current diversity, I am satisfied that we have
an appropriately diverse Board in terms of experience, skills and
personal attributes among our Board members. The Directors have
many years of experience gained across a variety of industries and
sectors, ensuring a mix of views and providing a broad perspective.
During the year, we have made strides to improve the diversity
around our Board table, although we recognise that we still have
some progress to make in terms of improving the diversity of the
Board and our executive team (and indeed our workforce as a
whole). With that in mind, during the year ended 31 May 2021, we
made the firm commitment that by 2024, we will have at least 33%
female representation on our Board and at least one person of colour.
With our recent appointments, we have now delivered on our
commitment and are also on course to meet the FTSE Women
Leaders Review target of 40% female representation by the end
of 2025. Although this is best practice for FTSE 350 companies,
we have committed to this target regardless of which share index we
are in. To achieve this commitment by the end of 2025 based on our
current Board size of eight Directors, we would need to have at least
four female Directors out of the eight. Our Board now has 37.5%
female representation (three out of eight), and we will look to improve
this further still during any future appointments to the Board.
Given that it remains a fairly young Board in terms of tenure,
this continued improvement in diversity will not be a quick process but
we are very mindful of the need to continue to take positive action, and
the matter is fully on our agenda, as can be seen with the appointments
we have made during the year. Accessing the candidates we require to
reach this target will involve us looking beyond the obvious pool of
existing board directors within the UK and we intend to ensure that we
extend our talent search to other sectors and countries to ensure we
find a diverse pool of candidates from which to choose to provide us
with true diversity around our Board table.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
75
Governance�Chair’s introduction to governance continued
Effectiveness
As Chair, I am responsible for providing leadership to ensure that
the Board operates effectively. I have been supported in this by all
the Directors, in particular Chris Batterham, our Senior Independent
Director. The annual reviews of Board effectiveness help the Board
to consider how it operates and how its operations can be improved.
This year, the review was undertaken internally and the findings
of this review have provided us with ideas to further improve
the manner in which the Board operates, and build on previous
evaluations. The results were very useful and insightful and have
been incorporated into our plans for the coming year. In particular,
Board succession planning remains a priority, particularly as we look
to ensure the Board and Executive Committee have the right set of
skills and experience to support the Group as the business evolves.
I have been very impressed by how effectively the business as a whole, and
indeed the Board, has transitioned to remote working during the Covid-19
pandemic. Although I feel that longer meetings are best done face to face,
we have continued to hold all of our scheduled Board and Committee
meetings as planned and also our strategy day in March, which all attendees
agreed was our best strategy session to date. While being mindful of the
impact of Covid-19 on the wider world and us as a business, our approach
as a Board has been one of “business as usual” and we continue to focus on
important longer-term strategic and governance issues facing the Group,
while supporting management on more short-term tactical decisions.
As lockdowns around the world continue to ease, the Board is very much
looking forward to holding more in-person meetings and reconnecting
with our colleagues around the world as part of office and site visits.
Our investors
We are in regular contact with our large investors through a regular
scheduled programme of meetings attended by our CEO, CFO and Chair.
Chris Batterham, our Audit Committee Chair and Senior Independent
Director, and Jennifer Duvalier, Remuneration Committee Chair, are
also available to meet with investors should the need arise.
I met with our larger investors in February and March 2022 and fed
back my findings to Board colleagues at the next Board meeting.
In addition, our brokers undertook an investor survey on the back
of our half-year results in January 2022 and the results of this were
presented and discussed at a Board meeting. Our aim is to engage
with our shareholders in an open and meaningful way.
Ensuring that the Directors’ remuneration packages align the Directors’
and senior managers’ interests with the long-term interests of NCC
Group and its shareholders is always a key area of interest for investors.
Our Directors’ Remuneration Policy was approved by shareholders
at the 2021 AGM and will last until 2024.
The 2021 Directors’ Remuneration Policy received 87.43% of votes
in favour at the 2021 AGM. Following the significant vote against our
Directors’ Remuneration Report in 2020 (following on from two years
of strong support) it was pleasing to see that our 2021 Directors’
Remuneration Report received 93% of votes in favour, recognising
the continued support of our shareholders for our approach to
executive remuneration.
The UK Corporate Governance Code 2018 has increased the role and
remit of the Remuneration Committee and this is reported on within the
Remuneration Report. As part of our new Remuneration Policy, we have
now aligned our Executive Directors’ pensions with our wider colleague
population, and introduced post-employment shareholding rules.
Statement of compliance with the UK Corporate
Governance Code
The Company measures itself against the requirements of the UK
Corporate Governance Code 2018 (the ‘Code’), which is available
on the Financial Reporting Council website (www.frc.org.uk).
The following areas of non-compliance are noted below:
• Pensions (before 1 December 2021) – we did not comply with
Provision 38 of the Code. This was because the recruitment of the
former CEO and current CFO happened before the 2018 Code
came into effect and their pension arrangements were negotiated
at the time as part of their recruitment at a higher level than the
general colleague population. Our non-compliance was caused by
the fact that our Remuneration Policy from 2017–2020 did not
contain these provisions and in 2020 we effectively rolled forward
our existing Remuneration Policy due to the Covid-19 pandemic.
There was a risk that continued non-compliance could potentially
be perceived by stakeholders and particularly colleagues as unfair
and have a demotivating impact on the workforce. We aligned the
pension arrangements of our CEO and CFO with effect from
1 December 2021. This is no longer an area of non-compliance.
• Post-employment shareholding guidelines (before 1 December
2021) – we did not comply with Provision 36 of the Code as we
did not have post-employment shareholding guidelines. Our
non-compliance was caused by the fact that our Remuneration
Policy from 2017–2020 did not contain these provisions and in
2020 we effectively rolled forward our existing Remuneration
Policy due to the Covid-19 pandemic. There was a risk that
continued non-compliance with this would be perceived as not
aligned to best practice and we would be a market outlier.
This was corrected during the year and we now have post-
employment shareholding guidelines. This is no longer an
area of non-compliance.
• Combined Chair and CEO (17 June to 7 July 2022) – we did not
comply with Provision 10 of the Code. There was a three week
window between Adam Palser leaving us as CEO and Mike
Maddison joining us as it was very difficult to ensure that Mike was
on-board before Adam left. One option considered was for a senior
colleague to take on the CEO role but it was felt that Chris Stone
was best placed given his length of time at NCC and his career
experience as a CEO elsewhere, plus the fact that Chris was
Executive Chair for a number of months back in 2017. There is a
always a risk that having both roles exercised by the same individual
results in poor quality decisions being made and power concentrated
in the hands of one individual. This was mitigated by the fact the
non-compliance was of an extremely short timeframe with limited
material decisions to be made within an existing governance
framework. This is no longer an area of non-compliance.
During the prior year the Company had not engaged with the
workforce to explain how executive remuneration aligns with the
wider Company pay policy as required by the Code. This was rectified
during the year ended 31 May 2022 (see pages 106 and 107).
Thank you
We are immensely proud of our colleagues for their extraordinary
efforts during the pandemic, recognising that many were still working
from home in far from ideal circumstances, acting in the best interests
of our customers and our stakeholders. I would like to thank all our
colleagues for their incredible contribution in stepping up and
meeting the unprecedented challenges of the Covid-19 pandemic.
Chris Stone
Non-Executive Chair
6 September 2022
76
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Governance framework
The different parts of the Company’s governance framework
are shown below, with a description of how they operate
and the linkages between them.
Board
Provides leadership and is responsible for the overall management of NCC Group, its strategy, long-term objectives and risk
management. It ensures the right Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Board Committees
Support the Board in its work with specific areas of review and oversight objectives and risk management. They ensure the right
Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Audit
Committee
Nomination
Committee
Cyber Security
Committee
Remuneration
Committee
Primary function is to
assist the Board in
fulfilling its financial and
risk responsibilities. It
also reviews financial
reporting, the internal
controls in place and the
external audit process.
Responsible for
considering the
Board’s structure,
size, composition,
diversity and
succession planning.
Responsible for
overseeing and advising
on the Group’s exposure
to cyber risk and its future
cyber risk strategy, its cyber
security breach response
and its crisis management
plan and the review of
reports on any cyber
security incidents.
Responsible for
determining the overall
remuneration of the
Executive Directors and
the remuneration of
senior managers (ExCom)
within the broader
institutional context of
remuneration practice.
Read more on pages 94 to 99
Read more on pages 100 to 102
Read more on pages 103 to 105
Read more on pages 106 to 127
Chief Executive Officer
Has responsibility for managing the business and overseeing the implementation of the strategy agreed by the Board.
Executive Committee (ExCom)
Currently comprises the Group’s most senior business and operational executives. It is responsible
for assisting the Chief Executive Officer in the performance of its duties including:
• Developing the budget
• Monitoring the performance of the different
divisions of the Company against the plan
• Carrying out a formal risk review process
• Reviewing the Company’s policies and procedures
• Prioritisation and allocation of resources
• Overseeing the day-to-day running of the Company
• Being responsible for people, talent and culture
For further details on Board composition and division of responsibilities see pages 82 to 92
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
77
Governance�Board of Directors
Our business is led by our Board of Directors. Biographical
and other details of the Directors are as follows:
Chris Stone
Non-Executive Chair
Mike Maddison
Chief Executive Officer
Tim Kowalski
Chief Financial Officer
and Company Secretary
N
C
Chris Batterham
Senior Independent
Non-Executive Director
A
C
N
R
Appointment to the Board:
6 April 2017
Appointment to the Board:
7 July 2022
Appointment to the Board:
23 July 2018
Appointment to the Board:
1 May 2015
Career experience
Mike was formerly head of EY’s
cyber security, privacy and trusted
technology practice for EMEA,
a role he has held since 2017.
During that time Mike has
successfully delivered strong
growth across the 97 countries
in the region and reinforced EY’s
position as a leading cyber
security adviser. Previously he
led PwC’s risk services practice
across the Middle East and
before that was head of Deloitte’s
cyber security consultancy in
EMEA for ten years where he
also drove significant growth.
External appointments
Mike does not currently have
any external appointments.
Career experience
Chris has held various
Non-Executive Director and
Chief Executive roles at listed and
private equity backed technology
companies. He was CEO of
Northgate Information Solutions
plc from 1999 to 2008, until its
sale, and stayed as CEO until
2011. From 2013 to 2016, he
was CEO of Radius Worldwide.
Chris was also a Non-Executive
Director of CSR plc, and Chair of
the Remuneration Committee,
from 2012 until its sale in 2015.
Chris was also Chair of AIM listed
CityFibre plc from January 2017
until June 2018, when it was sold
to private equity buyers.
External appointments
Chris is the Chair of Everynet BV,
a privately owned Internet of
Things infrastructure business,
and Chair of AIM listed Idox plc.
Chris is also a Non-Executive
Director of Rural Broadband
Solutions Plc.
Career experience
Tim is an accomplished CFO
with significant listed and private
company experience. Prior to
joining NCC Group, Tim was
Group Finance Director of Findel
Plc between 2010 and 2017
and prior to that held similar roles
with Homestyle Group Plc and
N Brown Group Plc. Tim has
significant experience of divisional
financial management within the
hospitality sector. Tim qualified
as a Chartered Accountant with
KPMG and spent his early career
there. Tim has a wide breadth of
finance expertise obtained from
experiencing differing finance
roles within organisations and
also within a variety of companies,
and has been involved in
a number of high profile
financial turnarounds.
External appointments
Tim does not currently have
any external appointments.
Internal appointments
Tim is an Executive sponsor
of the Race and Ethnicity
resource group.
Career experience
Chris is a qualified Chartered
Accountant, spending his early
career with Arthur Andersen, and
also has significant experience
in senior finance roles across
the technology sector. Chris was
Finance Director of Unipalm plc
(the first internet company to IPO
in the UK) from 1996 until 2001,
before becoming CFO of
Searchspace Limited until 2005
and has since held a wide variety
of non-executive and advisory
roles, the majority having a
technology focus. Chris was
(until March 2022) the Senior
Independent Director and
Non-Executive Deputy Chair
of Blue Prism Group plc
(also chairing the nomination
committee, as well as being
a member of its audit and
remuneration committees).
External appointments
Chris is a Non-Executive Director
at Nanoco Group plc (and also
chairs the audit committee, as
well as being a member of its
nomination and remuneration
committees). Chris is also Chair
of Racing Digital Limited.
Committee key:
A Member of
Audit Committee
C Member of
Cyber Security
Committee
N Member of
Nomination Committee
R Member of
Remuneration Committee
Committee Chair
78
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Other Directors during the year
Adam Palser
Served as Chief Executive Officer during the year, stepping
down on 17 June 2022
Jonathan Brooks
Served as a Director during the year between 1 June 2021
and 27 January 2022
Julie Chakraverty
Independent
Non-Executive Director
Jennifer Duvalier
Independent
Non-Executive Director
Mike Ettling
Independent
Non-Executive Director
A
C
N
R
R
C
N
A
Lynn Fordham
Independent
Non-Executive Director
A
C
N
R
Appointment to the Board:
1 January 2022
Appointment to the Board:
25 April 2018
Appointment to the Board:
22 September 2017
Appointment to the Board:
1 September 2022
Career experience
Julie has a wealth of PLC board
experience, recently serving as
a Non-Executive Director on
the boards of Santander UK and
Abrdn plc (formerly Standard Life
Aberdeen plc, having been Senior
Independent Director and Chair
of the Risk and Innovation
Committees for Aberdeen
Asset Management plc prior
to merging). She has also been
Chair of the Remuneration
Committee for the global insurer
MS Amlin plc, a Non-Executive
Director for Spirit Pub Company
Limited and a Trustee for The
Girls’ Day School Trust. During
her executive career Julie
was a board member of UBS
Investment Bank where she held
a number of global leadership
positions and won industry
awards for innovation every
year from 2001–2009 for her
“CreditDelta” technology product.
External appointments
Julie is the CEO and founder of
Rungway Limited, a colleague
engagement platform that
empowers people to seek and
share advice at work, used
by leading global firms.
Career experience
Jennifer was Executive Vice
President of People at ARM
Holdings plc, with responsibility
for all people and internal
communications activity globally,
from September 2013
to March 2017.
External appointments
Jennifer is currently the Senior
Independent Director of Trainline
plc (where she is also a member
of the audit and risk, nomination
and remuneration committees) and
an independent Non-Executive
Director and Chair of the
Remuneration Committee of
Mitie Group plc (as well as being
a member of its nomination
committee) (she is also the
designated Non-Executive
Director for colleague engagement
at both companies) and of
Guardian Media Group plc. She
is Non-Executive Director of The
Cranemere Group Ltd, a member
of The Council of the Royal
College of Art and Chair of the
Remuneration Committee, and
a senior adviser to the Cleveland
Clinic London and M Squared.
Career experience
Mike has strong sector and
non-executive experience.
He has had an extensive career
in global technology businesses
including SAP-Sucessfactors,
NorthgateArinso, Unisys, Synstar
and EDS and was formerly a
Non-Executive Director of
Backoffice Associates LLC,
a US PE backed data business,
and also formerly a Non-Executive
Director of Telkom BCX Ltd,
a South African IT and
telecommunications business.
Mike has also served as a
Non-Executive Director with
Topia Inc, a Silicon Valley cloud
relocation software business.
External appointments
Mike is currently CEO of Unit4,
a world leader in enterprise
applications for services and
people organisations. He is also
Non-Executive Director of
Impellam PLC, an AIM listed
recruitment business.
Career experience
Lynn, a Chartered Accountant,
was most recently Managing
Partner of private investment firm
Larchpoint Capital LLP, a position
she held from 2017 to 2021.
Prior to joining Larchpoint, Lynn
was CEO of SVG Capital for eight
years having previously served as
CFO. Before that she held senior
finance, risk and strategy positions
at Barratt Developments, BAA,
Boots, ED&F Man, BAT and
Mobil Oil. She also served as a
Non-Executive Director on the
board of Fuller, Smith & Turner for
seven years until 2018, chairing
its audit committee. Lynn was also
a supervisory board member of
Varo Energy BV.
External appointments
Lynn is currently a Non-Executive
Director and Chair of the finance,
risk and audit committees
of Caledonia Investments plc,
Dominos Pizza Group and
Enfinium Limited. Lynn is
also Chair of RMA – The Royal
Marines Charity.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
79
Governance�Executive Committee
Max Baldwin
Group Sales and
Marketing Director
Yvonne Harley
Global Director of Sustainability
and Corporate Affairs
Max joined the Group in October 2019 and is responsible for
inspiring and challenging its business growth plans towards
continued sustainable and profitable revenue. Max owns the Group
marketing function and provides regional sales and portfolio teams
with global insight, tools, techniques and direction that support their
business winning objectives. Max was the co-sponsor of the Race
and Ethnicity resource group in FY22.
Yvonne is Global Director of Sustainability and Corporate Affairs
responsible for driving our sustainability strategy and setting
communication standards, channels, brand reputation, colleague
communication, public relations and crisis communication as well
as co-sponsoring our inclusion and diversity engagement initiatives
with Chief People Officer, Michelle Porteus.
Joining the Group in July 2018, Yvonne has international experience
across a range of industry sectors, which includes senior roles
in financial services, oil and gas, and shipping.
Nick Rowe
Managing Director,
Assurance North America
Inge Bryan
Managing Director,
Assurance Europe
Nick is Managing Director of the North American Assurance division
based in California. He has held positions across business development,
consulting and operations management since joining the firm in
1998. Currently Nick is responsible for the Group’s North American
operations since relocating from the UK in 2013 and while the
primary focus is on the growth of this region Nick also sponsors
global initiatives across sales, marketing and, as part of the
Group-wide commitment to diversity and inclusion, the
Neurodiversity resource group in FY22.
Inge is Managing Director for NCC Group’s Continental European
operations, including Fox-IT and the former Fort Consult brand
(Denmark). With a strong career in cyber and security she has
previously held roles with the Dutch National Police and the General
Intelligence and Security Service of the Netherlands and served as
Home Affairs Counsellor in the Royal Netherlands Embassy in Paris.
Before she joined NCC Group Inge was part of the cyber security
leadership team with Deloitte Risk Advisory, securing the critical
infrastructure of the Netherlands, including central government. In
2019 she was listed in the top 100 most influential women in the
Netherlands and one of the 50 most inspiring women in tech.
In FY22 Inge co-sponsored the Neurodiversity resource group.
80
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Michelle Porteus
Chief People Officer
Ollie Whitehouse
Chief Technical Officer
Michelle is the Chief People Officer and responsible for all aspects
of the Group’s people strategy, leading on our global talent strategy
to attract, develop and retain our talented teams by maximising their
engagement and potential. She also co-sponsors all inclusion and
diversity initiatives with Yvonne Harley, Global Director of
Sustainability and Corporate Affairs.
Ollie is Chief Technical Officer at NCC Group responsible for the
Group’s technical strategy, research, product and development
functions. Ollie is ultimately tasked with ensuring that NCC Group
is well placed with capability and technology to exploit market
opportunities now and in the future. In FY22 Ollie was the
Executive sponsor of the Gender resource group.
Joining the Group in 2019, Michelle has spent the last two years as
the HRD of the UK, Spain and APAC region, as well as supporting
the global functions.
Michelle is a fellow of her professional institute and has a broad
range of experience in both consulting and in-house roles leading
transformation and organisational change. Her sector experience
spans financial services, retail, manufacturing and pharmaceutical,
public sector, utility and transport infrastructure.
Joining the Group in 2012, over the past 25 years Ollie has worked
in a variety of cyber security consultancy, applied research and
management roles. Ollie is Chair of a science advisory council to
the UK government and is an adviser on matters of cyber security
to several government departments.
Ian Thomas
Managing Director,
Assurance UK and RoW
Adrian Ah-Chin-Kow
Interim Global Managing
Director, Software Resilience
Ian joined NCC Group in December 2018 and is responsible for
the Group’s UK and RoW Assurance division and acts as Executive
sponsor for Global Professional Services and for the LGBTQIA+
community. Prior to that he was UK MD at Sopra Steria for two
and a half years, following a successful interim career working for
a number of global businesses and private equity backed firms,
in Managing Director and Sales Director positions. He was at
Cable&Wireless for eight years, where he ran global service
assurance and the wholesale and public sector divisions.
Ian’s early career includes 14 years at British Airways.
Adrian joined NCC Group in February 2020 as Software Resilience’s
Commercial Director and was responsible for sales, marketing and
product development. Adrian moved into his current role of Interim
Global Managing Director, Software Resilience in March 2022.
Prior to joining NCC Group, Adrian spent seven years at Insight,
a Fortune 500 IT solutions provider. He joined Insight as its UK
Corporate Sales Director before moving to become EMEA Director
of Cloud Programmes, a role which focused on building Insight’s
cloud services revenues through the development of new product
and services, predominantly hosted in Microsoft Azure.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
81
Governance�Board composition and division of responsibilities
Role profiles are in place for the Chair and Chief Executive Officer, which clearly set out the duties of each role.
Role
Responsibilities
Chair of the Board
(Chris Stone)
Chief Executive Officer
(Adam Palser/Mike Maddison)
Chief Financial Officer
(Tim Kowalski)
Is responsible for the running and leadership of the Board, setting its agenda and ensuring its effectiveness
on all aspects of its role, and promoting a culture of openness, debate and the highest standards of corporate
governance. The Chair, in conjunction with the CEO and other Board members, plans the agendas, which are
issued with the supporting Board papers in advance of the Board meetings. These supporting papers provide
appropriate information to enable the Board to discharge its duties, which include monitoring, assessing and
challenging the executive management of the Group.
Together with the senior management team (ExCom), is responsible for the day-to-day running of the Group’s
business, implementing the strategy and policies approved by the Board, and regularly providing performance
reports to the Board. The role of CEO is separate from that of the Chair to ensure that no one individual has
unfettered powers of decision.
Works closely with the CEO with specific responsibility for all financial matters, including Group accounting
policies, financial control, tax and treasury management, risk management and financial probity. The CFO is
also accountable for the transparency and appropriateness of management information and key performance
indicators, internally and externally.
Senior Independent Director
(Chris Batterham)
Provides a sounding board for the Chair and serves as an intermediary for other Directors, colleagues and
shareholders when necessary. The main responsibility is to be available to the shareholders should they have
concerns that they have been unable to resolve through normal channels or when such channels would be
inappropriate.
Non-Executive Directors
(Julie Chakraverty, Jennifer
Duvalier, Mike Ettling and Lynn
Fordham)
Designated Non-Executive
Director for engagement with
the workforce (Julie Chakraverty)
Company Secretary
(Tim Kowalski)
Bring experience and independent judgement to the Board. Maintain an ongoing dialogue with the Executive
Directors, which includes constructive challenge of performance and the Group’s strategy.
Leads on Board engagement with the workforce (please see separate section on page 86).
Ensures good information flows within the Board and its Committees and between senior management and
Non-Executive Directors. The Company Secretary is responsible for facilitating the induction of new Directors
and assisting with their professional development as required. All Directors have access to the advice and
services of the Company Secretary to enable them to discharge their duties as Directors. The Company
Secretary is responsible for ensuring that Board procedures are complied with and for advising the Board
through the Chair on governance matters. The appointment and removal of the Company Secretary is a matter
for the Board as a whole. Tim is supported with his company secretarial duties by a Deputy Company Secretary.
Meetings and attendance
The Board considers that each Director is able to allocate sufficient time to the Company to discharge their responsibilities effectively.
The Non-Executive Directors are contracted to spend a minimum of 24 days per annum on the Group’s affairs, and the Chair 60 days.
A summary of each current Director’s attendance at meetings that they were eligible to attend of the Board and its Committees during
the financial year ended 31 May 2022 is shown below. Unless otherwise indicated, all Directors held office throughout the year.
Chris Stone 1
Adam Palser
Tim Kowalski
Chris Batterham 2
Jonathan Brooks 3
Julie Chakraverty 4
Jennifer Duvalier 5
Mike Ettling 6
Board
12 12
12 12
12 12
12 12
8 8
5 5
11 12
11 12
Audit
n/a
n/a
n/a
5 5 *
4 4
2 2
n/a
4 5
Nomination
Cyber Security
Remuneration
8 8 *
n/a
n/a
7 8
6 6
3 3
8 8
n/a
2 3 *
n/a
n/a
2 3
2 2
2 2
3 3
n/a
n/a
n/a
n/a
5 6
4 4
3 3
6 6 *
n/a
At all times all of the Board and Committee meetings remained quorate.
Meetings attended
1 Missed one meeting due to an urgent personal matter.
5 Unable to attend one meeting due to a medical appointment.
Possible meetings
2 Missed one meeting due to a pre-existing personal commitment.
6 Unable to attend one meeting due to sudden illness.
*
Committee Chair
3 Jonathan Brooks retired from the Board on 27 January 2022.
n/a Director is not required
to attend the meeting,
but may have
attended by invitation
4 Julie Chakraverty was appointed to the Board on 1 January 2022.
82
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�What principal decisions have been made and what
have we looked at as a Board during 2021/22?
Section 172 statement
Section 172 of the Companies Act 2006 requires a director of a
company to act in the way they consider, in good faith, would most
likely promote the success of the company for the benefit of its
members as a whole, but having regards to a range of factors set
in section 172(1)(a)–(f) of the Companies Act 2006. In discharging
our section 172 duty, we have regard for these factors, taking them
into consideration when decisions are made.
The Board understands the importance of stakeholder engagement
and, through regular updates from the Executive Directors and other
senior managers, they have provided challenge and oversight
throughout the year. The Company’s stakeholders are set on pages
24 to 27, with an overview of how we engage with them, how it
relates to our strategy and highlights from the previous year.
Principal decisions made during the year
Throughout this Annual Report, we have provided examples of
how we have thought about the likely consequences of long-term
decisions and detailed below are how the Board considered
stakeholders, and the information we received through engagement,
into a number of its key decisions in 2021/22.
When making each decision, the Board carefully considered how
it impacted on the success of the Group and its long-term (financial
and non-financial) impact and had due regard to the others matters
set out in section 172(1)(a)–(f) of the Companies Act 2006.
The below should be read in conjunction with our stakeholder
section on pages 24 to 27, along with other sections of the
Annual Report where appropriate.
Topic
Stakeholder group
Engagement we received
Decision taken and our response
Reference
Board diversity Colleagues,
shareholders,
customers
IPM acquisition
and integration
Shareholders,
colleagues,
customers
We have been cognisant for a while of the
need to improve the diversity around our
Board table and a number of colleagues
and shareholders had also commented
on our lack of progress on this. We
recognised that our Board was not
representative of the society in which
we operate and of our colleague and
customer bases.
The Board had feedback sessions
from investors following the half and
full-year results and numerous briefings
from the Chief People Officer.
When bidding for work, a number of
customers have commented on our lack
of progress with diversity and it was
important for us to really pay attention
to this to ensure that we would not lose
future opportunities based on our lack
of diversity.
Shareholders were engaged throughout
the IPM acquisition process including
discussing the rationale for the acquisition,
with a general meeting held on 1 June
2021 with 100% shareholder approval for
the acquisition, showing the extent of our
engagement with our shareholders, and
that they were extremely supportive of
the acquisition.
The Board has had a number of updates
on the integration progress throughout
the year from senior colleagues within
Software Resilience, IT and HR. The Audit
Committee has also been closely involved
with the integration process.
Given this is a vital area to get right, the
Remuneration Committee has also
incentivised the integration. Existing
customers of IPM were contacted to
ensure a smooth transition
post acquisition.
Last year we made the firm
commitment to have at least 33%
female representation and at least one
person of colour on the Board by 2024.
With our recent appointments, we have
now delivered on our commitment and
are also on course to meet the FTSE
Women Leaders Review target of 40%
female representation by the end
of 2025.
Our Board
biographies on
pages 78 and 79.
Nomination
Committee Report
on page 101.
During the acquisition process, the
Board wanted to ensure that all
shareholders understood the rationale
for the acquisition and the impact on
the business.
Chair’s statement
on page 6.
Remuneration
Committee Report
on page 112.
Following the acquisition of the IPM
business in June 2021 the Board felt
that it was vital to be fully appraised
of and involved in the key activity
of ensuring that the newly acquired
business was fully and properly
integrated into NCC’s existing business,
this also included managing any risk of
customer attrition.
A colleague engagement session
with our new IPM colleagues has been
arranged and Julie Chakraverty will
report back to the Board on the findings
from this session, and how our new IPM
colleagues are adjusting to life within
NCC, and what NCC can learn from
their onboarding process.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
83
Governance�Board composition and division of responsibilities continued
What principal decisions have been made and what have we looked at as a Board during 2021/22? continued
Principal decisions made during the year continued
Topic
Stakeholder group
Engagement we received
Decision taken and our response
Reference
Interacting
with
colleagues and
colleague
engagement
Colleagues,
customers,
shareholders
Our network,
shareholders
Shaping future
markets and
the work of the
public affairs
team
Customers,
shareholders
The customer
voice and
experience
within the
boardroom
Pages 24, 47, 84
and 86.
Pages 20, 23, 27
and 29.
Pages 30 and 31.
During the year we have really worked on
our face-to-face interaction with
colleagues at all levels across the
business and during the year held Board
dinners with local colleagues in
Cheltenham and Delft, along with meeting
senior colleagues at a Board dinner in
Manchester.
Board members have also attended
colleague events throughout the year, e.g.
the IWD networking session
in Manchester.
Julie Chakraverty is now hosting in-person
engagement sessions wherever possible.
During the year, the Board has had a
number of briefings from the public affairs
team, which produced its inaugural Public
Affairs Impact Report, which the Board also
reviewed, in particular the return on
investment within stakeholder engagement,
requesting that further work be done in this
vital area for NCC.
The Board also had briefings from the
Chief Technical Officer and the Global
Head of Research on the risks and
opportunities of emerging technologies,
all of which will shape future regulatory
initiatives globally.
During the year, the Board requested
regular updates from the Global Director
of Sales and Marketing along with
members of his team.
The Board asked for more insight into
NCC’s customer base and every Board
pack now contains a summary of the latest
position on customer orders and a list
of important accounts.
Our new CEO, as part of his induction
process and getting to know NCC and its
customers, will report back to the Board
on customers and what they are thinking
and what their needs are.
During the Covid-19 pandemic,
although the Board continued to hear
from colleagues (via the designated
Non-Executive Director for colleague
engagement) there was felt to be a lack
of proper face-to-face engagement with
colleagues especially following a global
pandemic. A decision was made to
rectify this by adding to the Board
schedule as much face-to-face
colleague engagement as possible.
Being a people business, it is important
for us to ensure that our colleagues are
engaged and motivated and their voice
is heard in the boardroom. Having
colleagues who are content and feel
that NCC is a welcoming place to work
is vital to ensure that we can deliver on
our promises for our customers, and
indeed our shareholders.
The Board decided to improve its
understanding of this important
stakeholder group. The public affairs
team was enhanced during the year,
recognising the strategic importance
of this area for future business growth.
In addition, our Head of Public Affairs
also takes an instrumental lead in
shaping and leading on the Board
strategy day, ensuring that there is
appropriate linkage between this
key stakeholder and the Group’s
overall strategy.
Ensuring that we seek to appropriately
influence regulatory initiatives should
ensure we are well placed to take
advantage from any regulatory changes
which arise and assist our customers to
navigate them, allowing us to grow the
business for shareholders in terms of
revenue, and maintain our dividend.
The Board asked that its knowledge
of NCC’s products and services and
customer base be improved.
Following the strategy day held in March
2022, the Board approved the decision
to increase investment in our Remediation
and Microsoft Sentinel service offerings
with the appointments of new Commercial
Directors for each proposition.
Overall, although the customer voice is
being heard in the boardroom it was felt
that there were more opportunities to
improve this further and the Board would
look to meet with customers over the
coming year.
Hearing the voice of our customers in the
boardroom will allow us to further improve
our customer offering and should allow
us to win both new customers and retain
existing ones, allowing us to grow the
business for shareholders in terms of
revenue, and maintaining our dividend.
84
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�What have we looked at as a Board during 2021/22?
At every meeting the Board reviews the minutes from the previous
meeting and the status of any outstanding actions. Colleague
engagement is a standing agenda item presented by Julie Chakraverty
as our designated Non-Executive Director for workforce engagement.
The CEO and CFO present their monthly performance update reports,
which are also circulated to Board members in months where there is
no scheduled Board meeting. Over the year, the Board has had
reports on the Group’s trading in light of Covid-19 along with the
trading performance of the IPM acquisition.
The Board has also reviewed the following during 2021/22:
Leadership and colleagues
• Appointed a new CEO (Mike Maddison) and a new independent
Non-Executive Director (Julie Chakraverty)
• Received an update on colleague engagement and the results
of the annual colleague engagement survey
• Approved a number of share scheme grants to colleagues
including UK Sharesave, International Sharesave (in Australia,
Denmark, the Netherlands and Spain), and the Employee Stock
Purchase Plan (in the US and Canada)
• Approved a new Share Incentive Plan (SIP)
• Discussed a number of colleague deaths in service and approved
the application of the insurance proceeds to beneficiaries
• Continued with the colleague engagement programme, with
an appointed designated Non-Executive Director leading,
with an update to the Board at every Board meeting
• Appointed a new Chief People Officer (Michelle Porteus)
• Received updates on the Group’s pension scheme
Strategy
• Received regular updates on the Group’s transformation
programme, “Securing Growth Together” (SGT)
• Held a dedicated one day strategy session (see page 86)
• Discussed the strategy day and the key points arising out of it,
and had a strategy day progress check six months later, along
with regular check-ins on progress against strategy
• Approved the establishment of a new subsidiary company
in Portugal
• Discussed a number of sector IPOs, divestments and M&A activity,
plus investments that competitors had made during the year
Governance
• Continued with the colleague engagement programme,
with an appointed designated NED leading the Board’s
engagement activities
• Completed the Board, Committee and Chair effectiveness reviews
and discussed the results of these reviews, agreeing on key focus
areas for the coming year
• Approved the Notice of AGM and Proxy Form
• Had a number of presentations on the Group’s ESG work and
progress (labelled as “sustainability” internally)
• Attended the AGM and the general meeting to seek shareholder
approval for the IPM acquisition
• Received regular reports from the Deputy Company Secretary
on governance matters and best practice updates
• Had presentations on the Group’s key stakeholders, e.g. our
customers, suppliers and network, and reflected on Board
stakeholder engagement and improving the mechanisms for this
• Noted and approved the Group’s Tax Strategy
• Received updates on a number of high profile cyber-attacks
that had been targeted at other companies and organisations
• Approved some minor amendments of an administrative nature
to share plan rules
• Discussed and approved the Group’s Modern Slavery Statement
• Reviewed Directors’ outside directorships and potential conflicts
of interest and also Directors’ shareholdings, along with the
annual review of Non-Executive Director independence
• Reappointed the external auditor following recommendation
from the Audit Committee
• Received reports on any material litigation issues affecting the Group
• Received presentations on TCFD and carbon reduction initiatives
Financial
• Reviewed and approved the Annual Report and Accounts,
ensuring that it is fair, balanced and understandable
• Discussed and approved the full-year and half-year results
and associated presentations to investors
• Approved the interim and final dividends and discussed
the dividend policy
• Noted and approved the 2021/22 Group insurance cover renewal
• Discussed and approved the 2022/23 budget
• Received presentations from the brokers and financial PR advisers
• Considered and approved trading updates at the full
and half-year end
• Received regular updates from investor meetings and noted
circular investor letters
• Received external presentations on shareholder perspectives
on the Company
Other Group business
• Continued to be kept updated on the integration progress
following the IPM acquisition in June 2021
• Kept updated on a number of strategic projects including the
implementation of new business systems such as Salesforce
and Workday and SGT
• Had a number of sales and marketing presentations including
presentations on NCC’s sales within the financial services and
industrials sectors
• Received briefings on Fox-IT, Crypto and Data Diodes during
the Board visit to the Netherlands
• Had an update briefing from the new Group IT Director
• Approved a number of major customer contracts and bids
• Received regular updates on material litigation affecting the Group
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
85
Governance�Board composition and division of responsibilities continued
Colleague engagement
Julie Chakraverty is the Board’s designated Non-Executive
Director to lead the Board’s colleague engagement programme
(taking over from Jennifer Duvalier on 1 January 2022) and
is committed to understanding the views of our colleagues
and ensuring they are incorporated into the Board’s
decision-making process.
Colleagues were introduced to Julie via our internal social
channels where she explained her role through a video and
written communications. Julie has access to these channels
to enable her to engage fully outside of the formal events.
We were keen to build on the momentum in the previous year.
Julie is sometimes joined by our Chair, Chris Stone, or other
Non-Executives, to meet colleagues, all of whom are invited
from below the mid-management level and all parts of the
business to ensure diversity of thought. We ensure that no
one has their line manager in either the physical or the virtual
room to ensure they can speak freely and tell Julie what
is on their mind.
Feedback from each session’s participants is shared
anonymously to the Board and to our CEO. This enables
action to be taken, further strengthening the value of
listening. Colleagues attending are invited to give their
feedback and, so far, results have been positive and valued.
Board strategy session
As the Group remains focused on securing growth from the growing
momentum in its markets, the March 2022 Board strategy day
presented an opportunity to analyse the trends in the cyber and
software resilience markets, assess the Board’s confidence in the
Group’s strategic direction and discuss our preparedness to make
any future changes.
Ahead of the day, Board members had the opportunity to provide
individual feedback on what topics they wanted discussions to focus
on. Principally, the Board emphasised its desire for a genuinely
strategic discussion that went beyond short-term operational
challenges but instead focused on unlocking the Group’s capabilities
in the most impactful way.
To prepare, Board members also received pre-read materials that
included a high level summary of each business unit’s strategic
priorities, alongside financial and market analysis, to allow for high
quality, informed discourse on the day.
The Board strategy day focused on the Group’s Software Resilience
and Assurance divisions, alongside deep dives into our people
proposition and the Microsoft XDR (Sentinel) proposition. The Board
received an external reflection of the broader technology and cyber
services market environment that outlined clearly the market value
of a laser-like focus on solving customers’ challenges. The following
presentations reiterated NCC Group’s position as a hub for cyber
talent, and the ongoing focus on career and leadership development,
and generated excitement for the Sentinel opportunity before in-depth
engagement with the divisions’ Managing Directors touched upon
regional growth opportunities and ambitions for the future. The
Board strategy day concluded with a Board-only discussion that
focused on driving long-term value creation for NCC Group.
The Board agreed that the 2022 strategy day was excellent and offered
firm alignment on the strategic priorities for the coming financial year.
Managing Directors used the feedback from the day to inform their
2022/23 budget considerations and associated approvals, and
progress against strategic priorities will be measured on an ongoing
basis to ensure the Group successfully executes its ambitions.
Independent advice
All Directors have access to the advice and services of the
Company Secretary and Directors are entitled to take independent
professional advice if necessary, at the expense of the Company.
Conflicts of interest
The Companies Act 2006 requires Directors to avoid situations
where they have, or could have, a direct or indirect interest that
conflicts or potentially conflicts with the interests of the Company.
The Company’s Articles of Association require any Director with
a conflict or potential conflict to declare this to the Board.
That Director will not then be involved in the discussions relating
to the proposal, transaction, contract or arrangement in which they
have an interest, unless agreed otherwise by the Directors of the
Company in the limited circumstance specified in the Articles of
Association, nor will they be counted in the quorum or be permitted
to vote on any issue in which they have an interest. Directors are
required to inform the Board without delay should they be aware of
any actual or potential conflicts of interest and a check on conflicts
is undertaken each year with a report to the Board.
86
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Board independence
As required by the Code, at least 50% of the Board, excluding the
Chair, are independent Non-Executive Directors. The Board comprises
two Executive Directors, five independent Non-Executive Directors,
and the Non-Executive Chair.
Details of the Directors’ respective experience are set out in their
biographical profiles on pages 78 and 79.
The terms and conditions of appointment of Non-Executive
Directors are available for inspection at the Company’s registered
office during normal business hours.
The Board has debated and considers that all of the current
Non-Executive Directors are independent, and in so doing considered
the profile of all of the individuals, concluding that none of them:
• Has ever been a colleague of the Group
• Has ever had a material business relationship with the Group
or receives any remuneration other than their salary or fees
• Has close family ties with the advisers, other Directors or senior
management of the Group that could reasonably be expected
to cause a conflict
• Holds cross-directorships or has significant links with other
Directors through involvement with other companies or bodies
• Represents a significant shareholder
• Has at the point of this report served on the Board for more than
nine years from the date of their first election
The Non-Executive Directors provide a strong independent element
on the Board and are well placed to constructively challenge and
help develop proposals on strategy and succession planning.
Between them they bring an extensive and broad range of
experience to the Group.
Diversity
The principle of Board diversity (and indeed diversity across the Group)
is strongly supported by the Board. It is the Board’s policy that
appointments to the Board will always be based on merit so that the
Board has the right balance of individuals in place. The Board recognises
that diversity of thought, approach and experience is an important
consideration and is therefore one of the selection criteria used to
assess candidates prior to any Board appointments. Read more about
diversity in the Nomination Committee Report on pages 100 to 102.
The Company’s policy is to find, develop and maintain a diverse
workforce at all levels with an initial focus on developing a culture
where women can achieve and retain senior positions.
Annual re-election
In accordance with the Code, any Directors appointed in the financial
year are subject to election by shareholders at the AGM and, in line with
best practice, all the other Directors are subject to re-election annually.
Julie Chakraverty – induction and first impressions
We announced in October 2021 that Julie would join our Board
(and all of its Committees) with effect from 1 January 2022.
Before Julie joined on 1 January 2022, an induction plan was
created for her which involved Julie meeting with all of the
Executive Committee plus other key colleagues, including the
Director of Global Governance and the CISO. Julie also met
with the Company’s brokers, financial PR consultants, executive
remuneration advisers, and KPMG as the Group’s auditor.
We made the most of the two month window we had between
late October 2021 and 1 January 2022 so that Julie had a real
understanding of NCC before she started.
Julie has taken on the role of the Board’s designated Non-
Executive Director for colleague engagement (taking over from
Jennifer Duvalier) and this has allowed her to get up to speed on
colleague and cultural matters very quickly.
My comprehensive induction programme
and meeting the right colleagues and advisers
before 1 January 2022 really meant I “hit
the ground running” at NCC. I feel that the
insights I gained allowed me to make a positive
contribution from my first Board meeting.
Although that first Board meeting was a virtual
one (due to Covid-19 restrictions at the time)
I have now had the opportunity to attend three
in-person Board meetings (two in Manchester
and one in the Netherlands) and these, together
with various events and site visits, have allowed
me to engage with a number of colleagues.
Being the designated Non-Executive for
colleague engagement has provided me with
a great channel to meet with and hear feedback
from people of all levels across the business,
and then synthesise key themes for the Board.
I have really enjoyed my early months with NCC
and look forward to contributing further and
driving the colleague agenda in the boardroom
over the coming years.
Julie Chakraverty
Independent Non-Executive Director
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
87
Governance�Board composition and division of responsibilities continued
Director induction, training and development
New Directors are provided with an induction on appointment, which would include visits to the Group’s operations and meetings with
operational and executive management. Each Director’s induction is tailored to their experience and background with the aim of enhancing
their understanding of the Group’s strategy, business, operating divisions, colleagues, customers, suppliers and advisers and the role of the
Board in setting the tone of our culture and governance standards.
The Company acknowledges the importance of developing the skills of the Directors to run an effective Board. To assist in this, Directors are
given the opportunity to attend relevant courses and seminars to acquire additional skills and experience to enhance their contribution to the
ongoing progress of the Group. All of the Directors attend sessions which are aimed at updating the Board on trends and developments
in corporate governance.
During the coming year we will ensure that our new CEO (Mike Maddison) and our new independent Non-Executive Director (Lynn Fordham)
are provided with formal, comprehensive and tailored induction programmes and we will report back on this more fully in next year’s
Annual Report.
Board and Committee effectiveness review
The performance of the Board and its Committees is appraised annually and an internal effectiveness review was completed for 31 May 2022.
The overall rating was very positive meaning that the Board and its Committees continue to function well.
The results were presented to the May 2022 Board meeting and the Chair also held one-to-one calls with Board colleagues for “deeper
dives” into any areas they wished to discuss in more detail and with the CEO to discuss areas highlighted by the evaluation process. We have
also scheduled in a progress check in September 2022 to ascertain how we are doing against our proposed improvements and whether we
need to do anything different in the second half of the financial year.
The evaluation identified changes which would improve the working of the Board, including:
• An increased focus on diversity
• Assessing and monitoring culture
• A continued focus on strategy and strategic discussion
• An increased focus on succession planning and ensuring that these plans are reviewed on a regular basis
• An increased focus on CSR/ESG
How will we improve in these areas?
To focus on these actions, we have agreed the following:
Action
Progress and our plan
An increased focus
on diversity
• Firm commitment to have at least 33% female representation and at least one person of colour on the
Board by 2024
Assessing and
monitoring culture
• Presenters to the Board encouraged to highlight diversity statistics within their business area as
happened during the strategy day, when each presenter did this
• Appointment of Michelle Porteus as Chief People Officer
• Unconscious bias training has now been completed by the Board with the ExCom having already
completed it
• Significant work continuing internally on creating an inclusive culture throughout the organisation, further
helped by Michelle Porteus and Yvonne Harley (Global Director of Sustainability and Corporate Affairs)
being co-sponsors of all inclusion and diversity initiatives
• More Board discussion on ensuring our culture aligns with our values
• Presenters to the Board encouraged to highlight culture initiatives within their business area
• Board to have more exposure to senior executives across the business outside Manchester (Board
meetings during the year held in Cheltenham and the Netherlands with dinners held the night before
on both occasions allowing the Board to meet local senior leaders)
• Having a designated NED for workforce engagement reporting back to every Board meeting has helped
with this (please see page 86 on colleague engagement for further details)
• NEDs to spend more time in the business and at different offices (increasingly being done in person
as we emerge from lockdowns)
• Reporting on the “mood” of the business within the monthly CEO reports and areas of concern or where
there are higher than expected colleague attrition levels
• Discussing the results of both the annual colleague engagement survey and the more regular
“pulse” surveys
88
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Action
Progress and our plan
A continued focus on
strategy and strategic
discussion
• One day dedicated strategy session now held annually, attended by all divisional Managing Directors
and by brokers and advisers to provide an external and wider market perspective
• Ensuring strategy is more of an ongoing Board discussion between annual strategy days rather
than a once a year activity given the fast-paced and dynamic markets that the Group operates in
• Shifting Board discussion away from short-term tactical issues to more longer-term strategic issues
• Actions from dedicated strategy day circulated to the Board with a check-in on strategy halfway
through the year
An increased focus on
succession planning and
ensuring that these plans
are reviewed on a regular
basis
• Nomination Committee meetings now being held with a programme of four Committee meetings
planned every year with the Committee moving away from a transactional Committee (e.g. to recruit
a new Director) to a more holistic view encompassing: future skills needs, talent pipelines, diversity,
succession planning, and reviewing leadership needs of the Company
• Nomination Committee continuing strong focus on succession planning for the Board and senior management
• Chris Stone (Nomination Committee Chair) and Michelle Porteus (Global Chief People Officer) are now
meeting regularly and discussing a separate workstream on succession planning
An increased focus on
CSR/ESG (labelled as
“sustainability” internally)
• Global Director of Sustainability and Corporate Affairs taken on ESG lead within the Group and presents
every six months to the Board
• Gap analysis has been undertaken to provide an action plan to close the gaps and an ESG framework
has now been developed
• Policies have been refreshed and standardised (e.g. Code of Ethics and Modern Slavery). The whole
organisation has undertaken Code of Ethics refresher training
• Increasing recognition that this area will become an ever-more important area for new and existing
clients and investors when they are evaluating who to buy from and partner with/invest in
• Improving the visibility of what the organisation is doing with regard to ESG and ensuring that all
the ESG initiatives and activities are being properly recorded and reported
• TCFD is reported on page 39. A TCFD Steering Group has been formed. We also have a partnership
with Planet Mark to improve our carbon measuring and reduce our overall emissions as a Group
• Partnerships with external organisations continue to be developed, e.g. we have now partnered with
Planet Mark to gain focused and specific expertise on climate change in line with TCFD reporting
Progress from the previous year
The 2022 evaluation process also reviewed progress on actions identified in previous evaluation processes.
Areas identified in previous evaluations
2022 evaluation – progress
An increased focus on
succession planning and
ensuring that these
plans are reviewed
on a regular basis
An increased focus
on CSR/ESG
A continued focus
on strategy and
strategic discussion
Enhancing Board
interactions and
communications with
the Company and
its customers
Developing Board
involvement in the
Group’s culture related
initiatives
Good progress has been made and is firmly on the Board’s and Nomination Committee’s agenda with
a firm commitment to have at least 33% female representation on the Board and at least one person
of colour by 2024 (see above table for further details).
Progress has been made in relation to CSR/ESG; however, this remains a key area of focus
(see above table for further details).
Good progress, with the 2022 strategy day again felt to be very good and building on previous strategy day
sessions (see above table for further details). Some further work was perhaps needed on clearly defining
the strategy across the whole Group, i.e. at lower levels within the Company.
A new and highly experienced Director of Commercial Finance has been recruited, further improving the
strategic discussion.
Good progress. The Board has continued to interact with a significant number of colleagues on both a
Company-wide basis and via receiving presentations from various members of the ExCom plus senior managers.
There are regular updates on customers within the CEO’s report, although ways to improve the “customer
voice” in the boardroom would be reviewed along with opportunities for the Board to meet with some
customers on occasions throughout the year.
Good progress has been made in a number of areas (see above table for further details).
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
89
Governance�Board composition and division of responsibilities continued
Board, Committee and Chair evaluation process 2022
Company Secretary reviewed 2021
questionnaires and evaluation
exercise results and, based on this,
proposed questionnaires for the
2022 evaluation exercise.
The proposed questionnaires were
reviewed and approved by the Chair
and Committee Chairs and (for the
Chair’s review) the Senior
Independent Director.
Questionnaires were added to an
online survey website, which
ensured the anonymous and efficient
collection of answers.
Summary reports together with the
results and comments received were
prepared for the Board and
Committee meetings where the
results were discussed and key
actions for the coming year agreed.
The responses were collated and
analysed by the Company Secretary
who then shared these with the
Chair and Committee Chairs and (for
the Chair’s review) the Senior
Independent Director.
Board members, the Company
Secretary and regular Committee
attendees were then invited to
complete the questionnaires.
The Chair held one-to-one meetings
with Board members where areas
of interest could be discussed in
more detail.
The Senior Independent Director
met with the other Non-Executive
Directors (without the Chair being
present) to discuss the Chair’s
performance during the year.
The Senior Independent Director met
with the Chair to feed back and
discuss the Chair evaluation results.
Committee evaluation
During the year, each of the Audit, Cyber Security, Nomination and Remuneration Committees carried out an internal self-evaluation on its
effectiveness. The conclusion from the Committee reviews is that, overall, the Committees are working well but some recommendations were
made, as per the table below.
Committee
Audit
Focus areas
• Continuing to focus on reducing the length of Committee papers (using summaries where appropriate)
but acknowledgement that the internal papers had continued to improve
• Continuing to ensure that Committee papers were circulated as early as possible
• An acknowledgement that the cloud computing issue could have been handled better, and
recommendations had been made to improve processes for future
• Ensure open communication to discuss any potential accounting issues at an earlier stage, to allow for
quick resolution
• Continuing to decouple audit committees to board meetings that had previously been held on the same
day to allow further time for appropriate discussion and challenge
Cyber Security
• Continuing to take the papers/presentations as read and focusing on more value-adding dialogue,
discussion and interaction rather than going through the Committee briefing packs
• Improving the Committee’s knowledge and understanding of how NCC actually uses the tools
and processes that it offers to clients
• A review of whether external presenters or advisers/consultants could attend future Committee meetings
• More frequent updates on the nature of the changing cyber threat landscape, e.g. what are the current
major topics within cyber and the significant threats, plus recent security incidents that organisations
have experienced
90
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Committee
Nomination
Focus areas
• Continuing to build on the strong initial progress with our firm commitment to have at least 33% female
representation and at least one person of colour on the Board by 2024
• Succession planning for the Board and senior management
• Continuing to improve succession plans for senior executives and improving exposure to senior
executives at Board meetings and within more informal settings
Remuneration
• Continuing to have opportunities for more open and unfettered discussion (Executive Directors and
HR colleagues now only attend part of Committee meetings)
• Continuing to embed the 2021–2024 Directors’ Remuneration Policy and work closely with the advisers
on appropriate bonus and long-term incentive targets
• Ensuring that the Group’s reward structure aligns to the key issues facing the Group rather than
standard industry practice
• Continuing to focus on choosing appropriate benchmarks against which to compare NCC Group’s
remuneration packages
Individual Director appraisal process
During the year, the Senior Independent Non-Executive Director evaluated the performance of the Chair and the Chair evaluated the
performance of each Director. In addition, the Non-Executive Directors met independently from the Executive Directors to discuss with
the Chair the overall functioning of the Board and his contribution in making it effective.
During the coming year, we will also be undertaking our first ever externally facilitated Board and Committee evaluation and hope that
the external evaluator brings richer and deeper insights on the ways Board colleagues work together and areas for improvement.
Operation of governance framework
Role of the Board
The Board is responsible for reviewing, challenging and approving the strategic direction of the Group, while providing strong values-based
leadership of the Company, within a framework of prudent and effective controls, which enable risk to be assessed and appropriately managed.
The Board reviews the Group’s business model and strategic objectives to ensure that the necessary financial and human resources are
in place to achieve these objectives, to sustain them over the long term and to review management’s performance in their delivery.
The Board sets the tone of the Company’s values and ethical standards and manages the business in a manner to meet its obligations
to shareholders and other stakeholders.
The Board receives information on at least a monthly basis to enable it to review trading performance, forecasts and strategy and it has
a schedule of matters specifically reserved for its decision. The most significant of these are:
• Approval of strategic plans, the annual budget and any material changes to them
• Oversight of the Group’s operations, ensuring competent and prudent management, sound planning, and an adequate system of internal
control and governance
• Through the Audit Committee, oversight of financial reporting systems and information and adherence to appropriate accounting policies
• Changes to the structure, size and composition of the Board and Executive Committee, and oversight of the Company culture and the
ethical standards of the leadership and the independence of Non-Executive Directors, taking into consideration prudent succession planning
• Approval of the acquisition or disposal of subsidiaries and major investments and capital projects
• Approval of the dividend, treasury and banking policies, including the Group’s capital structure
• Through the Remuneration Committee, the delivery of an effective executive and senior management Remuneration Policy
• Receiving reports on the views of shareholders and approval of all documents put to shareholders at a general meeting or circulated
to shareholders
• Approval of the appointment of key advisers
The Board has a schedule of specific matters reserved for its decision where it feels they are critical to the ongoing success of the business
and are of a significant nature to merit the Board having such a decision reserved to it. The Group also has a Group Authority Matrix (which
documents the levels of authority delegated from the Board to various role holders within the Group). The schedule of matters reserved for
decision by the Board and the Group Authority Matrix are complementary documents and are designed to ensure that decisions are either
made by the Board or delegated to an appropriate senior colleague within the Group.
As noted above, the operational management of the Group is delegated to the Executive Committee. The Board also delegates other matters
to Board Committees and management as appropriate.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
91
Governance�Board composition and division of responsibilities continued
Risk management
The Board has ultimate responsibility for ensuring that business risks
are effectively managed. The Board has delegated regular review of
the risk management procedures to the Cyber Security Committee
in relation to cyber risks, and to the Audit Committee in relation to
all other risks. The Board reviews the overall risk environment on
at least an annual basis. The day-to-day management of business
risks is the responsibility of the Executive Committee (ExCom).
Internal control
The Group has a system of internal controls which aims to support
the delivery of the Group’s strategy by managing the risk of failing
to achieve business objectives and to protect the stewardship of the
Group’s assets. As with all such systems, the goal is to manage risk
within acceptable parameters, rather than to eliminate risk entirely.
The Group can therefore only provide reasonable and not absolute
assurance that the business objectives and asset stewardship will
be delivered successfully.
In addition, the Group insures against various risks, but certain risks
remain difficult to insure, due to the breadth and cost of cover.
In some cases, external insurance is not available at all, or at least
not at an economically viable price. The Group regularly reviews
both the type and amount of external insurance that it buys in
conjunction with its insurance brokers. For a more detailed review
of risk management processes, the principal risks faced by the
Group and their mitigation, see pages 64 to 72.
The Audit Committee is responsible for reviewing the effectiveness
of the risk management and internal control systems. The steps it
takes in relation to the review are set out on page 97.
The Audit Committee makes recommendations to the Board on the
effectiveness of risk management and internal controls, which the
Board considers, together with reports from the Cyber Security
Committee, in forming its own view on the effectiveness of the risk
management and internal control systems.
During the year ended 31 May 2022, the Board reviewed the
effectiveness of the Group’s risk management and internal control
systems together with internal control findings issued by our auditor,
including the mitigating factors surrounding the use of IT users with
certain access rights to our systems. We confirm that the processes
outlined above and on page 97 have been in place for the year
under review and up to the date of this Annual Report and
Accounts, and that these processes accord with the UK Corporate
Governance Code and the FRC Guidance on Risk Management,
Internal Control and Related Financial and Business Reporting. We
also confirm that, while no significant failings or weaknesses were
identified in relation to the internal audits performed, there is a
programme of continuous improvement to support the achievement
of higher standards. This has resulted in an increase in
benchmarking our systems of internal control against recognised
frameworks. For example, while our score against the NIST
Framework is in line with similar organisations, we have taken
a conscious step to exceed these standards. Therefore, we have
established and continue to monitor an aggressive action plan
to achieve our objective of being a leader in the market.
Executive remuneration
During the year (until the 2021 AGM), we operated within the
Remuneration Policy approved by shareholders at the 2020 AGM.
From the 2021 AGM until 31 May 2022, we operated within the
Remuneration Policy approved by shareholders at the 2021 AGM.
Details of how the Remuneration Policy has been applied during this
financial year are set out on pages 121 to 127 of the Remuneration
Committee Report.
92
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Shareholder engagement
Share capital structure
The Company’s issued share capital at 31 May 2022 consisted
of 309,967,243 ordinary shares of 1p each. There are no special
control rights or restrictions on share transfer or special rights
pertaining to any of the shares in issue and the Company does
not have preference shares.
As far as is reasonably known to the Board, the Company is not
directly or indirectly owned or controlled by another company
or by any government.
Board engagement with shareholders
Communications with shareholders are given high priority. There is
a regular dialogue with institutional investors including presentations
after the Company’s year end and half-year results announcements.
A programme of meetings takes place throughout the year with major
institutional shareholders, and private shareholders have the opportunity
to meet the Board face to face and ask questions at the AGM.
We are in regular contact with our large investors through a regular
scheduled programme of meetings attended by either our CEO or
CFO or both of them. Chris Batterham, our Senior Independent
Director, and I are also available to meet with investors should the
need arise. I met with our larger investors in February and March
2022 and fed back my findings to Board colleagues at the next
Board meeting. In addition, our brokers undertook an investor survey
on the back of our half-year results in January 2022 and the results
of this were presented and discussed at a Board meeting. Our aim
is to engage with our shareholders in an open and meaningful way.
During the financial year the Directors held a number of meetings
with shareholders as set out below.
Board shareholder updates
Feedback from major institutional shareholders is provided to the
Board on a regular basis and, where appropriate, the Board takes
steps to address their concerns and recommendations.
Investor meetings
One-to-one meetings
Group meetings
78
4
Substantial shareholdings
As at 31 May 2022, the Company had been notified of the following
interests of 3% or more in the issued share capital of the Company
under the UK Disclosure and Transparency Rules:
Shareholder
Number of
ordinary shares
% of
NCC’s total
share capital
Sanford DeLand Asset Management
18,342,500
Legal & General Group plc
Canaccord Genuity Group Inc
Montanaro Asset Management
Artemis Investment Management
Schroder Investment Management
Unicorn Asset Management
22,109,703
15,580,182
16,546,426
13,822,640
15,364,318
10,796,426
5.92%
7.13%
5.04%
5.90%
4.98%
5.53%
3.89%
Directors’ shareholdings
For details of Directors’ shareholdings, remuneration and interests
in the Company’s shares and options, together with information on
service contracts, see pages 110 to 120 of the Directors’
Remuneration Report.
Annual General Meeting
The AGM is an opportunity for shareholders to vote on certain
aspects of Group business and provides a useful forum for
one-to-one communication with private shareholders. At the AGM
shareholders receive presentations on the Company’s performance
and may ask questions of the Board. The Chair seeks to ensure that
the Chairs of the Audit, Remuneration, Nomination and Cyber
Security Committees are available at the meeting to answer
questions and all Directors attend.
The Company prepares separate resolutions on each substantially
separate issue to be voted upon at the AGM. The result of the vote
on each resolution is published on the Company’s website after the
AGM and will be announced via the regulatory information service.
At the 2021 AGM, shareholders representing over 75.19% of the
Company’s issued share capital returned their proxy votes.
On behalf of the Board
Chris Stone
Non-Executive Chair
6 September 2022
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
93
Governance�Audit Committee report
Delivering a robust
control environment
NCC continues to maintain a strong
focus on control, risk management
and governance.
Chris Batterham
Committee Chair
The Audit Committee’s key objectives
The purpose of the Audit Committee is to assist the Board in the
discharge of its fiduciary duties of stewardship of the Group’s
assets. The Committee particularly focuses on systems and
processes of management control, and the reporting of internal
management information and externally reported financial
information. The Committee also provides a forum for reporting
by the external auditor.
The Audit Committee’s responsibilities
The Committee’s main responsibilities include:
• Monitoring the integrity of the Financial Statements relating
to the Group’s financial performance and their compliance with
the provisions of IFRS, the UK Corporate Governance Code, the
Disclosure Guidance and Transparency Rules and other regulations
• Reviewing material information and significant accounting
judgements contained in the Annual Report and Accounts
• Advising the Board on the continuing appropriateness of the
Group’s existing accounting policies and the application of
any new or modified accounting and reporting standards
• Advising the Board on the effectiveness of the processes
ensuring that the Annual Report and Accounts, when taken
as a whole, is fair, balanced and understandable
• Reviewing the audit findings with the external auditor including
discussing any major issues that arise during an audit, the
accounting and audit judgements made, the level of any errors
identified during the audit and the effectiveness of the audit
process itself
• Reviewing the effectiveness of the Group’s internal control systems
• Reviewing the nature and extent of significant financial risks and
how they can be mitigated
• Making recommendations to the Board in relation to the
appointment of the external auditor, approving its remuneration
and terms of engagement
2021/22 key activities
• Monitoring integration of IPM business including associated
risks and costs of integration
• Ensuring adequate controls exist as the Iron Mountain’s
IPM business is consolidated into the Group’s results and
that the existing Group controls have been implemented
within the newly acquired business
• Ensuring the Iron Mountain’s IPM business fair value
accounting including the assessment of deferred revenue
is appropriately accounted for and disclosed
• Review of SGT progress and time/cost overruns and
ensuring any lessons learned are adequately captured
• Focus on future accounting technical announcements
• Reviewing proposed Task Force on Climate-Related
Financial Disclosures (TCFD)
• Review of key assumptions used in Group annual
impairment review
• Continued focus on quality of earnings and adherence
to Individually Significant Items accounting policy
2022/23 priorities
• Ensuring continued improvement of the effectiveness of
the Group’s risk management and internal control systems
in preparation for potential UK SOX requirements
• Planning for regulatory changes arising from the BEIS
whitepaper, “Restoring trust in audit and corporate
governance”, including ensuring that we review and consider
all UK governance changes following the establishment
of Audit Reporting and Governance Authority (ARGA)
• Undertaking a thorough and comprehensive auditor tender
process, leading to the reappointment of KPMG, or the
onboarding of a new auditor
• Monitoring ESG reporting, including progress on TCFD,
and embedding sustainability into the business
94
�• Overseeing the relationship with the external auditor including,
but not limited to, assessing its independence, objectivity
and effectiveness
• Reporting to the Board on the procedures for responding to
whistleblowing, fraud or potential breaches of anti-bribery legislation
A full copy of the Committee’s terms of reference can be found
in the Investor Relations section of the Group’s website at
www.nccgroup.trust/uk/about-us/investor-relations.
Activities during the year
During the year, the Committee:
• Assessed the effectiveness of the 2021 external audit process
and Audit Committee effectiveness
• Reviewed the FRC Audit Quality Inspection and Supervision
Report with respect to KPMG LLP
• Undertook a Committee evaluation exercise to assess where
the Committee should best focus its attention
• Received a summary of regulatory updates including health
and safety updates documenting new initiatives and activities
• Considered recent technical updates including guidance issued
by the Financial Reporting Council
• Received regular briefings from the Director of Global
Governance summarising risk management and control issues
• Reviewed the findings from the internal audit projects conducted
during the year and approved the internal audit plan for the
forthcoming year
• Reviewed the findings from the audit for the year ended
31 May 2022 and from the auditor’s review of the half-year
results to 30 November 2021
• Continued focus on quality of earnings and adherence to
Individually Significant Items accounting policy
• Reviewed all significant accounting areas and areas of key
estimation. Reviewed KPMG audit conclusions in these areas
• Reviewed the accounting treatment in respect of the acquisition
of the IPM business including key estimates associated with this
transaction. Reviewed KPMG audit conclusions in these areas
• Reviewed management’s going concern and Viability Statement
assessment, including macro-economic considerations. Reviewed
KPMG audit conclusions in these areas
• Received a self-assessment of the finance controls highlighting
enhancements made during the year, areas of continuous
improvement and specific actions to implement minimum
control standards
• Reviewed a summary of why management considers the
Annual Report is fair, balanced and understandable
Composition
The Audit Committee is chaired by me, a Chartered Accountant
of 43 years’ standing. I have previously served as the Finance
Director of Unipalm plc, before becoming Chief Financial Officer
of Searchspace Limited until 2005. Both businesses operated in
digital technology sectors. My earlier career included roles with
BICC Group and accountants Arthur Andersen. Until March 2022,
I was also a member of the audit committee at Blue Prism Group plc.
I currently chair the audit committee at Nanoco Group plc (both
companies are listed companies), which provides me with an
additional external perspective to bring to my chairing of this
Committee. The Board considers that I have the recent and relevant
experience required by the Code.
Mike Ettling served on the Committee throughout the year. Jonathan
Brooks served on the Committee from 1 June 2021 until he retired
from the Board on 27 January 2022. Julie Chakraverty joined the
Committee when she was appointed to the Board on 1 January 2022.
On 1 September 2022, Lynn Fordham joined the Committee. Julie
and Lynn bring welcome new experience with their strong
backgrounds and are strong additions to the Committee’s
membership. All members of the Committee are considered to be
independent and the Committee as a whole continues to have
competence in the technology sector.
Summary biographies of each member of the Committee are
included on pages 78 and 79.
Meeting frequency and attendance
The terms of reference for the Committee require at least three
meetings per year. During this financial year the Committee met
five times. As well as the members of the Committee, standing
invitations are given to the Chair, the other independent Non-
Executive Directors, the Chief Executive Officer, the Chief Financial
Officer, the Group Financial Controller, and the Group Director of
Global Governance, with other attendees also attending by invitation.
The external auditor also attends each meeting. During the year the
Committee met, on a number of occasions, with the external auditor
without the Executive Directors being present. In addition, following
the appointment in early 2020 of the Group’s Director of Global
Governance, who heads up the Group’s internal audit function, a
number of meetings were held with her without management
being present.
The attendance during the year of individual Committee members
at Audit Committee meetings is shown in the table below:
Attendee
Chris Batterham
Julie Chakraverty 1
Mike Ettling 2
Jonathan Brooks 3
Meetings attended
5 5
2 2
4 5
4 4
At all times all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1 Julie Chakraverty was appointed to the Board on 1 January 2022.
2 Unable to attend one meeting due to sudden illness.
3 Jonathan Brooks retired from the Board on 27 January 2022.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
95
Governance�Audit Committee report continued
Significant accounting areas and areas of significant management judgement or estimation uncertainty
The table below summarises the significant accounting issues, judgements and estimates that the Committee considered during the year
in relation to the Financial Statements. These are split between those items which are identified either as recurring items that the Committee
regularly reviews or as items of current year focus. The table also shows the degree of judgement or estimation that the Committee feels
has to be applied for each item. Items with a significant impact but with a “low” judgement level will typically have extensive independent
third party evidence of the bases for any judgement. Areas assessed as requiring a “high” level of judgement tend to rely more heavily
on management estimates and historical trends than extensive independent third party evidence.
Review items
Goodwill carrying values (recurring)
Fair value measurement – separately identifiable intangible assets (current year focus)
Accounting judgement
Estimation required
n/a
n/a
Low *
High
*
At the initial assessment stage, this was assessed as high estimation uncertainty. However, following the conclusion of management’s work and the Committee’s review, the
estimation uncertainty has reduced to low. Given the focus of the Committee on this area in the year, we have included it in the table above as it continues to be an area of focus
and close monitoring.
Significant issues considered during the year
in relation to the Financial Statements
During the year, the Committee reviewed and considered the
following areas in respect of financial reporting and the preparation
of the interim and annual Financial Statements:
• The appropriateness of the accounting policies used
• Significant areas of management judgement or estimation
• The effectiveness and changes to the financial control environment
• Compliance with external and internal financial reporting
standards and policies
• Disclosure and presentation of GAAP and Alternative
Performance Measures (APMs)
• Whether the Annual Report and Accounts, taken as a whole, is
fair, balanced and understandable and provides the information
necessary to assess the Group’s financial position, performance,
business model and strategy
In carrying out this review the Committee challenged the significant
estimates and judgements made by the Group’s finance team and
considered the external auditor’s reports setting out its views on
the accounting treatments and judgements included in the
Financial Statements.
Goodwill carrying value
(Recurring item: see Note 12 to the Financial Statements)
The Group has significant balances relating to goodwill at 31 May 2022,
totalling £266.1m (2021: £182.9m). Of this amount £76.9m relates
to acquisitions in the current year including the acquisition of the
IPM Software Resilience business while the remainder relates
to acquisitions made in prior years.
Goodwill is tested for impairment annually at the level of the CGU
to which it is allocated. For the year ended 31 May 2021, the
recoverable amount of all CGUs concerned was measured on a
value in use (VIU) basis. For the year ended 31 May 2022, the
recoverable amount of all CGUs concerned was measured on a VIU
basis, with the exception of the Europe Assurance CGU and the
IPM Software Resilience CGU, which were measured on a fair value
less costs to sell basis.
Fair value less costs to sell
In accordance with IAS 36, for the year ended 31 May 2022,
the recoverable amount of the Europe Assurance CGU and the
IPM Software Resilience CGU has been determined on a fair value
less costs to sell (FVLCTS) basis for the purposes of the impairment
review. The VIU calculations prepared for both CGUs are highly
sensitive to changes in inputs (for example reduced growth rates,
particularly beyond a period of three years), which could suggest
that they were less than the carrying value of assets. Therefore,
the Directors obtained two separate valuations performed by
independent third parties that compiled evidence of comparable
companies and precedent transactions to allow an assessment
of FVLCTS.
The Europe Assurance CGU and IPM Software Resilience CGU
FVLCTS valuations have been calculated by assessing the value
of the standalone Europe Assurance and IPM Software Resilience
businesses calculated using an EBITDA 1 multiple based on
sustainable earnings for the year ended 31 May 2022 adjusted for
specific items where relevant. For the IPM Software Resilience
business, integration costs associated with combining the business
into the wider Group have been added back to sustainable earnings
used in the calculation. For the Europe Assurance CGU no material
adjustments have been made to the sustainable earnings used in
the calculation.
Each CGU FVLCTS valuation has been assessed under a Level 3
fair value hierarchy as defined by IFRS 13. The key assumptions
used in the FVLCTS is the sustainable earnings and EBITDA 1
multiple. Sensitivity analysis has been performed in respect of
certain scenarios where management considers a reasonably
possible change in key assumptions could occur. Following this
review, it was concluded that there was no reasonably possible
change in those inputs that could give rise to an impairment.
Value in use
All other valuations have been assessed on a VIU basis; this involves
the preparation of discounted cash flow projections, which require
estimates of both future operating cash flows and an appropriate
risk-adjusted discount rate.
The commercial viability of individually capitalised development
project costs is also part of the overall assessment of carrying values.
Future cash flow estimates are based on two estimates: the rate of
revenue growth and the discount rate.
The calculation of an appropriate discount rate to apply to the
future cash flow estimate is itself an estimate. While some aspects
of discount rate calculations can be more mechanical in nature
(such as using the 30-year gilt yield as a proxy for the risk-free rate)
others, such as entity or sector-specific risk adjustments, rely
more on management estimates. The discount rate is also a key
component in assessing the terminal value, which is often an
important part of any valuation.
The Committee has reviewed the rationale used to determine
the CGUs. The Committee also reviewed the valuation approach
applied to assess the recoverable amount of each CGU.
96
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�With respect to VIU calculations the Committee reviewed assumptions
used in future cash flows that underpin the valuation of goodwill.
With respect to FVLCTS calculations the Committee reviewed the
sustainable earnings used in the calculation and the multiple applied
(considering two valuations performed by independent third parties
that compiled evidence of comparable companies and precedent
transactions). The Committee concurred with the view of management
that no impairment should be recognised as either the discounted
future cash flows or fair value was higher than carrying value.
Fair value measurement – separately identifiable
intangible assets
(Current year focus item: see Note 34 to the Financial Statements)
As part of the acquisition of the IPM business (see Note 34) the
Group has acquired an intangible asset relating to the customer
relationships acquired with a fair value of £91.4m. The valuation
approach taken is the income approach, specifically the multi-period
excess earnings method (MEEM). As part of this valuation exercise
the discount rate and revenue growth rate have been identified as
key sources of estimation and uncertainty and have been identified
that have a significant risk of resulting in a material adjustment to
the carrying amounts of assets and liabilities in the next financial
year. A description of such estimates and reasonably possible
sensitivities is described in Note 34.
The Committee has reviewed management’s assessment of the
fair value of separately identifiable intangible assets acquired by
considering the independent valuation performed by a third party,
management assumptions and reasonably possible sensitivities
and is satisfied that it is reasonable.
The Group’s approach to materiality
In considering the materiality of any individual issue or issues in
aggregate, the Group looks at a range of qualitative and quantitative
measures to assess whether or not omitting, misstating or obscuring
information could reasonably be expected to influence decisions
that the primary users of general purpose financial statements make
on the basis of those financial statements. The range of measures
includes (but is not limited to) the primary Financial Statements
themselves, the individual line item in question, and whether or not
the issue moves the result from one side of an inflection point to
another (for example, turning a profit into a loss or a net asset into
a net liability). Qualitative and quantitative measures are both
considered as is any potential impact on remuneration or banking
arrangements such as debt covenants.
Internal audit
The internal audit function is responsible for internal audit, the
assurance of other quality systems and processes, and monitoring
the embedding of risk management processes throughout our
operations. The internal audit plan was approved by the Committee
during the financial year and a number of audits were performed,
the findings of which have been reviewed by the Committee. During
the year, seven internal audit reports were issued covering a range
of risk areas including key financial controls, procurement
processes, order to cash, expenses processing, engagement of
contractors, and internal cyber security. No significant issues were
raised, and all identified control issues and related corrective actions
are reported to the Audit Committee. Implementation of the agreed
management actions is monitored on an ongoing basis by internal
audit. The Group will look to increase the scope of the audit plan
during FY23, drawing on third party resource provided under
co-source arrangements, and through the use of data analytics.
Internal controls and risk management
The Board is responsible for establishing, maintaining and
monitoring the Group’s system of risk management and internal
control and reviewing its effectiveness. The Committee monitors
the performance of management in this area.
We have an ongoing process for identifying, evaluating and managing
the principal risks faced by the Group, which has been in place for the
year under review are deemed effective up to the date of approval of
the Annual Report and Accounts. The Group’s non-cyber security
risks are monitored by the Audit Committee on behalf of the Board,
which sets aside time for an in-depth discussion of notable or
changing risks to the business. A description of the process for
managing risk, together with a description of the principal risks and
strategies to manage those risks, is provided on pages 64 to 72.
Cyber risks are reviewed by the Cyber Security Committee; the Cyber
Security Committee Report can be found pages 103 to 105.
Internal control systems are designed to meet the particular needs of
the Group and the risks to which it is exposed. By their nature,
however, internal control systems are designed to manage rather than
eliminate the risk of failure and can provide only reasonable but not
absolute assurance against material misstatement or loss. During the
year, the Group has implemented new systems which have brought
about some changes in controls, as the Group transitions away from
historical systems. These controls are deemed effective, however will
require further changes in the forthcoming year as we continue to
embed new ways of working across all our systems. Key elements of
the risk management and internal control system are described below.
Enhancements during the year are highlighted while the other
elements have all been in place throughout the year.
Controls relating to financial reporting and preparation of the
Annual Report and Accounts
• Information provided to management covering financial
performance and key performance indicators, including
non-financial measures (enhanced by new KPIs and targeted
management reports)
• A detailed budgeting process where business units prepare plans
for the coming year (enhanced with new standardised reporting,
discretionary cost reviews and consolidation models and systems)
• Procedures for the approval of capital expenditure and
investments and acquisitions (enhanced by standardised capital
approval request forms)
• Monthly operational reviews to monitor and reforecast results as
required against the annual operating plan, with major variances
followed up and management action taken where appropriate
Other controls
• Defined management structure and delegation of authority
to Committees of the Board, subsidiary boards and associated
business units (enhanced by more detailed authorities and
guidance notes)
• Recruitment standards and training to ensure the integrity and
competence of staff
• Anti-bribery, security and compliance training for all colleagues
• Clearly documented internal procedures set out in the Group’s
ISO 9001:2015 accredited quality manual
• Regular internal audits of key processes and procedures under
the Group’s ISO 9001 and ISO 27001 accredited quality
assurance process
• Monitoring of any whistleblowing or fraud reports
The external auditor regularly reports its findings on those areas
of internal control which it assesses as part of the external audit
and half-year review to the Board and the Audit Committee.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
97
Governance�Audit Committee report continued
Internal controls and risk management continued
Other controls continued
Our internal control effectiveness is assessed through the performance
of regular checks, which in the year ended 31 May 2022 included:
• Assessment of the identification and management of risks
connected to the Group’s strategy and management of
strategic change
• Reviewing and testing the Group’s financial reporting processes
• Performing compliance monitoring activities
• Assessment of the Group’s processes for identifying and
mitigating potential conflicts of interest
• Monitoring the completion of the Group’s mandatory
colleague training
Following these regular checks, it was deemed that the controls
were effective and the internal control systems are designed to
meet the particular needs of the Group and the risks to which
it is exposed.
Whistleblowing and confidential reporting procedures
The Group operates a confidential reporting and whistleblowing
procedure (known as our “Whistleblowing Policy”). The policy aims
to support the stewardship of the Group’s assets and the integrity
of the Financial Statements as well as protecting colleague welfare.
The procedure is reviewed annually by the Committee to ensure
that it remains fit for purpose.
The Group has appointed an independent third party reporting
agent to be the first point of contact for those who do not wish to
use normal internal line management channels for reporting their
concerns. This is advertised internally via colleague noticeboards and
our intranet. Colleagues are asked to undertake mandatory training
on a regular basis. During the year, colleagues were reminded of the
Code of Ethics Policy and the Whistleblowing Helpline.
The Committee reviews any whistleblowing or confidential reporting
of concerns raised during the year with respect to their nature, scale
and any associated or consequential risks.
Review of the Audit Committee’s effectiveness
The Committee has reviewed and considered the effectiveness
of its performance during the year. The review included the views
of members of the Committee and of regular attendees at the
various meetings (including the Executive Directors). I am satisfied
that the degree of rigour and challenge applied in performing
the Committee’s responsibilities is appropriate and effective and
continues to improve. Please see pages 90 and 91 for further
details of the Committee evaluation process.
Auditor’s independence and objectivity
The Committee received a formal statement of independence from
the external auditor.
The Company also operates a rigorous policy designed to
ensure that the auditor’s independence is not compromised by
it undertaking inappropriate non-audit work. The Audit Committee’s
approval is therefore required for any fees for any non-audit work
undertaken by the auditor. However, the Company recognises that
it can receive particular benefit from certain non-audit services
provided by the external auditor due to its technical skill and detailed
understanding of the Company’s business.
During this financial year non-audit fees of £80,000 (2021:
£75,000) were paid to the external auditor for the half-year review.
All significant pieces of non-audit work are put to informal tender to
suitable parties that, if appropriate, can include the external auditor.
Upon review as to suitability and price, the work will then be placed
with the service provider recommended. If this is the external auditor,
then Audit Committee approval is required.
The external auditor was not engaged during the year to provide
any services which may have given rise to a conflict of interest.
The Committee is satisfied that the overall levels of audit and
non-audit fees (i.e. the half-year review fee) are not material
relative to the income of the external auditor as a whole and
therefore that the objectivity and independence of the external
auditor were not compromised.
During the year, our external auditor received ad hoc cyber resilience
services in the ordinary course of business. The Committee is satisfied
that this work is immaterial to both the external auditor and the
Company and therefore the objectivity and independence of the
external auditor are not compromised.
External auditor’s effectiveness and appointment
The Committee reviews and makes recommendations regarding
the reappointment of the external auditor following a formal review
of the auditor’s performance following completion of the prior year
Financial Statements’ audit. In making these recommendations
the Committee considers:
• The experience, industry knowledge and expertise of the auditor
• The scope and planning of the audit and any variations from
the plan
• The quality of the processes adopted
• The auditor’s explanations of significant risks to audit quality by
reference to the Company’s specific circumstances and changes
to the risks
• The fees charged
• Its attitude to and handling of key audit judgements
• Its ability to challenge and communicate effectively with management
• The quality of the final report
• The FRC’s Audit Quality Review report relating to KPMG
During the financial year, I attended regular meetings with KPMG’s
engagement partner without management being present. This
provided the opportunity for open dialogue. The engagement partner
demonstrated her understanding of the Group’s business risks and
the consequential impact on the Financial Statements. Feedback on
the conduct of the audit from the engagement partner’s perspective
is used to determine if any challenges in the prior year audit would
be sufficiently addressed in the next audit cycle.
The Group’s current auditor, KPMG LLP, has been in place since
1 November 2013 with a competitive audit tender process having
last been undertaken in November 2011 for the year ended
31 May 2014.
It is the intention of the Committee to carry out a competitive audit
tender process during the forthcoming year in advance of the next
audit cycle (year ending May 2024).
98
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Therefore, having fully considered the effectiveness, independence
and objectivity of the external auditor and the reports it has produced
in the current financial year, the Committee has concluded that it
is appropriate to recommend to the Board the reappointment of
KPMG LLP as the Group’s external auditor for the next financial year.
Related party transactions and other fees approved
by the Committee
Refer to Note 32 for related party transactions in the year.
Fair, balanced and understandable
At the request of the Board, the Committee considered whether the
2022 Annual Report and Accounts, when taken as a whole, was fair,
balanced and understandable (FBU) and whether it provided the
necessary information for shareholders to assess NCC Group’s
position and performance, business model and strategy. The reviews
outlined in the diagram opposite include reviews of all material
matters, as reported elsewhere in this Annual Report and Accounts,
and reviews of the balance of good and bad news and ensure the
Annual Report and Accounts correctly reflects:
• The Group’s position and performance as described on pages 8
to 11 and 56 to 63
• The Group’s business model as described on pages 18 and 19
• The Group’s strategy as described on pages 28 to 35
The independent reviewers were not major contributors to the
Annual Report and Accounts but, at the same time, as members of
the Executive Committee or other senior colleagues, are deemed to
be sufficiently well informed on the Group’s activities to be able to
give appropriate feedback on the FBU criteria. They undertake a
qualitative review of disclosures and a review of internal consistency
throughout the Annual Report and Accounts.
The Directors’ statement on a fair, balanced and understandable
Annual Report and Accounts is set out on page 133.
Chris Batterham
Chair, Audit Committee
6 September 2022
1
Financial
information
4
Audit
Committee
Chair
2
Narrative
disclosures
3
Independent
reviewers
Fair, balanced and understandable
The following process was followed by the Committee
in making its assessment:
1. Financial information
• Prepared by individual business units
• Consolidated by Group finance team
• Reviewed by Group Financial Controller and CFO
2. Narrative disclosures
• Prepared by Group finance team
• Reviewed by Group Financial Controller and CFO
• Various reports prepared by Committee Chairs, CEO
and CFO
3. Independent reviewers
• Senior members of the Executive Committee or other
senior colleagues
• Those who have not been major contributors
4. Audit Committee Chair
• Review of detailed verification documents
• Review of findings and observations from
independent reviewers
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
99
Governance�Nomination Committee report
A continued focus on succession
planning and diversity
During the year, we have made
strides to improve the diversity
around our Board table and in the
executive team and completed a
successful search for a new CEO
and Non-Executive Director.
Chris Stone
Committee Chair
The members of the Nomination Committee are Chris Batterham,
Julie Chakraverty (from 1 January 2022) and Jennifer Duvalier,
along with me. Jonathan Brooks also served on the Committee
between 1 June 2021 and 27 January 2022. On 1 September 2022,
Lynn Fordham was appointed to the Committee.
The Nomination Committee’s objectives
and responsibilities
The Nomination Committee is responsible for reviewing the size,
structure, balance, composition and progressive refreshing of the
Board and its Committees and as such its duties include:
• Reviewing the structure of the Board
• Evaluating the balance of skills, knowledge, experience
and diversity on the Board
• Making recommendations for further recruitment to the Board
or proposing changes to the existing structure of the Board,
or individual Directors
• Reviewing the leadership needs of the Company, both Executive
and Non-Executive
• Succession planning for Directors and other senior executives
within the business
• Recruiting, appointing and exiting of Directors
• Overseeing membership of, and succession to, the various
Board Committees
• Reviewing the time commitment required from the Non-Executive
Directors on NCC Group business
2021/22 highlights
• Recruitment of a new CEO
• Recruitment of two new independent Non-Executive Directors
• Sessions to review senior management and Executive
Director succession plans
• Focused on diversity and inclusion in every meeting,
including undertaking unconscious bias training
• Undertook a review of the colleague engagement results
and continued with the non-executive colleague
engagement sessions
2022/23 priorities
Our priorities for the coming year focus on three areas:
• Broadening our approach to talent and succession enabled
by Workday
• Continuing to support the development of a diverse
leadership profile and pipeline
• Creating the right working environment to support colleague
engagement and working post pandemic
100
�The Chair of the Board leads the process for the appointment of
new Non-Executive Directors to the Board and for the appointment
of the Chief Executive Officer. The Chief Executive Officer, in
conjunction with the Chair, leads the process for the Chief Financial
Officer. The Senior Independent Director leads the process for
a new Chair of the Board.
In relation to an appointment to the Board, the Committee draws
up a specification and assesses the capabilities and experience
required for such a role, taking into account the Board’s existing
composition, including relevant experience and understanding of
our stakeholder groups.
We also assess the time commitment required. Candidates are
sought by third party executive search consultants and, where
appropriate, through the assessment of internal candidates and are
then formally considered by the Nomination Committee. Extensive
external referencing is completed.
Diversity
Our objective is to have a broad range of skills, backgrounds,
experiences and personal attributes within the Board as this
ensures the Board is best placed to serve the Company.
All appointments are made on merit and against objective criteria
with due regard for the benefits of diversity on the Board, including
gender, nationality, and educational and professional background,
as well as individual characteristics which will enhance diversity of
thinking on the Board. The Company and the Committee value the
aims and objectives of the Hampton-Alexander Review on FTSE
women leaders and the Parker Review on ethnic diversity of UK
boards and support and apply the Group’s diversity policy.
The Group’s gender diversity statistics are set out on page 49.
At Board level, we currently have three females on our Board and
one person of colour, but we note that diversity extends beyond
the measurable statistics of gender and ethnicity. As such, while
we historically have not set any particular targets, we continue to
take diversity in its wider context into account, having regard to
the diversity policy, and recommend only the most appropriate
candidates for appointment to the Board.
During the year ended 31 May 2021, we made the firm commitment
that by 2024, we will have at least 33% female representation
on our Board and at least one person of colour. With our recent
appointments, we have now delivered on our commitment and are
also on course to meet the FTSE Women Leaders Review target
of 40% by the end of 2025. Although this is best practice for
FTSE 350 companies, we have committed to this target regardless
of which share index we are in. (To achieve this commitment by the
end of 2025 based on our current Board size of eight Directors, we
would need to have at least four female Directors out of the eight.)
Our Board now has 37.5% female representation (three out of
eight), and we will look to improve this further still during any future
appointments to the Board.
We will look to continue to address this during future Board and
Executive Committee appointments. Given that it remains a fairly
young Board in terms of tenure, this improvement in diversity will
not be a quick process but we are very mindful of the need to take
positive action, and the matter is fully on our agenda, as can be
seen with the action we have taken during the year. Accessing the
candidates we require to reach this target will involve us looking
beyond the obvious pool of existing board directors within the UK
and we intend to ensure that we extend our talent search to other
sectors and countries to ensure we find a diverse pool of candidates
from which to choose to provide us with true diversity around our
Board table.
When a new Director is appointed they receive a full, formal and
tailored induction into the Company and discuss with the Chair
any immediate training requirements. (To read more about Julie
Chakraverty’s induction, please see page 87.)
During the coming year we will ensure that our new CEO
(Mike Maddison) and our new independent Non-Executive Director
(Lynn Fordham) are provided with a formal, comprehensive and
tailored induction programme and we will report back on this more
fully in next year’s Annual Report.
The Committee’s terms of reference can be found in the
Investor Relations section of the Company’s website:
www.nccgroupplc.com/investor-relations.
The terms of reference are reviewed annually and updated
when necessary.
Committee meetings
During this financial year, the Committee held eight scheduled meetings.
The attendance of individual Committee members at Nomination
Committee meetings is shown in the table below. Unless otherwise
indicated, all Directors held office throughout the year.
Attendee
Chris Stone
Chris Batterham 1
Jonathan Brooks 2
Julie Chakraverty 3
Jennifer Duvalier
Meetings attended
8 8
7 8
6 6
3 3
8 8
At all times all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1 Missed one meeting due to a pre-existing personal commitment.
2 Jonathan Brooks retired from the Board on 27 January 2022.
3 Julie Chakraverty was appointed to the Board on 1 January 2022.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
101
Governance�Nomination Committee report continued
Activities during the year
During the year, the Committee:
• Recruited a new CEO
• Recruited a new independent Non-Executive Director
• Evaluated the skills, knowledge and experience around
the Board table
• Reviewed the structure, size and composition of the Board
• Reviewed the Directors’ length of service
• Reviewed the diversity of the Board
• Reviewed the memberships of all Committees
• Reviewed the expected time commitment of the Chair and the
Non-Executive Directors
• Evaluated its own performance as a Committee
During the year, the Nomination Committee has had several
in-depth presentations from the Chief People Officer which focused
on people, talent and succession planning. These presentations
looked at the overall current position and in particular senior
succession, i.e. the Executive Committee and its direct reports.
Presentations and updates during the year
This year has been a busy one for the Committee and it has had
a number of presentations and updates on various colleague
matters across the Group. These include the following:
• Reviewed achievements over the previous year for the global
people team and looked forward to priorities for the year ahead
• Reviewed our development of capability with a particular focus on
senior succession and talent. We have also reviewed our approach
to accelerating and developing our global leadership capability
• Received an update since the previous year on our future state
ambition of being “a hub for cyber talent and a destination employer
with a quirky, distinctive environment”
• Reviewed the pipeline of step up candidates within the Group
• Considered the generational perspectives of colleagues within
the Group and their differing needs from an organisational and
leadership perspective
• Reviewed colleague engagement results from the annual
colleague survey (BHeard) when mapped against current
colleagues and former colleagues. Exit interview data and
key themes were also presented to the Committee
• Reviewed both present and former colleague sentiment
on social media channels
• Explored our current global leadership KPIs and discussed
opportunities for improvement as we launch our leadership
development programme in FY23
• Received a comprehensive briefing on the annual colleague
survey results (BHeard), along with the agreed next actions
• Received a briefing on the Action Ally programme being rolled
out across the Group
Our ambition for our future state is to be “a hub for cyber talent
and a destination employer with a quirky, distinctive environment”.
To support the ambition and our commitment to improving global
diversity, we are focusing on:
Processes
• Removing barriers to entry and making our talent attraction and
acquisition experience world class
• Continuing to review all our processes/documentation to ensure
all bias is removed including adverts and job descriptions
Training
• Providing unconscious bias training for leadership groups (the Board
and ExCom have both now undertaken unconscious bias training).
Continuing with NCC Conversations and our colleague resource
groups – promoting equality and celebrating our difference
• Our commitment to Action Ally, a programme to support allyship
at every level of the organisation, creating a safe and inclusive
environment where colleagues feel they belong
• Continuing to embed a Manager Essentials programme which
covers recruiting and managing a diverse team
Colleague voice
• Our commitment to an ongoing open dialogue with our
colleagues, through our annual engagement survey, colleague
forums, live leadership ask anything sessions, Board engagement
sessions with colleagues, the colleague resource groups, listening
sessions and our whistleblowing line, all play an active role in
creating a great place to work (for further information, please
see the Stakeholder Engagement section on pages 24 to 27)
• Continuing to develop and assess the broad range of
opportunities for colleagues to ask questions, to provide feedback
and to play an active role in creating a great place to work
Long term
• Developing our employer brand to broaden our attraction
strategies supported by a flexible, distinctive proposition to ensure
we remain current and attractive in a hot tech talent market globally
• Building strategic partnerships with organisations to support our
commitment to create an inclusive and diverse environment
• Connecting the initiatives at every stage of colleagues’ lives and
careers to create enriched career pathways and achieve the best
return for investment with improved colleague retention. Initiatives
include work experience, the Next Generation Talent programme,
mentoring and CyberFirst bursaries, and Alumni programmes
Committee effectiveness
During the year, the Nomination Committee carried out an internal
self-evaluation on its effectiveness.
A number of recommendations were made, including the need to:
• Continue to build on the strong initial progress with our firm
commitment to have at least 33% female representation and
at least one person of colour on the Board by 2024
• Focus on succession planning for the Board and senior management
• Continue to improve succession plans for senior executives and
improve exposure to senior executives at Board meetings and
within more informal settings
External search consultancies
During the year, we used the following search consultancies for the
following recruitment:
• Julie Chakraverty – Independent Search Partnership LLP
• Mike Maddison – Heidrick and Struggles International Inc
• Lynn Fordham – Sam Allen Associates Limited
None of the three agencies named above have any other
connection with the Company.
Chris Stone
Chair, Nomination Committee
6 September 2022
102
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Cyber Security Committee report
Monitoring the cyber security
and data protection landscapes
The Committee is dedicated to driving
continuous improvement in both the
cyber security and data protection
environments. This has been achieved
through challenging the “norm”,
proactively managing a changing
risk environment, sponsoring
key projects, and encouraging
innovative solutions.
Chris Stone
Committee Chair
The Cyber Security Committee was formed to focus specifically on
the cyber risks faced by the Group. This reflects the significant threat
posed by cyber risks, the nature of our business, and the potential
damage to the business as a high value target for malicious acts.
The Committee’s activities aim to challenge and support improvements
to the Group’s information security and data protection policies, defences
and controls, so as to comply with global data protection regulations
around the world, and ensure that the Group looks after its own
information, and the information that its customers entrust to it,
with the proper care and attention.
The Committee was formed in November 2016 and I have been
Chair since January 2018.
Chris Batterham and Jennifer Duvalier (both independent
Non-Executive Directors) served as members of the Committee
throughout the year. Jonathan Brooks stepped down from
the Committee when he stepped down from the Board on
27 January 2022. Julie Chakraverty (an independent Non-Executive
Director) joined the Committee when she was appointed to the
Board on 1 January 2022. Julie brings welcome new experience
with her strong financial services and technology background
and is a strong addition to the Committee’s membership. On
1 September 2022, Lynn Fordham was appointed to the Committee.
The Group’s Director of Global Governance, the Group’s Chief
Information Security Officer (CISO), and the Group’s Chief Data
Protection and Governance Officer (CDPGO) are standing invitees
of the Committee. The Executive Directors are invited to attend
Committee meetings when the Committee considers it to
be appropriate.
103
2021/22 highlights
• Focus on defining the role of NCC as potentially both a
controller and processor in certain service lines to maintain
compliance with contractual and data transfer obligations
• Project to support maturing global service delivery
model from the perspective of data transfer and data
sovereignty requirements
• Global information risk management framework,
with dedicated information risk scoring matrix, has
been embedded and better articulates the data risks
faced by the Group and therefore supports
continuous improvement
• Establishment of Global Technical Services (GTS)
in November 2021, with strong focus on removing legacy
technologies and simplifying our IT estate, which will
continue into 2022/23
• Cyber Security Review against the NIST Framework
in February 2022, and greater use of other third party
benchmarks like Microsoft’s Secure Score to help
objectively prioritise security improvements
2022/23 priorities
• Implementing a ticketing system to improve workload
management and reporting requirements for greater visibility
and ability to more accurately measure trends
• Revamping the data protection governance structure
to include Data Leads and Champions, with Steering
Committee membership comprising ExCom
• Streamlining security processes as part of the Global
Technical Services target operating model to improve
security team efficiency
• Running more complex cyber exercises to test our
response processes
Governance�Cyber Security Committee report continued
The Cyber Security Committee’s objectives
and responsibilities
The Cyber Security Committee is responsible for assessing the
performance of the Group’s internal security and defences and
as such its duties are to:
• Oversee and advise the Board on the current cyber risk exposure
of the Group and future cyber risk strategy
• Review at least annually the Group’s cyber security breach
response and crisis management plan
• Review reports on any cyber security incidents and the adequacy
of resulting actions
• Receive and consider the regular update reports from the CISO
and CDPGO and ensure the CISO and CDPGO are given the
right of direct access to the Committee
• Consider and recommend actions in respect of all cyber and data
protection risk issues escalated to it
• Keep under review the effectiveness of the Group’s controls,
services and products to analyse potential vulnerabilities that
could be exploited
• Regularly assess what are the Group’s most valuable intangible
assets and the most sensitive Group and customer information
and assess whether the controls in place sufficiently protect
those assets and information
• Review the Group’s ability to identify and manage new cyber risks
• Assess the adequacy of resources and funding for data
protection and cyber security defence and control activities
• Regularly review the cyber and data protection risk posed by third
parties including outsourced IT and other partners
• Oversee cyber security and data protection due diligence
undertaken as part of an acquisition and advise the Board of the
risk exposure
• Annually assess the adequacy of the Group’s cyber insurance cover
The Committee’s terms of reference can be found in the Investor
Relations > Corporate Governance section of the Company’s website
(www.nccgroupplc.com/investor-relations/corporate-governance). The
terms of reference are reviewed annually and updated when necessary.
Committee effectiveness
During the year, the Cyber Security Committee carried out an
internal self-evaluation on its effectiveness, as it continues to mature
since its formation in November 2016. The Committee was found to
be working effectively and I am satisfied that the degree of rigour
and challenge applied in performing the Committee’s responsibilities
is appropriate and effective and continues to improve. In terms of
specific focus areas for the year ahead we agreed on the following:
• Continuing to take the papers/presentations as read and focusing
on more value-adding dialogue, discussion and interaction rather
than going through the Committee briefing packs
• Improving the Committee’s knowledge and understanding
of how NCC Group actually uses the tools and processes that
it offers to clients
• A review of whether external presenters or advisers/consultants
could attend future Committee meetings
• More frequent updates on the nature of the changing cyber threat
landscape, e.g. what are the current major topics within cyber and
the significant threats, plus recent security incidents that
organisations have experienced
As an output of both this and previous evaluations, the Committee,
along with the Board, reaffirmed that cyber security and data
protection are sufficiently important risks for the business and that
the Committee should remain focused on this specific set of risks.
Therefore, the current structure in which the responsibility for broader
risk management remains with the Audit Committee will continue.
Committee activities during the year
• The Committee continues to make sure that the Group’s
resilience to cyber-attack is maintained and improved as the
threat landscape changes. In terms of information security
activities, the establishment of Global Technical Services (GTS)
in November 2021 and the close working between the CISO and
security team in GTS – at full strength after successful internal
recruitment activities in the summer and autumn – allowed us
to focus on removing or remediating some of our legacy
technologies and simplifying our IT estate, while at the same
time improving our security visibility across the Board.
• A new ICT asset management system has been introduced and this
will be exceptionally valuable for ongoing threat and vulnerability
management and will underpin security activities in the future.
• We conducted a Cyber Security Review against the NIST
Framework in February 2022, and we are working through the
matters arising from that to make improvements where necessary.
We have also made greater use of other third party benchmarks
like Microsoft’s Secure Score to help prioritise security improvements.
• On the threat detection side, we continue to benefit from our
global SOC’s leading detection methods and techniques, and
have just begun to transition to making more use of the Group’s
fast-developing Microsoft XDR offering.
In terms of our global data protection programme and internal data
privacy activities, our three year strategy is underway to pave the
way for our intended application for Binding Corporate Rules.
Binding Corporate Rules provide colleagues and customers alike
with a sense of trust through demonstration of our commitment to
protecting personal data, wherever in the world it may be processed
during our business activities. The data protection regulatory
landscape is continually changing, particularly in light of the UK
GDPR, and the team is working closely to stay abreast of such
changes. Noteworthy highlights since our previous report include:
• A suite of improvements are either in progress or have been
made with the goal of furthering our Data Protection by Design
approach, and to make the Data Protection triage assessment
process more efficient and easier for the business to engage
with. This includes a new ticketing/work log system. The data
protection team continues to work closely with IT to embed
these improvements into its processes.
104
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�• The engagement of a specialist external data protection law firm
to provide additional resource to support the internal team during
a period of flux in the data protection market. Recruitment
activities are underway to secure further permanent resource.
• Significant progress with our project to achieve global compliance
with the European Court of Justice Schrems II decision around
exporting personal data outside of the EU has been made,
focusing first on the global CIRT service. This part now
approaches completion.
Committee meetings
During this financial year, the Committee met three times and the
attendance of individual Committee members at the Cyber Security
Committee meetings is shown in the table below. Unless otherwise
indicated, all Directors held office throughout the year.
Attendee
Chris Stone 1
Chris Batterham 2
Jonathan Brooks 3
Julie Chakraverty 4
Jennifer Duvalier
Meetings attended
2 3
2 3
2 2
2 2
3 3
At all times all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1 Missed one meeting due to an urgent personal matter.
2 Missed one meeting due to a pre-existing personal commitment.
3 Jonathan Brooks retired from the Board on 27 January 2022.
4 Julie Chakraverty was appointed to the Board on 1 January 2022.
Chris Stone
Chair, Cyber Security Committee
6 September 2022
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
105
Governance�Remuneration Committee report
Annual statement
Driving sustainable growth
Our Remuneration Policy aims to
support the growth of the business
in a highly competitive market
for talent.
Jennifer Duvalier
Committee Chair
On behalf of your Board, I am pleased to present our Directors’
Remuneration Report (DRR) for the year ended 31 May 2022.
The report is divided into three sections: an Annual Committee
Chair’s Statement, the Annual Report on Remuneration for FY22,
and the previously approved Directors’ Remuneration Policy.
At the AGM in November 2021, 93% of shareholders voted in
favour of the Directors’ Remuneration Report, and I would like
to thank shareholders for their continuing support.
Annual Statement
2021/22 was another busy year for the Remuneration Committee
and we had six meetings in total. The Committee comprised
Chris Batterham, Julie Chakraverty (who joined the Committee
on 1 January 2022) and me as Chair. Jonathan Brooks chaired
the Committee from 1 June 2021 until he stepped down from the
Board on 27 January 2022, and I would like to thank Jonathan for
all his work over his years at NCC and his significant contribution to
shaping our remuneration framework. Our Board Chair, Chris Stone,
also attended all the meetings. We invited our remuneration
consultants, Chief People Officer, CEO, CFO and other executives
to meetings as required, although we always ensure that we have
time without executives present. On 1 September 2022,
Lynn Fordham was appointed to the Committee.
Corporate Governance Code remuneration requirements
for engagement with shareholders and colleagues
The Committee closely monitors shareholder guidance and
feedback on remuneration. Shareholder voting on AGM
remuneration resolutions is reviewed annually, shareholders are
consulted when changes to policy are being considered, and major
shareholders have the opportunity to provide annual feedback to
the Board and Remuneration Committee on NCC’s remuneration
approach at annual engagement meetings.
There are a number of existing channels of communication with
colleagues with regard to NCC’s remuneration policies and executive
remuneration. Our engagement survey enables colleagues to provide
feedback confidentially on many employment issues, including
remuneration. Our designated NED for colleague engagement also
2021/22 highlights
• Embedding the new Remuneration Policy for 2021–2024
as approved by shareholders at the 2021 AGM
• Making further grants under the Restricted Share Plan for
below-Board colleagues, to further broaden colleague share
ownership
• Approval of a new Share Incentive Plan (SIP) to enhance
colleague share ownership at all levels
• Undertaking a remuneration adviser tender
• Recruiting a new CEO and overseeing the exit terms of the
outgoing CEO
2022/23 priorities
• Further implement our Remuneration Policy following
approval at the 2021 AGM
• Complete the integration of Iron Mountain remuneration
practices into the Group
• Further consider the expansion of ESG measures into
incentive arrangements
• Continue to ensure our incentive arrangements support
the Group’s long-term growth strategy
• Set the remuneration package for the new CEO
106
�Recruitment terms for new CEO (Mike Maddison)
Mike Maddison joined us as our new CEO on 7 July 2022. Mike’s
remuneration has the same structure as Adam Palser’s and consists
of a base salary of £500,000, an annual bonus opportunity of 125%
of salary, and an annual LTIP grant of 175% of salary. The base
salary level for Mike is substantially less than in his previous role.
Mike’s benefits will be the same as Adam’s, except Mike will not
receive a car allowance and Mike will be entitled to a pension
contribution or allowance of 4.5% of salary, which aligns with our
wider workforce. In recognition that the remuneration offer from
NCC would otherwise be substantially below his prior remuneration
in his previous role, and to replace remuneration foregone on
leaving his previous role, the Board will grant a Special Replacement
Award of £500k worth of shares, vesting in 2024. The award will be
granted in accordance with Listing Rule 9.4.2(R) and the details of
the award will be fully disclosed in next year’s Remuneration Report.
Leaving arrangements for outgoing CEO (Adam Palser)
As previously reported, Adam Palser stepped down as CEO on
17 June 2022 and his exit terms follow his service contract and
our Directors’ Remuneration Policy. The full terms of Adam’s exit
arrangements can be found on our website (www.nccgroupplc.com/
media/dfsdz5ix/adam-palser-section-430-2b-of-the-companies-
act-statement.pdf); in summary, during his notice period Adam will
continue to be paid his monthly salary, and while he remains a
colleague, will also receive cash in lieu of pension, car allowance
and other benefits in monthly instalments (his notice period will end
on 9 May 2023). If Adam wishes to take up alternative employment
before the end of his notice period, the Committee may cease the
monthly payments.
Adam will receive his 2021/22 bonus (subject to the normal
performance conditions and 35% deferral into shares) but will not
receive a bonus for the 2022/23 year, nor an LTIP grant for 2022.
Adam’s 2019–2022 LTIP grant will not be prorated for service
(as he will serve the full three years required) and will vest in the
normal manner in September/October 2022 subject to the normal
performance conditions. Adam’s 2020 and 2021 LTIP grants will be
prorated for time served from the date of grant until the termination
date (9 May 2023), then vest in the usual manner subject to
performance conditions at the normal vesting date. The two year
post-vesting holding period will apply to all LTIPs. Post-employment
shareholding requirements will apply to the 2021 LTIP and the 2022
deferred annual bonus plan, in accordance with the Directors’
Remuneration Policy.
Remuneration adviser retender
During the year it was decided to undertake a review of the
Committee’s remuneration adviser, with the Committee recognising
the length of time that the current adviser (Alvarez and Marsal (A&M))
had been in place. A&M and two other advisory firms of comparable
calibre and experience were invited to tender for the advisory role.
The Committee received pitches from all three advisers at the May
2022 Remuneration Committee meeting. Following a thorough
scoring and review process and robust Committee debate, it was
agreed that Alvarez and Marsal remain the Committee’s adviser.
holds a number of colleague engagement sessions during the year
in which colleagues are invited to provide feedback and comments on
any issue, including executive remuneration and broader remuneration
policies. The Committee also receives regular feedback from the
Chief People Officer and Director of Reward and HR Operations on
how colleagues perceive NCC’s remuneration policies and practices
in the context of recruitment, retention and motivation. This
information is used by the Committee in its monitoring and
development of remuneration policies.
Remuneration Policy for 2021–2024
During the 2021/22 financial year, we initially operated within
the Remuneration Policy that was approved by shareholders at
the 2020 AGM, then switched to the Remuneration Policy that was
approved by shareholders at the 2021 AGM in November 2021.
The 2021–2024 Directors’ Remuneration Policy received 87.43%
of votes in favour and I thank shareholders for their support.
As a reminder, with the arrival of the Covid-19 pandemic, changes to
the Remuneration Policy in October 2020 were minimal and we, instead,
submitted a more significant set of changes at the November 2021
AGM. The aim of these changes was to reflect the strong performance
of the business and development of the senior team over a number
of years and ensure that the remuneration of our senior team is
appropriately positioned against a highly competitive market for
talent within the sectors in which NCC Group operates. We refined
some changes with our remuneration consultants and then undertook
a period of consultation with shareholders in March and April 2021,
who were supportive of our approach. Our 2021–2024
Remuneration Policy can be found in this report.
Its main features were to make phased increases to the variable
pay opportunity for our CEO and CFO. The first of the changes took
place in November 2021 with increased levels of LTIP grants made
to the CEO (of 175% of salary) and the CFO (of 150% of salary)
(compared with previous grants of 100% for both the CEO and
CFO respectively). The implementation of the second increase will
take place in 2022/23 when the annual bonus opportunity for both
the CEO and CFO will increase from 100% to 125% of salary. The
Committee considered this phased approach to be appropriate
in the current environment and these increases are balanced by:
a reduction in the threshold vesting level for the LTIP; a reduction
of Executive Director pension contributions to the workforce level
of 4.5%; and the adoption of a more demanding post-employment
shareholding policy. Total remuneration remains below the market
benchmark level. Further details can be seen in this report.
Base salaries
For the 2021/22 financial year, average salaries in the Group rose by
approximately 3.1% but we decided to increase the salary of the CEO
by 3%, taking effect from 1 June 2021, taking his salary to £465,000.
For 2 022/23, average salaries in the Group increased by an average of
5.3% and we have not made any increases to the CEO’s salary as he is
leaving the Group.
For the CFO, recognising that his salary was below the appropriate
level given the size and nature of the role and the incumbent’s
experience, we consulted with shareholders to increase his
pay over a two year period. This plan was fully explained in the
Committee Chair’s introduction to last year’s Remuneration Report.
In June 2021 his salary increased to £308,000, representing
an increase of 4.9% pts above the average workforce increase
(i.e. 8% in total). In June 2022, we implemented the second stage
of the planned salary change and increased his salary by 2.9% pts
above the average workforce figure. Despite these increases, the
salary remains below the relevant benchmark.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
107
Governance�Remuneration Committee report continued
Annual statement continued
Grants of shares under a below-Board Restricted
Share Plan to broaden colleague share ownership
As a Board, we remain committed to broadening share ownership
throughout the Group, both as a reward and retention tool. During
the year, we made further grants to around 380 colleagues under
our Restricted Share Plan (RSP), authorisation for which had been
granted at the 2020 AGM. An increased number of colleagues were
made a share award dependent on their continuing service within the
Group for a period of up to three years. RSPs are extremely common
in the technology sector in the USA, where we have increased our
presence in the last few years, and we expect to continue to utilise
this mechanism to support colleague retention.
In addition, we also offered colleagues the opportunity to participate
in our Save As You Earn/stock purchase share plans in the UK, the
US, Canada, the Netherlands, Australia, Denmark and Spain. Once
again, these proved popular with high take-up levels.
During the year, we also approved a new Share Incentive Plan (SIP)
for UK-based colleagues, further increasing our commitment to cost
effective colleague share ownership. We will look to launch this
towards the end of 2022.
Non-Executive Director and Chairman’s fees
In line with our Remuneration Policy, Non-Executive Director fees
were reviewed (by the Company Chair, CEO and CFO) and modest
increases were applied with effect from 1 June 2022.
The Remuneration Committee also reviewed the Chairman’s fees
using data provided by our remuneration consultants. As a result
the Chairman’s fees were increased by 2.8% to £162,700.
Details of these fees and allowances are given in the Annual Report
on Remuneration on page 119
Performance related pay – annual bonus
The annual bonus for the year ended 31 May 2022 for both the
Chief Executive Officer and Chief Financial Officer was based
on the satisfaction of stretching financial and strategic targets.
The financial targets for the 2021/22 financial year were given
a weighting of 75% of the bonus opportunity. The performance
measures included Group operating profit and individual revenue
targets for Assurance and Software Resilience. Strong revenue
growth of 12% in Assurance resulted in the stretch target being
achieved for this bonus element, but revenue growth in Software
Resilience did not meet the threshold target, resulting in no bonus
for that element. Overall, Group profit performance was strong with
Adjusted operating profit towards the top end of the target range.
This financial performance resulted in an award for the financial
element of the bonus of 46.88% out of the maximum available
of 75%. In assessing Group profit performance, the Committee
applied discretion to ensure fair treatment of the transition costs
relating to the change of CEO, as detailed in the report.
For the 2021/22 financial year, the strategic objectives for both the
CEO and CFO were given a weighting of 25% (this is a reduction
from 2020/21 when the weighting on the strategic element was
40%). The bonus award for the strategic element of the bonus was
13% of base salary for the CEO and 19.5% for the CFO out of the
maximum available of 25%.
The strategic objectives covered three areas:
• Integration of Iron Mountain IPM division: this included
specific targets for systems, people, customer and operating
model integration
• Strategic objectives within the existing business: these
included specific targets for the development of the MDR and
Remediation businesses
• Sustainability objectives: these included objectives with respect
to diversity targets, colleague engagement, and corporate social
responsibility
Further detail on performance against strategic objectives
is provided later in the report.
The total bonus earned was determined to be 59.88% of base
salary for the CEO and 66.38% of base salary for the CFO.
For both the CEO and CFO, 35% of the bonuses achieved will be
deferred into shares and will vest after two years. Clawback and
malus provisions are also in place for the annual bonus.
For 2022/23, the Committee will continue with the annual bonus
weightings being 75% financial and 25% non-financial.
For 2022/23, we will continue to use revenue targets to
complement the targets on Adjusted operating profit.
Strategic targets for 2022/23
Strategic targets for the CEO will include reviewing the Group
strategy and the following measures:
• Strategic objectives within the Assurance business:
specific revenue growth targets and to grow XDR sales
orders (10% in total)
• Strategic objective for the Software Resilience business:
finalisation of the full operational review of the combined
Software Resilience division to create additional Group
contribution from FY24 (10% in total)
• Sustainability and people objectives: these will include
objectives relating to our colleague engagement, retention and
corporate social responsibility (5% in total)
For the CFO, the strategic objectives will be similar; however instead
of strategic objectives within the Assurance business, he has
objectives related to global finance reporting, systems, and
improvements to meet the evolving needs of the business.
Performance related pay – LTIP outcome
The 2021–2024 LTIP was granted under the higher shareholder
approved limits (i.e. 175% and 150% of salary for the CEO and
CFO respectively) in November 2021. The awards will vest subject
to demanding EPS, cash and relative TSR targets outlined later in
this report.
The LTIP outcome for those LTIPs granted in 2019 was a vesting
equivalent to 59.33% of the maximum award. This was based on
EPS growth of 10.68% p.a., relative TSR ranking above upper
quartile and cash conversion of 106%.
108
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Performance related pay – LTIP November 2022 grant
Our LTIP award for 2022–2025 will be granted following our full
year results in September 2022 and, in line with the Remuneration
Policy and last year’s grants, the Committee intends to make awards
of 175% of base salary for the CEO and 150% for the CFO. These
will vest after three years to the extent that demanding performance
conditions are satisfied.
NCC is continuing to pursue its growth strategy, and has reviewed
targets and weightings in order to incentivise growth, maintain
high levels of cash conversion, and take into account market
expectations. As a result of the review, the Committee has proposed
changes which will result in more weight on relative TSR, continued
use of challenging EPS stretch targets, and more stretching cash
conversion targets. The outcome of the review and the proposed
changes for the performance period FY23 to FY25 are set out below:
Relative TSR (20% weighting): the weighting on relative total
shareholder return will be increased from 10% to 20% in order
to further encourage above-market returns.
Clawback and malus provisions are in place for the LTIP. The
Committee has the discretion to make a downwards adjustment
to LTIP vesting levels in the event that there have been unjustified
windfall gains, unrelated to performance or resulting from abnormally
depressed share prices at the time of grant. In exercising this
discretion, the Committee will take account of all the relevant
circumstances and the wider remuneration outcomes for the
relevant Executive Directors.
In order to further align executives with shareholders, executives are
required to retain any LTIP vested shares (net of tax) for a period
of two years. After this holding period, all vested shares must also
be retained if the shareholding requirement has not been met.
In addition, our post-employment shareholding policy requires
executives to retain the lower of the value of their holding on
cessation or 200% of salary for the first year following cessation,
reducing to 100% of salary for the second year following cessation.
This will be managed through a restricted account maintained
by NCC’s registrars and the Company Secretariat.
Cash conversion (20% weighting): the target range has been
increased from 80% to 90% compared to 70% to 80% for last
year’s grant. This will encourage the maintenance of the current
strong levels of cash conversion. The weighting on cash
conversion will be reduced from 30% to 20%.
Conclusion
During the coming year, we intend to focus on further embedding
our 2021–2024 Remuneration Policy along with continuing to
focus on the Committee’s responsibilities under the 2018 UK
Corporate Governance Code (the ‘Code’).
1.
2.
3.
EPS growth (60% weighting): the EPS performance metric is
currently measured on average performance over three years.
Instead, the Committee has decided to use a compound annual
growth rate (CAGR) methodology, which is more exacting and
more common in the market. The Committee has set the range
for the FY23 to FY25 performance period to ensure that the
stretch target is substantially above the consensus forecast.
Taking account of the current consensus forecast, the stretch
performance requirement will be 18% CAGR, which is around
5% pts higher than the median for FTSE 250 companies, and
the threshold growth requirement of 6% CAGR, which
compares to a FTSE 250 median of 5% to 6% CAGR. These
targets could be modified prior to grant if there is a material
change in outlook prior to the grant date. If the EPS metric
varies materially from that shown above, we will disclose this
in the RNS at the time of the LTIP grant, and report fully
on the metric in next year’s Remuneration Report.
These changes should also be seen in the context of NCC’s low
vesting percentage at threshold performance, which is 15% of
maximum for all metrics, compared to the market norm of 25%
of maximum.
These changes will provide more focus on delivering above-market
TSR, retain stretching EPS growth targets, increase the cash
conversion targets, and maintain a conservative level of vesting at
threshold performance. Furthermore, the stretch EPS target of 18%
CAGR remains above the stretch level, calculated on a CAGR basis,
for the LTIP awards granted before the increase in quantum
approved under the 2021 policy.
This includes:
• Ensuring that the Remuneration Policy continues to support
and incentivise the achievement of our strategy and further
developing the incorporation of environmental and social
sustainability measures
• Setting the remuneration for the Executive Committee (i.e. the
layer of senior management immediately below Board level) and
monitoring the success of the below-Board Restricted Share Plan
• Overseeing the wider remuneration policy for the workforce,
taking account of colleague feedback on this policy, and
considering wider workforce remuneration when setting Directors’
remuneration policy and practice
The 2022 Directors’ Remuneration Report will be put to the
usual, annual advisory vote at the AGM on 2 November 2022.
The Committee is committed to engagement and transparency
and I welcome the opportunity for discussion of the Group’s
remuneration with shareholders, at our AGM or at any other time
during the year.
Jennifer Duvalier
Chair, Remuneration Committee
6 September 2022
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
109
Governance�Remuneration Committee report continued
Annual Report on remuneration
This part of the report has been prepared in accordance with Part 3 of The Large and Medium-sized Companies and Groups (Accounts
and Reports) (Amendment) Regulations 2013 as amended and 9.8.8R of the Listing Rules.
The following report will be subject to an advisory shareholder vote at the 2022 AGM, which is scheduled to be held on 2 November 2022.
The information on pages 110 to 120 has been audited where indicated.
How the Remuneration Policy has been implemented in the year ended 31 May 2022
This section sets out how the Remuneration Policy was implemented in 2021/22. The key implementation decisions during the year related to:
• Review of salaries for Executive Directors
• The determination of annual bonus outcomes for the 2021/22 performance period
• The performance targets and value of awards granted under the LTIP, which will vest in 2024
Further detail on these decisions, together with other information on payments made to Directors, is set out in the following sections.
Single total figure of remuneration (audited)
The detailed emoluments received by the Executive and Non-Executive Directors for the year ended 31 May 2022 are below:
Director
Chris Stone
Year ended
31 May 2022
31 May 2021
Adam Palser 10
31 May 2022
Tim Kowalski
31 May 2021
31 May 2022
31 May 2021
Chris Batterham
31 May 2022
31 May 2021
Jonathan Brooks 8
31 May 2022
31 May 2021
Julie Chakraverty 7
31 May 2022
31 May 2021
Jennifer Duvalier 6
31 May 2022
Mike Ettling
Total
31 May 2021
31 May 2022
31 May 2021
31 May 2022
31 May 2021
Salary/
Non-Executive
Director fees 1
£000
158
138
465
450
308
284
73
59
38
53
24
–
66
51
55
46
1,187
1,081
Benefits 2
£000
Pension
benefits 3
£000
SAYE 9
£000
Total
fixed pay
£000
Annual
bonus 4
£000
Long-term
incentive 5
£000
–
–
12
16
28
31
–
–
–
–
–
–
–
–
–
–
40
47
–
–
22
22
22
28
–
–
–
–
–
–
–
–
–
–
44
50
–
–
9
–
9
–
–
–
–
–
–
–
–
–
–
–
18
–
158
138
508
488
367
343
73
59
38
53
24
–
66
51
55
46
–
–
278
414
204
247
–
–
278
208
175
131
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Total
variable
pay
£000
–
–
Total
£000
158
138
556
1,064
622
1,110
379
378
746
721
–
–
–
–
–
–
–
–
–
–
73
59
38
53
24
–
66
51
55
46
1,289
1,178
482
661
453
339
935
1,000
2,224
2,178
1
2
3
4
5
The Chair and Non-Executive Directors each receive an allowance paid as part of their base fees of £8,200 and £4,750 respectively, to cover all travel and expenses related to their
roles on the Board. In light of Covid-19 and the fact that Board meetings were being held virtually, these allowances were not paid between 1 June 2020 and 31 May 2021 but
were reinstated from 1 June 2021.
Taxable benefits include the provision to every Executive Director of a car or car allowance, payment of private fuel, car insurance, private medical insurance, life assurance and
permanent health insurance in 2020/21. Tim Kowalski switched from receiving a car allowance to a leased vehicle at no additional cost to the Group. The P11D value of the leased
vehicle is higher than the monthly cash value of the car allowance which he forfeited.
Pension benefits include employer contributions to the Group pension scheme and payments in lieu of pension contributions. The Company provided pension payments in lieu
of pension contributions for two Executive Directors during the year ended 31 May 2022.
Annual bonus payments for performance in the relevant financial year; 35% of this bonus is deferred into nominal cost share options for two years. Dividend equivalents accrue
on these shares.
Long-term incentive awards vesting under the LTIP, 145,560 shares vested to Adam Palser and 91,888 shares vested to Tim Kowalski with respect to the LTIP granted in 2019
which had a performance period ending on 31 May 2022. These have been valued using a share price of £1.908, which is the three month average share price over March, April
and May 2022. These shares were awarded based on a share price of £1.82 on the day before the date of grant. As a result, the change in share price since the date of grant has
resulted in an increase in value of £12,809 and £8,086 respectively. With regard to the LTIP awards with a performance period ending on 31 May 2021, 78,914 shares vested
to Adam Palser and 49,773 shares vested to Tim Kowalski, which have been valued using the share price at the date of vesting of £2.63. These shares were awarded based
on a share price of £2.21 on the day before the date of grant. As a result, the change in share price since the date of grant has resulted in an increase in value of £33,144 and
£20,905 respectively.
110
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�6
In 2021/22, Jennifer Duvalier received an extra £5,000 per annum to reflect her additional responsibilities for engaging with colleagues on behalf of the Board. Jennifer handed this
role over to Julie Chakraverty when she joined the Board on 1 January 2022. Jennifer also took over from Jonathan Brooks as Remuneration Committee Chair on 1 February 2022.
7
Julie Chakraverty joined the Board on 1 January 2022 and took over from Jennifer Duvalier as the designated Non-Executive Director for engaging with colleagues on behalf of the Board.
8 Jonathan Brooks stepped down from the Board and as Remuneration Committee Chair on 27 January 2022.
9
Options over 10,273 shares vested on 1 October 2021 to Adam Palser and Tim Kowalski under the all-colleague SAYE scheme. These awards have been valued at the date
of vesting using the share price on that date of £2.60.
10 Single total figure of remuneration for the year ended 31 May 2022 excludes accrued costs in relation to Adam Palser’s contractual 12 month notice period that commenced
on the date of announcement, 9 May 2022. See page 115 for further details in relation to leaving arrangements of Adam Palser.
Additional information in respect of the single total figure of remuneration
Pension and benefits
Effective 1 December 2021, the CEO’s and CFO’s pension provision reduced from 5% of base salary and 10% of base salary, respectively,
to the level of the wider workforce, which is currently 4.5%. These contributions are cash payments in lieu of formal pension contributions.
Annual bonus
2021/22 annual bonus (audited)
For the year ended 31 May 2022, the maximum potential bonus opportunity for Adam Palser was 100% of salary. For Tim Kowalski,
the maximum potential bonus opportunity was also 100% of salary. For the year ended 31 May 2022, bonuses of 59.88% and 66.38%
of base salary respectively were payable.
The actual bonus awarded to Adam Palser was £278,442 and to Tim Kowalski was £204,450 based on the achievement of the
performance conditions set out below. 35% of each payment will be deferred into nominal cost share options for two years, with the
remaining 65% paid in cash. The performance measures and targets are set out below.
Financial targets – up to 75% of the bonus
Performance targets
31 May 2022
Adjusted proforma
operating profit *
Revenue constant
currency 1 growth –
Software Resilience
Revenue constant
currency 1 growth –
Assurance
Strategic targets
Threshold
Maximum
Actual
Threshold
Maximum
Actual
Threshold
Maximum
Actual
£51.5m
£54.5m
£53.5m *
2%
5%
(0.6%)
9%
12%
12.1%
The strategic targets were set individually
for the Executive Directors based on key
strategic objectives for the year in their
area of responsibility – see below
Adam Palser
Tim Kowalski
Weighting (% of salary)
Weighting (% of salary)
Payout (% of salary)
Weighting (% of salary)
Weighting (% of salary)
Payout (% of salary)
Weighting (% of salary)
Weighting (% of salary)
Payout (% of salary)
Weighting (% of salary)
Payout (% of salary)
7.50%
37.50%
28.13%
3.25%
18.75%
0%
3.25%
18.75%
18.75%
25.00%
13.00%
7.50%
37.50%
28.13%
3.25%
18.75%
0%
3.25%
18.75%
18.75%
25.00%
19.50%
Total payout
59.88%
66.38%
Total bonus
£278,442
£204,450
Amount paid in cash
£180,987
£132,892
Amount deferred in shares
£97,455
£71,558
*
Following the acquisition of IPM, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m respectively. Management is required to recognise all assets and
liabilities at fair value, giving rise to a fair value adjustment on the level of deferred revenue acquired of £12.1m. This has resulted in a downward adjustment to the book value of
IPM’s deferred revenues reflecting the fair value of service still to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher for the 12 months ended
31 May 2022. On this basis, proforma Adjusted operating profit of £52.5m represents Adjusted operating profit 1 of £48.1m and the fair value adjustment of £4.4m (see page 10).
Adjusted proforma operating profit of £52.5m (see page 10) has been amended to £53.5m to exclude accrued CEO transition cost of £1.0m that have not been treated as
Individually Significant Items in the Financial Statements. The Remuneration Committee considered that the fair treatment of the unplanned and accelerated costs related to the
CEO transition was that most of these should not impact bonuses for FY22. However, the Committee has determined that, for balance, the payment-in-lieu costs for the departing
CEO will impact FY23 bonuses for those executives who benefited from the adjustment made in FY22. This will be achieved by raising the FY23 profit targets for these executives
by £0.5m.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
111
Governance
�Remuneration Committee report continued
Annual Report on remuneration continued
Additional information in respect of the single total figure of remuneration continued
Annual bonus continued
Strategic targets – up to 25% of the bonus
The table below highlights the key strategic targets and achievements for each Executive Director. Bonus target ranges have been disclosed
to the extent possible, but the achievement of some areas is determined by the Committee based on its judgement of performance.
Bonus award (% of maximum total bonus) 31 May 2022
Adam Palser
Tim Kowalski
Weighting
Outcome
Weighting
Outcome
2.0%
0.0%
n/a
n/a
2.0%
2.0%
2.0%
2.0%
5.0%
n/a
5.0%
n/a
1.0%
1.0%
1.0%
1.0%
2.0%
2.0%
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
2.0%
2.0%
n/a
3.0%
3.0%
n/a
5.0%
2.5%
10.0%
8.0%
15.0%
12.5%
5.0%
0.0%
5.0%
0.0%
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
n/a
2.0%
2.0%
n/a
1.0%
1.0%
n/a
1.0%
1.0%
n/a
1.0%
0.0%
10.0%
0.0%
5.0%
4.0%
5.0%
5.0%
5.0%
3.0%
Target and performance conditions
Outcome
Integration of IPM
Exit from engineering support in
FY22
Not achieved in FY22 but on track to be achieved
in FY23
Exit from financial support in FY22 Exited in FY22
Customer retention: target to
maintain customer retention above
89%
Staff retention: retain 83% of
identified roles
Staff attrition: target to keep
attrition for IPM below 12.5%
Revenue synergy from IPM
customers: target of £200k
Customer retention above 89%
83% of identified roles retained
Attrition below 12.5%
Target significantly exceeded
Integration of IPM accounting in
H1 with no delay to H1 reporting
Integration of IPM accounting in
H1 with no delay to H2 reporting
Achieved
Achieved
Full integration of finance systems
Two systems set up but some systems delayed
Sub-total – integration of IPM
Existing business
Remediation growth: threshold
target growth of 250%
MDR growth: threshold target
growth of 18%
Customer KPIs: to be identified
and defined
Cost control: target for costs
to be below budget
Reporting: introduce utilisation
reporting
Improve internal reporting for costs
to help management cost control
Sub-total – existing business
Sustainability
Committee assessment of
progress in colleague engagement
for the Group as a whole and
finance separately, for Group
diversity, and CSR
Growth below threshold target
Growth below threshold target
KPIs identified and defined
Actual costs were £1m below budget
KPI was identified and reported
Progress made but objective not fully achieved
Colleague engagement: engagement score for the Group
increased by 2.2% year on year. Improvements made in
wellbeing, career development and management
Diversity: colleague resource groups continue to work on
diversity initiatives regarding gender, race and ethnicity,
LGBTQIA+, and neurodiversity. An Accessibility resource
group was also created during the year. Key initiatives
included the Menopause Library, the issuing of Ramadan
guidance, and sponsoring leadership development for
women
CSR: produced our TCFD report, identified new climate
change risks, and secured an improved Sustainalytics ESG
score compared to 12 months ago
Sub-total – sustainability
Total strategic bonus
5.0%
5.0%
5.0%
3.0%
25.0%
13.0%
25.0%
19.5%
112
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Long Term Incentive Plan vesting
The LTIP awards made in September 2019 (with a performance period of 1 June 2019–31 May 2022) will vest in September 2022.
Adam Palser and Tim Kowalski were beneficiaries of these and achieved a vesting of 59.33% of the award of 245,338 and 154,876 shares
respectively, being 145,560 and 91,888 shares respectively:
Executive
Number of
LTIP awards 1
Basis
Performance condition
Adam Palser
245,338
Tim Kowalski
154,876
100% of
base salary
Vesting determined by:
• Growth in Adjusted proforma EPS 3,4 over the performance period
• Average cash conversion ratio 4 over the performance period
• TSR over the performance period vs FTSE 250 comparator group
The performance conditions for these awards are set out below:
Performance period
1 June 2019 to
31 May 2022
Proportion
Component
Metric
Threshold
(20% vesting)
Maximum
(100% vesting)
Actual
performance
Actual %
vested
60%
30%
Adjusted
proforma
EPS 3,4
Average growth over
a three year period
Cash
conversion 4
Average cash conversion
ratio 4 over three years
9%
20%
10.68%
19.33%
70%
80%
106%
30%
Vesting basis
Straight line between
threshold and maximum
Straight line between
threshold and target,
then target and maximum
10%
TSR
TSR over three years vs
FTSE 250 comparator group
(excluding investment trusts)
Median
Upper
quartile
Above
upper
quartile
10%
Straight line between
threshold and maximum
Total
59.33%
Long-term incentives granted during the year (audited)
During the financial year, the Executive Directors were granted awards subject to the performance conditions set out below. The awards
were as follows:
Executive
Number of
shares under
awards 1
Adam Palser
338,357
Basis
Face value 2
Performance condition
175% of
base salary
£813,750
Vesting determined by:
• Growth in Adjusted EPS 4 over the
performance period
• Average cash conversion ratio 4 over the
performance period
• TSR over the performance period vs FTSE 250
comparator group
Performance period
1 June 2021
to 31 May 2024
Tim Kowalski
192,099
150% of
base salary
£462,000
As above
The performance conditions for these awards are set out below:
Proportion
Component
Metric
60%
Adjusted EPS 4
30%
Cash conversion 4
10%
TSR
Average growth over a three
year period
Average cash conversion ratio 4
over three years
TSR over three years vs FTSE
250 comparator group
(excluding investment trusts)
1 LTIP awards are structured as nominal cost options.
Threshold
(15% vesting)
Target
(50% vesting)
Maximum
(100% vesting)
9%
n/a
22.5%
70%
75%
80%
1 June 2021
to 31 May 2024
Vesting basis
Straight line between
threshold and maximum
Straight line between
threshold and target, then
target and maximum
Median
n/a
Upper
quartile
Straight line between threshold
and maximum
2 Based on a share price of £2.405, which was the closing mid-market price of the Company’s shares on the day before the date of grant.
3 Adjusted proforma EPS has been amended to exclude accrued CEO transition and search costs of £1.0m following Remuneration Committee review and amounts to 12.1p.
4 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief Financial Officer’s Review
and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
113
Governance�Remuneration Committee report continued
Annual Report on remuneration continued
SAYE options granted in the year
The Group operates an HMRC-approved SAYE scheme. All eligible colleagues, including Executive Directors, may be invited to participate
on similar terms for a fixed period of three years. During the year Adam Palser joined the 2022 SAYE scheme (which matures on 1 May 2025)
and has an option over 11,849 shares with an option price of £1.519. Tim Kowalski did not join any new SAYE schemes.
Neither Executive Director participated in the 2020 or 2021 SAYE schemes as both contributed the maximum £500 per month to the 2018
SAYE scheme. The 2018 SAYE scheme matured on 1 October 2021 for both Executive Directors and the shares from this are shown within
the share ownership table below.
Directors’ interests in shares (audited)
The tables below set out details of the Executive Directors’ outstanding share awards, which will vest in future years subject to performance
conditions and/or continued service.
Summary of maximum LTIP awards outstanding
Adam Palser
Tim Kowalski
1 Includes only unvested and unexercised LTIP options.
2 £2.63 was the sale price.
Total LTIP
options held at
31 May
2021 1
Granted
during the
period
Exercised
during the
period
Share price
on date of
exercise
Lapsed
during the
period
Total LTIP
options
held at
31 May
2022 1
476,128
338,357
(78,914)
300,530
192,099
(49,773)
£2.63
£2.63
(99,778)
635,793
(62,988)
379,868
All awards granted under the LTIP are subject to continued employment and the satisfaction of the performance conditions as set out above.
The awards were all nominal cost options.
Share ownership (audited)
The beneficial and non-beneficial interests of the current Directors in the share capital of NCC Group plc at 31 May 2022 are set out below:
Beneficial interests
in ordinary shares 1
Maximum share awards
subject to performance
conditions 2
Share options 3
Deferred bonus plan 4
Vested but unexercised
nil-cost options
Total
31 May
2022
31 May
2021
31 May
2022
31 May
2021
31 May
2022
31 May
2021
31 May
2022
31 May
2021
31 May
2022
31 May
2021
31 May
2022
31 May
2021
Chris
Stone
Adam
Palser
Tim
Kowalski
Chris
Batterham
Jonathan
Brooks 5
Julie
Chakraverty
Jennifer
Duvalier
Mike
Ettling
162,843 162,843
–
–
–
–
–
–
–
–
162,843 162,843
195,075
94,502
490,223 397,214
11,849
10,273
69,595
53,458 145,560
78,914
912,312 634,361
96,343
48,964
287,974 250,751
55,000
55,000
–
50,000
20,249
–
19,115
19,115
50,000
50,000
–
–
–
–
–
–
–
–
–
–
–
–
–
10,273
40,958
27,173
91,888
49,773
517,163 386,934
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
55,000
55,000
–
50,000
20,249
–
19,115
19,115
50,000
50,000
1 This information includes holdings of any connected persons.
2 These awards represent the outstanding LTIP interests, included in the table above, which are due to vest after 31 May 2022.
3 Representative SAYE scheme interests, which either vested in October 2021, or will vest in May 2025.
4 Nominal cost share options granted under the deferred bonus plans, subject to a service condition, tax and National Insurance.
5 Jonathan Brooks stepped down as a Director on 27 January 2022. At that time he held 50,000 shares. His shareholding on 31 May 2022 has not been included as he is no longer a Director.
Shareholding requirements
The Executive Directors are expected to build and retain a shareholding in the Group equivalent to at least 200% of base salary. Executives
will normally be required to retain all vested deferred bonus shares and LTIP shares released from the holding period, until they have attained
the minimum shareholding requirement and, even then, only when they have held vested LTIP shares for a minimum period of two years.
Executive Directors will also be required to retain all shares vesting from SAYE schemes. For the avoidance of doubt, Executive Directors
are permitted to sell sufficient shares in order to meet any tax obligation arising from vesting shares.
114
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�The percentages within this table have been calculated using a three month average share price (1 March 2022 to 31 May 2022) of £1.908
and include Adam Palser’s and Tim Kowalski’s vested 2019–2022 LTIP of 145,560 and 91,888 shares respectively on a net of tax and
National Insurance basis, and all unvested deferred bonus plans on a net of tax and National Insurance basis.
Adam Palser
Tim Kowalski
Shareholding
as at
31 May
2022
(% of salary)
127%
103%
Shareholding
requirements
(% of salary)
200%
200%
Requirement
met
No
No
Appointment terms for new Directors
During the year Julie Chakraverty was appointed as an independent Non-Executive Director with a base fee of £50,000 per annum and
a travel allowance of £4,750 per annum. Julie also receives an additional fee of £5,000 per annum to reflect her responsibilities for being
the Board’s designated Non-Executive Director to lead colleague engagement.
Mike Maddison joined the Group on 7 July 2022 and his remuneration will be reported on in depth in the next Annual Report but the
main terms of his recruitment are:
• Salary – £500,000
• Pension – contribution or allowance of 4.5% of base salary (in line with the overall workforce)
• Benefits – life assurance and private medical insurance
• Bonus – Mike will have the potential to earn an annual bonus of up to 125% of salary, of which 35% of any payment will be deferred
in NCC Group plc shares for two years
• LTIP – Mike will be eligible to be considered for participation in the Group’s Long Term Incentive Plan with awards of up to 175% of his salary
• Special Replacement Award – as the remuneration offer from NCC would otherwise be substantially below his remuneration in his
previous role, and to replace remuneration foregone on leaving his previous role, the Board will grant a Special Replacement Award of
£500k worth of shares, vesting in 2024. The award will be granted in accordance with Listing Rule 9.4.2 (R) and the details of the award
will be fully disclosed in next year’s Remuneration Report
Leaving arrangements for Adam Palser
Salary, pension and benefits
Adam Palser’s contractual 12 month notice period commenced on the date of announcement, 9 May 2022. Adam’s base salary will continue
to be paid during his notice period in monthly instalments, together with fringe benefits while he remains a colleague. In the event that Adam
wishes to take up alternative employment before the end of the notice period, the Company may cease or reduce the monthly payments.
Annual bonus
Adam was eligible in full for annual bonus in respect of the year ended 31 May 2022 as he remained CEO throughout that financial year,
subject to the normal performance conditions and 35% deferral requirements. The performance outcome for this bonus is set out earlier
in this report. Adam will not be eligible for a bonus for the year ending 31 May 2023.
Deferred Annual Bonus Awards
The 2020 Deferred Bonus Plan award will vest as normal in September/October 2022.
In accordance with the Company’s Directors’ Remuneration Policy, the Remuneration Committee has exercised its discretion to allow the 2021
award and any 2022 award to vest at the termination date, as performance for these awards was assessed previously in respect of the relevant
bonus year. However, any shares vesting from the 2022 award are subject to the post-employment shareholding policy (see below).
Long Term Incentive Plan (LTIP) awards
Adam will not receive a 2022 LTIP grant.
In respect of Adam’s existing LTIP awards, the following will apply:
• 2019 LTIP grant – this will vest as normal in September/October 2022, subject to the normal performance conditions, as Adam
is expected to still be employed at the vesting date.
• 2020 and 2021 LTIP grants – these will be prorated for time served from the date of grant until the termination date. These will then vest
subject to the normal performance conditions at the normal vesting date.
The two year post-vesting holding period will apply to all LTIPs.
Post-employment shareholding requirements
The two year post-employment shareholding requirement, under the Directors’ Remuneration Policy, which came into effect from November 2021,
will apply to the 2021 LTIP and the 2022 Deferred Annual Bonus Plan award.
Other
Adam will be reimbursed for up to £5,500 for legal costs and in respect of his non-compete agreement, and up to £75,000 for outplacement
advice and support.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
115
Governance�Remuneration Committee report continued
Annual Report on remuneration continued
Relative importance of the spend on pay
The following table sets out the percentage change in distributions to shareholders and colleague remuneration costs.
Colleague remuneration costs 1
Dividends 2
1 Based on the figure shown in Note 7 to the consolidated Financial Statements.
31 May
2022
£m
207.0
14.4
31 May
2021
£m
174.3
13.0
% change
18.8%
10.8%
2 Based on the total cash returned to shareholders in the year ended 31 May 2022 through dividends, as shown in Note 10 to the consolidated Financial Statements (excluding the
proposed 2022 final dividend).
Percentage increase in the remuneration of the Directors
The table below shows the movement in the salary or fees, benefits and annual bonus for each Director between the current and previous
financial year compared to the equivalent changes for all colleagues of the Company.
The comparator group for salaries and benefits is all colleagues in the UK – there were no benefit policy changes in this time.
The comparator group for the bonus is those in the senior management population who also have an annual scheme and excludes those
on commission and incentive plans.
Director
Chris Stone
Adam Palser
Tim Kowalski
Chris Batterham
Jonathan Brooks
Julie Chakraverty
Jennifer Duvalier
Mike Ettling
All colleagues
% increase
in salary
% decrease
in benefits
% (decrease)/increase
in annual bonus
2020/21
2021/22
2020/21
2021/22
2020/21
2021/22
–
1%
1%
–
–
–
–
–
–
3%
8%
–
–
–
–
–
3.1%
5.1%
–
–
–
–
–
–
–
–
–
–
(25%)
(10%)
–
303%
341%
–
(33%)
(17%)
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
173.4%
(39.8%)
Chief Executive pay compared to pay of UK colleagues
The following table shows the ratio between the single total figure of remuneration (STFR) of the Chief Executive for 2021/22 and the
lower quartile, median and upper quartile pay of our UK colleagues. The salary and total pay and benefits for the lower quartile, median and
upper quartile colleagues are also shown.
Total pay ratio
Financial year
2019/20
2020/21
2020/21 (restated)
2021/22
Salary (£000)
Total pay and benefits (£000)
Method
25th percentile
pay ratio
50th percentile
pay ratio
75th percentile
pay ratio
Option B
Option B
Option C
Option C
18:1
27:1
26:1
23:1
12:1
18:1
16:1
14:1
8:1
11:1
12:1
10:1
CEO 25th percentile 50th percentile 75th percentile
465
1,064
41
46
68
74
94
107
CEO pay ratio
Option B, which uses gender pay gap data to identify the lower quartile, median and upper quartile colleagues, was chosen to calculate the
CEO pay ratio in prior years. However, for the financial year 2021/22 a decision was made to use Option C to ensure that the ratio can be
more easily calculated and provide a better representation of pay practice at NCC. We have therefore shown the Option C figures above for
the financial year 2021/22 and also restated the figures for 2020/21 under Option C for comparability purposes.
Under Option C, we have used the most recent P60 information (for the 2021/22 tax year) to determine the relevant colleague at the 25th,
50th and 75th percentile. As in prior years, we have omitted joiners and leavers from the data to ensure that the data is on a like-for-like
basis. This option was chosen in preference to the other possibilities as it uses the most accurate and comprehensive data currently available
and provides a fair reflection of the total pay received by colleagues.
116
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�This is because our implementation of Option C uses more recent pay data to identify the lower quartile, median and upper quartile
colleagues than would be used under Option B. In addition, Option C uses an analysis of total pay in a full year to identify the relevant
colleagues, whereas Option B uses a “snapshot” of monthly pay taken in April. Due to the timing of bonus payments at NCC, finding the
median colleague based on monthly pay in April does not always lead to a good proxy for the median colleague on a total pay basis.
The CEO pay ratio has decreased compared to the prior year. This decrease is not attributable to a change in remuneration for the CEO, pay
and benefits for colleagues as a whole, or the composition of our workforce. Instead, the change in CEO pay ratio is mainly attributable to the
decrease in annual bonus paid to the CEO, and the increase in total pay for the median colleague. As CEO pay places greater weight on
“at risk” variable remuneration, Company performance has a greater impact on CEO pay than on pay for the median colleague, which leads
to greater year-on-year variations.
The pay ratio is consistent with the pay, reward and progression policies currently in place at NCC.
Performance graph and table
The following graph shows the total shareholder return, with dividends reinvested, from 31 May 2012 against the corresponding changes
in a hypothetical holding in shares in both the FTSE All Share and FTSE 250 Indices.
The FTSE All Share and FTSE 250 Indices represent broad equity indices. The Company is a constituent member of the FTSE All Share Index and the
Committee has adopted the FTSE 250 Index for part of its LTIP performance measure. Both indices give a market capitalisation-based perspective.
During the year, the Company’s share price varied between £1.674 and £3.35 and ended the financial year at £2.15.
Ten year historical TSR performance is the growth in the value of a hypothetical £100 holding over ten years. It has been calculated for
NCC Group plc, and the FTSE All Share and FTSE 250 Indices (excluding investment trusts) based on spot values.
)
£
(
e
u
a
V
l
400
350
300
250
200
150
100
50
0
£100
£88
£169
£145
£229
£237
£168
£172
£137
£133
£127
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
NCC Group plc
FTSE All Share Index
FTSE 250 (excluding investment trusts)
Year ended 31 May
The share price was £2.95 on 1 June 2021 and £2.15 on 31 May 2022.
The table below shows the total remuneration for the Chief Executive over the same ten year period, including share awards valued at the
date they vested.
Year ended 1, 2
31 May 2022
31 May 2021
31 May 2020
31 May 2019
31 May 2018 1
31 May 2018 2
31 May 2017
31 May 2016
31 May 2015
31 May 2014
31 May 2013
Total
remuneration
£000
Annual bonus
% of maximum 3
Long-term
incentives
% of max imum 4
1,064
1,110
861
679
292 1
257 2
610
1,091
993
1,089
1,118
60
92
23
48
32
32
–
70
73
73
– 5
59
40
52
–
–
–
–
20
15
50
63
1 Adam Palser was appointed on 1 December 2017. The total remuneration figure above is in respect of the period from 1 December 2017 to 31 May 2018.
2 During the year ended 31 May 2018, Brian Tenner acted as Interim Chief Executive Officer for the period 1 June 2017 to 30 November 2017. The total remuneration figure above
is the total remuneration received in relation to that six month period.
3 Note that this shows the annual bonus payments as a percentage of the maximum opportunity.
4 This shows the LTIP vesting level as a percentage of the maximum opportunity.
5 In 2012/13 the incumbent CEO waived his right to a bonus, which would have been equal to 32% of salary. This was equivalent to 50% of the maximum bonus opportunity.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
117
Governance
�Remuneration Committee report continued
Annual Report on remuneration continued
Membership and attendance
The Remuneration Committee membership consists solely of Non-Executive Directors and comprises Jennifer Duvalier, Chris Batterham
and Julie Chakraverty. Jonathan Brooks served as Chair from 1 June 2021 until he stepped down from the Board on 27 January 2022.
The Company Chair, Chief Executive Officer, Chief Financial Officer, Chief People Officer and Company Secretary attend the Remuneration
Committee meetings by invitation of the Chair of the Committee from time to time and assist the Committee with its considerations.
No Director is involved in setting their personal remuneration.
The attendance of individual Committee members at Remuneration Committee meetings is shown in the table below:
Attendee
Jennifer Duvalier
Chris Batterham 1
Julie Chakraverty 2
Jonathan Brooks 3
Meetings attended
6 6
5 6
3 3
4 4
At all times all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1 Missed one meeting due to a pre-existing personal commitment.
2 Appointed to the Committee 1 January 2022.
3 Jonathan Brooks retired from the Board on 27 January 2022.
Adviser to the Committee
During the year, the Committee received advice on senior executive remuneration from Alvarez and Marsal (A&M) and was comfortable
that the advice was objective and independent. A&M is a member of the Remuneration Consultants Group and is a signatory to its Code
of Conduct. The total fee charged in 2021/22 for providing advice in relation to executive remuneration was £53,101. A&M did not provide
any other services to the Company during the year.
The Committee reviews the performance and independence of its adviser on an annual basis.
During the year the Committee decided to undertake a review of the Committee’s remuneration adviser, with the Committee recognising the
length of time that the current adviser (Alvarez and Marsal (A&M)) had been the Committee’s adviser. A&M and two other advisory firms of
comparable calibre and experience were invited to tender for the advisory role. The Committee received pitches from all three advisers at the
May 2022 Remuneration Committee meeting. Following a thorough scoring and review process and robust Committee debate, it was agreed
that A&M remain the Committee’s adviser.
Service contracts and letters of appointment
The service contracts and letters of appointment of the current Directors include the following terms:
Date of contract
Notice period
Executive
Adam Palser
Tim Kowalski
Mike Maddison
Non-Executive
Chris Stone
Chris Batterham
Jonathan Brooks
Julie Chakraverty
Jennifer Duvalier
Mike Ettling
29 November 2017
16 July 2018
28 April 2022
31 March 2017
9 April 2015
13 March 2017
27 October 2021
25 April 2018
21 September 2017
12 months
6 months
12 months
3 months
3 months
3 months
3 months
3 months
3 months
Dilution
The LTIP has a dilution limit, for new and treasury shares, of 10% of the issued ordinary share capital of the Company in any ten year period
for any share option scheme operated by the Company. As at 31 May 2022 the Company had utilised 18,811,502 (31 May 2021: 15,956,413)
ordinary shares through LTIP, DABS, SAYE, CSOP, ISO, RSP and ESPP awards counting towards the 10% limit, which represents 6.07%
(2021: 5.17%) of the issued ordinary share capital of the Company. To clarify, this figure of 6.07% includes both discretionary and all-
colleague share schemes.
118
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�How will the Remuneration Policy be implemented in the year ending 31 May 2023?
Executive Directors’ base salaries
No increase was applied to the outgoing CEO’s base salary for the year ending 31 May 2023. As set out later in this report and in the
Committee Chair’s introduction, the incoming CEO was appointed on a base salary of £500,000, which is consistent with the market
benchmark range for this role, and was set at this level in order to secure the recruitment of the new CEO, who had a significantly higher
salary than this in his previous role.
As set out in the Committee Chair’s introduction, the base salary of the Chief Financial Officer is below the market level for comparable roles
and a base salary increase of approximately 3% pts above the level of the workforce was awarded effective from 1 June 2022. This is the
second stage of planned increases that were explained in our Remuneration Report last year. These increases are intended to bring the
salary for this role to a level which is more appropriate and sustainable given the size and complexity of the Group.
The table below details the Executive Directors’ salaries as at 31 May 2022 and salaries which took effect from 1 June 2022:
Outgoing Chief Executive Officer – Adam Palser 1
Incoming Chief Executive Officer – Mike Maddison
Chief Financial Officer – Tim Kowalski
Base salary
at 31 May
2022
£000
Base salary
at 1 June
2022
£000
465
n/a
308
465
500
333
% change
0%
n/a
8%
1 Base salary used in relation to Adam Palser’s contractual 12 month notice period that commenced on the date of announcement, 9 May 2022. See page 115 for further details
in relation to leaving arrangements of Adam Palser.
Pension
Pensions will remain aligned with the level for other colleagues.
Non-Executive Directors’ fees
In line with the current Policy, Non-Executive Director fees are reviewed annually.
The last increase was applied on 1 June 2022, and following the annual review in 2022, fees were increased as set out in the table below:
Chair fee (excluding travel allowance of £8,200)
Non-Executive Director base fee (excluding travel allowance of £4,750)
Supplemental fees for additional responsibilities:
SID
Audit Committee Chair
Remuneration Committee Chair
Cyber Security Committee Chair
Designated NED for colleague engagement
FY 2022/23
FY 2021/22
£154,500 £150,000
£51,500
£50,000
£10,000
£10,000
£11,000
£10,000
£11,000
£10,000
£8,000
n/a 1
£11,000
£5,000
1 No fee was paid in FY 2021/22 for chairing the Cyber Security Committee as this role was performed by the Company Chair. A supplemental fee has been introduced as the Chair
of this Committee is no longer the Company Chair.
No change will be made to the travel allowance. These changes result in the following total fees as at 1 June 2022:
Annualised fees (inclusive of travel allowance of £8,200 for the Chair and £4,750 for other Non-Executive Directors which was waived in 2020/21)
Chris Stone
Chris Batterham
Jonathan Brooks (stepped down from the Board on 27 January 2022)
Julie Chakraverty (joined the Board on 1 January 2022)
Mike Ettling
Lynn Fordham 1
Jennifer Duvalier
1 Lynn Fordham was appointed on 1 September 2022. The figure in the table is her normal fee rate for a full year.
As at
1 June
2022
£000
163
77
–
75
56
56
67
As at
1 June
2021
£000
158
75
65
–
55
–
60
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
119
Governance�Remuneration Committee report continued
Annual Report on remuneration continued
Annual bonus
The annual bonus maximum for the Chief Executive Officer and the Chief Financial Officer in 2022/23 will be 125% of salary with 75%
based on the achievement of certain Adjusted operating profit and revenue targets and 25% based on the achievement of strategic targets
as outlined on page 112.
Awards will also be subject to he Committee’s assessment of the overall financial health of the business.
In addition, to ensure that this bonus opportunity results in shareholder alignment and provides greater retention value, 35% of any bonus
payment will be deferred into nominal cost share options for two years.
The bonus, nominal cost share options and associated dividend equivalents are also subject to malus and clawback provisions.
Long Term Incentive Plan (LTIP)
It is intended that awards with a maximum value of 175% and 150% of base salary to the incoming CEO and the CFO respectively will be
made under the LTIP in September/October 2022.
These will be subject to a two year post-vesting holding period for the Executive Directors. As well as the holding period, the executives have
to achieve a shareholding requirement of 200% of salary (post shares sold to cover any tax) before they can sell any shares that vest, with these
awards also counting towards the post-employment shareholding requirement. The awards are also subject to malus and clawback provisions.
The vesting of these LTIP awards will be based on earnings per share (60%), a cash flow metric (20%) and a relative total shareholder return
metric (20%). 15% of each element will vest at the threshold performance level, rising to 100% vesting at maximum. As explained in the
Annual Statement, the Committee has reviewed the targets and weightings to ensure they remain aligned with NCC’s growth strategy.
As a result, the weightings will be changed to focus on growth by reducing the weighting on cash conversion and increasing the weighting
on relative TSR. Cash conversion targets will be raised from the previous range of 70–80%, to a higher target of 80–90%. In addition, EPS
targets will be set using the more exacting CAGR approach; the stretch target will be substantially above the consensus forecast and remain
above the previous stretch level before LTIP award sizes were increased. The proposed targets are as follows:
Metric
Earnings per share growth
Average cash conversion
Relative TSR vs FTSE 250
(excluding investment trusts)
Weight
60%
20%
20%
Threshold (15% vests)
Maximum (100% vests)
6% CAGR
80%
Median
18% CAGR
90%
Upper quartile or above
For performance between threshold and maximum, awards vest on a straight-line basis.
These three measures are transparent, easy to understand, easy to track and communicate, cost effective to measure and fundamentally
aligned to the Group’s strategic goals. These targets may be subject to amendment prior to the grant of awards in autumn 2022, if there is
any significant change in outlook.
Statement of shareholder voting
The following votes were received from the shareholders in respect of the Directors’ Remuneration Report and in respect of the
Remuneration Policy:
Remuneration Report
(2021 AGM)
Remuneration Policy
(2021 AGM)
For 1
Against
Total votes cast (for and against excluding
withheld votes)
Votes withheld 2
Total number of votes
229,989,664
17,300,604
247,290,268
5,332,201
Total votes cast (including withheld votes)
252,622,469
1 Includes Chair’s discretionary votes.
%
of votes cast
87.43
12.57
%
of votes cast
93.00
7.00
Total number of votes
217,981,169
31,344,728
249,325,897
3,296,572
252,622,469
2 A vote withheld is not a vote in law and is not counted in the calculation of the proportion of votes cast “for” and “against” a resolution.
Approved by the Board and signed on its behalf:
Jennifer Duvalier
Chair, Remuneration Committee
6 September 2022
120
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Directors’ Remuneration Policy
Overall approach to remuneration
The Remuneration Committee determines the Company’s policy on the remuneration of the Executive Directors and (from 1 June 2019)
the Executive Committee (ExCom). The principles which underpin the Remuneration Policy for the Company are to:
• Ensure Executive Directors’ rewards and incentives are directly aligned with the interests of the shareholders in order to reinforce the
strategic priorities of the Group, optimise the performance of the Group and create long-term sustained growth in shareholder value,
without encouragement to take undue risk
• Provide the level of remuneration required to attract, retain and motivate Executive Directors and senior executives of an appropriate calibre
• Ensure a proper balance of fixed and variable performance related components, linked to short and longer-term objectives and delivered
in a mix of cash and shares
• Reflect market competitiveness, taking account of the total value of all the benefit elements
Our remuneration strategy has been designed to reflect the needs of a complex multinational organisation, which has grown both organically
and by acquisition.
Remuneration for the Executive Directors is structured so that the variable pay elements (annual bonus and long-term incentives) form
a significant proportion of the overall package. This provides a strong link between the remuneration paid to Executive Directors and
the performance of the Group, as well as providing a strong alignment of interest between the Executive Directors and shareholders.
For the purposes of section 226D-(6)(b) of the Companies Act 2006, this Policy was approved by shareholders and took effect from the
date of the 2021 AGM on 4 November 2021.
As a reminder, the following table summarises how our shareholder-approved Remuneration Policy fulfils the factors set out in provision
40 of the 2018 UK Corporate Governance Code.
Area of provision 40 of the 2018 UK Corporate Governance Code
How fulfilled
Clarity – remuneration arrangements should be
transparent and promote effective engagement
with shareholders and the workforce
Simplicity – remuneration structures should avoid
complexity and their rationale and operation should
be easy to understand
Risk – remuneration arrangements should ensure
reputational and other risks from excessive rewards,
and behavioural risks that can arise from target-based
incentive plans, are identified and mitigated
Predictability – the range of possible values of
rewards to individual Directors and any other limits or
discretions should be identified and explained at the
time of approving the Policy
Proportionality – the link between individual awards,
the delivery of strategy and the long-term performance
of the Company should be clear. Outcomes should not
reward poor performance
Alignment to culture – incentive schemes should
drive behaviours consistent with Company purpose,
values and strategy
The Committee is committed to providing transparent disclosures to shareholders
and the workforce about executive remuneration arrangements and, to this end, the
Directors’ Remuneration Report sets out the remuneration arrangements for the
Executive Directors in a clear and transparent way. Our designated Non-Executive
Director for colleague engagement engages with colleagues about our executive
remuneration approach. Our AGM allows shareholders to ask any questions on the
remuneration arrangements, and we welcome any queries on remuneration
practices from shareholders throughout the year.
Our remuneration arrangements for Executive Directors, as well as those throughout
the Group, are simple in nature and understood by all participants, having been
operated in a similar manner for a number of years. Executive Directors receive fixed
pay (salary, benefits and pension), and participate in a single short-term incentive
(the annual bonus) and a single long-term incentive (the Long Term Incentive Plan).
The Committee has designed incentive arrangements that do not encourage
inappropriate risk taking. The Committee retains overarching discretion in both the
annual bonus and LTIP schemes to adjust payouts where the formulaic outcomes are
not considered reflective of underlying business performance and individual
contributions. Robust withholding and recovery provisions apply to variable incentives.
Payouts under the annual bonus and LTIP schemes are dependent on the
performance of the Company over the short and long term, and a significant
proportion of Executive Director remuneration is performance linked. These
schemes have strict maximum opportunities, with the potential value at
threshold, target and maximum performance scenarios provided in the
Directors’ Remuneration Report.
Payments from variable incentive schemes require strong performance against
challenging conditions over the short and longer term. Performance conditions
have been selected to support Group strategy and consist of both financial and
non-financial metrics. The Committee retains discretion to override formulaic
outcomes in both schemes to ensure that they are appropriate and reflective
of overall performance.
Performance measures used in our variable incentive schemes are selected
to be consistent with the Company’s purpose, values and strategy. The use of
annual bonus deferral, LTIP holding periods and our shareholding requirements
provide a clear link to the ongoing performance of the Group and ensure
alignment with shareholders, which continues after employment.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
121
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Current Policy table for Executive Directors
Purpose and link to short
and long-term strategic
objectives
Salary
Operation (including framework to assess performance)
Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
To attract, retain and
reward high calibre
Executive Directors
The Remuneration Committee reviews salaries for Executive
Directors and also the Executive Committee (ExCom) annually
unless responsibilities change.
Details of current Executive
Director salaries are set out on
page 110.
n/a
Pay reviews take into account Group and personal performance.
Salaries are set on appointment and benchmarked periodically
against market data for companies operating in IT services,
management consulting and relevant high tech sectors, which,
although not directly comparable, provide an indicative range.
In setting appropriate salary levels the Committee takes into
account pay and employment conditions of colleagues elsewhere
in the Group, alongside the impact of any increase to base
salaries on the total remuneration package.
Any changes are normally effective from 1 June each year.
Salary increases are normally
in line with those for other
colleagues but also take
account of other factors such
as changes to responsibility,
development and the
complexity of the role.
Benefits
To attract, retain and
reward high calibre
Executive Directors
Benefits in kind currently include the provision of a car or car
allowance, payment of private fuel, car insurance, private medical
insurance, life assurance and permanent health insurance.
Executive Directors may be invited to participate in the Sharesave
Scheme approved by HMRC or other benefits introduced for
all colleagues.
Market-competitive benefits.
n/a
SAYE Sharesave
Scheme subject to
HMRC-approved limits.
Until 30 November 2021:
up to 10% of base salary as
a contribution into the Group
scheme or base salary
supplement of 10% of
base salary.
From 1 December 2021:
capped at the level of the
majority of the workforce
(currently 4.5%).
Alignment
of Executive
Directors’
pensions with
the wider
workforce
from
1 December
2021.
125% of base salary.
A lower maximum of 100%
of base salary was operated
in 2021/22.
With effect
from
2022/23,
the bonus
opportunity
for the CEO
and CFO was
increased
to 125%
of salary.
Pension
To provide a
competitive benefit,
which attracts high
calibre executives
and allows flexible
retirement planning to
suit individual needs
Annual bonus
To drive and reward
sustainable business
performance
Executive Directors are entitled to a Company pension
contribution, which is paid into the Group defined contribution
personal pension scheme.
They can also opt to have the same level of contribution made
in the form of a cash contribution.
Based on a range of stretching targets measured over one year.
This might include, but not exclusively, profit measures and other
strategic objectives such as cash management, brand
development, customer satisfaction and retention, business unit
sales growth and colleague engagement. Performance below the
minimum performance target results in no bonus. No more than
20% of the maximum opportunity is paid for achievement of the
threshold performance targets. Payments rise from the threshold
payment to 100% of the maximum opportunity for levels of
performance between the threshold and maximum targets. The
rate of the rise and the various payment targets are determined
annually by the Committee.
The Committee has discretion to reduce the formulaic bonus
outcome if individual performance is determined to be unsatisfactory
or if the individual is the subject of disciplinary action.
At least 35% of any bonus payment is normally deferred into
shares or nominal cost share options which vest after a two year
period. Dividend equivalents are paid on vesting share options.
Malus and clawback provisions are in place for both cash and
deferred elements.
122
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Purpose and link to short
and long-term strategic
objectives
Operation (including framework to assess performance)
Maximum opportunity
Long Term Incentive Plan
To drive long-term
performance in
line with Group
strategy and
incentivise through
share ownership
Awards have a performance period of at least three years and
normally must be held for a further two years after vesting.
The level of vesting is determined by measures appropriate to the
strategic priorities of the business. At least half of any award will
normally be subject to financial performance measures. Measures
might include, but not exclusively, EPS, cash flow and relative
TSR metrics.
Awards over shares with a
face value at grant of 175%
of salary p.a. for the CEO,
with awards to the CFO
normally capped at 150%
of salary.
The Remuneration Committee has the discretion to determine
the number of measures to be used.
Performance below the threshold target results in no vesting.
For performance between the threshold target and maximum
performance target, vesting starts at 15% and rises to 100%
of the shares vesting.
Should a change in control of the Group occur, crystallisation
of any LTIP awards is within the discretion of the
Remuneration Committee.
Malus and clawback provisions are in place.
Executive Director shareholding requirement
To align the interests
of Executive Directors
with the interests of
all of the Company’s
shareholders
n/a
The Executive Directors are expected to build and retain a
shareholding in the Group at least equivalent to 200% of base
salary. Executives will be required to retain all vested deferred
bonus shares and LTIP shares released from the holding period
until they have attained the minimum shareholding requirement
and even then they may normally only sell when they have held
vested LTIP shares for a minimum period of two years.
For the avoidance of doubt, Executive Directors are permitted to
sell sufficient shares in order to meet any tax or withholding
obligation arising from vesting shares.
Retention of shares post-employment: executives will be expected
to retain the lower of their holding on cessation or 200% of salary
for the first year following cessation, reducing to 100% of salary
for the second year. Only shares granted from the conclusion of
the 2021 AGM will count towards this requirement.
Changes since
last Directors’
Remuneration
Policy
For any
awards made
following the
2021 AGM,
awards are
175% of
salary for the
CEO, and
150% of
salary for
the CFO.
For any
awards made
following the
2021 AGM,
the post-
employment
shareholding
policy will
require 200%
of base salary
to be held in
the first year
post-
employment,
falling to
100% for the
second year.
Choice of performance measures and target setting
For both the annual bonus and LTIPs, the objective of our Policy is to choose performance measures which help drive and reward the
achievement of our strategy and which also provide alignment between executives and shareholders. The Committee reviews metrics
annually to ensure they remain appropriate and reflect the future strategic direction of the Group.
Targets for each performance measure are set by the Committee with reference to internal plans and external expectations. Performance
is generally measured so that incentive payouts increase pro rata for levels of performance in between the threshold and maximum
performance targets.
With regard to the annual bonus, the Remuneration Committee believes that a simple and transparent scheme with sufficiently stretching
targets and an element of bonus deferral prevents short-term decisions being made and ensures that the executives are focused on the
delivery of sustainable business performance. For 2022/23, overall Adjusted operating profit and revenue growth by division have
been selected as the principal financial measures, with non-financial measures selected that support the delivery of our key in-year
strategic goals.
With regard to the LTIP, the Committee believes in setting demanding objectives, which reward steady, progressive growth, in order to
incentivise and encourage long-term growth and enhance shareholder value. EPS, cash conversion and relative TSR have been chosen
for the awards to be granted in 2022/23 as these meet these criteria and are aligned with our strategy.
Performance measures and targets are disclosed in the Annual Report on Remuneration. In cases where targets are commercially sensitive,
for example annual profit targets for the annual bonus, they will normally be disclosed retrospectively in the year in which the bonus is paid.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
123
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Differences in Remuneration Policy for colleagues and Executive Directors
The principles behind the Remuneration Policy for Executive Directors are cascaded down through the Group and their aims are to attract
and retain the best staff and to focus their remuneration on the delivery of long-term sustainable growth by using a mix of salary, benefits,
bonus and longer-term incentives.
As a result, no element of the Executive Director Remuneration Policy is operated exclusively for Executive Directors other than the
post-employment shareholding policy:
• The annual performance related pay scheme for Executive Directors is largely the same as that of the Executive Committee and other
senior managers within the business and all are aligned with similar business objectives.
• Participation in the LTIP is extended to the Executive Committee and other senior managers where possible although restricted shares
rather than performance shares are typically granted at levels below the Executive Committee.
• The pension scheme is operated for all permanent colleagues and from 1 December 2021 the Executive Directors received the same
level of contribution as the majority of other colleagues.
The main difference between pay for Executive Directors and colleagues is that, for Executive Directors, the variable element of total
remuneration is greater while the total remuneration opportunity is also higher to reflect the increased responsibility of the role. In addition,
we have the ability to grant awards of restricted shares to Executive Committee members. This will enable us to be competitive in certain
markets, most notably the USA, where such plans are very much part of any executive remuneration package.
Non-Executive Director Policy table
Purpose and link to
short and long-term
strategic objectives
Fees
Operation (including framework to assess performance)
Maximum opportunity
To attract, reward and
retain experienced
Non-Executive
Directors
Fees for the Non-Executive Directors are determined by the
Board within the limits set by the Articles of Association and are
based on information on fees paid in similar companies, taking
into account the experience of the individuals and the relative
time commitments involved.
There will be separate disclosures of fees paid for chairing the
Audit and Remuneration Committees and for acting as Senior
Independent Director or for other additional responsibilities.
Fees for the Non-Executive Directors are reviewed annually.
Additional fees may be paid in certain circumstances such as
taking on extra duties, or if exceptionally the time commitment
is significantly increased.
An expenses allowance is paid or alternatively any reasonable
business related expenses (including tax thereon) can be
reimbursed if determined to be a taxable benefit.
Current fee levels are set out
on page 110.
The overall fee limit will be
within the current £750,000
limit set out in the Company’s
Articles of Association,
approved on 25 September
2019, which is subject to
increase on 25 September
each year by the same
percentage increase as the
percentage increase in the
General Index of Retail Prices
for all items (or such other
comparable index as may be
substituted for it from time to
time before such anniversary)
in the 12 months immediately
preceding such date.
Changes since
last Directors’
Remuneration
Policy
The overall fee
limit is now
£750,000.
Extra fees
may be paid
in certain
circumstances
such as taking
on extra duties.
Approach to recruitment
The principle applied in the recruitment of a new Executive Director is for the remuneration package to be set in accordance with the terms
of the approved Remuneration Policy for existing Executive Directors in force at the time of appointment. Further details of this Policy for
each element of remuneration are set out below.
Pay element
Approach
Areas of flexibility
Salary
Set to reflect the executive’s skills and
experience, the Company’s intended pay
positioning and the market rate for the
applicable role.
Benefits
and pension
Benefits will be provided in line with those offered
to other Executive Directors, taking account of
local market practice, with relocation expenses
or arrangements provided if necessary.
The Committee will have the discretion to allow phased salary
increases over a period of time for newly appointed Directors,
even though this may involve increases in excess of the rate for
the wider workforce and inflation in circumstances where starting
salary was below median levels.
Tax equalisation may also be considered if an Executive
Director is adversely affected by taxation due to their
employment with the Company. The Company may also pay
legal fees and other costs incurred by the individual. These
would all be disclosed. Pension would be set in line with the
workforce level.
124
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Pay element
Approach
Areas of flexibility
Incentive
opportunity
“Buyout” awards
The aggregate ongoing incentive opportunity
offered to new recruits will be no higher than that
offered under the annual bonus plan and the LTIP
to the existing Executive Directors.
Different performance measures and targets may be set
initially for the annual bonus plan, taking into account the
responsibilities of the individual and the point in the financial
year at which they join.
Sign-on bonuses are not generally offered by the Group but, at
Board level, the Committee may offer additional cash and/or
share-based “buyout” awards when it considers these to be in
the best interests of the Company and, therefore, shareholders,
including awards made under Listing Rule 9.4.2R. Any such
“buyout” payments would be based solely on remuneration lost
when leaving the former employer and would reflect the delivery
mechanism such as cash, shares, options, time horizons and
performance requirements attaching to that remuneration.
In addition, any other ongoing remuneration obligations
existing prior to appointment may continue, provided that they
are put to shareholders for approval at the first AGM following
their appointment.
Transitional
arrangements
for internal
appointments
to the Board
In the case of an internal appointment, any variable
pay element awarded in respect of the prior role
may be allowed to pay out according to its terms
on grant, adjusted as relevant to take into account
the appointment.
Approach to service contracts and letters of appointment
The Committee’s policy is to offer service contracts for Executive Directors with notice periods of between six and 12 months exercisable
by either party. In addition, the Executive Directors are subject to a non-compete clause from the date of termination, where enforceable.
All Non-Executive Directors’ appointments are terminable on at least three months’ notice on either side.
The Executive Directors and Non-Executive Directors offer themselves for re-election at the AGM every year.
Policy on payment for loss of office
Payments on termination for Executive Directors are restricted to the value of salary and contractual benefits for the duration of the notice
period. It is the policy of the Remuneration Committee to seek to mitigate termination payments and pay what is due and fair. There are no
predetermined special provisions for Executive Directors with regard to compensation in the event of loss of office. The Company may also
pay an amount considered to be reasonable by the Committee where loss of office is due to redundancy or in respect of fees for legal advice
for the outgoing Director or to settle or compromise any legal claims. Assistance with outplacement may also be provided.
Elements of variable remuneration would be treated as follows:
Pay element
Approach
Areas of flexibility
Annual bonus
Determined on a case-by-case basis. When the Committee
determines that the payment of an annual bonus is
appropriate, the annual bonus payment is typically:
• Prorated for the period of time served from the start
of the financial year to the date of termination and
not for any period in lieu of notice or garden leave
• Subject to the normal bonus targets, tested at the end
of the year, and would take into account performance
over the notice period
• Subject to deferral of 35% of the value
The Committee has the discretion to pay cash bonus
amounts or allow deferred bonus awards to vest on
cessation or whether they lapse. If the Committee
exercises this discretion, it can also determine if the
vesting should be prorated to reflect time served since
the beginning of the deferral date. The same
discretionary principle would apply to the payment of
dividend equivalents on any shares that have been
deferred, but not yet vested.
Long Term
Incentive Plan
Unvested awards will normally lapse upon cessation
of employment.
The Committee has discretion to allow awards to vest
at the normal vesting date or earlier. If the Committee
exercises this discretion, awards are normally prorated
to reflect time served since the date of grant and based
on the achievement of the performance criteria. The
holding period detailed above will apply to such incentives.
All-colleague
share schemes
The Executive Directors, where eligible for participation in
all-colleague share schemes, participate on the same
basis as for other colleagues.
None.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
125
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Illustration of remuneration scenarios
The chart below details the hypothetical composition of each Executive Directors’ remuneration package and how it could vary at different
levels of performance under the new Remuneration Policy set out above.
3,000
2,500
2,000
1,500
0
0
0
£
1,000
500
0
£2,472,000
£2,035,000
£978,000
13%
32%
£535,000
43%
53%
31%
25%
£1,541,000
£1,292,000
£659,000
11%
32%
£376,000
39%
49%
32%
27%
100%
55%
26%
22%
100%
57%
29%
24%
Minimum
Target
Maximum
Maximum +
50% share
price growth
Minimum
Target
Maximum
Maximum +
50% share
price growth
Chief Executive Officer
Chief Financial Officer
Long-term incentives
Annual bonus
Fixed pay
Note that the charts are indicative, as actual amounts may depend on share price. Assumptions made for each scenario are as follows:
• Minimum. Fixed remuneration only: salary, benefits and pension. Salary based on 2022/23 salary and benefits based on 2021/22
disclosed benefit amounts.
• Target. Fixed remuneration plus “target” annual bonus opportunity of 50% of salary for both the Chief Executive Officer and Chief Financial
Officer, plus 15% vesting of the maximum award under the Long Term Incentive Plan. NCC does not use the concept of a “target” bonus;
however, in order to be fully compliant with the regulations an assumption of 50% of the maximum for 2022/23 has been used.
• Maximum. Fixed remuneration plus maximum annual bonus opportunity equivalent to 125% of salary for both the Chief Executive
Officer and Chief Financial Officer for 2022/23, as well as 100% vesting of the maximum award under the Long Term Incentive Plan,
being 175% of salary for the CEO and 150% of salary for the CFO. Note that from 2022/23 the maximum annual bonus will be
increased from 100% of salary to 125% of salary.
• Effect of a 50% increase in share price. Same assumptions as for the maximum scenario, but with the additional assumption
that the value of LTIP awards increases by 50% as a result of share price appreciation over the performance period.
Statement of consideration of employment conditions elsewhere in the Group
The Remuneration Committee does not consult directly with colleagues when determining the Remuneration Policy for Executive Directors.
However, as stated above, the annual bonus and LTIP are operated for other colleagues to ensure alignment of objectives across the Group
and the terms of the pension scheme are comparable with the majority of UK workforce. In addition, the Committee compares information
on general pay levels and policies across the Group when setting Executive Director pay. Until 1 January 2022, Jennifer Duvalier and,
from 1 January 2022, Julie Chakraverty have undertaken regular colleague engagement sessions where colleagues are able to ask about
Executive Director pay. During the year no questions or concerns on executive pay were raised to Jennifer or Julie (please see page 86
for further information).
How shareholder views are taken into account
The Remuneration Committee considers shareholder feedback received on the Directors’ Remuneration Report each year and guidance
from shareholder representative bodies more generally. Shareholders’ views are key inputs when shaping remuneration policy. When any
material changes are proposed to the Remuneration Policy, the Remuneration Committee Chair will inform major shareholders in advance
and will generally offer a meeting to discuss these.
126
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Key areas of discretion in the Remuneration Policy
The Committee operates the Group’s variable incentive plans according to their respective rules and in accordance with HMRC rules where
relevant. To ensure the efficient administration of these plans, the Committee will apply certain operational discretions. These discretions are
implicit in the Policy stated above, but we have listed them for clarity. These include, but are not limited to, the following:
• Selecting the participants in the incentive plans on an annual basis
• Determining the timing of grants of awards and/or payments
• Determining the quantum of awards and/or payments (within the limits set out in the Policy table)
• Reviewing performance against annual bonus and LTIP performance metrics
• Determining the extent of payout or vesting based on the assessment of performance
• Making the appropriate adjustments required in certain circumstances, for instance for changes in capital structure
• Determining “good leaver” status for incentive plan purposes and applying the appropriate treatment
• Undertaking the annual review of weighting of performance measures and setting targets for the incentive plans, where applicable,
from year to year
• Discretion to override formulaic outcomes of the incentive schemes if an event occurs which results in the annual bonus plan or LTIP
performance conditions and/or targets being deemed no longer appropriate (e.g. material acquisition or divestment); the Committee will
have the ability to adjust appropriately the measures and/or targets and alter weightings, provided that the revised conditions are not
materially less challenging than the original conditions
• Discretion to override formulaic vesting outcomes if they are judged by the Committee not to be an accurate reflection
of Company performance
Legacy arrangements
For the avoidance of doubt, in approving the Remuneration Policy, authority is given to the Company to honour any commitments entered
into with current or former Directors before the current legislation on remuneration policies came into force or before an individual became
a Director, such as the payment of outstanding incentive awards, even where it is not consistent with the Policy prevailing at the time
such commitment is fulfilled.
Details of any payments to former Directors will be set out in the Annual Report on Remuneration as they arise.
External directorships for Executive Directors
Executive Directors may accept one external non-executive directorship with the prior agreement of the Board, provided it does not conflict
with the Group’s interests and the time commitment does not impact upon the Executive Director’s ability to perform their primary duty.
The Executive Directors may retain the fee from external directorships.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
127
Governance�Directors’ report
The Directors
present their report
The Directors present their report and the Group and Company
Financial Statements of NCC Group plc (the ‘Company’) and its
subsidiaries (together the ‘Group’) for the financial year ended
31 May 2022.
Principal activities
The Company is a public limited company incorporated in England,
registered number 4627044, with its registered office at XYZ
Building, 2 Hardman Boulevard, Spinningfields M3 3AQ.
The principal activity of the Group is the provision of independent
advice and services to customers through the provision of Software
Resilience and cyber assurance services. The principal activity of the
Company is that of a holding company.
Going concern
The Directors have acknowledged guidance published in relation to
going concern assessments. The Group’s business activities, together
with the factors likely to affect its future development, performance
and position, are set out in the Business Review and Chief Financial
Officer’s Review. The Group’s financial position, cash and borrowing
facilities are also described within these sections.
The Financial Statements have been prepared on a going concern
basis, which the Directors consider to be appropriate for the
following reasons.
The Directors have prepared cash flow and covenant compliance
forecasts for the 12 month period ending 30 September 2023
which indicate that, taking account of severe but plausible
downsides on the operations of the Group and its financial
resources, the Group and Company will have sufficient funds
to meet their liabilities as they fall due for that period.
The going concern period is required to cover a period of at least
12 months from the date of approval of the Financial Statements
and the Directors still consider this 12 month period to be an
appropriate assessment period due to the Group’s financial position
and trading performance and that its borrowing facilities do not
expire until June 2024. The Directors have considered whether
there are any significant events beyond the 12 month period which
would suggest this period should be longer but have not identified
any such conditions or events.
The Group is financed primarily by a £100m committed revolving
credit facility that matures in June 2024. Under these banking
arrangements, the Group can also request (seeking bank approval)
an additional accordion facility to increase the total size of the
revolving credit facility by up to £75m. This accordion facility has not
been taken into account in the Group’s going concern assessment as
it requires bank approval and is therefore uncommitted as at the
date of approval of these Financial Statements.
On 7 June 2021, the Group acquired the IPM business for
$216.1m after a final positive net working capital adjustment of
£3.9m to the original purchase price of $220m; the US acquisition
was funded through an equity placing in May 2021 of £70.2m (net
proceeds) combined with a new three year $70m term loan, existing
cash balances and our existing revolving credit facility. During the
year ended 31 May 2022, the Group incurred further cash transaction
costs of £7.3m in relation to the acquisition. On 10 June 2022,
$23.3m of the term loan was repaid, and $23.3m is to be repaid
on 10 June 2023 and $23.4m on 10 June 2024.
As of 31 May 2022, net debt (excluding lease liabilities) 1 amounted
to £52.4m, which comprised cash of £73.2m, a drawn revolving
credit facility of £71.0m and the term loan of £55.4m, with borrowings
offset by arrangement fees of £0.8m. In relation to the drawn
revolving credit facility, £20.4m is drawn down for working capital
requirements and £50.6m in relation to the US acquisition of IPM.
Headroom on the Group’s banking facilities amounts to £101.9m.
In the year ended 31 May 2022, the Group has not taken any of
the UK government’s Covid-19 Corporate Financing Facility (CCFF)
or any other forms of government support worldwide as a result
of the Covid-19 pandemic. The Group’s day-to-day working capital
requirements are met through existing cash resources, the revolving
credit facility and receipts from its continuing business activities.
The Group is required to comply with the same financial covenants
on both banking facilities for leverage (net debt to Adjusted
EBITDA 1) and interest cover (Adjusted EBITDA 1 to interest charge)
that are tested bi-annually on 31 May and 30 November each year.
As of 31 May 2022, leverage 1 amounted to 0.9x (2021: (1.8x)
as cash positive prior to the acquisition) and net interest cover 1
amounted to 23.4x (2021: 35.0x) compared to a maximum of 3.0x
and a minimum of 3.5x respectively. The terms and ratios are
specifically defined in the Group’s banking documents (in line with
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and
adjusting items. Further information is also contained within the Chief Financial Officer’s
Review and the Glossary of terms on pages 56 to 63 and 203 and 204 respectively.
128
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�normal commercial practice) and are materially similar to GAAP with
the exceptions being net debt excludes IFRS 16 lease liabilities and
Adjusted EBITDA 1 excludes amortisation of acquired intangibles,
share-based payments and Individually Significant Items. The Group
was in compliance with the terms of all its facilities during the year,
including the financial covenants on 30 November 2021 and
31 May 2022, and, based on forecasts, expects to remain in
compliance over the going concern period. In addition, the Group
has not sought or is not planning to seek any waivers to its
existing facilities.
Although the Group has demonstrated resilience and consistent
cash generation over the last few years, in a challenging environment,
the continuing global macro-economic risks could have an effect
on the Group’s future performance, particularly in relation to cost
inflationary pressures. As a result the base case going concern
assessment includes a level of inflationary cost increases together
with continued day rate price rises to customers. The Group has
not been significantly adversely impacted by the Ukraine conflict.
The Directors have prepared a number of severe but plausible
scenarios as follows:
1.
2.
3.
4.
The performance of FY23 continues to be similar to that of FY22,
including the impact on regional and international operations
of the Group and a potential reduction in double-digit revenue
growth to 9% growth and subsequent impact on margin.
Failure of execution of the strategy and loss of key customers
resulting in a reduction in revenue and a consequential impact
on profitability and cash generation of £22.5m for the going
concern period.
Software Resilience performance does not achieve expected
revenue growth in all territories and experiences a 1% revenue
decline.
Further inflationary pressures up to 6% arise over the existing
base case going concern assessment of 4% and certain day
rate price rises to customers do not occur.
These scenarios have been modelled individually in order to assess
the Group’s ability to withstand specific challenges. The Directors
do not believe it is plausible for all of the above downside scenarios to
occur concurrently; however, they have modelled scenarios combining
risks (3 and 4) and combining risks (1 and 4) because of the Group’s
historical Software Resilience performance and current global
economic uncertainty. The impact of these severe but plausible
scenarios has been reviewed against the Group’s projected cash flow
position, available committed bank facilities and compliance with
financial covenants. These forecasts, including the severe but plausible
downsides, show that the Group is able to operate within its available
committed banking facilities, with no forecasted covenant breaches or
requirement for facility waivers, and that the Group will have sufficient
funds to meet its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other
Group trading entities for financial support. The Company controls
these Group entities and therefore has the ability to direct the
financial activities of the Group. Having reviewed the current trading
performance, forecasts, debt servicing requirements, total facilities
and risks, the Directors are confident that the Company and the
Group will have sufficient funds to continue to meet their liabilities
as they fall due for a period of at least 12 months from the date of
approval of these consolidated Financial Statements, which is
determined as the going concern period. Accordingly, the Directors
continue to adopt the going concern basis of accounting in
preparing the Group’s Financial Statements for the period ended
31 May 2022.
There are no post-Balance Sheet events which the Directors believe
impact the going concern assessment.
Results and dividends
The Group’s and Company’s audited Financial Statements for the
financial year ended 31 May 2022 are set out on pages 143 to 202.
The Directors propose a final dividend of 3.15p per ordinary share,
which, together with the interim dividend of 1.5p per ordinary share
paid on 4 March 2022, makes a total dividend of 4.65p for the year.
The final dividend will be paid on 11 November 2022, subject
to approval at the AGM on 2 November 2022, to shareholders
on the register at the close of business on 14 October 2022.
The ex-dividend date is 13 October 2022.
Post-Balance Sheet events
There were no post-Balance Sheet events.
Share capital and control
At the AGM held on 4 November 2021, the Directors were granted
authority to allot up to 102,991,000 ordinary shares representing
approximately a third of the Company’s issued share capital. In
addition, the Directors were granted authority to allot a further
102,991,000 ordinary shares, again representing approximately
a third of the Company’s issued share capital, solely to be used
in connection with a pre-emptive rights issue.
As at 31 May 2022, the Company’s issued ordinary share capital
comprised 309,967,243 ordinary shares with a nominal value
of 1p each, of which no ordinary shares were held in treasury.
During the year ended 31 May 2022, 1,011,198 shares in the
Company were issued further to the exercise of options pursuant
to the Company’s share option schemes.
The holders of ordinary shares are entitled, among other rights, to
receive the Company’s Annual Reports and Accounts, to attend and
speak at general meetings of the Company, to appoint proxies and
to exercise voting rights.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
129
Governance�Directors’ report continued
Share capital and control continued
Details of the movements of the called up share capital of the
Company are set out in Note 27 to the Financial Statements and
the information in this Note is incorporated by reference and forms
part of this Directors’ Report.
All rights and obligations attaching to the Company’s ordinary shares
are set out in the Company’s Articles of Association (the ‘Articles’),
copies of which can be obtained from the Companies House website
or by writing to the Company Secretary. Unless otherwise provided
in the Articles, the terms of issue of any shares, any restrictions from
time to time imposed by laws or regulations (for example insider
trading laws) or pursuant to the UK Market Abuse Regulations
whereby certain Directors, officers and colleagues of the Group
require the approval of the Company to deal in ordinary shares of
the Company, any shareholder may transfer any or all of their shares.
The Company is not aware of any agreements between shareholders
that may result in restrictions on the transfer of securities and/or
voting rights.
The Directors may refuse to register a transfer of shares in
certificated form that are not fully paid up or otherwise in
accordance with the Articles.
Authority to purchase own shares
At the AGM held on 4 November 2021, shareholders authorised
the Company to make market purchases of up to 30,897,300
ordinary shares representing approximately 10% of the issued
share capital. This authority was not used during the financial
year ended 31 May 2022. At the 2022 AGM, shareholders will
be asked to give a similar authority.
The Company does not currently hold any ordinary shares in treasury.
Directors
Biographical details of the Company’s current Directors are set
out on pages 78 and 79 together with the names of Directors that
have held office during the year. Subject to law and the Company’s
Articles of Association, the Directors may exercise all of the
powers of the Company and may delegate their power and
discretion to Committees.
The Company’s Articles of Association give the Directors power
to appoint and replace Directors. Under the terms of reference of
the Nomination Committee, any appointment to the Board of the
Company must be recommended by the Nomination Committee
for approval by the Board. The Articles of Association also require
one-third of the Directors to retire by rotation each year end and each
Director must offer themself for re-election at least every three years.
However, in accordance with previous years and in accordance with
best practice, all Directors will submit themselves for re-election at
the AGM each year. During the year, no Director had any material
interest in any contract of significance in the Group’s business.
Directors’ and Officers’ insurance and indemnities
The Company maintains Directors’ and Officers’ liability insurance,
which provides appropriate cover for any legal action brought
against its Directors (including those who served as Directors or
Officers during 2021/22). This cover was in place throughout the
financial year ended 31 May 2022 and up to the date of this
Directors’ Report. The Directors of the Company have also entered
into individual deeds of indemnity with the Company which
constitute as qualifying third party indemnity provisions for the
purposes of section 234 of the Companies Act 2006.
The deeds were in effect during the course of the financial year
ended 31 May 2022 for the benefit of the Directors and, at the date
of this report, are in force for the benefit of the Directors in relation
to certain losses and liabilities which they may incur (or have
incurred) in connection with their duties, powers or office.
Colleagues
The Group uses a number of ways to engage with its colleagues on
matters that impact them and the performance of the Group. These
include briefings by members of the Executive Committee, regular
team meetings, the Group’s intranet site, global communications and
update emails which together provide, among other information,
an awareness of the financial and economic factors affecting the
Company’s performance. Further information on how the Directors
engage with colleagues along with how colleague interests are
taken into account during decision making can be found within
the Corporate Governance Report on pages 84 and 85.
We conduct a colleague engagement survey to ensure all
colleagues are given a voice in the organisation. In 2018, using
insights from our survey and subsequent colleague engagement,
we defined new values for the organisation. Details of these values
are set out in the Sustainability Report on page 47.
We offer colleagues the opportunity to purchase ordinary shares in
the Company through participation in the Company’s Save As You
Earn Scheme. At the 2019 AGM, shareholders also approved a
Share Incentive Plan. Both schemes help to encourage colleague
interest in the performance of the Group.
Business relationships with suppliers, customers
and others
The Directors has summarised how they have fostered the
Company’s business relationships with suppliers, customers and
others on pages 24 to 27. In addition, on page 83 the Directors
have included the principal decisions taken by the Company during
the financial year.
130
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Disclosure of information to the auditor
The Directors who held office at the date of approval of this
Directors’ report confirm that, so far as they are each aware, there
is no relevant audit information of which the Company’s auditor is
unaware; and each Director has taken all the steps that they ought
to have taken as a Director to make themselves aware of any
relevant audit information and to establish that the Company’s
auditor is aware of that information.
Reappointment of auditor
In accordance with section 489 of the Companies Act 2006,
a resolution for the reappointment of KPMG LLP as auditor
of the Company is to be proposed at the forthcoming
Annual General Meeting.
Annual General Meeting
The notice of the Company’s AGM to be held at 1pm on
2 November 2022 at its head office at XYZ Building, 2 Hardman
Boulevard, Spinningfields, Manchester M3 3AQ, along with details
of the business to be proposed and explanatory notes, will be
available on the Group’s website together with the Annual Report
and Accounts. All shareholders will be notified by post or email,
at their request, when the documents have been made available.
The Board recognises that the AGM provides an important
opportunity to engage with shareholders. Therefore, the Company
will ensure that shareholders can submit any questions in writing
prior to the AGM as outlined in the Notice of AGM.
In the event that the government re-introduces restrictions as we
have seen before in relation to the Covid-19 pandemic and the
arrangements for the meeting have to be changed, information will
be released via the RNS and placed on the Company’s website.
The result of the poll vote will be made available as soon as possible
after the meeting on our website.
Equal opportunities
The Group is committed to providing equality of opportunity to all
colleagues without discrimination and applies fair and equitable
employment policies which seek to promote entry into and
progression within the Group. Appointments are determined solely
by application of job criteria, personal ability, behaviour and competency.
In the opinion of the Directors, all colleague policies are deemed
to be effective and in accordance with their intended aims.
Disabled persons
Disabled persons have equal opportunities when applying
for vacancies, with due regard to their aptitudes and abilities.
Procedures ensure that disabled colleagues are fairly treated in
respect of training and career development. For those colleagues
becoming disabled during the course of their employment, the
Group is supportive so as to provide an opportunity for them
to remain with the Group, wherever reasonably practicable.
Political donations
During the year the Company made no political donations (2021: £nil).
Sustainability Report
The Company’s Sustainability Report on pages 36 to 55 provides an
update on the Group’s policies and activities in respect of its wider
stakeholders, including colleagues; community, environmental,
ethical and health and safety issues; and modern slavery.
Overseas branches
As at 31 May 2022, the Group had no overseas branches.
Research and development
We are committed to using innovative, cost effective and practical
solutions for providing high quality services and we recognise the
importance of ensuring that we focus our investment on the
development of technology. The Group’s research and development
expenditure is predominantly associated with computer and
software systems.
Change of control
In the event of a change of control of the Company, the Group and each
of its lenders shall enter into negotiation for a period to determine how
the Group’s loan facilities may continue and if after negotiation there
is no agreement the lender has the right to cancel the commitment.
There are no agreements between the Company and its Directors or
colleagues providing for compensation for loss of office or employment
(whether through resignation, purported redundancy or otherwise)
that occurs because of a takeover bid.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
131
Governance�Directors’ report continued
Capitalised interest
During the period, no interest was capitalised by the Group (2021: £nil). The tax benefit on this amount was £nil (2021: £nil).
Reporting requirements
The following sets out the location of additional information forming part of the Directors’ Report, which is incorporated by reference
into this report:
Reporting requirement
Location
Board’s assessment of the Group’s internal control systems
Details of uses of financial instruments and specific policies for
managing financial risk
Corporate Governance Report on pages 74 to 92 and Audit
Committee Report on page 97
Note 25 (Financial Instruments) on pages 187 to 191
Directors’ interests
Directors’ Remuneration Report on page 114
Directors’ Responsibilities Statement
Directors’ Responsibilities Statement on page 133
Directors’ remuneration including disclosures required by Schedule
5 and Schedule 8 of SI2008/410 – Large and Medium-sized
Companies and Groups (Accounts and Reports) Regulations 2008
Directors’ Remuneration Report on pages 110 to 120
DTR4.1.8.R – Management Report – the Directors’ Report and
Strategic Report comprise the management report
Directors’ Report on pages 128 to 132 and Strategic Report on pages
1 to 72
Going concern statement
Directors’ Report on pages 128 to 129 and Going Concern section
within Note 1 on pages 152 and 153
Greenhouse gas emissions and energy consumption
Sustainability Report on page 44
Likely future developments of the business and Group
Strategic Report on pages 8 to 11
LR 9.8.4 (4) – Long-term incentive schemes
LR 9.8.6 (2) – Substantial shareholders
Statement on corporate governance
Directors’ Remuneration Report on pages 108 to 109, 113 to 114,
115, 120 and 123
Shareholder Relations section of Corporate Governance Report on
page 93
Corporate Governance Report, Audit Committee Report, Nomination
Committee Report and Directors’ Remuneration Report on pages 74
to 127. Statement of compliance with the UK Corporate Governance
Code is on page 76
Strategic Report – Companies Act 2006 section 414A-D
Strategic Report on pages 1 to 72
The Strategic Report on pages 1 to 72 and this Directors’ Report on pages 128 to 132 have been approved and authorised for issue by the
Board. They were signed on its behalf by:
Chris Stone
Non-Executive Chair
6 September 2022
Tim Kowalski
Chief Financial Officer
6 September 2022
132
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Directors’ responsibilities statement
Statement of Directors’ responsibilities in respect
of the Annual Report and Accounts and the
Financial Statements
The Directors are responsible for preparing the Annual Report and
Accounts and the Group and Parent Company Financial Statements
in accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and Parent
Company Financial Statements for each financial year. Under that
law they are required to prepare the Group Financial Statements
in accordance with UK-adopted international accounting standards
and applicable law and have elected to prepare the Parent Company
Financial Statements on the same basis.
Under company law the Directors must not approve the Financial
Statements unless they are satisfied that they give a true and fair
view of the state of affairs of the Group and Parent Company and
of the Group’s profit or loss for that period. In preparing each of the
Group and Parent Company Financial Statements, the Directors are
required to:
• Select suitable accounting policies and then apply them consistently
• Make judgements and estimates that are reasonable, relevant
and reliable
• State whether they have been prepared in accordance with
UK-adopted international accounting standards
• Assess the Group and Parent Company’s ability to continue
as a going concern, disclosing, as applicable, matters related
to going concern
• Use the going concern basis of accounting unless they either
intend to liquidate the Group or the Parent Company or to cease
operations, or have no realistic alternative but to do so
The Directors are responsible for keeping adequate accounting
records that are sufficient to show and explain the Parent
Company’s transactions and disclose with reasonable accuracy at
any time the financial position of the Parent Company and enable
them to ensure that its Financial Statements comply with the
Companies Act 2006. They are responsible for such internal control
as they determine is necessary to enable the preparation of Financial
Statements that are free from material misstatement, whether due
to fraud or error, and have general responsibility for taking such
steps as are reasonably open to them to safeguard the assets of
the Group and to prevent and detect fraud and other irregularities.
Under applicable law and regulations, the Directors are also
responsible for preparing a Strategic Report, Directors’ Report,
Directors’ Remuneration Report and Corporate Governance
Statement that comply with that law and those regulations.
The Directors are responsible for the maintenance and integrity of
the corporate and financial information included on the Company’s
website. Legislation in the UK governing the preparation and
dissemination of Financial Statements may differ from legislation
in other jurisdictions.
In accordance with Disclosure Guidance and Transparency Rule 4.1.14R,
the Financial Statements will form part of the annual financial report
prepared using the single electronic reporting format under the
TD ESEF Regulation. The Auditor’s Report on these Financial
Statements provides no assurance over the ESEF format.
Responsibility statement of the Directors
in respect of the annual financial report
We confirm that to the best of our knowledge:
• The Financial Statements, prepared in accordance with the
applicable set of accounting standards, give a true and fair view
of the assets, liabilities, financial position and profit or loss of the
Company and the undertakings included in the consolidation
taken as a whole
• The Strategic Report includes a fair review of the development
and performance of the business and the position of the issuer
and the undertakings included in the consolidation taken as
a whole, together with a description of the principal risks and
uncertainties that they face
We consider the Annual Report and Accounts, taken as a whole,
is fair, balanced and understandable and provides the information
necessary for shareholders to assess the Group’s position and
performance, business model and strategy.
For an on behalf of the Board
Chris Stone
Non-Executive Chair
6 September 2022
Tim Kowalski
Chief Financial Officer
6 September 2022
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
133
Governance
�Financial
statements
IN THIS SECTION
135 Independent auditor’s report
143 Consolidated income statement
143 Consolidated statement of comprehensive income/(loss)
144 Consolidated balance sheet
145 Consolidated cash flow statement
147 Consolidated statement of changes in equity
148 Company balance sheet
149 Company cash flow statement
150 Company statement of changes in equity
151 Notes to the Financial Statements
ADDITIONAL INFORMATION
203 Glossary of terms – Alternative Performance Measures (APMs)
205 Glossary of terms – other terms
207 Other information
208 Financial calendar
134
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Independent auditor’s report
to the members of NCC Group plc
1 Our opinion is unmodified
We have audited the financial statements of NCC Group Plc
(“the Company”) for the year ended 31 May 2022 which comprise
the consolidated income statement, consolidated statement of
comprehensive income/(loss), consolidated balance sheet,
consolidated cash flow statement, consolidated statement of
changes in equity, company balance sheet, company cash flow
statement, company statement of changes in equity, and the related
notes, including the accounting policies in note 1.
In our opinion:
• the financial statements give a true and fair view of the state of
the Group’s and of the parent Company’s affairs as at 31 May
2022 and of the Group’s profit for the year then ended;
• the Group financial statements have been properly prepared in
accordance with UK-adopted international accounting standards;
• the parent Company financial statements have been properly
prepared in accordance with UK-adopted international accounting
standards and as applied in accordance with the provisions of the
Companies Act 2006; and
• the financial statements have been prepared in accordance with
the requirements of the Companies Act 2006.
Basis for opinion
We conducted our audit in accordance with International Standards
on Auditing (UK) (“ISAs (UK)”) and applicable law. Our responsibilities
are described below. We believe that the audit evidence we have
obtained is a sufficient and appropriate basis for our opinion. Our
audit opinion is consistent with our report to the audit committee.
Event driven
We were first appointed as auditor by the shareholders on
1 November 2013. The period of total uninterrupted engagement is
for the nine financial years ended 31 May 2022. We have fulfilled
our ethical responsibilities under, and we remain independent of the
Group in accordance with, UK ethical requirements including the
FRC Ethical Standard as applied to listed public interest entities.
No non-audit services prohibited by that standard were provided.
Overview
Materiality
Group financial
statements as a whole
£1.4m (2021: £1.2m)
4.5% (2021: 4.5%) of normalised Group
profit before tax
Coverage
79% (2021: 87%) of the total profit and
losses that make up Group profit before tax
Key audit matters
Recurring risks
vs 2021
New
Recoverability of goodwill in
respect of the EU Assurance
and IPM Software Resilience
(IPM) cash generating units
(CGUs)
Assurance revenue recognition
in the cut off period
Recoverability of parent
company investments and
intercompany receivables
New: Valuation of separately
identifiable intangible assets
recognised as part of the
NCC Group Software
Resilience (NA) (‘IPM’)
acquisition
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
135
Financial statements
�Independent auditor’s report continued
to the members of NCC Group plc
2 Key audit matters: our assessment of risks of material misstatement
Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the financial statements
and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by us, including those which
had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement
team. We summarise below the key audit matters in decreasing order of audit significance, in arriving at our audit opinion above, together
with our key audit procedures to address those matters and, as required for public interest entities, our results from those procedures.
These matters were addressed, and our results are based on procedures undertaken, in the context of, and solely for the purpose of,
our audit of the financial statements as a whole, and in forming our opinion thereon, and consequently are incidental to that opinion,
and we do not provide a separate opinion on these matters.
The risk
Our response
Valuation of separately
identifiable intangible assets
recognised as part of the NCC
Group Software Resilience
(NA) (‘IPM’) acquisition
Customer relationship valuation
£91.4m at acquisition.
Refer to page 97 (Audit Committee
Report), pages 153–154 (accounting
policy) and pages 200–202 (financial
disclosures).
Subjective Valuation
In June 2021, the Group completed the
acquisition of IPM. The fair value of the customer
relationship has been identified as the significant
area of estimation uncertainty, specifically the key
assumptions being the discount rate and revenue
growth rate used in the fair value model. The
outcome could vary significantly if different
assumptions were applied in the model.
As part of our risk assessment, we determined
that the valuation of the separately identifiable
intangible assets identified as part of the IPM
acquisition had a high degree of estimation
uncertainty. There is a potential range of
reasonable outcomes greater than our materiality
for the financial statements as a whole, and
possibly many times that amount. The financial
statements (note 34) disclose the sensitivity
estimated by the Group, in particular over the
growth rate and discount rate in the customer
relationship intangible asset.
We performed the tests below rather than seeking to rely on any of
the Group’s controls because the nature of the balance is such that
we would expect to obtain audit evidence primarily through the
detailed procedures described.
Our procedures included:
• Historical comparison: We assessed the reasonableness
of the forecasts used in the customer relationship valuation, by
comparing actual results in the year for IPM to the Group’s
previous forecast for IPM, for the year;
• Methodology choice: With the assistance of our valuation
specialists, we assessed the results of the valuation by checking
that the valuation methodology was in accordance with relevant
accounting standards and acceptable valuation practice;
• Benchmarking assumptions: We challenged, with the support of
our own valuation specialists, the appropriateness of the valuation
methodology and key assumptions used, including the discount rate,
having regard for market observable data with regard to risk free
rates for comparator companies. We also evaluated the revenue
growth assumptions, comparing to data from the rest of the Group,
the due diligence performed for the acquisition and external sources
of data including industry growth rates;
• Sensitivity analysis: We performed sensitivity analysis over
the key assumptions, including the revenue forecasts and
discount rate;
• Assessing transparency: We assessed the appropriateness of
the Group’s disclosures in respect of the valuation of separately
identifiable intangible assets recognised on acquisition of IPM.
Our results
We found the Group’s assessment of the valuation of separately
identified acquired intangible assets recognised as part of the NCC
Group Software Resilience (NA) (‘IPM’) acquisition to be acceptable.
136
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�2 Key audit matters: our assessment of risks of material misstatement continued
The risk
Our response
Recoverability of goodwill in
respect of the EU Assurance
and IPM CGUs
Goodwill EU Assurance £65.2m
(2021: £64.7m), IPM £76.9m
(2021: n/a).
Refer to page 96 (Audit Committee
Report), pages 155–156 (accounting
policy) and pages 175–178
(financial disclosures).
Subjective estimate
Management assess impairment of the EU
Assurance and IPM CGUs through their
recoverable amounts, which are determined as
the higher of their value in use (‘VIU’) and their
fair value less costs to sell (‘FVLCTS’), of which
the FVLCTS is higher.
There is judgement applied in the earnings
multiples and sustainable earnings assumptions
used to calculate the FVLCTS estimate in the
impairment model.
The risk is specific to the EU Assurance and
IPM CGUs.
The effect of these matters is that, as part of
our risk assessment for audit planning purposes,
we determined that the value in use of the EU
Assurance and IPM CGUs had a high degree of
estimation uncertainty, with a potential range of
reasonable outcomes greater than our materiality
for the financial statements as a whole, and
possibly many times that amount. In conducting
our final audit work, we reassessed the degree
of estimation uncertainty to be less than that
of materiality.
We performed the tests below rather than seeking to rely on any of
the Group’s controls because the nature of the balance is such that
we would expect to obtain audit evidence primarily through the
detailed procedures described.
Our procedures included:
• Historical comparison: We assessed the reasonableness of the
sustainable earnings assumption, with reference to the Group’s
forecasting accuracy in historical results, by comparing actual
results in the year to the Group’s previous forecast for the year;
• Benchmarking assumptions: We further challenged the
sustainable earnings figures with reference to future forecast
growth and whether that appeared reasonable, including
challenging any one-off adjustments to the sustainable earnings
assumption made by management, by agreeing them to
supporting documentation;
• Our valuation expertise: With the support of our own valuation
specialists, we challenged the earnings multiple key assumption, by
comparison to external market data and comparable companies;
• Sensitivity analysis: We performed sensitivity analysis for the
key assumptions, including the earnings multiples and
sustainable earnings;
• Assessing transparency: We evaluated the adequacy of the
disclosures related to the judgements taken by management.
Our results
We found the Group’s assessment of the recoverability of goodwill
in respect of the EU Assurance and IPM CGUs to be acceptable
(2021 EU Assurance CGU result: acceptable).
Assurance revenue recognition
in the cut off period
Contract assets – accrued income
£20.3m; (2021: £21.3m).
2022 sales cut-off
Incentives and pressures to meet market
expectations increase the risk of fraudulent
revenue recognition.
We performed the detailed tests below rather than seeking to rely
on any of the Group’s controls because our knowledge of related IT
controls indicated that we would not be able to obtain the required
evidence to support reliance on controls.
Refer to pages 157–161 (accounting
policy) and pages 170, 181 and
185–186 (financial disclosures).
There is a specific risk around the cut-off period
at the year end, which is the last month of the
year. The risk is with regards to ensuring revenue,
including accrued is being recognised in the
correct accounting period.
This is a particular risk for the assurance
business, where projects are ongoing at the
year end and there are judgements taken in
determining completion and progress to date.
Our procedures included:
• Test of detail: We agreed a sample of revenue transactions
within the cut off period pre-year end to supporting
documentation, including timesheets and contracts to assess
whether these have been recorded in the correct accounting
period. We sampled on a contract basis which included testing
the revenue recognised in the year, and the contract asset
balances at the year end;
• Analytic sampling: We used data and analytics tools to identify
journals with unusual account combinations involving revenue,
specifically in the cut off period and performed testing over the
identified items. This included procedures to understand the
nature and substance of the transaction and obtaining supporting
documentation.
Our results
We found the recognition of Assurance revenue in the cut-off period
to be acceptable. (2021 result: acceptable).
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
137
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
2 Key audit matters: our assessment of risks of material misstatement continued
The risk
Our response
Recoverability of parent
company’s investments in
subsidiaries and intercompany
receivables
Investments – £276.9m
(2021: £151.8m).
Intercompany receivables - £32.9m
(2021: £162.6m).
Refer to page 155 (accounting
policy) and pages 197–199
(financial disclosures).
Low risk, high value
The carrying amount of the Parent Company’s
investments in subsidiaries and intercompany
receivables represents 84% (2021: 48%) and
10% (2021: 52%) respectively of the
Company’s total assets.
Their recoverability is not a high risk of
significant misstatement or subject to
significant judgement. However, due to their
materiality in the context of the Parent
Company financial statements, this is the area
that had the greatest effect on our overall
Parent Company audit.
We performed the tests below rather than seeking to rely on any of the
Group’s controls because the nature of the balance is such that we
would expect to obtain audit evidence primarily through the detailed
procedures described.
Our procedures included:
• Test of detail: We compared the carrying value of investments and
intercompany receivables with the relevant subsidiaries’ draft
balance sheet as at 31 May 2022 to identify whether their net
assets, being an approximation of their minimum recoverable
amount, were in excess of their carrying value and assessing
whether those subsidiaries have historically been profit-marking.
Our results
We found the Group’s assessment of the recoverability of the parent
company’s investments in subsidiaries and intercompany receivables
to be acceptable. (2021 result: acceptable).
Changes to Key Audit Matters
Fox IT long term fixed price contract accounting
Following the continued performance of the Fox IT long term fixed price contracts in the past 12 months, the estimation uncertainty has
significantly reduced.
Cloud-based software arrangement costs
The accounting treatment of cloud-based arrangements was a significant risk and key audit matter in the prior year. However, due to the
profit and loss charge recognised by the Group in respect of this in the prior year, in addition to the fact there are no significant new cloud
arrangements in the year, the level of judgement has significantly reduced we have not assessed this as one of our most significant risks in
the current year audit.
US R&D tax credits
The estimation uncertainty has reduced on the uncertain tax position following a provision recognised by the Group in the prior year.
The provisioning methodology has been consistently applied in the current year, reducing the estimation uncertainty.
We continue to perform work over the above areas. However, as a result of the above reasons, we have not assessed these as the most
significant risks in our current year audit and therefore, they are not separately identified in our report this year.
3 Our application of materiality and an overview of the scope of our audit
Materiality for the Group financial statements as a whole was set at £1.4 million (2021: £1.2 million), determined with reference
to a benchmark of Group profit before tax £31.0m (2021: £14.8m), normalised to exclude this year’s costs directly attributable to the
acquisition of the IPM Software Resilience business, as disclosed in note 5 of £0.9m (2021: profit before tax normalised to exclude costs
directly attributable to the acquisition of the IPM Software Resilience business and cloud configuration and customisation costs of £12.7
million) of which it represents 4.5% (2021: 4.5%).
Materiality for the Parent Company financial statements as a whole was set at £0.5 million (2021: £0.3 million), determined with reference to
a benchmark of Company total assets, of which it represents 0.3% (2021: 0.1%).
In line with our audit methodology, our procedures on individual account balances and disclosures were performed to a lower threshold, performance
materiality, so as to reduce to an acceptable level the risk that individually immaterial misstatements in individual account balances add up to a material
amount across the financial statements as a whole.
Performance materiality was set at 65% (2021: 65%) of materiality for the financial statements as a whole, which equates to £0.93 million (2021:
£0.78 million) for the Group and £0.35 million (2021: £0.20 million) for the parent company. We applied this percentage in our determination of
performance materiality based on the level of identified misstatements and control deficiencies during the prior period.
138
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Group materiality
£1.4m (2021: £1.2m)
£1.4m
Whole financial
statements materiality
(2021: £1.2m)
£0.91m
Whole financial
statements performance
materiality
(2021: £0.78m)
£0.9m
Range of materiality
at 9 components
(£0.36m–£0.9m)
(2021: £0.22m to
£0.55m)
£0.07m
Misstatements reported
to the audit committee
(2021: £0.06m)
2
5
Total profits and losses
that made up Group profit
before tax
I87+87+
79+79+
84%
(2021: 89%)
79
87
3 Our application of materiality and an overview of the
scope of our audit continued
We agreed to report to the Audit Committee any corrected or
uncorrected identified misstatements exceeding £72,000
(2021: £60,000), in addition to other identified misstatements
that warranted reporting on qualitative grounds.
Of the Group’s 45 (2021: 41) reporting components, we subjected
9 (2021: 8) to full scope audits for Group purposes.
We conducted reviews of financial information (including enquiry)
at a further 2 (2021: 4) non-significant components as these
components were not individually financially significant enough
to require an audit for Group reporting purposes but a review was
performed to provide further coverage over the Group’s results.
The Group team performed procedures on the items excluded
from normalised profit before tax.
The components within the scope of our work accounted for the
percentages illustrated opposite.
Normalised Group profit
before tax
£31.9m (2021: £27.5m)
96++4++II
For the residual components, we performed analysis at an
aggregated Group level to re-examine our assessment that there
were no significant risks of material misstatement within these.
Normalised PBT
Group materiality
The Group team instructed component auditors as to the significant
areas to be covered, including the relevant risks detailed above and
the information to be reported back. The Group team approved the
component materialities, which ranged from £0.36m to £0.90m
(2021: £0.22m to £0.55m), having regard to the mix of size and risk
profile of the Group across the components. The work on 1 of the 9
in scope components (2021: 1 of the 8 components) was
performed by component auditors and the rest, including the audit
of the Parent Company, was performed by the Group team.
The Group team held video and telephone conference meetings with 1
(2021: 1) component location in the Netherlands to assess audit risk
and strategy. At these meetings, the findings reported to the Group
team were discussed in more detail, and any further work required by
the Group team was then performed by the component auditor.
The scope of the audit work performed was fully substantive as we
did not rely upon the Group’s internal control over financial reporting.
4 The impact of climate change on our audit
In planning our audit, we have considered the potential impact of
risks arising from climate change on the Group’s business and its
financial statements.
As part of our audit we performed a risk assessment, including
making enquiries of management, reading board meeting minutes
and applying our knowledge of the Group and sector in which it
operates to understand the extent of the potential impact of climate
change risk on the Group’s financial statements.
We concluded that climate risk has no significant effect this year on
the financial statements due to the nature of the Group’s current
business operations. As a result, there was no impact from climate
risk on our key audit matters.
We have read the disclosure of climate related information in the
front half of the annual report and considered consistency with the
financial statements and our audit knowledge. There were no
matters to report in respect of this procedure.
Group revenue
8
4
86
86
(2021: 94%)
90%
Group total assets
I86+86+
86+86+
I92+92+
96+96+
96%
(2021: 95%)
96
92
3
Full scope for group audit purposes 2022
Specified risk-focused audit procedures 2022
Full scope for group audit purposes 2021
Specified risk-focused audit procedures 2021
Residual components
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
139
Financial statements4
4
+
+
10
10
+
+
I
8
8
+
+
6
6
+
+
I
I
5
5
+
+
16
16
+
+
I
2
2
+
+
11
11
+
+
I
I
1
1
+
+
3
3
+
+
I
3
3
+
+
5
5
+
+
I
I
�Independent auditor’s report continued
to the members of NCC Group plc
5 Going concern
The directors have prepared the financial statements on the going
concern basis as they do not intend to liquidate the Group or the
Company or to cease their operations, and as they have concluded
that the Group’s and the Company’s financial position means that
this is realistic. They have also concluded that there are no material
uncertainties that could have cast significant doubt over their ability
to continue as a going concern for at least a year from the date of
approval of the financial statements (“the going concern period”).
We used our knowledge of the Group, its industry, and the general
economic environment to identify the inherent risks to its business
model and analysed how those risks might affect the Group’s and
Company’s financial resources or ability to continue operations over
the going concern period.
The risks that we considered most likely to adversely affect the
Group’s and Company’s available financial resources, and metrics
relevant to debt covenants, over this period were:
• A material and unexpected reduction in revenue and increase in
customer attrition due to future events, such as economic downturn.
• Further inflationary pressures arising, due to future events such
as economic downturn.
We also considered less predictable but realistic second order
impacts, such as the erosion of customer confidence.
We considered whether these risks could plausibly affect the liquidity or
covenant compliance in the going concern period by comparing severe,
but plausible downside scenarios that could arise from these risks,
individually and collectively, against the level of available financial
resources and covenants indicated by the Group’s financial forecasts.
Our procedures also included:
• A review of the availability of cash and the cash flow forecasts to
determine whether the assumptions are realistic, achievable and
consistent with the external and internal environment; we
assessed loan covenant compliance to consider the headroom
forecast for each financial covenant.
• An evaluation of sensitivities over the level of financial resources
indicated by the Group’s financial forecasts, taking account of
reasonably possible (but not unrealistic) adverse effects that
could arise from the risks identified individually and collectively.
• An assessment of the adequacy of the going concern disclosure
in note 1 to the financial statements.
Our conclusions based on this work:
• we consider that the directors’ use of the going concern basis
of accounting in the preparation of the financial statements
is appropriate;
• we have not identified, and concur with the directors’ assessment
that there is not, a material uncertainty related to events or
conditions that, individually or collectively, may cast significant
doubt on the Group’s or Company’s ability to continue as a going
concern for the going concern period;
• we have nothing material to add or draw attention to in relation to
the directors’ statement in note 1 to the financial statements on the
use of the going concern basis of accounting with no material
uncertainties that may cast significant doubt over the Group and
Company’s use of that basis for the going concern period, and we
found the going concern disclosure in note 1 to be acceptable; and
• the related statement under the Listing Rules set out on pages
128–129 is materially consistent with the financial statements
and our audit knowledge.
However, as we cannot predict all future events or conditions and as
subsequent events may result in outcomes that are inconsistent
with judgements that were reasonable at the time they were made,
the above conclusions are not a guarantee that the Group or the
Company will continue in operation.
6 Fraud and breaches of laws and regulations –
ability to detect
Identifying and responding to risks of material misstatement
due to fraud
To identify risks of material misstatement due to fraud (“fraud risks”)
we assessed events or conditions that could indicate an incentive or
pressure to commit fraud or provide an opportunity to commit fraud.
Our risk assessment procedures included:
• Enquiring of directors, the audit committee and internal audit; and
inspection of policy documentation as to the Group’s high-level
policies and procedures to prevent and detect fraud, including the
internal audit function, and the Group’s channel for “whistleblowing”,
as well as whether they have knowledge of any actual, suspected
or alleged fraud.
• Reading Board, audit committee and remuneration committee minutes.
• Considering remuneration incentive schemes and
performance targets for directors including the EPS target
for management remuneration.
• Using analytical procedures to identify any unusual or
unexpected relationships.
We communicated identified fraud risks throughout the audit team
and remained alert to any indications of fraud throughout the audit.
This included communication from the Group to the component
audit team of relevant fraud risks identified at the Group level and
request to the component audit team to report to the Group audit
team any instances of fraud that could give rise to a material
misstatement at Group level.
As required by auditing standards, and taking into account possible
pressures to meet expectation of third parties, we perform procedures
to address the risk of management override of controls and the risk
of fraudulent revenue recognition, in particular the risk that
assurance revenue is recorded in the wrong period and the risk that
Group and component management may be in a position to make
incorrect accounting entries.
On this audit we do not believe there is a fraud risk related to
software resilience revenue recognition because there is minimal
opportunity for manipulation since the revenue stream is relatively
straightforward and is typically based on annual agreements which
set out the period over which revenue is to be recognised.
We did not identify any additional fraud risks.
Further detail in respect of assurance revenue recognition is set
out in the key audit matter disclosures in section 2 of this report.
140
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�6 Fraud and breaches of laws and regulations –
ability to detect continued
Context of the ability of the audit to detect fraud or breaches of
law or regulation
Identifying and responding to risks of material misstatement
due to fraud continued
We also performed procedures including:
• Cut-off sample testing around the year end over assurance
revenue and accrued income.
• Assessing significant accounting estimates for bias.
• Identifying journal entries to test for all full scope components
using data analytics tools based on risk criteria and comparing
the identified entries to supporting documentation. These
included those posted to unusual accounts.
Identifying and responding to risks of material misstatement
related to compliance with laws and regulations
We identified areas of laws and regulations that could reasonably be
expected to have a material effect on the financial statements from our
general commercial and sector experience and through discussion with
the directors and other management (as required by auditing standards),
and discussed with the directors and other management the policies and
procedures regarding compliance with laws and regulations.
As the Group is regulated, our assessment of risks involved gaining
an understanding of the control environment including the entity’s
procedures for complying with regulatory requirements.
We communicated identified laws and regulations throughout
our team and remained alert to any indications of non-compliance
throughout the audit. This included communication from the
Group audit team to component audit teams of relevant laws
and regulations identified at the Group level, and a request for
component auditors to report to the Group audit team any
instances of non-compliance with laws and regulations that
could give rise to a material misstatement at the Group level.
The potential effect of these laws and regulations on the financial
statements varies considerably.
Firstly, the Group is subject to laws and regulations that directly
affect the financial statements including financial reporting
legislation (including related companies legislation), distributable
profits legislation and taxation legislation and we assessed the
extent of compliance with these laws and regulations as part of our
procedures on the related financial statement items.
Secondly, the Group is subject to many other laws and regulations
where the consequences of non-compliance could have a material
effect on amounts or disclosures in the financial statements, for
instance through the imposition of fines or litigation. We identified
the following areas as those most likely to have such an effect:
health and safety, data protection laws, employment law, and certain
aspects of company legislation recognising the financial and
regulated nature of the Group’s activities and its legal form. Auditing
standards limit the required audit procedures to identify non-
compliance with these laws and regulations to enquiry of the
directors and other management and inspection of regulatory and
legal correspondence, if any. Therefore if a breach of operational
regulations is not disclosed to us or evident from relevant
correspondence, an audit will not detect that breach.
We assessed the legality of the distribution in the period based on
the level of distributable reserves available when the distributions
were approved.
Owing to the inherent limitations of an audit, there is an unavoidable
risk that we may not have detected some material misstatements in
the financial statements, even though we have properly planned and
performed our audit in accordance with auditing standards. For
example, the further removed non-compliance with laws and
regulations is from the events and transactions reflected in the
financial statements, the less likely the inherently limited procedures
required by auditing standards would identify it.
In addition, as with any audit, there remained a higher risk of
non-detection of fraud, as these may involve collusion, forgery,
intentional omissions, misrepresentations, or the override of internal
controls. Our audit procedures are designed to detect material
misstatement. We are not responsible for preventing non-compliance
or fraud and cannot be expected to detect non-compliance with all
laws and regulations.
7 We have nothing to report on the other information in
the Annual Report
The directors are responsible for the other information presented in
the Annual Report together with the financial statements. Our opinion
on the financial statements does not cover the other information and,
accordingly, we do not express an audit opinion or, except as explicitly
stated below, any form of assurance conclusion thereon.
Our responsibility is to read the other information and, in doing so,
consider whether, based on our financial statements audit work, the
information therein is materially misstated or inconsistent with the
financial statements or our audit knowledge. Based solely on that work
we have not identified material misstatements in the other information.
Strategic report and directors’ report
Based solely on our work on the other information:
• we have not identified material misstatements in the strategic
report and the directors’ report;
• in our opinion the information given in those reports for the
financial year is consistent with the financial statements; and
• in our opinion those reports have been prepared in accordance
with the Companies Act 2006.
Directors’ remuneration report
In our opinion the part of the Directors’ Remuneration Report to be
audited has been properly prepared in accordance with the
Companies Act 2006.
Disclosures of emerging and principal risks and longer-term viability
We are required to perform procedures to identify whether there is a
material inconsistency between the directors’ disclosures in respect
of emerging and principal risks and the viability statement, and the
financial statements and our audit knowledge.
Based on those procedures, we have nothing material to add or
draw attention to in relation to:
• the directors’ confirmation within Viability Statement page 72 that
they have carried out a robust assessment of the emerging and
principal risks facing the Group, including those that would threaten
its business model, future performance, solvency and liquidity;
• the Principal Risks and Uncertainties disclosures describing these
risks and how emerging risks are identified, and explaining how
they are being managed and mitigated; and
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
141
Financial statements
�Independent auditor’s report continued
to the members of NCC Group plc
7 We have nothing to report on the other information in
the Annual Report continued
• certain disclosures of directors’ remuneration specified by law
are not made; or
Disclosures of emerging and principal risks and longer-term
viability continued
• we have not received all the information and explanations we
require for our audit.
• the directors’ explanation in the Viability Statement of how they
have assessed the prospects of the Group, over what period
they have done so and why they considered that period to
be appropriate, and their statement as to whether they have
a reasonable expectation that the Group will be able to continue
in operation and meet its liabilities as they fall due over the period
of their assessment, including any related disclosures drawing
attention to any necessary qualifications or assumptions.
We are also required to review the Viability statement, set out on
page 72 under the Listing Rules. Based on the above procedures,
we have concluded that the above disclosures are materially
consistent with the financial statements and our audit knowledge.
Our work is limited to assessing these matters in the context
of only the knowledge acquired during our financial statements
audit. As we cannot predict all future events or conditions and
as subsequent events may result in outcomes that are inconsistent
with judgements that were reasonable at the time they were made,
the absence of anything to report on these statements is not a
guarantee as to the Group’s and Company’s longer-term viability.
Corporate governance disclosures
We are required to perform procedures to identify whether there is a
material inconsistency between the directors’ corporate governance
disclosures and the financial statements and our audit knowledge.
Based on those procedures, we have concluded that each of the
following is materially consistent with the financial statements and
our audit knowledge:
• the directors’ statement that they consider that the annual report
and financial statements taken as a whole is fair, balanced and
understandable, and provides the information necessary for
shareholders to assess the Group’s position and performance,
business model and strategy;
• the section of the annual report describing the work of the
Audit Committee, including the significant issues that the audit
committee considered in relation to the financial statements,
and how these issues were addressed; and
• the section of the annual report that describes the review of
the effectiveness of the Group’s risk management and internal
control systems.
We are required to review the part of the Corporate Governance
Statement relating to the Group’s compliance with the provisions of
the UK Corporate Governance Code specified by the Listing Rules
for our review. We have nothing to report in this respect.
8 We have nothing to report on the other matters on
which we are required to report by exception
Under the Companies Act 2006, we are required to report to you if,
in our opinion:
• adequate accounting records have not been kept by the parent
Company, or returns adequate for our audit have not been
received from branches not visited by us; or
• the parent Company financial statements and the part of the
Directors’ Remuneration Report to be audited are not in
agreement with the accounting records and returns; or
We have nothing to report in these respects.
9 Respective responsibilities
Directors’ responsibilities
As explained more fully in their statement set out on page 133,
the directors are responsible for: the preparation of the financial
statements including being satisfied that they give a true and fair
view; such internal control as they determine is necessary to enable
the preparation of financial statements that are free from material
misstatement, whether due to fraud or error; assessing the Group
and parent Company’s ability to continue as a going concern,
disclosing, as applicable, matters related to going concern; and
using the going concern basis of accounting unless they either
intend to liquidate the Group or the parent Company or to cease
operations, or have no realistic alternative but to do so.
Auditor’s responsibilities
Our objectives are to obtain reasonable assurance about whether the
financial statements as a whole are free from material misstatement,
whether due to fraud or error, and to issue our opinion in an auditor’s
report. Reasonable assurance is a high level of assurance, but does
not guarantee that an audit conducted in accordance with ISAs
(UK) will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered
material if, individually or in aggregate, they could reasonably be
expected to influence the economic decisions of users taken on
the basis of the financial statements.
A fuller description of our responsibilities is provided on the FRC’s
website at www.frc.org.uk/auditorsresponsibilities.
The Company is required to include these financial statements in an
annual financial report prepared using the single electronic reporting
format specified in the TD ESEF Regulation. This auditor’s report
provides no assurance over whether the annual financial report has
been prepared in accordance with that format.
10 The purpose of our audit work and to whom we owe
our responsibilities
This report is made solely to the Company’s members, as a body, in
accordance with Chapter 3 of Part 16 of the Companies Act 2006.
Our audit work has been undertaken so that we might state to the
Company’s members those matters we are required to state to them
in an auditor’s report and for no other purpose. To the fullest extent
permitted by law, we do not accept or assume responsibility to anyone
other than the Company and the Company’s members, as a body, for
our audit work, for this report, or for the opinions we have formed.
Frances Simpson (Senior Statutory Auditor)
for and on behalf of KPMG LLP, Statutory Auditor
Chartered Accountants
1 St. Peter’s Square
Manchester
M2 3AE
United Kingdom
6 September 2022
142
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Consolidated income statement
for the year ended 31 May 2022
Revenue
Cost of sales
Gross profit
Administrative expenses
Depreciation and amortisation
Other administrative expenses
Individually Significant Items
Total administrative expenses
Operating profit
Finance costs
Profit before taxation
Taxation
Profit for the year attributable to the owners of the Company
Earnings per ordinary share
Basic EPS
Diluted EPS
Notes
4
4
4
6
5
4
8
6
9
11
2022
£m
314.8
(182.2)
2021
£m
270.5
(159.9)
132.6
110.6
(19.7)
(77.3)
(0.9)
(97.9)
34.7
(3.7)
31.0
(8.0)
23.0
(19.7)
(60.9)
(12.7)
(93.3)
17.3
(2.5)
14.8
(4.8)
10.0
7.4p
7.4p
3.6p
3.5p
Consolidated statement of comprehensive income/(loss)
for the year ended 31 May 2022
Profit for the year attributable to the owners of the Company
Other comprehensive income/(loss)
Items that may be reclassified subsequently to profit or loss (net of tax)
Cash flow hedges – effective portion of changes in fair value
Foreign exchange translation differences
Total other comprehensive income/(loss)
Total comprehensive income/(loss) for the year (net of tax) attributable to the owners of the Company
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
2022
£m
23.0
(0.1)
14.8
14.7
37.7
2021
£m
10.0
(0.8)
(11.6)
(12.4)
(2.4)
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
143
Financial statements
�Consolidated balance sheet
at 31 May 2022
Non-current assets
Goodwill
Intangible assets
Property, plant and equipment
Right-of-use assets
Investments
Deferred tax asset
Total non-current assets
Current assets
Inventories
Trade and other receivables
Derivative financial instruments
Current tax receivable
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Borrowings
Lease liabilities
Current tax payable
Derivative financial instruments
Contingent consideration
Provisions
Contract liabilities – deferred revenue
Total current liabilities
Non-current liabilities
Borrowings
Lease liabilities
Deferred tax liabilities
Provisions
Contract liabilities – deferred revenue
Total non-current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Hedging reserve
Merger reserve
Currency translation reserve
Retained earnings
Notes
31 May 2022
£m
31 May 2021
£m
12
12
13
14
15
18
16
17
24
19
24
20
25
34
21
22
24
20
18
21
22
27
27
27
27
27
27
266.1
118.6
12.9
22.0
0.3
1.4
182.9
21.0
11.5
23.8
0.3
2.0
421.3
241.5
0.9
77.7
0.2
3.1
73.2
155.1
576.4
48.3
18.5
5.4
7.4
–
1.9
2.7
61.7
145.9
107.1
27.2
1.6
0.8
0.6
137.3
283.2
293.2
3.1
224.0
–
42.3
35.1
(11.3)
1.1
68.7
–
4.5
116.5
190.8
432.3
45.2
–
5.1
4.0
0.8
–
2.4
43.6
101.1
33.2
29.3
1.2
0.6
0.7
65.0
166.1
266.2
3.1
223.2
(0.8)
42.3
20.3
(21.9)
Total equity attributable to equity holders of the Parent
293.2
266.2
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 6 September 2022. They were signed on its behalf by:
Chris Stone
Non-Executive Chair
6 September 2022
Tim Kowalski
Chief Financial Officer
6 September 2022
144
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Consolidated cash flow statement
for the year ended 31 May 2022
Cash flows from operating activities
Profit for the year
Adjustments for:
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Share-based payments
Cash-settled share-based payments
Amortisation of customer contracts and relationships
Amortisation of software and development costs
Impairment reversal of right-of-use assets
Lease financing costs
Other financing costs
Foreign exchange
Acquisition of businesses – transaction costs
Individually Significant Items (non-cash impact)
Profit on disposal of right-of-use assets
Profit on sale of intangible assets
Loss on sale of property, plant and equipment
Research and development UK tax credits
Research and development US tax credits
Income tax expense
Increase in provisions
Cash inflow for the year before changes in working capital
(Increase)/decrease in trade and other receivables
Decrease/(increase) in inventories
Increase/(decrease) in trade and other payables
Cash generated from operating activities before interest and taxation
Interest element of lease payments
Other interest paid
Taxation paid
Net cash generated from operating activities
Cash flows from investing activities
Acquisition of trade and assets as part of business combinations
Purchase of property, plant and equipment
Software and development expenditure
Proceeds from sale of intangible assets
Net cash used in investing activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Principal element of lease payments
Drawdown of borrowings (net of deferred issue costs)
Issue costs related to borrowings
Repayment of borrowings
Equity dividends paid
Net cash generated from/(used in) financing activities
Net (decrease)/increase in cash and cash equivalents
Cash and cash equivalents at beginning of year
Effect of foreign currency exchange rate changes
Cash and cash equivalents at end of year
Notes
2022
£m
2021
£m
23.0
10.0
13
14
26
12
12
14
8
8
5
5
9
9
21
20
34
27
20
10
3.9
5.4
3.9
(0.5)
8.6
1.8
(0.1)
1.2
2.5
(0.6)
(7.3)
–
–
–
–
(1.0)
(1.1)
9.1
0.5
49.3
(1.8)
0.2
12.6
60.3
(1.2)
(2.1)
(2.2)
54.8
(153.0)
(5.2)
(3.0)
–
(161.2)
0.8
(5.3)
120.7
(0.6)
(39.4)
(14.4)
61.8
(44.6)
116.5
1.3
4.4
5.9
2.8
–
6.4
3.0
–
1.2
1.3
1.5
(1.2)
7.6
(0.2)
(0.5)
0.2
(0.6)
1.9
2.9
0.7
47.3
4.7
(0.2)
(5.5)
46.3
(1.2)
(1.1)
(5.1)
38.9
–
(2.7)
(2.1)
0.5
(4.3)
72.6
(6.0)
–
–
(60.4)
(13.0)
(6.8)
27.8
95.0
(6.3)
24
73.2
116.5
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
145
Financial statements
�Consolidated cash flow statement continued
for the year ended 31 May 2022
Reconciliation of net change in cash and cash equivalents to movement in net (debt)/cash 1
Net (decrease)/increase in cash and cash equivalents
Change in (net debt)/cash 1 resulting from cash flows (net of deferred issue costs)
Interest incurred on borrowings
Interest paid on borrowings
Release of deferred issue costs
Issue costs related to borrowings
Effect of foreign currency on cash flows
Foreign currency translation differences on borrowings
Change in (debt)/cash 1 during the year
Net cash/(debt) 1 at start of year excluding lease liabilities
Net (debt)/cash 1 at end of year excluding lease liabilities
Lease liabilities
Net (debt)/cash 1 at end of year
Notes
20
2022
£m
(44.6)
(81.3)
2.1
(2.1)
(0.4)
0.6
1.3
(11.3)
(135.7)
83.3
(52.4)
(32.6)
(85.0)
2021
£m
27.8
60.4
(1.1)
1.1
(0.2)
–
(6.3)
5.8
87.5
(4.2)
83.3
(34.4)
48.9
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
146
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Consolidated statement of changes in equity
for the year ended 31 May 2022
Share
capital
£m
Share
premium
£m
Hedging
reserve
£m
Notes
Balance at 1 June 2020
Profit for the year
Other comprehensive income for the year
Total comprehensive income for the year
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Share-based payments
Tax on share-based payments
Shares issued
Total contributions by and distributions to
owners
Balance at 31 May 2021
Profit for the year
Other comprehensive income for the year
Foreign currency translation differences
Total comprehensive income for the year
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Transfer hedging reserve to retained earnings
Share-based payments
Tax on share-based payments
Shares issued
Total contributions by and distributions to
owners
10
9
27
10
9
27
2.8
150.9
–
–
–
–
–
–
0.3
0.3
3.1
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
72.3
72.3
223.2
–
–
–
–
–
–
–
–
0.8
0.8
Balance at 31 May 2022
3.1
224.0
–
–
(0.8)
(0.8)
–
–
–
–
–
(0.8)
–
(0.1)
–
(0.1)
–
0.9
–
–
–
0.9
–
Merger
reserve
£m
42.3
–
–
–
–
–
–
–
–
Currency
translation
reserve
£m
Retained
earnings
£m
Total
£m
31.9
(22.0)
205.9
–
(11.6)
(11.6)
10.0
–
10.0
10.0
(12.4)
(2.4)
–
–
–
–
–
(13.0)
(13.0)
2.8
0.3
–
2.8
0.3
72.6
(9.9)
62.7
42.3
20.3
(21.9)
266.2
–
–
–
–
–
–
–
–
–
–
–
–
14.8
14.8
–
–
–
–
–
23.0
–
–
23.0
23.0
(0.1)
14.8
37.7
(14.4)
(14.4)
(0.9)
3.2
(0.3)
–
–
3.2
(0.3)
0.8
–
(12.4)
(10.7)
42.3
35.1
(11.3)
293.2
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
147
Financial statements�Company balance sheet
at 31 May 2022
Company no: 4627044
Non-current assets
Investments in subsidiary undertakings
Trade and other receivables
Total non-current assets
Current assets
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Total current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Merger reserve
Retained earnings
Total equity
Notes
2022
£m
2021
£m
33
17
24
19
27
27
27
27
276.9
32.9
309.8
20.2
20.2
151.8
162.6
314.4
0.6
0.6
330.0
315.0
18.2
18.2
18.2
13.5
13.5
13.5
311.8
301.5
3.1
224.0
42.3
42.4
311.8
3.1
223.2
42.3
32.9
301.5
The accompanying Notes 1 to 34 are an integral part of these Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 6 September 2022. They were signed
on its behalf by:
Chris Stone
Non-Executive Chair
6 September 2022
Tim Kowalski
Chief Financial Officer
6 September 2022
148
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Company cash flow statement
for the year ended 31 May 2022
Cash flows from operating activities
Profit for the year
Cash inflow for the year before changes in working capital
Decrease/(increase) in trade and other receivables
Increase in trade and other payables
Net cash generated from operating activities
Cash flows from investing activities
Investments in subsidiary undertakings
Net cash used in investing activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Equity dividends paid
Net cash (used in)/generated from financing activities
Net increase/(decrease) in cash and cash equivalents
Cash and cash equivalents at beginning of year
Cash and cash equivalents at end of year
The accompanying Notes 1 to 34 are an integral part of these Financial Statements.
Notes
28
33
27
10
2022
£m
20.0
20.0
8.5
4.7
33.2
–
–
0.8
(14.4)
(13.6)
19.6
0.6
20.2
2021
£m
25.0
25.0
(20.6)
0.5
4.9
(70.7)
(70.7)
72.6
(13.0)
59.6
(6.2)
6.8
0.6
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
149
Financial statements
�Company statement of changes in equity
for the year ended 31 May 2022
Balance at 31 May 2020 and 1 June 2020
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
Balance at 31 May 2021
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
Notes
Share
capital
£m
Share
premium
£m
2.8
150.9
Merger
reserve
£m
42.3
–
–
–
–
0.3
0.3
3.1
–
–
–
–
–
–
–
–
–
–
72.3
72.3
–
–
–
–
–
–
223.2
42.3
–
–
–
–
0.8
0.8
–
–
–
–
–
–
10
27
10
27
Retained
earnings
£m
18.1
25.0
25.0
Total
£m
214.1
25.0
25.0
(13.0)
(13.0)
2.8
–
(10.2)
32.9
20.0
20.0
2.8
72.6
62.4
301.5
20.0
20.0
(14.4)
(14.4)
3.9
–
3.9
0.8
(10.5)
(9.7)
Balance at 31 May 2022
3.1
224.0
42.3
42.4
311.8
The accompanying Notes 1 to 34 are an integral part of these Financial Statements.
150
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Notes to the Financial Statements
for the year ended 31 May 2022
1 Accounting policies
Basis of preparation
NCC Group plc (the “Company”) is a public company incorporated in the UK, with its registered office at XYZ Building, 2 Hardman
Boulevard, Manchester M3 3AQ. The Group Financial Statements consolidate those of the Company and its subsidiaries (together referred
to as the “Group”). The principal activity of the Group is the provision of independent advice and services to customers through the supply of
cyber assurance and Software Resilience services. The Parent Company Financial Statements present information about the Company as
a separate entity and not about the Group. These Financial Statements have been approved for issue by the Board of Directors on
6 September 2022.
These Group and Parent Company Financial Statements have been prepared and approved by the Directors in accordance with international
accounting standards in accordance with UK-adopted international accounting standards (“UK-adopted IFRS”). On publishing the Parent
Company Financial Statements here together with the Group Financial Statements, the Company is also taking advantage of the exemption
in s408 of the Companies Act 2006 not to present its individual Income Statement and related notes that form a part of these approved
Financial Statements.
Ukraine conflict
Management has reviewed the potential impact of the Ukraine conflict on the consolidated Financial Statements. The conflict is not
considered to have a direct material impact due to the Group having limited direct exposure in the affected region. The conflict has an
indirect impact due to the increased risks arising from the global economic impact on inflation and interest rates. Additionally, the Group
will seek to deliver any additional revenue opportunities to provide additional cyber security services as a result of the conflict.
Climate change
The Directors have reviewed the potential impact of climate change and the Task Force on Climate-Related Financial Disclosures (TCFD)
on the consolidated Financial Statements. Our overall exposure to physical and transitional climate change is considered low due to the
nature of the business and cyber resilience industry. Further details are contained within pages 39 to 46 of the Annual Report.
The Directors have considered climate change in the following areas of the consolidated Financial Statements, noting no material financial
impact in each area:
• Critical accounting judgements and key sources of estimation uncertainty
• Going concern assessment
• Property, plant and equipment – economic life and residual values
• Impairment of assets – the impact of environmental change on growth rates and projected cash flows
• Inventories – realisable value issues
• Provisions – recognition of new liabilities or contingent liabilities arising from climate change and Group physical and transition risks of:
• Greenhouse gas emissions – increased costs associated with more taxes and levies
• Move to net zero – increased costs required to lower emissions
• Margin risk – impact on delivery day rates and associated erosion of profit margin due to increased costs
• Reputational risk – failure to comply with regulations resulting in negative impact on Group
• Supply chain – increased supply costs and delayed deliveries impacting customer contracts/provision of services
• Extreme weather or rising sea levels – reduction in revenue and increased costs
• Fair value measurement – climate change variables being incorporated into market participant valuations
• Financial instruments – expected credit losses and risk of default on Group borrowings (RCF and term loan)
• IFRS 16 ‘Leases’ – changes to property lease portfolio or car lease agreements. The Group is moving in FY23 from a company car
scheme to a salary sacrifice scheme (leased directly by the colleague); this will result over time to a reduction in the motor vehicle
right-of-use-asset and corresponding lease liabilities, as the contract lease terms ends
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
151
Financial statements�1 Accounting policies continued
New and amended accounting standards that have been issued but are not yet effective
At the date of authorisation of these Financial Statements, the following standards and interpretations were in issue but have not been
applied in these Financial Statements as they were not yet mandatory:
• IFRS 17 ‘Insurance Contracts’
• Classification of Liabilities as Current or Non-Current (Amendments to IAS 1)
• Onerous Contracts – Cost of Fulfilling a Contract (Amendments to IAS 37)
• Reference to the Conceptual Framework (Amendments to IFRS 3)
• Property, Plant and Equipment – Proceeds Before Intended Use (Amendments to IAS 16)
• Disclosure of Accounting Policies (Amendments to IAS 1 and IFRS Practice Statement 2)
• Definition of Accounting Estimates (Amendments to IAS 8)
• Deferred Tax Related to Assets and Liabilities Arising from a Single Transaction (Amendments to IAS 12)
• Annual Improvements to IFRS Standards 2018–2020 Cycle – Amendments to IFRS 1 ‘First-time Adoption of International Financial
Reporting Standards’, IFRS 9 ‘Financial Instruments’, IFRS 16 ‘Leases’, and IAS 41 ‘Agriculture’
These IFRSs are not expected to have a material impact on the Group’s consolidated financial position or performance of the Group.
Application of significant new or amended EU-endorsed accounting standards
The following amended standards and interpretations were also effective during the year; however, they have not had a material impact
on our consolidated Financial Statements.
• Interest Rate Benchmark Reform – Phase 2 (Amendments to IFRS 9, IAS 39, IFRS 7, IFRS 4 and IFRS 16)
• Covid-19-Related Rent Concessions Beyond 30 June 2021 (Amendment to IFRS 16)
Basis of measurement
The consolidated Financial Statements have been prepared on the historical cost basis except for the revaluation of certain financial
instruments and investments. In addition, at the date of the acquisitions consideration payable is at fair value.
Functional and presentation currency
The Group and Company Financial Statements are presented in millions of Pounds Sterling (£m) because that is the currency of the
principal economic environment in which the Group operates.
Going concern
The Directors have acknowledged guidance published in relation to going concern assessments. The Group’s business activities, together
with the factors likely to affect its future development, performance and position, are set out in the Business Review and Chief Financial
Officer’s Review. The Group’s financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending 30 September 2023 which
indicate that, taking account of severe but plausible downsides on the operations of the Group and its financial resources, the Group and
Company will have sufficient funds to meet their liabilities as they fall due for that period.
The going concern period is required to cover a period of at least 12 months from the date of approval of the Financial Statements and the
Directors still consider this 12 month period to be an appropriate assessment period due to the Group’s financial position and trading
performance and that its borrowing facilities do not expire until June 2024. The Directors have considered whether there are any significant
events beyond the 12 month period which would suggest this period should be longer but have not identified any such conditions or events.
The Group is financed primarily by a £100m committed revolving credit facility that matures in June 2024. Under these banking
arrangements, the Group can also request (seeking bank approval) an additional accordion facility to increase the total size of the revolving
credit facility by up to £75m. This accordion facility has not been taken into account in the Group’s going concern assessment as it requires
bank approval and is therefore uncommitted as at the date of approval of these Financial Statements.
On 7 June 2021, the Group acquired the IPM business for $216.1m after a final positive net working capital adjustment of £3.9m to
the original purchase price of $220m; the US acquisition was funded through an equity placing in May 2021 of £70.2m (net proceeds)
combined with a new three year $70m term loan, existing cash balances and our existing revolving credit facility. During the year ended
31 May 2022, the Group incurred further cash transaction costs of £7.3m in relation to the acquisition. On 10 June 2022, $23.3m of the
term loan was repaid, and $23.3m is to be repaid on 10 June 2023 and $23.4m on 10 June 2024.
As of 31 May 2022, net debt (excluding lease liabilities) 1 amounted to £52.4m which comprised cash of £73.2m, a drawn revolving credit
facility of £71.0m and the term loan of £55.4m, with borrowings offset by arrangement fees of £0.8m. In relation to the drawn revolving
credit facility, £20.4m is drawn down for working capital requirements and £50.6m in relation to the US acquisition of IPM. Headroom on
the Group’s banking facilities amounts to £101.9m. In the year ended 31 May 2022, the Group has not taken any of the UK government’s
Covid-19 Corporate Financing Facility (CCFF) or any other forms of government support worldwide as a result of the Covid-19 pandemic.
The Group’s day-to-day working capital requirements are met through existing cash resources, the revolving credit facility and receipts from
its continuing business activities.
152
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�1 Accounting policies continued
Going concern continued
The Group is required to comply with the same financial covenants on both banking facilities for leverage (net debt to Adjusted EBITDA 1)
and interest cover (Adjusted EBITDA 1 to interest charge) that are tested bi-annually on 31 May and 30 November each year. As of
31 May 2022, leverage 1 amounted to 0.9x (2021: (1.8x) as cash positive prior to the acquisition) and net interest cover 1 amounted to
23.4x (2021: 35.0x) compared to a maximum of 3.0x and a minimum of 3.5x respectively. The terms and ratios are specifically defined in
the Group’s banking documents (in line with normal commercial practice) and are materially similar to GAAP with the exceptions being net
debt excludes IFRS 16 lease liabilities and Adjusted EBITDA 1 excludes amortisation of acquired intangibles, share-based payments and
Individually Significant Items. The Group was in compliance with the terms of all its facilities during the year, including the financial covenants
on 30 November 2021 and 31 May 2022, and, based on forecasts, expects to remain in compliance over the going concern period.
In addition, the Group has not sought or is not planning to seek any waivers to its existing facilities.
Although the Group has demonstrated resilience and consistent cash generation over the last few years, in a challenging environment, the
continuing global macro-economic risks could have an effect on the Group’s future performance, particularly in relation to cost inflationary
pressures. As a result the base case going concern assessment includes a level of inflationary cost increases together with continued day
rate price rises to customers. The Group has not been significantly adversely impacted by the Ukraine conflict.
The Directors have prepared a number of severe but plausible scenarios as follows:
1.
2.
The performance of FY23 continues to be similar to that of FY22, including the impact on regional and international operations of the
Group and a potential reduction in double-digit revenue growth to 9% growth and subsequent impact on margin.
Failure of execution of the strategy and loss of key customers resulting in a reduction in revenue and a consequential impact on
profitability and cash generation of £22.5m for the going concern period.
3.
Software Resilience performance does not achieve expected revenue growth in all territories and experiences a 1% digit revenue decline.
4.
Further inflationary pressures up to 6% arise over the existing base case going concern assessment of 4% and certain day rate price
rises to customers do not occur.
These scenarios have been modelled individually in order to assess the Group’s ability to withstand specific challenges. The Directors do not
believe it is plausible for all of the above downside scenarios to occur concurrently; however, they have modelled scenarios combining risks
(3 and 4) and combining risks (1 and 4) because of the Group’s historical Software Resilience performance and current global economic
uncertainty. The impact of these severe but plausible scenarios has been reviewed against the Group’s projected cash flow position, available
committed bank facilities and compliance with financial covenants. These forecasts, including the severe but plausible downsides, show that
the Group is able to operate within its available committed banking facilities, with no forecasted covenant breaches or requirement for facility
waivers, and that the Group will have sufficient funds to meet its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. The Company controls
these Group entities and therefore has the ability to direct the financial activities of the Group. Having reviewed the current trading
performance, forecasts, debt servicing requirements, total facilities and risks, the Directors are confident that the Company and the Group
will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the date of approval of
these consolidated Financial Statements, which is determined as the going concern period. Accordingly, the Directors continue to adopt the
going concern basis of accounting in preparing the Group’s Financial Statements for the period ended 31 May 2022.
There are no post-Balance Sheet events which the Directors believe impact the going concern assessment.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
Business combinations
Business combinations are accounted for by applying the acquisition method at the acquisition date, which is the date on which control is
transferred to the Group. The Group controls an entity when the Group is exposed to, or has rights to, variable returns from its involvement
with the entity and has the ability to affect those returns through its power over the entity.
Acquisitions
The Group measures goodwill at the acquisition date as:
• The fair value of the consideration transferred; plus
• The recognised amount of any non-controlling interests in the acquiree; plus
• If the business combination is achieved in stages, the fair value of the existing equity interest in the acquiree; less
• The fair value of the identifiable assets acquired, and liabilities assumed.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
153
Financial statements�1 Accounting policies continued
Acquisitions continued
When the excess is negative, a bargain purchase gain is recognised immediately in profit or loss. The consideration transferred does not
include amounts related to the settlement of pre-existing relationships. Such amounts generally are recognised in the Income Statement.
Costs related to the acquisition, other than those associated with the issue of debt or equity securities, are expensed as incurred.
Any deferred or contingent consideration payable is recognised at fair value at the acquisition date. If the contingent consideration is
classified as equity, it is not remeasured, and settlement is accounted for within equity. Otherwise, subsequent changes to the fair value
of contingent consideration are recognised in the Income Statement. On a transaction-by-transaction basis, the Group elects to measure
non-controlling interests either at their fair value or at their proportionate interest in the recognised amount of the identifiable net assets
of the acquiree at the acquisition date.
Subsidiaries
Subsidiaries are entities controlled by the Group. The Financial Statements of subsidiaries are included in the consolidated Financial
Statements from the date that control commences until the date that control ceases.
Control is achieved where the Company has the power to govern the financial and operating policies of an investee entity so as to obtain
benefits from its activities. Intercompany transactions and balances between subsidiaries are eliminated on consolidation.
Intangible assets and goodwill
Goodwill represents amounts arising on acquisition of subsidiaries. In respect of business acquisitions that have occurred since 1 June 2004,
goodwill represents the difference between the cost of the acquisition and the fair value of the net identifiable assets acquired including
identifiable intangible assets. Identifiable intangibles are those which can be sold separately, or which arise from legal rights regardless of
whether those rights are separable.
In respect of acquisitions prior to 1 June 2004, goodwill is included at its deemed cost, which represents the amount recorded under UK
GAAP at 31 May 2004, which was broadly comparable, save that only separable intangibles were recognised and goodwill was amortised.
Goodwill is stated at cost less any accumulated impairment losses. Goodwill is allocated to cash generating units and is not amortised but is
tested annually for impairment. In respect of equity accounted investees, the carrying amount of goodwill is included in the carrying amount
of the investment in the investee.
Research and development
Expenditure on research activities is recognised in the Income Statement as an expense as incurred. Expenditure on development activities
is capitalised as “development costs” if the product or process is technically and commercially feasible, if the Group has the technical ability
and sufficient resources to complete development, if future economic benefits are probable and if the Group can measure reliably the
expenditure attributable to the intangible asset during its development. Development activities involve a plan or design for the production
of new or substantially improved products or processes.
Software costs
The Group capitalises “software costs” in accordance with the criteria of IAS 38. Software costs comprise third party costs and internal
colleague time costs for internal system developments. Capitalised amounts are initially measured at cost and amortised on a straight-line
basis over the period for which the developed system is expected to be in use as a business platform. Software costs incurred as part of a
service agreement are only capitalised when it can be evidenced that the Group has control over the resources defined in the arrangement.
The expenditure capitalised includes the cost of materials, direct labour, overhead costs that are directly attributable to preparing the asset
for its intended use and capitalised borrowing costs. Other development expenditure is recognised in the Income Statement as an expense
as incurred. Software customisation and configuration costs relating to software not controlled by the Group are expensed over the period
such services are received. Software costs are stated at cost less accumulated amortisation and less accumulated impairment losses.
When the Group incurs customisation and configuration costs, as part of a service agreement for Software-as-a-Service (SaaS), Infrastructure-
as-a-Service (IaaS) or Platform-as-a-Service (PaaS), judgement is applied in assessing whether the Group has control over the resources
defined in the arrangement. These costs are treated in accordance with the March 2019 IFRIC update with regard to the Customer’s Right
to Receive Access to the Supplier’s Software Hosted on the Cloud (IAS 38 ‘Intangible Assets’) and the IFRIC interpretation ratified by the
Interpretations Committee in April 2021 with regard to Configuration or Customisation Costs in a Cloud Computing Arrangement, as follows:
• In specific circumstances, development costs incurred may give rise to an identifiable asset, for example where code/intellectual property
hosted on third party cloud infrastructure is controlled by the Group and the cost of moving the asset to another provider or bringing
on-premise is not prohibitive.
• Amounts paid to the cloud vendor or third party for configuration and customisation that are not distinct from access to the cloud software
are expensed over the contract term.
• In all other instances, configuration and customisation costs will be expensed as the customisation and configuration services are received,
for example a cloud provider’s monthly subscription.
154
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�1 Accounting policies continued
Intangible assets
Expenditure on internally generated goodwill is recognised in the Income Statement as an expense as incurred.
Intangible assets that are acquired by the Group are stated at cost less accumulated amortisation and less accumulated impairment losses.
Subsequent expenditure
Subsequent expenditure is capitalised only when it increases the future economic benefits embodied in the specific asset to which it relates.
All other expenditure, including expenditure on internally generated goodwill, is recognised in the Income Statement as an expense as incurred.
Amortisation
Amortisation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of intangible assets unless
such lives are indefinite. Intangible assets with an indefinite useful life and goodwill are systematically tested for impairment at each Balance
Sheet date. Intangible assets are amortised from the date they are available for use. The estimated useful lives are as follows:
Acquired customer contracts and relationships
– between three and twenty years
Software
– between three and five years
Capitalised development costs
– between three and five years
Financial instruments
Financial assets and financial liabilities, in respect of financial instruments, are recognised in the Group and Parent Balance Sheet when
the Group or Company becomes a party to the contractual provisions of the instrument.
Classification and measurement of financial assets and liabilities
Classification of financial assets is generally based on the business model in which the financial asset is managed and its contractual cash
flow characteristics. A financial asset is measured at amortised cost if it is held with the objective of collecting the contractual cash flows
and its contractual terms give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount
outstanding. All other financial assets are measured at fair value through other comprehensive income or the Income Statement.
Financial assets at amortised cost
Trade and other receivables
Trade receivables and other receivables that have fixed or determinable payments that are not quoted in an active market are classified
as financial assets measured at amortised cost.
Under the IFRS 9 “expected credit loss” model, a credit event (or impairment “trigger”) no longer needs to occur before credit losses
are recognised.
The Group analyses the risk profile of trade receivables based on past experience and an analysis of the receivables’ current financial
position, potential for a default event to occur, adjusted for specific factors, general economic conditions of the industry in which the
receivables operate and assessment of both the current and the forecast direction of conditions at the reporting date. A default event
is considered to occur when information is obtained that indicates that a receivable is unlikely to be paid to the Group.
Credit risk is regularly reviewed by management to ensure the expected credit loss (ECL) model is being appropriately applied. The Group
has performed the calculation of ECL separately for each business unit.
Financial liabilities at amortised cost
Trade payables
Trade payables are other financial liabilities initially measured at fair value and subsequently measured at amortised cost.
Impairment of non-financial assets
The carrying amounts of the Group’s non-financial assets, other than deferred tax assets, are reviewed at each reporting date to determine
whether there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is estimated. For goodwill,
and intangible assets that have indefinite useful lives or that are not yet available for use, the recoverable amount is estimated each year at
the same time.
The recoverable amount of an asset or cash generating unit is the greater of its value in use and its fair value less costs to sell. In assessing
value in use, the estimated future cash flows are discounted to their present value using a pre-tax discount rate that reflects current market
assessments of the time value of money and the risks specific to the asset.
For the purpose of impairment testing, assets that cannot be tested individually are grouped together into the smallest group of assets that
generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups of assets (the “cash
generating unit”). The goodwill acquired in a business combination, for the purpose of impairment testing, is allocated to cash generating
units (CGUs). Subject to an operating segment ceiling test, for the purposes of goodwill impairment testing, CGUs to which goodwill has
been allocated are aggregated so that the level at which impairment is tested reflects the lowest level at which goodwill is monitored for
internal reporting purposes. Goodwill acquired in a business combination is allocated to groups of CGUs that are expected to benefit from
the synergies of the combination.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
155
Financial statements
�1 Accounting policies continued
Impairment of non-financial assets continued
An impairment loss is recognised if the carrying amount of an asset or its CGU exceeds its estimated recoverable amount. Impairment losses
are recognised in the Income Statement. Impairment losses recognised in respect of CGUs are allocated first to reduce the carrying amount
of any goodwill allocated to the units, and then to reduce the carrying amounts of the other assets in the unit (group of units) on a pro rata
basis. An impairment loss in respect of goodwill is not reversed. In respect of other assets, impairment losses recognised in prior periods are
assessed at each reporting date for any indications that the loss has decreased or no longer exists. An impairment loss is reversed if there
has been a change in the estimates used to determine the recoverable amount. An impairment loss is reversed only to the extent that the
asset’s carrying amount does not exceed the carrying amount that would have been determined, net of depreciation or amortisation, if no
impairment loss had been recognised.
Related party transactions
A related party is a person or entity that is related to the Group or Company. Related party transactions are the transfer of resources,
services or obligations between parties regardless of whether a price is charged. In these circumstances, the Group or Company will
disclose the nature of the related party relationship as well as information about the transactions and outstanding balances necessary for an
understanding of the potential effect of the relationship on the Financial Statements in accordance with IAS 24 ‘Related Party Transactions’.
Details of related party transactions are set out in Note 32 to these Financial Statements.
Property, plant and equipment
Property, plant and equipment assets are carried at cost less accumulated depreciation and any recognised impairment in value. To the
extent that borrowing costs relate to the acquisition, construction or production of a qualifying asset, borrowing costs are capitalised as part
of the cost of that asset. Depreciation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives
of each part of an item of plant and equipment as follows:
Computer equipment
– between three and five years
Plant and equipment
– between three and five years
Furniture
– between three and five years
Fixtures and fittings
– five years
Motor vehicles
– four years
Property, plant and equipment is also tested for impairment whenever there is an indication of potential impairment.
Leases
At inception of a contract, the Group assesses whether a contract is, or contains, a lease. A contract is, or contains, a lease if the contract
conveys the right to control the use of an identified asset for a period of time in exchange for consideration. To assess whether a contract
conveys the right to control the use of an identified asset, the Group assesses whether:
• The contract involves use of the identified asset; this may be specified explicitly or implicitly and should be physically distinct or represent
substantially all of the capacity or a physically distinct asset. If the supplier has a substantive substitution right, then the asset is not identified
• The Group has the right to obtain substantially all of the economic benefits from use of the asset and throughout the period of use
• The Group has the right to direct the use of the asset. The Group has this right when it has the decision-making rights that are most
relevant to changing how and for what purpose the asset is used. In rare cases where all the decisions about how and for what purpose
the asset is used are predetermined, the Group has the right to direct the use of the asset if either:
• The Group has the right to operate the asset
• The Group designed the asset in a way that predetermines how and for what purpose it will be used
The Group recognises a right-of-use asset and a lease liability at the lease commencement date. The right-of-use asset is initially measured
at cost, which comprises the initial amount of the lease liability adjusted for any lease payments made at or before the commencement date,
and an estimate of costs to dismantle and remove the underlying asset or to restore the underlying asset or the site on which it is located,
less any lease incentives received.
The right-of-use asset is subsequently depreciated using the straight-line method from the commencement date to the earlier of the end
of the useful life of the right-of-use asset or the end of lease term. The estimated useful lives of right-of-use assets are determined on the
same basis as those of property, plant and equipment. In addition, the right-of-use asset is periodically reduced by impairment losses, if any,
and adjusted for certain remeasurements of the lease liability.
The lease liability is initially measured at the present value of the lease payments that are not paid at the commencement date, discounted
using the interest rate implicit in the lease or, if that rate cannot be readily determined, the Group’s incremental borrowing rate.
The lease liability is measured at amortised cost using the effective interest method. It is remeasured when there is a change in future lease
payments arising from a change in an index or rate, if there is a change in the Group’s estimate of the amount expected to be payable, or if
the Group changes its assessment of whether it will exercise a purchase, extension or termination option.
156
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022
�1 Accounting policies continued
Leases continued
When the lease liability is remeasured in this way, a corresponding adjustment is made to the carrying amount of the right-of-use asset or
is recorded in the Income Statement if the carrying amount of the right-of-use asset has been reduced to zero. The Group has elected not
to recognise right-of-use assets and lease liabilities for short-term leases that have a lease term of 12 months or less and leases of low
value assets, including certain IT equipment. The Group recognises the lease payments associated with these leases as an expense
on a straight-line basis over the lease term.
Lease rental costs in respect of short-term leases (less than one year) and low value assets which are exempt from being accounted
for under IFRS 16 are charged to the Income Statement on a straight-line basis over the period of the lease.
Investments
Investments in subsidiaries are carried at cost less impairment. Investments in property and unlisted shares are carried at cost less
impairment, which is based on the fair value at acquisition.
Inventory
Inventory is held at the lower of cost or net realisable value.
Revenue recognition
Summary
The Group provides independent global cyber assurance security and Software Resilience services.
The revenue streams in relation to Assurance include:
• Global Professional Services (GPS) – global cyber security consultancy services
• Global Managed Services (GMS) – operational cyber defence, incident response, scanning, simulation and managed security operations
centres (SOCs) including new Microsoft XDR (Sentinel) proposition
• Product sales – sale of own manufactured and/or resale of third party products
The revenue streams in relation to Software Resilience include:
• Escrow contract services – securely maintain in “escrow” the long-term availability of business critical software and applications
• Verification services – verify source code, and provide a fully managed secure service and result validation
While the detailed recognition is contract specific, and set out in the table on pages 158 to 161, in most cases:
• GPS revenues are recognised on an input method over time
• GMS revenues are bifurcated according to the separate performance obligations (see pages 158 to 160)
• Product sales are recognised when control passes, usually on delivery
• Escrow contract revenues are recognised over time
• Verification services are recognised on the completion of the verification service
Revenue is presented net of VAT and other sales related taxes.
Revenue is measured based on the consideration specified in a contract with a customer. The Group recognises revenue when it transfers
control over a good or service to a customer.
Due to the nature of the Group’s activities, the Group transaction price for the majority of its contracts is entirely variable consideration as
these contracts are on a time and material basis, using set contractual rates per hour/day worked, giving rise to no estimation or reversal risk
at period end. The Group does not have any material obligations in respect of returns, refunds or warranties. The impact of any financing
component within contracts with customers has been assessed and concluded to be immaterial.
On contract inception, the probability of collectability is assessed across the Group and, unless there is a significant change in facts and
circumstances, revenue is recognised. During the year, no instances have been identified where reassessment of the collectability has had
to be reassessed, nor have there been any new contracts with customers for which the collection of consideration has not been assessed
at inception as probable. This current year assessment also takes into account the impact of Covid-19 on the Group’s customer base with
no adverse material impact.
Detailed policies
The following table provides information about the nature and timing of the satisfaction of performance obligations in contracts with
customers by reportable segments, including significant payment terms, and the related revenue recognition policies.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
157
Financial statements�1 Accounting policies continued
Assurance
Revenue stream
Nature
Global
Professional
Services (GPS)
Global Managed
Services (GMS)
GPS is the Group’s
core consulting service
represented by consultants
providing cyber security
consultancy services to
a customer over time
or to a set deliverable.
Some contracts may contain
multiple services (e.g. cyber
security assessment and
certified product evaluation
services). These will be
identified as separate
performance obligations,
and the transaction price
allocated to each of these is
determined by using the fixed
contract rate based upon day
rates, being the relative
standalone selling price basis.
Specifically, the contract terms
range from time and materials
(based upon consultants’
time and expenses) and
discrete statements of work,
whereby the customer
benefits gradually over the
period over which the work
is performed, unless there is
a set deliverable (for example
a defined security
assessment report).
The Group in certain
situations operates on agreed
customer terms, which allow
the Group to recover any
abortive revenue from its
customer in the event that
a customer terminates a
contract before the contract
or deliverable is complete.
These services provide
operational cyber defence,
incident response, scanning,
simulation and managed
security operations centres
(SOCs). Services are typically
for an extended delivery
duration, with contract
lengths varying up to a
maximum of five years.
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
The customer simultaneously
receives the benefits of the
consulting services provided by
the Group over the period over
which the work is performed
and one promise (performance
obligation) is identified. Work
is performed on a daily basis.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
No discounts or retrospective
rebates are provided.
Where a set deliverable is required
and the customer receives the
incremental benefit at the end of
the work when the deliverable is
transferred to the customer, this
represents one performance
obligation. In this situation, the
contract will have no abortive
revenue rights; therefore, the
Group has no right to consideration
for performance to date.
Invoicing will usually be on
completion of the set deliverable
and payable within 30 days.
The customer simultaneously
receives and consumes the
benefits of the consulting services
provided by the Group over the
period over which the work is
performed by the Group and one
performance obligation is identified.
Invoices in relation to the abortive
revenue will be recognised when
aborted. Invoices are usually
payable within 30 days.
Revenue is recognised on an input basis
to measure the satisfaction of performance
obligations over time. This is done according
to the number of days worked in comparison
to the total contracted number of days of the
performance obligation. The work performed
occurs on a daily basis (for example security
assessment of a customer’s security
environment).
It is considered that as the customer benefits
over time based on consultants’ time, the
input method faithfully depicts the Group’s
performance towards complete satisfaction
of the single performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of days.
Revenue is recognised at a point in time,
on completion of the performance
obligation deliverable.
It is considered that as the customer benefits
once the set deliverable is received, the point
in time method faithfully depicts the Group’s
performance towards complete satisfaction
of the single performance obligation.
Transaction price is determined by fixed
contract rates.
Revenue is recognised on an input basis
to measure the satisfaction of performance
obligations over time. This is done according
to the number of days worked in comparison
to the total contracted number of days of the
performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of consultancy days.
The customer will benefit from
the services over the period of
the contract.
The amount of revenue recognised in relation
to software licence(s) depends on whether
the Group acts as an agent or as a principal.
However, the type of contract will
depend on how the customer benefits
from the software licence(s).
The Group acts as principal when the Group
controls the specified software licence or
service prior to transfer (MSP model).
158
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022
�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Global Managed
Services (GMS)
continued
The proposition will also
provide the customer with
software licence(s) to enable
these services to occur.
Where an MSP model is selected
by the customer, the Group
recognises three performance
obligations:
On this basis, the Group
operates two types of
contracts:
• A Managed Service
Provider (MSP) model
whereby the customer
is supplied with one
complete integrated
service including the
software licence(s)
• A reseller model whereby
the Group sources the
software licence(s) on
behalf of the customer
and provides the Managed
Detection and Response
services
These services will also
include set-up fees. Set-up
fees represent workshops,
design, and configuration to
create a “connection”
between systems.
Following services going live,
the Group will also provide a
certain level of professional
service consultancy days
based on a day rate
(post-go-live fees).
• Set-up fees
• Post-go-live fees
• Combined monitoring cyber
and licence service
The MSP model is considered to
be under a principal arrangement
whereby the Group controls the
service prior to transfer.
Where a reseller model is selected
by the customer, the Group
recognises four performance
obligations:
• Sourced software licence(s)
• Set-up fees
• Post-go-live fees
• Monitoring cyber service
The reseller model is considered
to be under an agency
arrangement whereby the
customer receives the benefit and
control of the licence on delivery.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable within
30 days.
When the Group acts as a principal the revenue
recorded is the gross amount billed. The
transaction price is determined by a contract
price (cost plus mark-up). The transaction price
for the overall service is outlined within the
customer contract. In certain scenarios, the
contract will outline the price for each
performance obligation, which is considered to
be the standalone selling price of the services/
goods, and the transaction price is allocated
to each performance obligation on this basis.
Where the contract does not stipulate the price
per performance obligation, management
determines the relative standalone selling price
for each performance obligation based on a
market assessment approach for the services
provided in comparison to market prices, and
the contract transaction price is allocated to
each performance obligation in proportion to
those standalone selling prices.
Under a reseller model, the Group’s
responsibility is to arrange for a third party to
provide a specified software licence(s) to the
customer. In these cases, the Group is acting
as an agent and the Group does not control the
relevant licence(s) before it is transferred to the
customer. In particular, the Group does not have
inventory risk, have access to its source code or
hold the IP rights.
When the Group is acting as an agent, the
revenue is recorded at the net amount retained
(commission) at a point in time as the customer
receives immediate benefit from access to the
licence and the Group does not have any further
obligations in relation to the provision of the
licence. The commission transaction value
represents the mark-up on the licence provided.
Set-up fees are recognised over time of the
set-up. In particular, the level of administrative
tasks involved in the set-up process is
considered immaterial and therefore the work
performed is considered a distinct promised
service and incremental benefit of the
installation to the customer. The fees are based
on day rates incurred (defined by an in-house
day rate sales pricing matrix). Accordingly, the
charge out rates are recognised and allocated
to these tasks when performed akin to technical
professional day rate services. These rates
are considered to be the standalone selling
prices and are not discounted or reduced
for other services.
Post-go-live fees are recognised on delivery of
consultancy services over time as the customer
obtains incremental benefit from the hours
provided. Revenue is recognised on an input
basis (day rates) to measure the satisfaction
of performance obligations over time.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
159
Financial statements�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Global Managed
Services (GMS)
continued
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Transaction price is determined by fixed
contract rates based upon day rates and
number of post-go-live consultancy days.
One performance obligation, being a combined
monitoring cyber and licence service, is identified
in relation to the MSP model monitoring service.
Revenue is recognised over the contract length
as the software and monitoring process is an
overall service, whereby the Group retains
control of the licence and provides a complete
monitoring service to the customer. If the
customer cancels the contract, the Group
will retain control of the licence.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily and
therefore revenue is recognised on straight-line
basis as the performance obligation is satisfied
over time.
The transaction price is determined by fixed
contract rates for the combined services.
Revenue in relation to the reseller model
monitoring service is recognised over the
contract length on a straight-line basis as the
performance obligation is satisfied over time.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily on
straight-line basis.
Revenue is recognised when control of the
product is transferred to the customer. This occurs
upon delivery under the contractual terms.
On certain sales of third party products, the
control of the product is considered to pass
from the vendor to the end customer and in
these cases the Group acts as an agent, and
hence only records a commission on sale as
opposed to gross revenue and costs of sale.
Revenue is recognised on an input basis to
measure the satisfaction of the performance
obligation over time. This is done according to
total costs incurred in comparison to the total
expected costs to be incurred to satisfy the
performance obligation. This input measure
is driven by the nature of the activities carried
out in satisfying the performance obligation.
The transaction price is fixed within the terms
of the contractual arrangement.
Product sales
This revenue represents the
sale of own manufactured
and/or resale of third party
products with no connection
to other Group services.
Long-term fixed
price contracts
This revenue represents the
long-term development and/
or manufacture of specialised
software and hardware
solutions.
The customer only benefits from
the products on delivery.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
Delivery of the product is
considered to represent one
performance obligation.
The development and/or
manufacturing work carried out
by the Group is not considered to
create an asset with an alternative
use to the entity. The Group is
entitled to payment as
performance of the contract is
completed. On this basis, revenue
is recognised over time.
Invoices are raised based on
achievements of pre-defined
milestones in the contract.
Invoices are usually payable
within 30 days.
160
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�1 Accounting policies continued
Assurance continued
Revenue stream
Nature
Software Resilience
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Escrow contract
services
These services securely
maintain in “escrow” the
long-term availability of
business critical software and
applications while protecting
the intellectual property rights
(IPR) of technology partners.
The service will include
set-up time, which is
administrative in nature.
The customer benefits from the
escrow service evenly over a
contract period, usually at least
a year and potentially up to
three years.
The service represents one
performance obligation.
Invoices are raised based on
an agreed invoicing profile
with the customer.
Invoices are usually payable within
30 days.
Revenue is recognised over time on a straight-
line basis representing the service delivery
agreement. The nature of the agreement gives
rise to the customer having the benefit of software
resilience if and when required over the contract
period. Revenue is recognised on a straight-line
basis as the pattern of benefit to the customer
as well as the Group’s efforts to fulfil the contract
are generally even throughout the period.
The transaction price is determined
by a contract price.
Set-up time is not considered distinct and
a separate performance obligation due to
the administrative nature and therefore is
recognised over the period of the contract.
Verification
services
These services verify source
code based upon an agreed
scope between all parties
and provide a fully managed
secure service and result
validation, typically delivered
over a short period of time
(days).
These include SaaS services
and ICANN services.
The customer benefits from the
verification service on completion
because the source code will only
have been fully verified/validated
at that point.
Revenue is recognised on completion of the
verification services.
Transaction price is determined by fixed
contract rates based upon day rates and
number of verification days.
The service represents one
performance obligation.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable
within 30 days.
Contract costs
Contract costs comprise incremental sales commissions paid to sales agents or external third parties, which can be directly attributed to
an acquired or retained contract. Capitalised commission costs are amortised on a systematic basis that is consistent with the transfer to the
customer of the services when the related revenues are recognised. In all other cases, all internal and external costs of obtaining the contract
are recognised as incurred.
Costs directly incurred in fulfilling a contract with a customer, which comprise labour hours on long-term contracts, are recognised as an
asset to the extent they are recoverable. Such costs are amortised on a systematic basis that is consistent with the transfer to the customer
of the services when the related revenues are recognised.
Accrued income (contract asset)
Accrued income represents the Group’s rights to consideration for work completed but not billed at the reporting date. Remaining balances
are transferred to receivables when the rights become unconditional.
Deferred revenue (contract liability)
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time.
Long-term loss-making contracts
Long-term contracts are reviewed annually to establish if the contract is onerous in nature. In particular, the long-term contract becomes an
onerous contract when the unavoidable costs (i.e. the lower of the cost of fulfilling the contract and any compensation or penalties arising
from failure to fulfil it) exceed the economic benefits expected to be received under the contract. The assessment of cost to fulfil includes
costs that relate directly to the contract and includes direct costs of production, direct costs of supplies/hardware from external suppliers
(materials), direct labour in relation to performance obligations and if appropriate any potential contractual fine dependent on items (performance
obligations) not being delivered/performed. Any assets dedicated to the specific contract are also tested for potential impairment.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
161
Financial statements�1 Accounting policies continued
Determination and presentation of operating segments
The Group determines and presents operating segments based on the information that is provided to the Board, which acts as the Group’s
chief operating decision maker (CODM) in order to assess performance and to allocate resources.
An operating segment is a component of the Group that engages in business activities from which it may earn revenues and incur expenses,
including revenues and expenses that relate to transactions with any of the Group’s other components. An operating segment’s results are
reviewed regularly by the CODM to make decisions about resources to be allocated to the segment and to assess its performance.
The Group reports its business in two key segments: the Assurance division and the Software Resilience division. The two reporting segments
provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group of services. The
operating segments are grouped into the reporting segments on the basis of how they are reported to the CODM. Operating segments are
aggregated into the two reportable segments based on the types and delivery methods of services they provide, common management structures,
and their relatively homogeneous commercial and strategic market environments. Both of the Group’s divisions (segments) are run by a senior
executive team; those teams make all decisions on resource allocation, product development, marketing and areas for focus and investment.
Allocation of central costs
Some costs are collected and managed in one location but are actually incurred on behalf of multiple operating segments or reporting
segments. These costs are then allocated to the reporting segments. The allocation is based on logical or activity driven cost algorithms.
The allocation is necessary to give an accurate picture of the consumption of resources by each reporting segment.
Individually Significant Items
Individually Significant Items are identified as those items or projects that based on their size and nature and/or incidence are assessed
to warrant separate disclosure to provide supplementary information to support the understanding of the Group’s financial performance.
Where a project spans a reporting period(s) the total project size and nature are considered in totality. Individually Significant Items typically
comprise costs/profits/losses on material acquisitions/disposals/business exits, fundamental reorganisation/restructuring programmes
and other significant one-off events. Individually Significant Items are considered to require separate presentation in the notes to the
Financial Statements in order to fairly present the financial performance of the Group.
Foreign currencies
Transactions in foreign currencies are recorded using the appropriate monthly exchange rate ruling at the date of the transaction. Monetary
assets and liabilities denominated in foreign currencies are retranslated using the exchange rate ruling at the Balance Sheet date and the
gains or losses on translation are included in the Income Statement.
The assets and liabilities of overseas subsidiaries denominated in foreign currencies are retranslated at the exchange rate ruling at the
Balance Sheet date. The income statements of overseas subsidiary undertakings are translated at the average exchange rates for the
financial year. Gains and losses arising on the retranslation of overseas subsidiary undertakings are taken to the currency translation reserve.
They are released to the Income Statement upon disposal of the subsidiary to which they relate.
Foreign currency differences arising from the translation of qualifying cash flow hedges are recognised in OCI to the extent that the hedges
are effective.
Derivative financial instruments and hedge accounting
The Group holds derivative financial instruments to hedge its foreign currency risk exposures. Derivatives are initially measured at fair value.
Subsequent to initial recognition, derivatives are measured at fair value, and changes therein are generally recognised in profit or loss. The Group
designates certain derivatives as hedging instruments to hedge the variability in cash flows associated with highly probable forecast transactions
arising from changes in foreign exchange rates. At inception of designated hedging relationships, the Group documents the risk management
objective and strategy for undertaking the hedge. The Group also documents the economic relationship between the hedged item and the hedging
instrument, including whether the changes in cash flows of the hedged item and hedging instrument are expected to offset each other.
Cash flow hedges
When a derivative is designated as a cash flow hedging instrument, the effective portion of changes in the fair value of the derivative is
recognised in OCI and accumulated in the hedging reserve. The effective portion of changes in the fair value of the derivative that is
recognised in OCI is limited to the cumulative change in fair value of the hedged item, determined on a present value basis, from inception
of the hedge. Any ineffective portion of changes in the fair value of the derivative is recognised immediately in profit or loss.
The Group designates only the change in fair value of the spot element of forward exchange contracts as the hedging instrument in cash
flow hedging relationships. The change in fair value of the forward element of forward exchange contracts (forward points) is separately
accounted for as a cost of hedging and recognised in a costs of hedging reserve within equity.
When the hedged forecast transaction subsequently results in the recognition of a non-financial item, the amount accumulated in the
hedging reserve and the cost of hedging reserve is included directly in the initial cost of the non-financial item when it is recognised.
For all other hedged forecast transactions, the amount accumulated in the hedging reserve and the cost of hedging reserve is reclassified
to profit or loss in the same period or periods during which the hedged expected future cash flows affect profit or loss.
If the hedge no longer meets the criteria for hedge accounting or the hedging instrument is sold, expires, is terminated or is exercised, then hedge
accounting is discontinued prospectively. When hedge accounting for cash flow hedges is discontinued, the amount that has been accumulated in
the hedging reserve remains in equity until, for a hedge of a transaction resulting in the recognition of a non-financial item, it is included in the
non-financial item’s cost on its initial recognition or, for other cash flow hedges, it is reclassified to profit or loss in the same period or periods as
the hedged expected future cash flows affect profit or loss. If the hedged future cash flows are no longer expected to occur, then the amounts
that have been accumulated in the hedging reserve and the cost of hedging reserve are immediately reclassified to profit or loss.
162
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�1 Accounting policies continued
Colleague benefits – defined contribution pensions
The Group operates a defined contribution pension scheme. The assets of the scheme are kept separate from those of the Group in
an independently administered fund. The amount charged as an expense in the Income Statement represents the contributions payable
to the scheme in respect of the accounting period.
Short-term benefits
Short-term colleague benefit obligations are measured on an undiscounted basis and are expensed as the related service is provided.
A liability is recognised for the amount expected to be paid under short-term cash bonus or profit-sharing plans if the Group has a
present legal or constructive obligation to pay this amount as a result of past service provided by the colleague and the obligation can
be estimated reliably.
Share-based payment transactions
Share-based payments in which the Group receives goods or services as consideration for its own equity instruments are accounted for
as equity settled share-based payment transactions, regardless of how the equity instruments are obtained by the Group.
The grant date fair value of share-based payment awards granted to colleagues is recognised as a colleague expense, with a corresponding
increase in equity, over the period that the colleagues become unconditionally entitled to the awards. The fair value of the options granted
is measured using an option valuation model, taking into account the terms and conditions upon which the options were granted.
The amount recognised as an expense is adjusted to reflect the actual number of awards for which the related service and non-market
vesting conditions are expected to be met, such that the amount ultimately recognised as an expense is based on the number of awards that
do meet the related service and non-market performance conditions at the vesting date. For share-based payment awards with non-vesting
conditions, the grant date fair value of the share-based payment is measured to reflect such conditions and there is no true-up for
differences between expected and actual outcomes.
Share-based payment transactions in which the Group receives goods or services by incurring a liability to transfer cash or other assets
that is based on the price of the Group’s equity instruments are accounted for as cash settled share-based payments. The fair value of
the amount payable to colleagues is recognised as an expense, with a corresponding increase in liabilities, over the period in which the
colleagues become unconditionally entitled to payment. The liability is remeasured at each Balance Sheet date and at settlement date.
Any changes in the fair value of the liability are recognised as personnel expense within the Income Statement.
Where the Company grants options over its own shares to the colleagues of a subsidiary it recognises in its individual Financial Statements,
an increase in the cost of investment in that subsidiary equivalent to the equity settled share-based payment charge is recognised in respect
of that subsidiary in its consolidated Financial Statements with the corresponding credit being recognised directly in equity.
Holiday or vacation pay
The Group recognises a liability in the Balance Sheet for any earned but not yet taken holiday entitlement for staff. Earned holiday is
calculated on a straight-line basis over a holiday year, which can vary by business unit. Taken holiday is based on actually taken holiday.
Any movement in the liability between the opening and closing balance in the year is recorded as a colleague cost or a reduction in
colleague costs in the Income Statement in the year.
Borrowings
Borrowings are recognised initially at fair value less attributable transaction costs. Subsequent to initial recognition, borrowings are stated
at amortised cost with any difference between cost and redemption value being recognised in the Income Statement over the period of the
borrowings on an effective interest basis.
Finance costs
Finance costs are recognised within the Income Statement in the year in which they are incurred.
Provisions
Provisions are determined by discounting the expected future cash flows at a pre-tax rate that reflects current market assessments of the
time value of money and the risks specific to the liability. The unwinding of the discount is recognised as finance cost.
Taxation
Taxation on the profit or loss for the year comprises current and deferred taxation. Taxation is recognised in the Income Statement except
to the extent that it relates to items recognised directly in equity, in which case it is recognised in equity.
Current tax is the expected tax payable or receivable on the taxable income or loss for the year, using tax rates enacted or substantively
enacted at the Balance Sheet date, and any adjustment to tax payable in respect of previous years.
Deferred tax is provided on temporary differences between the carrying amounts of assets and liabilities for financial reporting purposes and
the amounts used for taxation purposes. The following temporary differences are not provided for: the initial recognition of goodwill; the initial
recognition of assets or liabilities that affect neither accounting nor taxable profit other than in a business combination; and differences
relating to investments in subsidiaries to the extent that they will probably not reverse in the foreseeable future. The amount of deferred tax
provided is based on the expected manner of realisation or settlement of the carrying amount of assets and liabilities, using tax rates enacted
or substantively enacted at the Balance Sheet date. A deferred tax asset is recognised only to the extent that it is probable that future
taxable profits will be available against which the temporary difference can be utilised.
UK RDEC tax credits are recognised for the UK tax jurisdiction within administrative expenses and R&D US tax credits within income tax
for the US tax jurisdiction.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
163
Financial statements�1 Accounting policies continued
Intra-group financial instruments
Where the Company enters into financial guarantee contracts to guarantee the indebtedness of other companies within the Group,
the Company considers these to be insurance arrangements and accounts for them as such. In this respect the Company treats the
guarantee contract as a contingent liability until such time as it becomes probable that the Company will be required to make a payment
under the guarantee.
Cash and cash equivalents
Cash and cash equivalents comprise cash in hand and deposits repayable on demand. Bank overdrafts that are repayable on demand form
part of the Group’s cash management and are included as a component of cash and cash equivalents for the purpose only of the Statement
of Cash Flows.
Treasury shares
NCC Group plc shares held by the Group are deducted from equity as “treasury shares” and are recognised at cost. Consideration received
for the sale of such shares is also recognised in equity, with any difference between the proceeds from sale and the original cost being taken
to reserves. No gain or loss is recognised in the Income Statement on the purchase, sale, issue or cancellation of equity shares.
2 Critical accounting judgements and key sources of estimation uncertainty
The preparation of Financial Statements requires management to exercise judgement in applying the Group’s accounting policies. Different
judgements would have the potential to change the reported outcome of an accounting transaction or Statement of Financial Position. It also
requires the use of estimates that affect the reported amounts of assets, liabilities, income and expenses. Actual results may differ from
these estimates. Estimates and underlying assumptions are reviewed on an ongoing basis, with changes recognised in the period in which
the estimates are revised and in any future periods affected. The table below shows those areas of critical accounting judgements and
estimates that the Directors consider material and that could reasonably change significantly in the next year.
Accounting area
Valuation of separately identifiable intangible assets
Accounting
judgement?
Accounting
estimate?
No
Yes
2.1 Critical accounting judgements
No critical accounting judgements have been made in applying accounting policies that have the most significant effects on the amounts
recognised in the consolidated Financial Statements.
2.2 Key sources of estimation uncertainty
Information about estimation uncertainties that have a significant risk of resulting in a material adjustment to the carrying values of assets
and liabilities within the next financial year is addressed below.
While every effort is made to ensure that such estimates and assumptions are reasonable, by their nature they are uncertain, and as such
changes in estimates and assumptions may have a material impact. Estimates and assumptions used in the preparation of the Financial
Statements are continually reviewed and revised as necessary at each reporting date.
The Directors have considered the impact of climate change on the following estimation uncertainties. Due to nature of the climate change
impact on the Group, no material impact has been identified.
Valuation of separately identifiable intangible assets
As part of the acquisition of the IPM business (see Note 34) the Group has acquired an intangible asset relating to the customer
relationships acquired with a fair value of £91.4m. The valuation approach taken is an income approach, specifically the multi-period excess
earnings method (MEEM). As part of this valuation exercise certain key sources of estimation uncertainty have been identified that have a
significant risk of resulting in a material adjustment to the carrying amounts of assets and liabilities in the next financial year. A description
of such estimates and reasonably possible sensitivities is described in Note 34.
164
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�3 Alternative Performance Measures (APMs) and adjusting items
The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined terms
under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not intended to be
a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the current year results and
comparative periods where provided.
This presentation is also consistent with the way that financial performance is measured by management and reported to the Board, and the
basis of financial measures for senior management’s compensation schemes and provides supplementary information that assists the user in
understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure that the Annual Report and
Accounts give a fair, balanced and understandable view of the Group’s performance, cash flows and financial position. IAS 1 ‘Presentation
of Financial Statements’ requires the separate presentation of items that are material in nature or scale in order to allow the user of the
accounts to understand underlying business performance.
We believe these APMs provide readers with important additional information on our business and this information is relevant for use
by investors, securities analysts and other interested parties as supplemental measures of future potential performance. However, since
statutory measures can differ significantly from the APMs and may be assessed differently by the reader we encourage you to consider
these figures together with statutory reporting measures noted. Specifically, we would note that APMs may not be comparable across
different companies and that certain profit related APMs may exclude recurring business transactions (e.g. acquisition related costs and
certain share-based payment charges) that impact financial performance and cash flows.
The Group manages internally its performance at an Adjusted operating profit level (before Individually Significant Items, amortisation
of acquired intangibles and share-based payments), which management believes represents the underlying trading of the business; this
information is still disclosed as an APM within this Annual Report. This APM is reconciled to statutory operating profit, together with the
consequently Adjusted basic EPS (before amortisation of acquisition intangibles, share-based payments and Individually Significant Items
and tax effect thereon) to statutory basic EPS.
The Group has the following APMs/non-statutory measures:
• Adjusted EBITDA (reconciled below)
• Adjusted operating profit (reconciled below)
• Adjusted basic EPS (pence) (reconciled in Note 11)
• Net (debt)/cash excluding lease liabilities (reconciled below)
• Net (debt)/cash (reconciled below)
• Cash conversion (reconciled below)
• Constant currency revenue (reconciled below)
• Revenue excluding IPM acquisition (reconciled below)
• Software Resilience revenue excluding IPM acquisition (reconciled below)
The above APMs are consistent with those reported for the year ended 31 May 2021, except for the inclusion of revenue excluding IPM
acquisition and Software Resilience revenue excluding IPM acquisition to allow stakeholders to understand the revenue performance
of the existing business for the year ended 31 May 2022 prior to acquiring IPM in June 2021. In comparison to those APMs reported for the
period ended 30 November 2021, one APM (cash conversion excluding IPM acquisition costs) has been removed to reduce the level of
APMs reported.
The Group also reports certain geographic regions on a constant currency basis to reflect the underlying performance taking into account
constant foreign exchange rates period on period. This involves translating comparative numbers to current period rates for comparability
to enable a growth factor to be calculated. As these measures are not statutory revenue numbers, management considers these to be APMs
and they are also reconciled below.
Further detail is included within the Glossary of terms to these Financial Statements that provide supplementary information that assists
the user in understanding these APMs/non-statutory measures.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
165
Financial statements�3 Alternative Performance Measures (APMs) and adjusting items continued
Adjusted EBITDA and Adjusted operating profit
The calculation of Adjusted EBITDA and Adjusted operating profit is set out below:
Operating profit
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Amortisation of customer contracts and relationships (acquired intangibles)
Amortisation of software and development costs
Individually Significant Items (Note 5)
Share-based payments charge (Note 26)
Adjusted EBITDA
Depreciation and amortisation (excluding amortisation charged on acquired intangibles)
Adjusted operating profit
Net (debt)/cash
The calculation of net (debt)/cash is set out below:
Cash and cash equivalents (Note 24)
Borrowings (Note 24)
Net (debt)/cash excluding lease liabilities
Lease liabilities
Net (debt)/cash
Cash conversion ratio
The calculation of the cash conversion ratio is set out below:
Cash generated from operating activities before interest and taxation (A)
Adjusted EBITDA (B)
Cash conversion ratio (%) (A)/(B)
2022
£m
34.7
3.9
5.4
8.6
1.8
0.9
3.9
59.2
(11.1)
48.1
2022
£m
73.2
(125.6)
(52.4)
(32.6)
(85.0)
2021
£m
17.3
4.4
5.9
6.4
3.0
12.7
2.8
52.5
(13.3)
39.2
2021
£m
116.5
(33.2)
83.3
(34.4)
48.9
2022
£m
60.3
59.2
2021
£m
46.3
52.5
101.9%
88.2%
Net operating cash flow before interest and taxation includes the cash outflow from acquisition costs of £7.3m (2021: £1.2m). Adjusting the
cash conversion ratio for these acquisition costs would give rise to a cash conversion ratio of 114.2% compared to the prior period of 90.5%.
Constant currency revenue
The following tables show how constant currency revenue growth has been calculated and reconciled to statutory actual rate growth.
Group
Revenue:
Revenue
Revenue excluding the performance of IPM:
Revenue
Less: IPM acquisition
Revenue excluding IPM acquisition
Revenue
2022
£m
314.8
Revenue
2021
£m
%
change at
actual rates
Revenue
2022
£m
Constant
currency
revenue
2021
£m
%
change at
constant
currency
270.5
16.4%
314.8
267.0
17.9%
Revenue
2022
£m
314.8
(20.2)
294.6
Revenue
2021
£m
%
change at
actual rates
270.5
16.4%
–
270.5
n/a
8.9%
Revenue
2022
£m
314.8
(20.2)
294.6
Constant
currency
revenue
2021
£m
%
change at
constant
currency
267.0
17.9%
–
n/a
267.0
10.3%
166
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�3 Alternative Performance Measures (APMs) and adjusting items continued
Constant currency revenue continued
Assurance
Assurance revenue analysis – by originating country:
UK and APAC
North America
Europe
Total Assurance revenue
UK and APAC
North America
Europe
Total Assurance revenue
UK and APAC
North America
Europe
Revenue
2022
£m
114.6
94.1
49.8
258.5
Revenue
2021
£m
%
change at
actual rates
102.7
82.7
48.5
11.6%
13.8%
2.7%
233.9
10.5%
Revenue
2022
£m
114.6
94.1
49.8
258.5
Constant
currency
revenue
2021
£m
102.5
82.1
46.1
%
change at
constant
currency
11.8%
14.6%
8.0%
230.7
12.1%
Revenue
H1 2022
£m
Revenue
H1 2021
£m
%
change at
actual rates
Revenue
H1 2022
£m
54.6
44.0
24.6
50.9
43.0
23.2
123.2
117.1
7.3%
2.3%
6.0%
5.2%
54.6
44.0
24.6
123.2
113.2
Constant
currency
revenue
H1 2021
£m
50.8
40.4
22.0
Revenue
H2 2022
£m
Revenue
H2 2021
£m
%
change at
actual rates
Revenue
H2 2022
£m
60.0
50.1
25.2
51.8
39.7
25.3
15.8%
26.2%
(0.4%)
60.0
50.1
25.2
Constant
currency
revenue
H2 2021
£m
51.7
41.7
24.1
%
change at
constant
currency
7.5%
8.9%
11.8%
8.8%
%
change at
constant
currency
16.1%
20.1%
4.6%
Total Assurance revenue
135.3
116.8
15.8%
135.3
117.5
15.1%
Assurance revenue analysed by type of service/product line:
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
Total Assurance revenue
Software Resilience
Software Resilience revenue analysis – by originating country:
UK
North America
Europe
Total Software Resilience revenue
Revenue
2022
£m
189.0
58.6
10.9
258.5
Revenue
2021
£m
%
change at
actual rates
172.2
56.2
5.5
9.8%
4.3%
98.2%
233.9
10.5%
Revenue
2022
£m
189.0
58.6
10.9
258.5
Revenue
2022
£m
Revenue
2021
£m
%
change at
actual rates
Revenue
2022
£m
25.4
26.8
4.1
56.3
25.2
7.3
4.1
0.8%
267.1%
–
36.6
53.8%
25.4
26.8
4.1
56.3
Constant
currency
revenue
2021
£m
170.2
54.9
5.6
%
change at
constant
currency
11.0%
6.7%
94.6%
230.7
12.1%
Constant
currency
revenue
2021
£m
25.2
7.1
4.0
%
change at
constant
currency
0.8%
277.5%
2.5%
36.3
55.1%
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
167
Financial statements�3 Alternative Performance Measures (APMs) and adjusting items continued
Constant currency revenue continued
Software Resilience continued
Software Resilience revenue analysis – by originating country excluding the performance of IPM:
UK
North America
Europe
Total Software Resilience revenue excluding IPM
IPM
Total Software Resilience revenue
UK
North America
Europe
Total Software Resilience revenue excluding IPM
IPM
Total Software Resilience revenue
UK
North America
Europe
Total Software Resilience revenue excluding IPM
IPM
Total Software Resilience revenue
Software Resilience revenues analysed by service line:
Software Resilience contracts
Verification services
Total Software Resilience revenue
Revenue
2022
£m
Revenue
2021
£m
%
change at
actual rates
Revenue
2022
£m
24.5
7.5
4.1
36.1
20.2
56.3
25.2
7.3
4.1
36.6
–
(2.8%)
2.7%
–
(1.4%)
n/a
36.6
53.8%
24.5
7.5
4.1
36.1
20.2
56.3
Revenue
H1 2022
£m
Revenue
H1 2021
£m
%
change at
actual rates
Revenue
H1 2022
£m
12.2
3.4
2.0
17.6
9.3
26.9
12.8
3.7
2.0
18.5
–
(4.7%)
(8.1%)
–
(4.9%)
n/a
18.5
45.4%
12.2
3.4
2.0
17.6
9.3
26.9
Revenue
H2 2022
£m
Revenue
H2 2021
£m
%
change at
actual rates
Revenue
H2 2022
£m
12.3
4.1
2.1
18.5
10.9
29.4
12.4
3.6
2.1
18.1
–
(0.8%)
13.9%
–
2.2%
n/a
18.1
62.4%
12.3
4.1
2.1
18.5
10.9
29.4
Revenue
2022
£m
Revenue
2021
£m
%
change at
actual rates
Revenue
2022
£m
38.1
18.2
56.3
24.0
12.6
36.6
58.8%
44.4%
53.8%
38.1
18.2
56.3
Software Resilience revenues analysed by service line excluding the performance of IPM:
Software Resilience contracts
Verification services
Total Software Resilience revenue excluding IPM
Revenue
2022
£m
Revenue
2021
£m
%
change at
actual rates
Revenue
2022
£m
22.6
13.5
36.1
24.0
12.6
36.6
(5.8%)
7.1%
(1.4%)
22.6
13.5
36.1
168
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Constant
currency
revenue
2021
£m
25.2
7.1
4.0
36.3
–
%
change at
constant
currency
(2.8%)
5.6%
2.5%
(0.6%)
n/a
36.3
55.1%
Constant
currency
revenue
H1 2021
£m
12.8
3.4
2.0
18.2
–
%
change at
constant
currency
(4.7%)
–
–
(3.3%)
n/a
18.2
47.8%
Constant
currency
revenue
H2 2021
£m
12.4
3.7
2.0
18.1
–
%
change at
constant
currency
(0.8%)
10.8%
5.0%
2.2%
n/a
18.1
62.4%
Constant
currency
revenue
2021
£m
23.8
12.5
36.3
Constant
currency
revenue
2021
£m
23.8
12.5
36.3
%
change at
constant
currency
60.1%
45.6%
55.1%
%
change at
constant
currency
(5.0%)
8.0%
(0.6%)
Notes to the Financial Statements continuedfor the year ended 31 May 2022�4 Segmental information
The Group is organised into the following two (2021: two) reportable segments: Assurance and Software Resilience. The two reporting
segments provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous group
of services. The operating segments are grouped into the reporting segments on the basis of how they are reported to the chief operating
decision maker (CODM) for the purposes of IFRS 8 ‘Operating Segments’, which is considered to be the Board of Directors of NCC Group
plc. Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide,
common management structures, and their relatively homogeneous commercial and strategic market environments. Performance is
measured based on reporting segment profit, which comprises Adjusted operating profit 1 and adjusting items are not allocated to business
segments. Interest and tax are also not allocated to business segments and there are no intra-segment sales. The IPM business acquired
on 1 June 2021 is considered to be part of the Software Resilience business segment.
Segmental analysis 2022
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Finance costs
Profit/(loss) before taxation
Taxation
Profit for the year
Assurance
£m
258.5
(166.2)
92.3
35.7%
(53.2)
39.1
(7.2)
31.9
–
(0.9)
(2.1)
Software
Resilience
£m
Central and
head office
£m
56.3
(16.0)
40.3
71.6%
(17.5)
22.8
(0.8)
22.0
(0.9)
(4.8)
(0.3)
–
–
–
–
(2.7)
(2.7)
(3.1)
(5.8)
–
(2.9)
(1.5)
28.9
16.0
(10.2)
Group
£m
314.8
(182.2)
132.6
42.1%
(73.4)
59.2
(11.1)
48.1
(0.9)
(8.6)
(3.9)
34.7
(3.7)
31.0
(8.0)
23.0
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
Segmental analysis 2021
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Finance costs
Profit/(loss) before taxation
Taxation
Profit for the year
Assurance
£m
233.9
(149.5)
84.4
36.1%
(45.4)
39.0
(9.4)
29.6
–
(1.3)
(1.5)
26.8
Software
Resilience
£m
Central and
head office
£m
36.6
(10.4)
26.2
71.6%
(9.5)
16.7
(0.7)
16.0
(7.6)
–
(0.1)
8.3
–
–
–
–
(3.2)
(3.2)
(3.2)
(6.4)
(5.1)
(5.1)
(1.2)
(17.8)
Group
£m
270.5
(159.9)
110.6
40.9%
(58.1)
52.5
(13.3)
39.2
(12.7)
(6.4)
(2.8)
17.3
(2.5)
14.8
(4.8)
10.0
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
169
Financial statements�4 Segmental information continued
Segmental analysis 2022
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Segmental analysis 2021
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Assurance
£m
9.0
128.7
(102.0)
Assurance
£m
6.0
69.3
(94.9)
Software
Resilience
£m
Central and
head office
£m
161.5
236.9
4.7
210.8
Group
£m
175.2
576.4
(36.5)
(144.7)
(283.2)
Software
Resilience
£m
Central and
head office
£m
2.1
349.5
–
13.5
(4.5)
Group
£m
8.1
432.3
(66.7)
(166.1)
The Central and head office cost centre is not considered to be a separate operating segment nor part of any other operating segment as it
does not generate any revenues. Included within Central and head office are assets and liabilities not specifically allocated to the reporting
segments and include investments, head office tangible and intangible assets, deferred tax assets and liabilities, right-of-use assets and
associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions. Central and head office assets and
liabilities are disclosed to allow a reconciliation back to the Group’s assets and liabilities.
The net book value of non-current assets is analysed geographically as follows:
UK and APAC
North America
Europe
Total non-current assets
2022
£m
175.6
230.5
11.3
417.4
Revenue is disaggregated by primary geographical market, by category and by timing of revenue recognition as follows:
Revenue by originating country
UK and APAC
North America
Europe
Total revenue
Revenue by category
Services
Products
Total revenue
Timing of revenue recognition
Services and products transferred over time
Services and products transferred at a point in time
Total revenue
Assurance
£m
Software
Resilience
£m
114.6
94.1
49.8
258.5
25.4
26.8
4.1
56.3
Assurance
£m
Software
Resilience
£m
2022
Total
£m
140.0
120.9
53.9
314.8
2022
Total
£m
Assurance
£m
Software
Resilience
£m
102.7
82.7
48.5
233.9
25.2
7.3
4.1
36.6
Assurance
£m
Software
Resilience
£m
247.6
10.9
258.5
56.3
–
56.3
303.9
10.9
314.8
49.6
208.9
37.6
18.7
87.2
227.6
258.5
56.3
314.8
228.3
5.6
233.9
47.9
186.0
233.9
36.6
–
36.6
24.0
12.6
36.6
There are no customer contracts in either 2022 or 2021 which account for more than 10% of segment revenue.
2021
£m
172.0
60.5
9.0
241.5
2021
Total
£m
127.9
90.0
52.6
270.5
2021
Total
£m
264.9
5.6
270.5
71.9
198.6
270.5
170
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�5 Individually Significant Items
The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently unusual
in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately identified and
excluded from adjusted results (as explained in Note 3).
Individually Significant Items (ISIs)
Costs directly attributable to the acquisition of the IPM Software Resilience business
Cloud configuration and customisation costs
Total ISIs
2022
£m
0.9
–
0.9
2021
£m
7.6
5.1
12.7
Costs directly attributable to the acquisition of the IPM Software Resilience business
These costs are directly attributable to the material acquisition of the IPM Software Resilience business (see Note 34) and are therefore
considered to meet the Group’s policy for ISIs. The nature of the costs includes legal, accountancy, due diligence and other advisory services.
The total costs amount to £8.5m, of which £0.9m (2021: £7.6m) has been charged to the income statement in the year ended 31 May 2022.
Of the total costs of £8.5m of costs incurred the Group has seen a cash outflow of £7.3m (2021: £1.2m) in the year ended 31 May 2022.
The difference between the cash outflow and the costs charged to the Income Statement relates to £6.4m of costs relating to services
performed in the year ended 31 May 2021 but for which the cash outflow did not occur until the year ended 31 May 2022 in line with
supplier payment terms.
Cloud configuration and customisation costs
These costs relate to the material spend previously capitalised in relation to the Group’s Securing Growth Together digital transformation
programme that have now been expensed within other administrative expenses following the adoption of the IFRIC agenda decision (as from
1 June 2021, are no longer considered part of the Group’s Securing Growth Together digital transformation programme). These costs, as
part of the Group’s Securing Growth Together digital transformation programme met the Group’s policy for ISIs.
6 Expenses and auditor’s remuneration
Continuing activities
Profit before taxation is stated after charging/(crediting):
Amounts receivable by auditor and its associates in respect of:
Audit of these Financial Statements
Audit of Financial Statements of subsidiaries pursuant to legislation
Total audit 1
Amortisation of development costs (Note 12)
Amortisation of software costs (Note 12)
Amortisation of acquired intangibles (Note 12)
Depreciation of property, plant and equipment (Note 13)
Depreciation of right-of-use assets (Note 14)
Impairment reversal of right-of-use assets (Note 14)
Costs directly attributable to the acquisition of the IPM Software Resilience business (included within ISIs) (Note 5)
Cloud configuration and customisation costs (Note 5)
Credit losses recognised on financial assets
Cost of inventories recognised as an expense
Foreign exchange (gains)/losses
Lease rental costs charged:
– Hire of property, plant and equipment 2
Research and development expenditure
Profit on disposal of intangible assets
Profit on disposal of right-of-use assets
Loss on sale of property, plant and equipment
2022
£m
2021
£m
1.0
0.2
1.2
0.9
0.9
8.6
3.9
5.4
(0.1)
0.9
–
0.6
1.0
(0.6)
0.1
1.0
–
–
–
0.7
0.1
0.8
2.0
1.0
6.4
4.4
5.9
–
7.6
5.1
0.8
1.1
1.5
0.1
0.5
(0.5)
(0.2)
0.2
1 The only non-audit service provided by the auditor was for the interim review at 30 November 2021, for which the fee was £80,000 (2021: £75,000).
2 The charge to the Income Statement in respect of lease rental costs relates entirely to short-term leases for which the Group has taken the exemption allowed from applying
the principles of IFRS 16.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
171
Financial statements
�7 Staff numbers and costs
Directors’ emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of
2022 were £2.2m (2021: £2.2m). Employer contributions to pensions for Executive Directors for qualifying periods were £nil (2021: £nil).
The Company provided pension payments in lieu of pension contributions for two Executive Directors during the year ended 31 May 2022
amounting to £44,000 (2021: £50,000). The aggregate net value of share awards granted to the Directors in the period was £0.4m
(2021: £0.3m). The net value has been calculated by reference to the closing mid-market price of the Company’s shares on the day
before the date of grant. During the year, 237,448 (2021: 128,687) share options were exercised by Directors and their gain on exercise
of share options was £20,895 (2021: £54,049).
The average monthly number of persons employed by the Group during the year, including Executive Directors, is analysed by category
as follows:
Operational
Administration
Total
The aggregate payroll costs of these persons were as follows:
Wages and salaries
Share-based payments (Note 26)
Social security costs
Other pension costs (Note 31)
Total payroll costs
8 Finance costs
Interest payable on bank loans and overdrafts
Interest expense on lease liabilities
Finance costs
The above finance costs relate entirely to liabilities not at fair value through profit or loss.
9 Taxation
Recognised in the Income Statement
Current tax expense
Current year
Adjustment to tax expense in respect of prior periods
Impact of prior year US R&D tax credits
Foreign tax
Total current tax
Deferred tax expense
Origination and reversal of temporary differences
Movement in tax rate
Derecognition of deductible timing differences
Impact of prior year US R&D tax credits
Adjustment to tax expense in respect of prior periods
Total deferred tax
Tax expense
172
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Number of colleagues
2022
2021
1,848
417
2,265
1,523
374
1,897
2022
£m
2021
£m
180.7
152.5
3.9
17.3
5.1
2.8
13.7
5.3
207.0
174.3
2022
£m
2.5
1.2
3.7
2022
£m
2.2
0.2
(1.1)
6.5
7.8
(0.4)
(0.1)
0.8
–
(0.1)
0.2
8.0
2021
£m
1.3
1.2
2.5
2021
£m
(0.8)
(0.4)
2.7
4.3
5.8
(0.7)
0.4
–
(0.8)
0.1
(1.0)
4.8
Notes to the Financial Statements continuedfor the year ended 31 May 2022
�9 Taxation continued
Reconciliation of effective tax rate
Profit before taxation
Current tax using the UK corporation tax rate of 19% (2021: 19%)
Effects of:
Items not deductible/(assessable) for tax purposes
Adjustment to tax charge in respect of prior periods
Impact of prior year US R&D tax credits
Impact of current year US R&D tax credits
Differences between overseas tax rates
Movements in temporary differences not recognised
Movement in tax rate
Total tax expense
2022
£m
31.0
5.9
0.5
0.1
(1.1)
(0.2)
1.7
1.2
(0.1)
8.0
2021
£m
14.8
2.8
(0.5)
(0.3)
1.9
(0.3)
0.7
0.1
0.4
4.8
Current and deferred tax recognised directly in equity was a debit of £0.3m (2021: credit £0.3m).
In the March 2021 Budget the UK government announced that legislation will be introduced in the Finance Bill 2021 to increase the main
rate of UK corporation tax from 19% to 25%, effective 1 April 2023. This rate was substantively enacted on 24 May 2021 and therefore the
deferred tax balances as at 31 May 2021 and 31 May 2022 are generally measured at a rate of 25%.
Tax uncertainties
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there may be
uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to historical periods. Uncertainty
arises as a result of a degree of uncertainty concerning interpretation of US legislation and because the statute of limitations has not expired.
For the periods ended 31 May 2017 to 31 May 2022, the aggregate net current tax benefit to the Income Statement relating to the US R&D
tax credits is £4.0m (2021: £2.7m). As at 31 May 2022, the gross deferred tax asset relating to the US R&D tax credits is £0.5m (2021:
£1.0m), although due to the uncertainty a partial provision of £0.3m (2021: £0.6m) has been made against this asset. The gross cumulative
amount of US R&D tax credits amounts to £9.3m (2021: £8.2m) and net cumulative amount of US tax credits amounts to £4.2m (2021:
£3.1m), giving rise to a cumulative provision of £5.1m (2021: £5.1m). The cumulative provision of £5.1m comprises a deferred tax element
(£0.3m) relating to tax credits as yet unutilised against US tax and a current tax element (£4.8m) relating to utilised tax credits. The latter
provision will unwind as the statute of limitation windows expire for claims made in particular periods. The provision relating to utilised tax
credits of £4.8m is expected to unwind as follows: FY23: £1.6m, FY24: £1.2m, FY25: £0.9m, FY26: £0.8m and FY27: £0.3m.
10 Dividends
Dividends paid and recognised in the year
Dividends per share paid and recognised in the year
Dividends per share proposed but not recognised in the year
2022
£m
14.4
4.65p
3.15p
2021
£m
13.0
4.65p
3.15p
The proposed final dividend for the year ended 31 May 2022 of 3.15p per ordinary share (approximately £9.8m) was approved by the Board
on 6 September 2022 and will be paid on 11 November 2022, to shareholders on the register at the close of business on 14 October 2022.
The ex-dividend date is 13 October 2022. The dividend will be recommended to shareholders at the AGM on 2 November 2022. The dividend
has not been included as a liability as at 31 May 2022. The payment of this dividend will not have any tax consequences for the Group.
Dividend policy
Dividends are the way the Company makes distributions from the Company’s distributable reserves to shareholders. The Board decides
the level of the dividend with each half-year reporting period (i.e. 30 November and 31 May). If an interim or final dividend is declared,
the Company pays the dividend approximately eight weeks after the results announcement. A dividend is paid for each share, so the
amount you receive depends on the number of shares you own.
The Company currently continues to pay a dividend equal to that paid in the prior years as the Board is conscious of the need to invest
in initiatives to support longer-term growth and service the debt profile following the recent acquisition.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
173
Financial statements
�11 Earnings per ordinary share
Earnings per ordinary share are shown on a statutory and an adjusted basis to assist in the understanding of the performance of the Group.
Statutory earnings (A)
Basic weighted average number of shares in issue (C)
Dilutive effect of share options
Diluted weighted average shares in issue (D)
2022
£m
23.0
Number
of shares
m
309.5
1.4
310.9
2021
£m
10.0
Number
of shares
m
281.2
1.5
282.7
For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the period
during which the options are outstanding.
Earnings per ordinary share
Basic (A/C)
Diluted (A/D)
Adjusted basic EPS 1 is reconciled as follows:
Statutory earnings (A)
Amortisation of acquired intangibles
Share-based payments
Individually Significant Items (see Note 5)
Tax effect of above items
Adjusted earnings (B)
Adjusted earnings per ordinary share
Basic (B/C)
Diluted (B/D)
2022
Pence
2021
Pence
7.4
7.4
2022
£m
23.0
8.6
3.9
0.9
(2.9)
33.5
2022
Pence
10.8
10.8
3.6
3.5
2021
£m
10.0
6.4
2.8
12.7
(5.1)
26.8
2021
Pence
9.5
9.5
174
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�12 Goodwill and intangible assets
Cost
At 1 June 2020
Additions
Disposals
Effects of movements in exchange rates
At 31 May 2021
Additions
On acquisition (see Note 34)
Effects of movements in exchange rates
At 31 May 2022
Accumulated amortisation
At 1 June 2020
Charge for year
Disposals
Effects of movements in exchange rates
At 31 May 2021
Charge for year
Effects of movements in exchange rates
At 31 May 2022
Net book value
At 31 May 2022
At 31 May 2021
Goodwill
£m
Software
£m
Development
costs
£m
Customer
contracts and
relationships
£m
Intangibles
sub-total
£m
259.3
–
(10.2)
(10.2)
238.9
–
69.7
13.5
12.8
1.7
–
–
14.5
1.6
2.5
0.1
11.5
0.6
–
(0.4)
11.7
1.3
–
(0.1)
88.2
–
(13.0)
(2.1)
73.1
–
91.4
12.3
112.5
2.3
(13.0)
(2.5)
99.3
2.9
93.9
12.3
322.1
18.7
12.9
176.8
208.4
Total
£m
371.8
2.3
(23.2)
(12.7)
338.2
2.9
163.6
25.8
530.5
(66.2)
–
10.2
–
(56.0)
–
–
(10.8)
(1.0)
–
–
(11.8)
(0.9)
–
(56.0)
(12.7)
266.1
182.9
6.0
2.7
(7.3)
(2.0)
–
0.3
(9.0)
(0.9)
0.1
(9.8)
3.1
2.7
(65.4)
(6.4)
13.0
1.3
(83.5)
(9.4)
13.0
1.6
(149.7)
(9.4)
23.2
1.6
(57.5)
(78.3)
(134.3)
(8.6)
(1.2)
(10.4)
(1.1)
(10.4)
(1.1)
(67.3)
(89.8)
(145.8)
109.5
118.6
15.6
21.0
384.7
203.9
Development costs are capitalised in accordance with IAS 38 development criteria. For this reason, these are not regarded as realised losses.
Cash generating units (CGUs)
Goodwill and intangible assets are allocated to CGUs in order to be assessed for potential impairment. CGUs are defined by accounting
standards as the lowest level of asset groupings that generate separately identifiable cash inflows that are not dependent on other CGUs.
The Directors have reviewed the continuing applicability of the judgements made in the prior year in determining the CGUs within the Group
and in allocating goodwill to these CGUs and are satisfied these judgements remain appropriate.
In respect of the IPM business acquired on 1 June 2021 (See Note 34), work to integrate this business into the wider North America
Software Resilience CGU is ongoing and at 31 May 2022, the cash inflows relating to this business are considered to be separately
identifiable. As such a new CGU has been identified relating to the acquired IPM business.
The CGUs and the allocation of goodwill to those CGUs are shown below:
Cash generating units
UK Software Resilience
IPM Software Resilience
North America Software Resilience
Europe Software Resilience
Total Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Total Assurance
Total Group
Goodwill
2022
£m
22.9
76.9
8.5
7.3
115.6
45.4
39.9
65.2
150.5
266.1
Goodwill
2021
£m
22.9
–
7.5
7.2
37.6
44.2
36.4
64.7
145.3
182.9
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
175
Financial statements
�12 Goodwill and intangible assets continued
Impairment review
Goodwill is tested for impairment annually at the level of the CGU to which it is allocated. For the year ended 31 May 2021, the recoverable
amount of all CGUs concerned was measured on a value in use basis (VIU). For the year ended 31 May 2022, the recoverable amount of
all CGUs concerned was measured on a value in use basis (VIU), with the exception of the Europe Assurance CGU and the IPM Software
Resilience CGU, which was measured on a fair value less costs to sell basis.
The Directors have considered the impact of climate change on this review, with no material impact identified.
Fair value less costs to sell
For the year ended 31 May 2022, the recoverable amount of the Europe Assurance CGU and the IPM Software Resilience CGU has been
determined on a fair value less costs to sell basis for the purposes of the impairment review. The Directors assessed the recoverable amount
of these CGUs on a VIU basis, as in the prior period for Europe Assurance. The VIU calculations prepared for both CGUs are highly sensitive
to changes in inputs, which could suggest that they were less than the carrying value of assets. This is because the forecast growth rates
applied beyond a period of five years are expected to be higher than the terminal growth rate that would be applied. Therefore, the Directors
considered that the fair value less costs to sell exceeded the value in use.
The Europe Assurance CGU and IPM Software Resilience CGU valuation has been calculated by assessing the value of the standalone Europe
Assurance and IPM Software Resilience business calculated using an EBITDA 1 multiple based on sustainable earnings for the year ended 31
May 2022 adjusted for specific items where relevant. For the IPM Software Resilience business, integration costs associated with combining
the business into the wider Group have been added back to sustainable earnings used in the calculation. For the Europe Assurance CGU no
material adjustments have been made to the sustainable earnings used in the calculation. The sustainable earnings input is a level 3
measurement; level 3 measurements are inputs which are normally unobservable to market participants.
The EBITDA 1 multiple used in the calculations is based on independent third party assessments of the implied enterprise value of the
business based on a population of comparable companies and precedent transactions. The estimated cost of disposal was based on other
recent transactions that the Group has undertaken.
Sensitivity analysis
The key assumptions used in the fair value less costs to sell calculation are the EBITDA 1 used and the multiple applied to that sustainable
earnings. For the Europe Assurance CGU and the IPM Software Resilience CGU there is no reasonably possible change in those inputs that
could give rise to an impairment.
Value in use
VIU represents the present value of the future cash flows that are expected to be generated by the CGU to which the goodwill is allocated.
Capitalised development and software costs are included in the CGU asset bases when performing the impairment review. Capitalised development
projects and software intangible assets are also considered, on an asset-by-asset basis, for impairment where there are indicators of impairment.
VIU calculations are an area of management estimation. These calculations require the use of estimates (inputs), specifically: pre-tax cash
flow projections; long-term growth rates; and a pre-tax discount rate. Further detail in relation to these assumptions used in the Group’s
goodwill annual impairment review is as follows:
Pre-tax cash flow projections
Pre-tax cash flow projections are based on the Group’s budget for the forthcoming financial year and longer-term three year strategic plans
to 2025. The budget and three year strategic plan are compiled by the business unit management teams using a detailed, bottom-up
process with respect to revenue, margin and overheads, taking into account factors specific to that business unit as well as wider economic
factors such as industry growth expectations and the impact of Covid-19 or the Ukraine conflict.
The Group’s revenue forecasts are developed using the most reliable data available, such as the size of the existing contract base and details
of confirmed orders, as well as assumptions over key operational inputs to underpin the forecast for each revenue stream. The combined
effect of these individual assumptions on the overall growth rate assumed for each area of the business is then compared to management’s
experience of growth and the industry’s expected growth rate.
176
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�12 Goodwill and intangible assets continued
Pre-tax cash flow projections continued
For cost forecasts, the majority of which are people related, headcount changes are forecast for delivery and sales staff in order that there
are sufficient resources to support the forecasted required revenue delivery capacity as well as to deliver against sales targets, while also
factoring in payroll inflation expectations. Overhead costs are also forecast using a bottom-up process.
Forecasts go through a detailed review process and are subject to challenge at each stage of review, including by the Executive Committee.
Ultimately the forecasts are approved by the Board.
Assumptions have then been applied for expected revenue, margin growth, overheads and Adjusted EBITDA ¹ for the subsequent two years
from the end of 2025. Adjusted EBITDA ¹ is considered a proxy for operating cash flow before changes in working capital. Pre-tax cash flow
projections also include assumptions on working capital and capital expenditure requirements for each CGU.
These assumptions are based on management’s experience of growth and knowledge of the industry sectors, markets and the Group’s internal
opportunities for growth and margin enhancement. The projections beyond five years into perpetuity use an estimated long-term growth rate.
Management has taken into account the impact of Covid-19 in formulating the above assumptions, and the underlying uncertainty of Covid-19
has been reflected in the assumptions underpinning the cash flow forecasts for each CGU rather than the pre-tax discount rates used in the
impairment test.
Forecast working capital and capital expenditure included within the pre-tax cash flow projections are based on management’s expectations
of future expenditure required to support the Group and current run rate requirements.
The revenue % growth for the Assurance CGU is considered by management to be appropriate for the specific industry in which the CGU
operates. Management has considered available external market data in determining the revenue growth rates over the five year forecast period.
Long-term growth rates
To forecast growth beyond the detailed cash flows into perpetuity, a long-term average growth rate ranging between 1.5% and 2.5%
(2021: between 1.5 and 1.7%) has been used based on the specific geography of the CGU, as shown in the table below. This range
represents management’s best estimate of a long-term annual growth rate aligned to an assessment of long-term GDP growth rates.
A higher sector-specific growth rate would be a valid alternative estimate. A different set of assumptions may be more appropriate in future
years dependent on changes in the macro-economic environment. These rates are not greater than the published International Monetary
Fund average growth rates in gross domestic product for the next five year period in each relevant territory in which the CGUs operate.
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Growth rate
(%)
2022
Growth rate
(%)
2021
2.2
2.5
1.5
2.2
2.5
n/a
1.7
1.6
1.5
1.7
1.6
1.5
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
177
Financial statements�12 Goodwill and intangible assets continued
Pre-tax discount rates
Discount rates can change relatively quickly for reasons both inside and outside of management’s control. Those outside management’s
direct control or influence include changes in the Group’s Beta, changes in risk free rates of return and changes in Equity Risk Premia.
The discount rates are determined using a capital asset pricing model and reflect current market interest rates, relevant equity and size risk
premiums and the risks specific to the CGU concerned. On this basis, specific discount rates are used for each CGU in the VIU calculation,
and the rates reflect management’s assessment on the level of relative risk in each respective CGU. The table below summarises the pre-tax
discount rates used for each CGU:
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Assurance
North America Assurance
Europe Assurance
Pre-tax
discount rate
(%)
2022
Pre-tax
discount rate
(%)
2021
13.5
14.4
12.5
13.5
14.4
n/a
12.9
15.3
13.6
13.0
14.2
13.7
Sensitivity analysis
Sensitivity analysis has been performed in respect of certain scenarios where management considers a reasonably possible change in key
assumptions could occur. The outcome of applying sensitivity analysis in respect of the above inputs indicated that there is no reasonably
possible scenario in which the carrying value of goodwill would be considered impaired.
178
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�13 Property, plant and equipment
Cost
At 1 June 2020
Additions
Disposals
Movement in foreign exchange rates
At 31 May 2021
Additions
Movement in foreign exchange rates
At 31 May 2022
Depreciation
At 1 June 2020
Charge for year
Disposals
Movement in foreign exchange rates
At 31 May 2021
Charge for year
Movement in foreign exchange rates
At 31 May 2022
Net book value
At 31 May 2021
At 31 May 2022
Computer
equipment
£m
Fixtures,
fittings and
equipment
£m
Motor
vehicles
£m
Total
£m
40.8
2.7
(3.7)
(1.6)
38.2
5.2
0.4
43.8
(26.9)
(4.4)
3.5
1.1
0.1
–
–
–
0.1
–
–
0.1
(0.1)
–
–
–
19.7
1.8
(0.1)
(0.6)
20.8
3.7
0.1
24.6
(15.3)
(2.8)
0.2
0.4
(17.5)
(2.7)
–
21.0
0.9
(3.6)
(1.0)
17.3
1.5
0.3
19.1
(11.5)
(1.6)
3.3
0.7
(9.1)
(1.2)
(0.3)
(0.1)
(26.7)
–
–
(3.9)
(0.3)
(20.2)
(10.6)
(0.1)
(30.9)
3.3
4.4
8.2
8.5
–
–
11.5
12.9
The Directors have considered the impact of climate change on property, plant and equipment, with no material impact identified.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
179
Financial statements�14 Right-of-use assets
Cost
At 1 June 2020
Additions
Reclassifications from provisions
Disposals
At 31 May 2021
Additions
At 31 May 2022
Depreciation
At 1 June 2020
Charge for year
At 31 May 2021
Charge for year
Reversal of impairment
At 31 May 2022
Net book value
At 31 May 2021
At 31 May 2022
Land and
buildings
£m
Motor
vehicles
£m
32.8
3.1
(1.4)
(0.7)
33.8
1.9
35.7
(6.0)
(4.8)
(10.8)
(4.2)
0.1
(14.9)
23.0
20.8
3.0
–
–
–
3.0
1.6
4.6
(1.1)
(1.1)
(2.2)
(1.2)
–
(3.4)
0.8
1.2
Total
£m
35.8
3.1
(1.4)
(0.7)
36.8
3.5
40.3
(7.1)
(5.9)
(13.0)
(5.4)
0.1
(18.3)
23.8
22.0
The Directors have considered the impact of climate change on right-of-use assets and as the Group is moving in FY23 from a company car
scheme to a salary sacrifice scheme (leased directly by the colleague) this will result over time to a reduction in the motor vehicles right-of-
use asset and corresponding lease liabilities, as the contract lease terms end.
15 Investments
Interest in unlisted shares
Group
2022
£m
0.3
Group
2021
£m
0.3
The investment in unlisted shares relates to a 3.35% ordinary shareholding in an unlisted company acquired as part of the Accumuli
acquisition. The investment’s carrying value at acquisition date was considered appropriate to use as the fair value. The Directors consider
there has been no change in the year.
16 Inventory
Goods for resale
Group
2022
£m
0.9
Group
2021
£m
1.1
The Group holds stock of certain critical components for key customers in relation to our own product sales (as opposed to third party
products). The carrying value of inventory is expected to be recovered or settled within one year. There have been no write-downs of
inventory in the year (2021: £nil).
The Directors have considered the impact of climate change on inventory, with no material impact identified.
180
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�17 Trade and other receivables
Current
Trade receivables
Prepayments
Contract costs
Other receivables
Contract assets – accrued income
Non-current
Amounts owed by Group undertakings
Total
Disclosed as follows:
Current assets
Non-current assets
Group
2022
£m
40.6
11.8
1.1
1.2
23.0
–
77.7
77.7
–
77.7
Group
2021
£m
35.2
8.3
0.4
1.9
22.9
–
68.7
68.7
–
68.7
Company
2022
£m
Company
2021
£m
–
–
–
–
–
32.9
32.9
–
32.9
32.9
–
–
–
–
–
162.6
162.6
–
162.6
162.6
The carrying value of trade and other receivables classified at amortised cost approximates fair value.
No credit losses have been recognised in respect of amounts owed by Group undertakings (Parent Company only) in the year (2021: £nil).
Amounts owed by Group undertakings in the Parent Company Balance Sheet have been disclosed as repayable after more than one year.
Although these are repayable on demand, the disclosure as non-current is based on management’s expectation of the timing of repayment.
The ageing of trade receivables, other receivables and contract assets at the end of the reporting period was:
Group
Trade receivables:
Not past due
Past due 0–30 days
Past due 31–90 days
Past due more than 90 days
Other receivables:
Not past due
Contract assets:
Not past due
Total
Gross
2022
£m
Expected
credit losses
2022
£m
Net
2022
£m
Gross
2021
£m
Expected
credit losses
2021
£m
Net
2021
£m
28.0
7.7
4.6
3.8
44.1
(0.1)
27.9
24.3
(0.1)
24.2
–
(0.1)
(3.3)
(3.5)
7.7
4.5
0.5
6.6
3.7
2.3
40.6
36.9
(0.1)
(0.1)
(1.4)
(1.7)
6.5
3.6
0.9
35.2
1.2
–
1.2
1.9
–
1.9
23.2
68.5
(0.2)
(3.7)
23.0
64.8
23.1
61.9
(0.2)
(1.9)
22.9
60.0
The Company had no trade receivables (2021: £nil).
The standard period for credit sales varies from 30 days to 60 days. Trade receivables which are over 30 days past due are considered to
be credit impaired. The Group assesses creditworthiness of all trade debts on an ongoing basis providing for expected credit losses in line
with IFRS 9. The Group has considered credit risk rating grades; these are based on the ageing categories above. Covid-19 has not had
a material impact on the collection of trade receivables, and consequently has not materially impacted our forward-looking estimates
for expected credit losses. New customers are subject to stringent credit checks.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
181
Financial statements
�17 Trade and other receivables continued
The movement in the expected credit losses of trade and other receivables is as follows:
Balance at 1 June
On acquisition (Note 34)
(Charged)/released to the Income Statement
Balance at 31 May
Group
2022
£m
(1.7)
(1.4)
(0.4)
(3.5)
Group
2021
£m
(2.5)
–
0.8
(1.7)
18 Deferred tax assets and liabilities (Group)
Deferred tax assets and liabilities on the Consolidated Statement of Financial Position are offset in accordance with IAS 12. A summary
of this, offset with significant jurisdictions, is shown below:
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Deferred tax (liability)/asset
Analysed as follows:
Non-current assets
Non-current liabilities
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Deferred tax asset/(liability)
Analysed as follows:
Non-current assets
Non-current liabilities
UK
£m
0.3
0.2
0.3
(1.8)
0.9
(0.1)
–
(0.1)
UK
£m
0.6
0.1
0.3
(1.7)
0.7
–
–
–
–
2022
US
£m
Netherlands
£m
Denmark
£m
(0.4)
6.2
0.2
(5.2)
0.6
1.4
1.4
–
0.3
–
–
(1.8)
–
(1.5)
–
(1.5)
–
–
–
–
–
–
–
–
2021
US
£m
Netherlands
£m
Denmark
£m
–
4.5
0.2
(3.9)
0.7
–
1.5
1.5
–
0.3
0.2
–
(1.9)
0.2
–
(1.2)
–
(1.2)
–
–
–
–
–
0.5
0.5
0.5
–
Total
£m
0.2
6.4
0.5
(8.8)
1.5
(0.2)
1.4
(1.6)
Total
£m
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
2.0
(1.2)
182
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022
�18 Deferred tax assets and liabilities (Group) continued
Movement in deferred tax during the year:
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
1 June
2021
£m
Recognised
in income
£m
Exchange
differences
£m
Recognised
in equity
£m
Acquisition
£m
31 May
2022
£m
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
(0.5)
0.9
–
(0.3)
0.2
(0.5)
(0.2)
(0.2)
0.7
–
(0.3)
0.1
–
0.3
–
–
–
–
(0.4)
–
(0.4)
–
–
–
(0.7)
–
–
(0.7)
1 June
2020
£m
Recognised
in income
£m
Exchange
differences
£m
Recognised
in equity
£m
Acquisition
£m
0.9
6.1
0.5
(9.0)
0.5
0.4
(0.6)
–
(0.8)
–
0.8
0.9
0.1
1.0
–
(0.5)
–
0.7
(0.1)
–
0.1
–
–
–
–
0.3
–
0.3
–
–
–
–
–
–
–
0.2
6.4
0.5
(8.8)
1.5
–
(0.2)
31 May
2021
£m
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
In the year ended 31 May 2022, the Group has recognised no deferred tax asset in relation to tax losses. In 2021, the Group recognised
a deferred tax asset in relation to tax losses of £0.5m as management considered it probable that future taxable profits would be available
against which it could be utilised. The Group has not recognised a deferred tax asset on £35.7m (2021: £25.6m) of tax losses carried
forward in the United Kingdom (£27.5m), Denmark (£4.1m), Australia (£3.6m) and North America (£0.5m) due to current uncertainties
over their future recoverability (and in the case of United Kingdom/North America because of specific legislative restrictions). A deferred
tax asset of £0.5m (2021: £1.0m) in respect of R&D tax claims submitted in North America has been partially provided against due
to uncertainty with regard to recoverability; an amount of £0.3m has been provided (2021: £0.6m).
No deferred tax liability is recognised on temporary differences of £0.4m (2021: £0.2m) relating to the unremitted earnings of overseas
subsidiaries as the Group is able to control the timing of the reversal of these temporary differences and it is probable that they will not
reverse in the foreseeable future.
19 Trade and other payables
Trade payables
Non-trade payables
Accruals
Amounts owed to Group companies
Total
Group
2022
£m
8.7
11.4
28.2
–
48.3
Group
2021
£m
3.3
7.9
34.0
–
45.2
Company
2022
£m
Company
2021
£m
–
–
–
18.2
18.2
–
–
–
13.5
13.5
The carrying value of trade and other payables classified as financial liabilities measured at amortised cost approximates fair value.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
183
Financial statements�20 Lease liabilities
At 1 June 2020
Additions
Disposals
Lease payments
Interest expense
At 1 June 2021
Additions
Lease payments
Interest expense
At 31 May 2022
Analysed as follows:
Current
Non-current
The maturity of lease liabilities is as follows:
Less than one year
Two to five years
More than five years
Total lease liabilities
Land and
buildings
£m
36.0
1.3
(0.9)
(5.9)
1.1
31.6
1.9
(5.4)
1.0
29.1
Motor
vehicles
£m
2.2
1.8
–
(1.3)
0.1
2.8
1.6
(1.1)
0.2
3.5
2022
£m
5.4
27.2
2022
£m
5.4
16.5
10.7
32.6
Total
£m
38.2
3.1
(0.9)
(7.2)
1.2
34.4
3.5
(6.5)
1.2
32.6
2021
£m
5.1
29.3
2021
£m
5.1
15.8
13.5
34.4
The total cash outflow for leases in the year was £6.6m (2021: £7.3m), which consists of £6.5m (2021: £7.2m) lease payments disclosed
above and £0.1m (2021: £0.1m) lease payments charged to the Income Statement in respect of short-term leases.
The Group has used its incremental borrowing rate of 3.3% (2021: 3.3%) as the discount rate for the calculation of the lease liabilities.
Some leases contain break clauses or extension options to provide operational flexibility. Potential future undiscounted lease payments
not included in the reasonably certain lease term, and hence not included in lease liabilities, total £4.0m (2021: £4.0m).
The Directors have considered the impact of climate change on lease liabilities and as the Group is moving in FY23 from a company
car scheme to a salary sacrifice scheme (leased directly by the colleague) this will result over time to a reduction in the motor vehicles
right-of-use asset and corresponding lease liabilities, as the contract lease terms end.
184
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�21 Provisions
Balance as at 31 May 2020 and 1 June 2020
Reclassification to right-of-use assets
Reclassification
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2021 and 1 June 2021
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2022
Analysed as follows (2022):
Current
Non-current
Analysed as follows (2021):
Current
Non-current
Loss-making
contracts
£m
Onerous
property costs
£m
Other
provisions
£m
0.2
–
1.7
1.9
(2.7)
1.1
1.9
(1.2)
1.8
1.5
0.3
1.1
–
2.9
(1.4)
–
1.0
(0.8)
1.7
–
(0.7)
1.0
0.5
0.5
1.1
0.6
0.6
–
–
–
(0.4)
0.2
0.6
(0.1)
0.7
0.7
–
0.2
–
Total
£m
3.7
(1.4)
1.7
2.9
(3.9)
3.0
2.5
(2.0)
3.5
2.7
0.8
2.4
0.6
The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply contracts
that are now expected to be fully completed in the 2023 calendar year mainly due to supply chain sourcing. It was expected in the prior year
that these contracts would have been completed in 2022. During the year, revenue has been recognised in relation to these long-term
contracts of £2.3m (2021: £1.8m).
The onerous property costs provision relates to unused floors in the Manchester head office building. The provision of £1.0m (2021: £1.7m)
at 31 May 2022 includes £0.4m (2021: £1.2m) of non-rent costs relating to the onerous properties including service charges and insurance
and also the estimated costs of disposing or terminating these leases, which includes rent incentives, renovation costs and letting fees. The
provision at 31 May 2022 also includes estimated dilapidations liabilities of £0.6m (2021: £0.5m) relating to the Group’s leased premises.
Both of these provisions are expected to unwind over the period of the relevant leases (2022–2034).
Other provisions of £0.7m (2021: £0.2m) include reorganisation and CEO transition costs to which the Group was committed at 31 May 2022
and are expected to be settled within the next financial year.
22 Contract liabilities – deferred revenue
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred revenue
is analysed as follows and is considered a contract liability:
Analysed as follows:
Current
Non-current
Group
2022
£m
61.7
0.6
62.3
Group
2021
£m
43.6
0.7
44.3
Revenue recognised in the year ended 31 May 2022 that was included in the contract liability at 1 June 2021 amounted to £43.6m (2021: £39.5m).
The Group has taken advantage of the IFRS 15 practical expedient not to disclose when revenue will unwind for all contracts less than 12 months
in length. The increase in deferred revenue in the year is due to the growth of the Assurance division and the acquisition of IPM.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
185
Financial statements
�23 Contract balances
The following table provides information about receivables, contract assets and contract liabilities from contracts with customers.
Receivables, which are included in trade and other receivables
Contract assets – accrued income
Contract costs – costs to obtain
Contract liabilities – deferred income
Group
2022
£m
40.6
23.0
1.1
(62.3)
Group
2021
£m
35.2
22.9
0.4
(44.3)
Notes
17
17
17
22
Receivables represent invoiced services usually payable within 30 days whereby performance obligations have been satisfied.
Accrued income of £23m (of which £20.3m (2021: £21.3m) represents Assurance accrued income) is the Group’s rights to consideration
for work completed but not billed at the reporting date. Remaining balances are transferred to receivables when the rights become
unconditional. Credit losses of £nil (2021: £0.1m) have been recognised in respect of contract assets.
The contract assets were not impacted by any impairment charge. The contract assets are transferred to receivables when the rights become
unconditional. This usually occurs when the Group issues an invoice to the customer. Invoices usually become payable within 30 days.
The contract costs to obtain of £1.1m (2021: £0.4m) represent incremental sales commissions to obtain specific contracts.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the customer
in relation to a long-term onerous contract.
Contract liabilities primarily relate to advanced consideration received from customers, for which revenue is recognised over time in line
with the respective performance obligation.
No information is provided about remaining performance obligations at 31 May 2022 or at 31 May 2021 that have an original expected
duration of one year or less, as allowed by IFRS 15.
24 Cash and cash equivalents and borrowings
Cash and cash equivalents
Cash and cash equivalents comprise:
Cash at bank and in hand
Borrowings are analysed as follows:
Current liabilities:
Bank term loan
Non-current liabilities:
Revolving credit facility
Bank term loan
Total borrowings
The maturity profile is as follows:
Less than one year
Two to five years
Total borrowings
Group
2022
£m
73.2
Group
2022
£m
Group
2021
£m
Company
2022
£m
Company
2021
£m
116.5
20.2
0.6
Group
2021
£m
Company
2022
£m
Company
2021
£m
Maturity
2024
18.5
–
2024
70.5
36.6
125.6
Group
2022
£m
18.5
107.1
125.6
33.2
–
33.2
Group
2021
£m
–
33.2
33.2
–
–
–
–
–
–
–
–
Company
2022
£m
Company
2021
£m
–
–
–
–
–
–
186
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022
�24 Cash and cash equivalents and borrowings continued
Cash and cash equivalents continued
The Group utilises a revolving credit facility (RCF) of £100m with a five year term expiring in June 2024. The interest payable on drawn
down funds ranges from 0.9% to 2.0% above SONIA/SOFR subject to the Group’s leverage (net debt ¹ to Adjusted EBITDA ¹) ratio. The
Group can also request an additional accordion facility to increase the total size of the revolving credit facility by up to £75m. The Group is
required to comply with financial covenants for leverage (net debt ¹ to Adjusted EBITDA ¹), interest cover (Adjusted EBITDA ¹ to interest
charge) and provisions relating to guarantor coverage such that guarantors must exceed a prescribed threshold of the Group’s gross assets
and Adjusted EBITDA ¹. Covenants are tested bi-annually at 31 May and 30 November each year. Arrangement fees incurred of £1.0m are
being amortised over the term with £0.4m unamortised as at 31 May 2022 (2021: £0.6m). Since the new facility is on broadly similar pricing
terms to the previous facility, the refinancing has been accounted for as a non-substantial modification with no gain or loss arising on
modification.
On 12 May 2021, the Group entered into a new Term Loan Facility Agreement. The facility made available under the Facility Agreement
(the “Term Facility”) is a $70m amortising term loan facility, to fund the acquisition of the IPM Software Resilience business. The rate of
interest on each loan under the Term Facility is the percentage rate per annum, which is equal to the aggregate of a compounded rate
based on the secured overnight financing rate (SOFR) administered by the Federal Reserve Bank of New York and the margin (based
on a leverage ratchet varying from 1.40% to 2.65% per annum). The Term Facility is repaid in annual instalments of $23.3m on each of
10 June 2022 and 10 June 2023, with a final instalment of $23.4m payable on 10 June 2024. Arrangement fees incurred of £0.6m will
be amortised over the term with £0.4m unamortised as at 31 May 2022 (2021: £nil). The Term Facility Agreement also contains financial
covenants relating to leverage and interest cover and provisions relating to guarantor coverage consistent with the RCF.
The RCF is drawn in short to medium-term tranches of debt that are repayable within 12 months of draw-down. These tranches of debt can
be rolled over provided certain conditions are met, including compliance with all loan terms. The Group considers that it is highly unlikely it
would not be in compliance and therefore be unable to exercise its right to roll over the debt. The Directors therefore believe that the Group
has the ability and the intent to roll over the drawn RCF amounts when due and consequently has presented the RCF as a non-current
liability.
As at 31 May 2022, the Group had committed bank facilities of £155.1m (2021: £149.3m), of which £126.4m (2021: £33.8m) had been
drawn under these facilities, leaving £28.7m (2021: £115.5m) of undrawn facilities. Unamortised arrangement fees of £0.8m (2021: £0.6m)
have been offset against the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2022 of £125.6m (2021: £33.2m).
The fair value of borrowings is not materially different to its amortised cost.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
25 Financial instruments
Loans and borrowings
Non-current
Variable rate:
Revolving credit facility
Bank term loan
Current
Variable rate:
Bank term loan
Total loans and borrowings (excluding lease liabilities)
Cash
Net (debt)/cash (excluding lease liabilities) 1
Non-current
Lease liabilities
Current
Lease liabilities
Net (debt)/cash 1
Group
2022
£m
Group
2021
£m
Company
2022
£m
Company
2021
£m
(70.5)
(36.6)
(33.2)
–
(107.1)
(33.2)
(18.5)
–
(125.6)
(33.2)
73.2
(52.4)
116.5
83.3
(27.2)
(29.3)
(5.4)
(85.0)
(5.1)
48.9
–
–
–
–
–
20.2
20.2
–
–
–
–
–
–
–
0.6
0.6
–
–
20.2
0.6
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
187
Financial statements
�25 Financial instruments continued
Reconciliation of movements in liabilities to cash flows arising from financing activities
Group
Revolving credit facility/bank term loan:
Drawdown on facility
Repayment of facility
Transaction costs
Interest costs (non-cash)
Interest paid on borrowings
Release of deferred arrangement fees
Foreign exchange movement
Movement in borrowings
IFRS 16 lease liability:
New leases entered into
Leases terminated
Principal element of lease payments
Interest element of lease payments
Interest cost (non-cash)
Movement in lease liabilities
2022
£m
2021
£m
120.7
(39.4)
(0.6)
2.1
(2.1)
0.4
11.3
92.4
3.5
–
(5.3)
(1.2)
1.2
(1.8)
12.0
(72.4)
–
1.1
(1.1)
0.2
(5.8)
(66.0)
3.1
(0.9)
(6.0)
(1.2)
1.2
(3.8)
Financial risk management
The Group has exposure to the following risks from its use of financial instruments:
• Credit risk
• Liquidity risk
• Currency risk
• Interest rate risk
The Board has overall responsibility for establishing appropriate management of exposure to risk. The Audit Committee oversees
how management identifies and addresses risks to the Group.
Capital management
The Board’s policy is to maintain a strong capital base so as to maintain investor, creditor and market confidence and to sustain future
development of the business.
The Group monitors capital on the basis of the gearing ratio. This ratio is calculated as net (debt)/cash 1 divided by total capital. Net (debt)/
cash 1 is calculated as total borrowings as shown in the Consolidated Balance Sheet, less cash and cash equivalents. Total capital is
calculated as equity, as shown in the Consolidated Balance Sheet, plus net debt 1. As at 31 May 2022 the Group’s gearing ratio was 15.5%
(2021: (45.5)%).
Financial instruments policy
All instruments utilised by the Company and Group are for financing purposes. The financial management and treasury activities of the
Group are controlled centrally for all operations with local finance teams responsible for day-to-day banking activities.
Fair value of financial instruments
As at 31 May 2022 the Group and Company had no other financial instruments other than those disclosed below. In addition, no embedded
derivatives have been identified. There have been no transfers between levels in the year.
The following table presents the Group’s financial assets and liabilities that are measured at fair value by level of fair value hierarchy:
• Quoted prices (unadjusted) in active markets for identical assets or liabilities (level 1)
• Inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (that is, as prices)
or indirectly (that is, derived from prices) (level 2)
• Inputs for the asset or liability that are not based on observable market data (unobservable inputs) (level 3)
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
188
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�25 Financial instruments continued
Fair value of financial instruments continued
Borrowings are held at amortised cost, which is considered to equate to fair value. All other assets and liabilities are held at either fair value
or their carrying value, which approximates to fair value.
Financial (assets)/liabilities at fair value through profit or loss
Derivative financial instruments – cash flow hedge
Total financial instruments
Level 1
£m
2022
Level 2
£m
–
–
–
(0.2)
–
(0.2)
Level 3
£m
Level 1
£m
–
–
–
–
–
–
2021
Level 2
£m
0.3
(0.8)
(0.5)
Level 3
£m
–
–
–
Credit risk
Credit risk is the risk of financial loss to the Group if a customer or counterparty to a financial instrument fails to meet its contractual
obligations and arises principally from the Group’s receivables from customers. The Group’s exposure to credit risk is influenced mainly
by the individual characteristics of each customer.
Exposure to credit risk
The carrying value of financial assets represents the maximum credit exposure. The maximum exposure to credit risk at the reporting date was:
Trade receivables
Other receivables
Accrued income
Cash and cash equivalents
Total
Group
2022
£m
40.6
1.2
23.0
73.2
138.0
Group
2021
£m
35.2
1.9
22.9
116.5
176.5
Company
2022
£m
Company
2021
£m
–
–
–
20.2
20.2
–
–
–
0.6
0.6
The maximum exposure to credit risk for trade receivables and other receivables at the reporting date by geographic region was:
Debtors by geographical segment
UK and APAC
North America
Europe
Total
The maximum exposure to credit risk at the reporting date by business segment was:
Debtors by business segment
Assurance
Software Resilience
Total
Group
2022
£m
15.2
14.3
12.4
41.9
Group
2022
£m
35.4
6.5
41.9
Group
2021
£m
17.0
11.0
9.1
37.1
Group
2021
£m
30.0
7.1
37.1
Company
2022
£m
Company
2021
£m
–
–
–
–
–
–
–
–
Company
2022
£m
Company
2021
£m
–
–
–
–
–
–
The trade receivables of the Group typically comprise many amounts due from a large number of customers and represent a spread
of industry sectors. The largest amount due from a single customer at the reporting date represented 4.4% (2021: 3.9%) of total Group
receivables. All of the Group’s cash is held with financial institutions of high credit rating.
The provisions in respect of trade receivables are used to record expected credit losses. The Group has dedicated credit control teams,
which regularly review customer debt balances to assess the risk of recovery.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
189
Financial statements�25 Financial instruments continued
Liquidity risk
Liquidity risk is the risk that the Group will not be able to meet its financial obligations as they fall due. The Group manages and minimises
liquidity risk by using global cash management solutions and actively monitoring both actual and projected cash outflows to ensure that
it will have sufficient liquidity to meet its liabilities when due and have headroom to provide against unforeseen obligations.
In response to Covid-19, the Group has undertaken regular detailed reviews of both the potential short-term effects of the pandemic on
working capital and the longer-term forecast liquidity position. Cash collections have remained strong. The Ukraine conflict is not considered
to have a direct material impact on liquidity risk in the short term due to Group having limited direct exposure in the affected region. Longer
term, the Group has assessed its liquidity forecast as part of the viability assessment and its ability to continue trading as a going concern.
For further detail on the Group’s assessment of liquidity risk refer to the Viability Statement on page 72.
The following are the contractual maturities of financial liabilities, including interest payments, of the Group:
At 31 May 2022
Borrowings
Lease liabilities
Trade and other payables
At 31 May 2021
Borrowings
Lease liabilities
Trade and other payables
Carrying
amount
£m
Contractual
cash flows
£m
(125.6)
(110.7)
(32.6)
(48.3)
(36.4)
(48.3)
(33.2)
(34.4)
(45.2)
(34.7)
(39.6)
(45.2)
<1 year
£m
(19.7)
(6.5)
(48.3)
(0.3)
(6.3)
(45.2)
1–2
years
£m
(19.7)
(5.5)
–
(0.3)
(5.7)
–
2+
years
£m
(71.3)
(13.4)
–
(34.1)
(12.8)
–
5+
years
£m
–
(11.0)
–
–
(14.8)
–
The contractual cash flows for borrowings disclosed above relate to the Group’s RCF facility, which terminates in June 2024, and new
Term Loan Facility Agreement. The contractual cash flows include an estimate of the interest payable based on the assumption that the
borrowings remain drawn based upon 31 May 2022 levels, except that the term loan is repayable over its term. Interest is calculated based
on SONIA/SOFR plus a margin based on the current leverage ratio.
Currency risk
The Group is exposed to currency risk on sales, purchases, cash and borrowings that are denominated in a currency other than the
respective functional and presentational currency of the Group. The Group’s management reviews the size and probable timing of settlement
of all financial assets and liabilities denominated in foreign currencies. The Group’s exposure to currency risk is as follows:
Trade receivables
Other receivables
Cash and cash
equivalents
Borrowings
Lease liabilities
Trade and other payables
Total
Sterling
£m
12.9
0.5
26.4
(26.2)
(21.4)
(28.1)
(35.9)
2022
USD
£m
15.9
0.6
42.4
(99.4)
(7.3)
(8.9)
EUR
£m
11.7
–
2.4
–
(2.0)
(9.0)
3.1
(56.7)
Other
£m
0.1
0.1
2.0
–
(1.9)
(2.3)
(2.0)
Total
£m
40.6
1.2
73.2
(125.6)
(32.6)
(48.3)
(91.5)
Sterling
£m
14.8
0.8
85.0
(30.4)
(21.5)
(27.3)
EUR
£m
9.1
–
16.1
–
(2.1)
(7.6)
21.4
15.5
2021
USD
£m
10.4
0.6
7.3
(2.8)
(8.6)
(6.9)
–
Other
£m
0.9
0.5
8.1
–
(2.2)
(3.4)
3.9
Total
£m
35.2
1.9
116.5
(33.2)
(34.4)
(45.2)
40.8
A change in exchange rate of 10% would have an impact of £19.0m (2021: £15.2m) on revenue, £4.2m (2021: £2.7m) on operating profit,
£43.6m (2021: £8.1m) on net assets and £9.9m (2021: £0.3m) on borrowings.
The Group’s risk management policy is to hedge foreign currency exposure in respect of significant material transactions that may arise from
time to time. At 31 May 2021, the Group had entered into one cash flow hedge in respect of funds to be used as part of the acquisition
of the IPM Software Resilience business. No such hedges were in place at 31 May 2022. The Group uses forward exchange contracts
to hedge its currency risk, which are short term in nature to match the maturity of the hedged item. These contracts are generally
designated as cash flow hedges.
The Group designates the spot element of forward foreign exchange contracts to hedge its currency risk and applies a hedge ratio of 1:1.
The forward elements of forward exchange contracts are excluded from the designation of the hedging instrument and are separately
accounted for as a cost of hedging, which is recognised in equity in a cost of hedging reserve. The Group’s policy is for the critical terms
of the forward exchange contracts to align with the hedged item.
The Group determines the existence of an economic relationship between the hedging instrument and hedged item based on the currency,
amount and timing of their respective cash flows. Given the short-term nature of these hedges there is limited risk of ineffectiveness.
190
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�25 Financial instruments continued
Currency risk continued
At 31 May 2022, the Group held the following instruments to hedge exposures to changes in foreign currency rates, all of which were due
to mature within one month of the Balance Sheet date.
Forward exchange contracts
Net exposure (£m)
Average GBP:USD forward contract rate
2022
£m
–
2021
£m
70.7
– 1.402205
Interest rate risk
The Group and Company finance their operations through a combination of retained profits and bank borrowings. The Group borrows and
invests surplus cash at floating rates of interest based upon bank base rate. The cash and cash equivalents of the Group and Company at
the end of the financial year were as follows:
Group
Sterling denominated financial assets
Euro denominated financial assets
US Dollar denominated financial assets
Other denominated financial assets
Total
The financial assets and liabilities of the Company at the end of the financial year were as follows:
Company
Financial assets
Sterling denominated financial assets
Amounts owed by Group undertakings
Total
Financial liabilities
Amounts owed to Group undertakings
Total
2022
£m
26.4
2.4
42.4
2.0
73.2
2022
£m
20.2
32.9
53.1
18.2
18.2
2021
£m
85.0
16.1
7.3
8.1
116.5
2021
£m
0.6
162.6
163.2
13.5
13.5
A change of 100 basis points in interest rates would result in a difference in annual pre-tax profit of £1.3m (2021: £0.3m).
The financial liabilities of the Group and their maturity profile are as follows:
Less than one year
Two to five years
More than five years
Sterling
£m
(30.7)
(35.8)
(9.9)
2022
USD
£m
(28.9)
(85.2)
(0.8)
EUR
£m
(9.9)
(1.1)
–
Other
£m
(2.7)
(1.5)
–
Total
£m
(72.2)
(123.6)
(10.7)
Total
(76.4)
(11.0)
(114.9)
(4.2)
(206.5)
Sterling
£m
(29.5)
(39.8)
(10.0)
(79.3)
2021
USD
£m
(8.3)
(8.4)
(1.6)
EUR
£m
(8.4)
(1.2)
–
Other
£m
(4.1)
(1.5)
–
Total
£m
(50.3)
(50.9)
(11.6)
(9.6)
(18.3)
(5.6)
(112.8)
Climate change
The Directors have considered the impact of climate change on fair value measurement and financial instruments, with no material
impact identified.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
191
Financial statements
�26 Share-based payments
The Company has a number of share option schemes under which options to subscribe for the Company’s shares have been granted to
Directors and colleagues, details of which are illustrated in the tables below. Expected term of options represents the period over which the
fair value calculations are based. The share-based payment charge for the year was £3.9m (2021: £2.8m) of which £3.4m (2021: £2.3m)
related to equity settled payments and £0.5m (2021: £0.5m) to cash settled payments. The share-based payments charge increased during
the year due to the introduction of new schemes in the year with a higher fair value than historical schemes that have reached maturity in the
current year.
Company Share Option (CSOP) scheme – equity settled
Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than 10% per
annum. Options granted in September 2019 do not have any performance criteria.
Date of grant
July 2012
August 2018
August 2018
September 2019
Expected term
of options
Exercisable
between
7 years
7 years
7 years
7 years
July 2015–July 2022
August 2021–August 2028
August 2021–August 2028
September 2022–September 2029
Exercise
price
£1.36
£2.20
£2.20
£1.79
2022
Number
outstanding
–
–
–
324,001
Sharesave schemes – equity settled
The Company operates sharesave schemes, which are available to all colleagues based in the UK, the Netherlands, Denmark, Spain and
Australia, and full-time Executive Directors of the Company and its subsidiaries who have worked for a qualifying period.
Date of grant
August 2017
March 2018
August 2018
March 2019
March 2020
March 2020
May 2021
May 2021
May 2022
May 2022
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
October 2020–March 2021
May 2021–October 2021
October 2021–March 2022
May 2022–October 2022
May 2023–October 2023
May 2023–October 2023
July 2023–December 2023
July 2023–December 2023
May 2025–November 2025
May 2023–November 2025
Exercise
price
£1.56
£1.58
£1.75
£0.99
£1.84
£1.84
£2.15
£2.15
£1.52
2022
Number
outstanding
–
–
3,493
106,040
456,752
233,482
135,518
554,050
457,772
£1.52 1,767,606
Colleague stock purchase plan – equity settled
The Company operates a stock purchase plan, which is available to all US-based colleagues who have worked for a qualifying period.
All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at year end.
Date of grant
May 2021
May 2022
Expected term
of options
Exercisable
in
1 year
1 year
May 2022
May 2023
Exercise
price
£2.15
£1.58
2022
Number
outstanding
–
506,218
Incentive Stock Option (ISO) scheme – equity settled
Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the three
years following their grant is greater than 10% per annum.
Date of grant
August 2018
September 2019
Expected term
of options
Exercisable
between
7 years
7 years
August 2021–August 2028
September 2022–September 2029
Exercise
price
£2.22
£1.82
2022
Number
outstanding
–
60,434
192
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�26 Share-based payments continued
Long Term Investment Plan (LTIP) schemes – equity settled
Options granted on or after November 2017 to May 2021 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than 70% per annum
on average. If cash conversion ¹ is greater than or equal to 80% per annum, then 100% of the award element will vest. If, however, cash conversion is
less than 70% per annum, none of the award element will vest. Between these two points, vesting is determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment trusts). If the
Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the award element will vest. If the TSR is within
the upper quartile or above, 100% of the award element will vest; between the median and upper quartile, vesting is determined on a straight-line basis.
Options granted in November 2021 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 22.5% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 15% of the award will vest. If, however, growth is less than 9% per annum, none of the award element
will vest. Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum, then 100% of the award element will vest.
If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points, vesting is
determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment
trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the award element will
vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median and upper quartile, vesting
is determined on a straight-line basis.
Date of grant
August 2018
September 2019
March 2020
May 2021
November 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
3 years
June 2021–August 2022
June 2022–August 2023
June 2022–August 2024
June 2023–August 2025
June 2024–August 2026
Exercise
price
2022
Number
outstanding
£nil *
9,502
£nil 1,092,631
£nil
£nil
194,116
682,427
£nil 1,225,045
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise. Options exercised after 31 May 2022.
Restricted State Unit (RSU) schemes – equity settled
Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than 70%
per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum, then 100% of the award element will vest. If,
however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points, vesting is determined
on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment
trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the award element will
vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median and upper quartile, vesting
is determined on a straight-line basis.
The options are to be settled in equity.
Date of grant
August 2018
September 2019
May 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
June 2021–August 2021
June 2022–August 2022
June 2023–August 2023
Exercise
price
£0.01
£0.01
£0.01
2022
Number
outstanding
–
610,157
138,554
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
193
Financial statements�26 Share-based payments continued
Restricted Share Plan (RSP) – equity settled
The vesting condition for the award of RSPs relates to colleagues remaining with the Group for a certain period of time, namely two years
to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.
Date of grant
May 2021
Expected term
of options
2/3 years
November 2021
2/3 years
Deferred share scheme – equity settled
Date of grant
September 2019
May 2021
October 2021
Exercisable
between
Exercise
price
2022
Number
outstanding
50% exercisable August 2022 to August 2031,
50% exercisable August 2023 to August 2031
£nil (£0.01 in the US
and Canada) 1,183,482
50% exercisable October 2023 to August 2032,
50% exercisable October 2024 to August 2032
£nil (£0.01 in the US
and Canada) 1,550,930
Expected term
of options
Exercisable
between
2 years
2 years
2 years
June 2021–August 2029
August 2022–April 2031
October 2023–October 2031
Exercise
price
2022
Number
outstanding
£nil
£nil
£nil
–
18,937
91,616
Phantom schemes – cash settled
Phantom schemes are used to allow the grant of LTIPs to members of the Executive Committee based in certain overseas locations at a time
when the Group’s option scheme rules were not structured to allow overseas grants. The vesting conditions for the award of the phantom
schemes, related to options granted in August 2016, relate to growth in the Group’s EPS over the performance period. If growth is equal
to 25% or more per annum, then 100% of the award will vest. If, however, growth is less than 10% per annum, none of the award will vest.
Between these two points, vesting is determined on a straight-line basis.
Options granted in October 2017 and November 2017 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio ¹ expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum, then 100% of the award element will vest.
If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points, vesting is
determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding investment
trusts). If the Group’s TSR is consistent with the median group 20% of the award will vest; below this level, none of the award element will
vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median and upper quartile, vesting
is determined on a straight-line basis.
Options granted in September 2019 do not have any performance criteria.
Date of grant
October 2017
November 2017
September 2019
Expected term
of options
Exercisable
between
3 years
3 years
3 years
June 2020–October 2021
June 2020–November 2021
September 2022–September 2023
Exercise
price
2022
Number
outstanding
£nil *
£nil *
£nil
–
–
27,931
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise.
194
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�ISO scheme
LTIP scheme
RSU scheme
RSP scheme
26 Share-based payments continued
Measurement of fair values
The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date of grant.
The fair value is spread over the period during which the colleague becomes unconditionally entitled to the award, adjusted to reflect actual
and expected levels of vesting.
The assumptions used in the models are illustrated in the table below:
Grant date
Fair value at
measurement date
Exercise price
CSOP scheme
September 2019
£0.55
£1.79
Expected
volatility
42.2%
Option
expected term
Risk free
interest rate
7 years
0.35%
Sharesave scheme
August 2018–May 2022
£0.70–£0.86 £0.99–£2.15
39.7–53.2%
3 years
0.50–2.20%
ESPP scheme
February 2020–May 2022
£0.55–£0.68 £1.58–£2.30
37.60%
1 year
0.50%
August 2018–September 2019
£0.54–£0.65
£1.82
40.7–48.4%
7 years
0.38–1.50%
August 2018–November 2021
£1.61–£2.87
£nil * 37.4–51.5%
3 years
0.21–2.00%
August 2018–November 2021
£1.60–£2.87
£nil *–£0.01
47.6–51.5%
3 years
0.32–2.00%
May–November 2021
£2.36–£2.85
Deferred shares
September 2019–October 2021
£1.84–£2.91
£nil
£nil
N/A
10 years
N/A
40.4–55.0%
2 years
0.35–1.50%
Phantom schemes
October 2017–November 2021
£1.84–£2.75
£nil 31.0–47.6%
3 years
1.81–1.96%
* The option exercise price is £nil; however, £1 is payable on each occasion of exercise for the August 2018 scheme only.
The expected volatility has been based on an evaluation of the historical volatility of the Company’s share price, particularly over the historical
period commensurate with the expected term. The expected term of the instruments has been based on historical experience and general
option holder behaviour. For the options granted in the year ended 31 May 2022, dividend yield assumed at the time of option grant is 1.75%
(2021: 2.5%).
Reconciliation of outstanding share options
The options outstanding at 31 May 2022 have an exercise price in the range of £nil to £2.15 (2021: £nil to £2.15) and a weighted average
contractual life of three years (2021: three years).
The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share awards
during the year:
Outstanding at 1 June
Granted during the year
Exercised during the year
Forfeited in the year
Outstanding at 31 May
Exercisable at end of year
Scheme
CSOP schemes
Sharesave/SAYE schemes
ESPP schemes
ISO schemes
LTIP schemes
RSU schemes
RSP scheme
Deferred shares
Phantom schemes
2022
No (’000)
9,494
5,605
(1,028)
(2,640)
11,431
119
2022
WAEP
£0.79
£0.75
£0.89
£1.39
£0.68
£1.00
2021
No (’000)
8,995
3,537
(1,821)
(1,217)
9,494
363
2021
WAEP
£0.83
£0.91
£0.88
£0.59
£0.79
£1.13
Number of
instruments
as at
1 June 2021
490,093
Instruments
granted during
the year
Options
exercised in
the year
Forfeitures
in the year
Number of
instruments
as at
31 May 2022
–
(58,812)
(107,280)
324,001
2,898,920
2,230,709
(486,847)
(928,069) 3,714,713
689,315
506,218
74,944
–
–
–
(689,315)
506,218
(14,510)
60,434
2,866,326
1,225,045
(337,276)
(550,374) 3,203,721
1,005,520
–
(83,188)
(173,621)
748,711
1,200,000
1,550,929
–
(16,518) 2,734,411
80,631
188,345
91,616
(61,694)
–
110,553
–
–
(160,414)
27,931
9,494,094
5,604,517 (1,027,817)
(2,640,101) 11,430,693
The liability for the cash settled share-based payments at 31 May 2022 was £0.1m (2021: £0.5m).
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
195
Financial statements�27 Called up share capital and reserves
Allotted, called up and fully paid
Ordinary shares of 1p each at the beginning of the year
Ordinary shares of 1p each issued in the year
Ordinary shares of 1p each at the end of the year
2022
Number
of shares
2021
Number
of shares
308,956,045 278,909,171
1,011,198
30,046,874
309,967,243 308,956,045
2022
£m
3.1
–
3.1
2021
£m
2.8
0.3
3.1
During the year, 1,011,198 (2021: 2,140,474) new ordinary shares of 1p were issued as a result of the exercise of share options.
The proceeds of £0.8m (2021: £2.4m) were credited to the share premium account.
During the prior year, 27,906,400 new ordinary shares of 1p were issued as part of funding the acquisition of the IPM Software Resilience
business. Of the gross proceeds of £72.6m, £72.3m were credited to the share premium account net of issue costs of £2.4m. See Note 34
for further details.
As at 31 May 2022, no shares were held in treasury (2021: nil).
Share premium
The share premium account records the difference between the nominal amount of shares issued and the fair value of the consideration
received. The share premium account may be used for certain purposes specified by UK law, including to write off expenses incurred on any
issue of shares and to pay fully paid bonus shares. The share premium account is not distributable but may be reduced by special resolution
of the Company’s ordinary shareholders and with court approval.
Hedging reserve
The hedging reserve comprises the effective portion of the cumulative net change in the fair value of hedging instruments used in cash flow
hedges pending subsequent recognition in profit or loss or directly included in the initial cost or other carrying amount of a non-financial
asset or non-financial liability. The reserve is £nil at 31 May 2022 as the hedging instrument has now expired.
Merger reserve
The merger reserve arose in 2015 from the acquisition of Accumuli plc through a share-for-share exchange in part consideration for the business.
Currency translation reserve
The results of overseas operations are translated at the average foreign exchange rates for the year, and their balance sheets are translated
at the rates prevailing at the Balance Sheet date. Exchange differences arising on the translation of opening net assets and results of
overseas operations are recognised in the currency translation reserve. All other exchange differences are included in the Income Statement.
Retained earnings
Retained earnings for the Group are made up of accumulated reserves.
For the Company, retained earnings are made up of accumulated reserves and are considered distributable reserves.
28 Profit attributable to members of the Parent Company
The profit for the year dealt with in the accounts of the Parent Company was £20.0m (2021: £25.0m).
196
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�29 Other financial commitments
Non-cancellable lease rental costs are payable as follows:
Within one year or less
2022
2021
Land and
buildings
£m
–
Other
£m
0.1
Land and
buildings
£m
–
Other
£m
–
The lease commitments disclosed above represent short-term (less than one year) leases only, for which the Group has taken the exemption
from accounting for under IFRS 16.
30 Contingencies
There are no contingent liabilities not provided for at the end of the financial year (2021: £nil). Similarly, there are no contingent assets
(2021: £nil).
31 Pension scheme
The Group operates a defined contribution pension scheme that is open to all eligible colleagues. The pension cost charge for the year
represents contributions payable by the Group to the fund and amounted to £5.1m (2021: £5.3m).
For the Company, the pension cost charge for the year represents contributions payable by the Company to the fund and amounted
to £nil (2021: £nil).
32 Related party transactions
The Group’s key management personnel comprise the Directors of the Group. Details of the remuneration paid to key management
personnel are as follows:
Group
Salary costs (including bonus)
Share-based payments
Total
There were no other related party transactions during the year.
33 Investments in subsidiary undertakings
Company
At 1 June 2020
Increase in subsidiary investment for share-based charges
Investment in subsidiary undertakings
At 31 May 2021
Increase in subsidiary investment for share-based charges
Investment in subsidiary undertakings
At 31 May 2022
2022
£m
1.8
0.4
2.2
2021
£m
1.8
0.4
2.2
Shares in
Group
undertakings
£m
78.3
2.8
70.7
151.8
3.9
121.2
276.9
On 26 May 2022, the Company acquired 121,205,727 ordinary shares of £0.01 in NCC Group Holdings Limited for a consideration of
£121,205,727 settled through intercompany.
On 26 May 2021, the Company acquired 70,700,000 ordinary shares of £0.01 in NCC Group Holdings Limited for cash consideration
of £70,700,000.
Fixed asset investments are recognised at cost.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
197
Financial statements�33 Investments in subsidiary undertakings continued
The undertakings in which the Company has a 100% interest at 31 May 2022 are as follows:
Subsidiary undertakings
Country of incorporation
Principal activity
Registered office
NCC Group Holdings Limited
England and Wales
Holding company
XYZ Building, 2 Hardman Boulevard,
Spinningfields, Manchester M3 3AQ (XYZ)
NCC Group (Solutions) Limited
England and Wales
Holding company
NCC Group Corporate Limited
England and Wales
Corporate cost centre
NCC Group Finance Limited
England and Wales
Financing company
The National Computing Centre Limited
England and Wales
Dormant
NCC Group Software Resilience Limited
England and Wales
Holding company
NCC Group Software Resilience (UK) Limited England and Wales
Holding company
NCC Services Limited
England and Wales
Software Resilience
NCC Group Escrow Limited
England and Wales
Dormant
NCC Group Software Resilience (Europe) BV Netherlands
Holding company
NCC Group GmbH
Germany
Software Resilience
NCC Group Escrow Europe BV
Netherlands
Software Resilience
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
Van Heuven Goedhartlaan 13A, 1181LE
Amstelveen, the Netherlands
c/o Deloitte Legal
Rechtsanwaltsgesellschaft mbH,
Rosenheimer Platz 6, 81669, Munich,
Bavaria, Germany
Van Heuven Goedhartlaan 13A, 1181LE
Amstelveen, the Netherlands
NCC Group Escrow Europe
(Switzerland) AG
NCC Group Software Resilience
(MEA-APAC) Limited
Switzerland
Software Resilience
Ibelweg 18A, 6300 Zug, Switzerland
England and Wales
Holding company
XYZ 1
NCC Group FZ-LLC
United Arab Emirates Software Resilience
Office 30, Building 16, Dubai Internet City,
Dubai, UAE
NCC Group Cyber Security Limited
England and Wales
Holding company
NCC Group Cyber Security (UK) Limited
England and Wales
Holding company
NCC Group Security Services Limited
England and Wales
Assurance
NCC Group Audit Limited
ArmstrongAdams Limited
England and Wales
Assurance
England and Wales
Assurance
NCC Group Signify Solutions Limited
England and Wales
Assurance
NCC Group Accumuli Security Limited
England and Wales
Assurance
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
NCC Group Cyber Security (Europe) BV
Netherlands
Holding company
Fox-IT 3
NCC Group A/S
Denmark
Assurance
NCC Group UAB
Lithuania
NCC Group Security Services Espana SLU
Spain
Assurance
Assurance
2nd Floor, Svanevej 12, DK–2400
København NV, Denmark
Vilnius, Jogailos st. 9, Lithuania
Plaza Manuel Gómez Moreno, número 2,
Edificio Alfredo Mahou, planta 19ª, letra B,
28020, Madrid, Spain
198
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�33 Investments in subsidiary undertakings continued
Subsidiary undertakings
Country of incorporation
Principal activity
Registered office
Cyber Assurance Sweden AB
Sweden
Assurance
Fox-IT Holding B.V.
Netherlands
Holding company
Fox-IT Group B.V.
Fox-IT B.V.
Fox-IT Operations B.V.
Fox Crypto B.V.
Netherlands
Netherlands
Netherlands
Netherlands
Holding company
Assurance
Assurance
Assurance
NCC Group Cyber Security (APAC) Limited
England and Wales
Holding company
NCC Group Pte Limited
Singapore
Assurance
NCC Group Pty Limited
Australia
Assurance
c/o Advokatfirman Delphi, P.O. Box 1432,
111 84 Stockholm
Olof Palmestraat 6, 2616 LM Delft,
the Netherlands (Fox-IT 3)
Fox-IT 3
Fox-IT 3
Fox-IT 3
Fox-IT 3
XYZ 1
20 Collyer Quay, #19-03, Singapore
(049319)
Suite 23.01, Level 23, 45 Clarence Street
Sydney, NSW 2000
Level 18, Yesibu Garden Place Tower,
4-20-3 Ebisu Shibuya-Ku, Tokyo
650 California Street, Suite 2950,
San Francisco, CA 94108, USA
(North America HQ 2)
Assurance
Holding company
Software Resilience and
central/head office costs
North America HQ 2
Holding company
North America HQ 2
Assurance
Domain services
Domain services
Assurance
North America HQ 2
North America HQ 2
North America HQ 2
2800 Park Place, 666 Burrard Street,
Vancouver, BC V6C 2Z7, Canada
NCC Group Japan KK
NCC Group (Americas) Inc.
NCC Group, LLC
NCC Group Cyber Security (Americas), LLC
NCC Group Security Services, Inc.
NCC Group Secure Registrar, Inc.
NCC Group Domain Services, Inc.
Japan
USA
USA
USA
USA
USA
USA
NCC Group Security Services Corporation
Canada
Payment Software Company, Inc.
USA
Assurance
North America HQ 2
Payment Software Company Limited
England and Wales
Assurance
XYZ 1
NCC Group Software Resilience (Americas),
LLC
NCC Group Escrow Associates, LLC
NCC Group Software Resilience (NA), LLC
USA
USA
USA
Holding company
North America HQ 2
Software Resilience
North America HQ 2
Software Resilience
North America HQ 2
The undertakings in which the Company holds less than a 100% interest at the year end are as follows:
Undertaking
Deposit AB
% interest
24%
Country of incorporation
Principal activity
Sweden
Software Resilience
The Directors consider the above ownership structure and no Board representation give rise to no significant influence over the undertaking.
Accordingly, the undertaking has not been consolidated.
1 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ.
2 650 California Street, Suite 2950, San Francisco, CA 94108, USA.
3 Olof Palmestraat 6, 2616 LM Delft, the Netherlands.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
199
Financial statements�34 Acquisitions
Acquisition of IPM business
On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially all of
the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain exclusively
related to the IPM business. The primary reasons for the business combination are to:
• Scale up the Group’s core business to create a global business and platform for further growth
• Generate revenue synergies through allowing the enlarged division to offer NCC’s broader suite of established verification services as well
as the newer Escrow-as-a-Service (EaaS) cloud offering to the IPM business’ existing customer base
• Present an exciting new opportunity to sell NCC’s cyber security services from its Assurance division into the IPM business’ broad and
blue-chip customer base in the medium term
• Be accretive to earnings per share from completion, even without factoring in revenue synergies
• Result in greater strategic strength for the future
Management considers shareholder approval of the transaction determines a change in control and therefore the date of shareholder
approval is considered to be the acquisition date for the transaction. Shareholder approval was granted on 1 June 2021 and the IPM
Software Resilience business has been consolidated into the Group results from that date (see Note 3). Transfer of consideration for the
acquisition was made on 7 June 2021, which is commonly referenced within these Financial Statements as being the date of practical
completion of the transaction.
Details of assets acquired that are subject to provisional fair value adjustments are noted below. The acquisition for an original total
consideration of $220.0m was subsequently adjusted during the year ended 31 May 2022 to $216.1m (£152.0m) to reflect a normalised
working capital adjustment of $2.7m and a final positive net working capital adjustment of $1.2m. The acquisition was funded through an
equity net placing of £70.2m ($98.4m) on 17 May 2021 combined with a new three year $70m term loan and the remaining $47.7m funded
via existing cash balances and our revolving credit facility. The term loan was entered into on 12 May 2021 but not drawn down until 2 June
2021.
The fair value of assets and liabilities acquired can be summarised as follows:
Identifiable intangible assets (Note 12):
Customer relationships
Computer software
Right-of-use assets
Trade and other receivables
Trade and other payables
Deferred income
Lease liabilities
Deferred tax liability
Total identifiable assets acquired, and liabilities assumed
Goodwill (Note 12)
Total consideration
Satisfied by:
Cash
Fair value
£m
91.4
1.2
0.2
3.8
(0.2)
(12.1)
(0.2)
(0.7)
83.4
68.6
152.0
152.0
No cash was acquired as part of the acquisition.
Total costs directly attributable to the acquisition of the IPM business totalling £8.5m have been expensed to Individually Significant Items
during the year ended 31 May 2021 (£7.6m) and the year ended 31 May 2022 (£0.9m). Issue costs of £2.4m were incurred as part of the
equity placing and have been debited to the share premium account in the year ended 31 May 2021.
The fair value of the financial assets includes trade receivables with a fair value of £3.8m and a gross contractual value of £5.2m.
200
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�34 Acquisitions continued
Acquisition of IPM business continued
The goodwill of £68.6m arising from the acquisition consists of the know-how and expertise of the colleagues transferred to NCC Group plc
as part of the acquisition, the future economic benefit arising from the aligning of customers’ existing products with the Group’s products,
and its fit with existing operations. Goodwill is expected to be deductible for income tax purposes.
There is a contingent consideration arrangement that requires amounts to be repaid to NCC Group plc in the event that certain customers
terminate their contractual agreements as a result of the change in ownership. The fair value of the contingent consideration potentially
due to NCC Group plc is considered to be £nil by management. This fair value was estimated based on comparing the expected number
of customers likely to terminate their contractual arrangements as a result of the change in ownership to the threshold for repayment to
NCC Group plc. On 31 May 2022, no further information has become available that suggests the fair value of this contingent consideration
will be greater than £nil.
During the 12 months since the acquisition of the IPM business a final working capital adjustment has been agreed with the vendor resulting
in an amount of £0.8m being returned to the Group and giving rise to a decrease in the fair value of consideration of £0.8m to £152.0m.
This adjustment leads to a decrease in goodwill of £0.8m. Additionally, management has identified new information in respect of the opening
provision for expected credit losses and has subsequently decreased the fair value of acquired trade and other receivables by £0.8m to
£3.8m. This adjustment leads to an increase in goodwill of £0.8m. On this basis, goodwill of £68.6m remains unchanged from that reported
for the period ended 30 November 2021.
The IPM business contributed £20.2m of the Group’s revenue, £15.6m to the Group’s gross profit and £2.9m operating profit for the period
between the date of acquisition (1 June 2021) and 31 May 2022.
Measurement of fair values
Assets acquired
Computer software
As there is no active market for such bespoke intangible assets a cost approach has been taken to value
computer software acquired based on the cost to re-create the assets. The fair value is based on the
estimated time required by appropriately skilled individuals to re-create such assets.
Customer relationships
The valuation approach taken is the income approach, specifically the multi-period excess earnings method
(MEEM). The fundamental principle underlying the MEEM is isolating the net earnings attributable to the
asset being measured. There are three key steps in calculating the MEEM:
1. Projecting financial information — cash flows, revenue, expenses, etc. — for the IPM business acquired.
2. Subtracting the cash flows attributable to all other assets through a contributory asset charge (CAC).
The CAC is a form of economic rent for the use of all other assets in generating total cash flows that is
composed of the required rate of return on all other assets and an amount necessary to replace the fair
value of certain contributory intangible assets.
3. Calculating the cash flows attributable to the intangible asset subject to valuation and discounting them to
present value. Cash flows are forecast through to FY28 and taken into perpetuity beyond this date. Cash
flow forecasts include a level of growth in revenue in addition to specific growth synergies expected from
the aligning of IPM customers’ existing products with the Group’s products and IPM’s fit with existing
operations. Cash flow forecasts include a level of customer attrition based on historical experience of
IPM customer termination rates.
Both the amount and the duration of the cash flows are considered from a market participant’s perspective.
The Group measured the acquired lease liabilities using the present value of the remaining lease payments
at the date of acquisition.
The right-of-use assets were measured at an amount equal to the lease liabilities. No significant judgements
have been identified as part of this assessment.
The fair value of the deferred revenue liability has been calculated using a top-down approach. This approach
relies on market indicators of expected revenue for any obligation yet to be delivered with appropriate
adjustments. This approach starts with the amount that an entity would receive in a transaction, less the
cost of the selling effort (which has already been performed) including a profit margin on that selling effort.
Lease liabilities
Right-of-use assets
Deferred income
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
201
Additional information �34 Acquisitions continued
Measurement of fair values continued
The valuation of purchase price accounting is a key source of estimation uncertainty, in which there are several key assumptions where,
if a reasonably possible change in assumption is made, this could result in a material adjustment. A description of the key assumptions
and possible sensitivities is described below:
Description of key assumption
Reasonably possible scenario
Impact
The valuation of the customer
relationships intangible asset of £91.4m
assumes a discount rate of 10.7% driven
by the internal rate of return implied by the
consideration paid for the acquired business.
It is considered reasonably possible
that this discount rate could be 1%
higher or lower depending on the
expected performance of the
business post-acquisition.
It is considered reasonably possible
that this growth rate does not
exceed an inflationary US long-term
inflationary growth rate of 2%.
The valuation of the customer relationships
intangible asset of £91.4m includes an
estimate of a level of growth of the revenue
generated from that customer base,
post-acquisition. The forecasts used
assume that revenue (excluding synergies)
will increase incrementally to a maximum of
a 3.7% annual increase in FY25 before
returning to levels more consistent with the
US long-term inflationary growth rate in
FY26 and beyond.
The impact of increasing the discount rate by
1% would be to reduce the value of the customer
relationship intangible asset by £6.0m with a
corresponding increase in the value of goodwill
arising on acquisition. The amortisation on acquired
intangibles charged to the Income Statement for the
year ended 31 May 2022 would reduce by £0.3m.
The impact of decreasing the discount rate by 1%
would be to increase the value of the customer
relationship intangible asset by £6.8m with a
corresponding decrease in the value of goodwill
arising on acquisition. The amortisation on acquired
intangibles charged to the Income Statement for the
year ended 31 May 2022 would increase by £0.3m.
The impact of this scenario is to reduce the value
of the customer relationship intangible asset by
£3.1m with a corresponding increase in the value
of goodwill arising on acquisition. The amortisation
on acquired intangibles charged to the Income
Statement for the year ended 31 May 2022
would reduce by £0.2m.
Acquisition of Adelard business
On 20 April 2022, shareholder approval was passed for the acquisition of substantially all of the assets of Adelard LLP for £3m subject
to normalised working capital adjustment that will be finalised in due course. This gave rise to provisional goodwill of £1.1m, intangible assets
of £1.3m, right of use assets £0.2m, trade receivables and other receivables £0.9m and current liabilities £0.5m. Consideration payable of
£3m is represented by £1.0m cash and a further contingent consideration (dependent on novation of contracts and FY23 revenue
performance) of £1.9m (discounted).
Adelard is an assurance expert in high value critical systems for national and industrial infrastructure and its services are complementary
to the Group.
202
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
Notes to the Financial Statements continuedfor the year ended 31 May 2022�Glossary of terms – Alternative Performance Measures (APMs)
APMs are the way that financial performance is measured by management and reported to the Board, and the basis of financial measures
for senior management’s compensation schemes, and provide supplementary information that assists the user in understanding the
underlying trading results.
APM
Closest equivalent
IFRS measure
Adjustments to reconcile to
IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Income Statement measures:
Constant currency
revenue growth
rates
Revenue growth
rates at actual
rates of currency
exchange
Retranslation of comparative
numbers at current year
exchange rates to provide
constant currency
Revenue excluding
IPM acquisition
Revenue
Revenue excluding the
revenue performance of the
IPM acquisition
Revenue
Software
Resilience revenue
excluding IPM
acquisition
Software Resilience revenue
excluding the revenue
performance of the IPM
acquisition
Adjusted
operating profit
Operating profit
or loss
Operating profit or loss
before amortisation of
acquired intangibles,
share-based payments and
Individually Significant Items
3
3
3
The Group also reports certain geographic regions
on a constant currency basis to reflect the underlying
performance taking into account constant foreign
exchange rates year on year. This involves translating
comparative numbers to current year rates for
comparability to enable a growth factor to be calculated.
The Group reports revenue excluding the IPM acquisition
to allow stakeholders to understand the revenue
performance of the existing business for the year
ended 31 May 2022 prior to acquiring IPM.
The Group reports Software Resilience revenue
excluding the IPM acquisition to allow stakeholders to
understand the revenue performance of the existing
Software Resilience business for the year ended
31 May 2022 prior to acquiring IPM.
3 Represents operating profit before amortisation
of acquired intangibles, share-based payments
and Individually Significant Items.
This measure is to allow the user to understand the
Group’s underlying financial performance as measured
by management, reported to the Board and used as
a financial measure in senior management’s
compensation schemes.
The Directors consider amortisation of acquired intangibles
is a non-cash accounting charge inherently linked to losses
associated with historical acquisitions of businesses.
The Directors consider share-based payments to be an
adjusting item on the basis that fair values are volatile
due to movements in share price, which may not be
reflective of the underlying performance of the Group.
Individually Significant Items are items that are
considered unusual by nature or scale and are of such
significance that separate disclosure is relevant to
understanding the Group’s financial performance
and therefore requires separate presentation in the
Financial Statements in order to fairly present the
financial performance of the Group.
Adjusted
earnings before
interest, tax,
depreciation and
amortisation
(Adjusted
EBITDA)
Operating profit or
loss
Operating profit or loss,
before adjusting items,
depreciation and
amortisation, finance
costs and taxation
3 Represents operating profit before adjusting items,
depreciation and amortisation to assist in the
understanding of the Group’s performance.
Adjusted EBITDA is disclosed as this is a measure
widely used by various stakeholders and used by the
Group to measure the cash conversion ratio.
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
203
Additional information �Glossary of terms – Alternative Performance Measures (APMs) continued
APM
Closest equivalent
IFRS measure
Adjustments to reconcile to
IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Income Statement measures continued:
Adjusted
basic EPS
Statutory basic
EPS
Statutory basic EPS before
amortisation of acquired
intangibles, share-based
payments, Individually
Significant Items and
the tax effect thereon
Balance Sheet measures:
Net cash/(debt)
excluding lease
liabilities
Total borrowings
(excluding lease
liabilities) offset
by cash and
cash equivalents
Net cash/(debt)
Total borrowings
(including lease
liabilities) offset
by cash and
cash equivalents
Cash flow measure:
Cash conversion
ratio
Ratio % of net
cash flow from
operating activities
before interest
and tax divided by
operating profit
Ratio % of net cash flow
from operating activities
before interest and tax
divided by EBITDA
11 Represents basic EPS before amortisation of acquired
intangibles, share-based payments and Individually
Significant Items.
This measure is to allow the user to understand the
Group’s underlying financial performance as measured
by management, reported to the Board and used as
a financial measure in senior management’s
compensation schemes.
See further details above in relation to amortisation
of acquired intangibles and share-based payments.
3 Represents total borrowings (excluding lease liabilities)
offset by cash and cash equivalents. It is a useful
measure of the progress in generating cash, strengthening
of the Group Balance Sheet position, overall net
indebtedness and gearing on a like-for-like basis.
Net cash/(debt), when compared to available borrowing
facilities, also gives an indication of available financial
resources to fund potential future business investment
decisions and/or potential acquisitions.
3 Represents total borrowings (including lease liabilities)
offset by cash and cash equivalents. It is a useful measure
of the progress in generating cash, strengthening of the
Group Balance Sheet position, overall net indebtedness
and gearing including lease liabilities.
Net cash/(debt), when compared to available borrowing
facilities, also gives an indication of available financial
resources to fund potential future business investment
decisions and/or potential acquisitions.
3
The cash conversion ratio is a measure of how effectively
operating profit is converted into cash and effectively
highlights both non-cash accounting items within
operating profit and also movements in working capital.
It is calculated as net cash flow from operating activities
before interest and taxation (as disclosed on the face
of the Cash Flow Statement) divided by EBITDA for
continued and discontinued activities.
The cash conversion ratio is a measure widely used by
various stakeholders and hence is disclosed to show the
quality of cash generation and also to allow comparison
to other similar companies.
204
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Glossary of terms – other terms
Other terms
Code
Adjusted
Adjusted earnings
Definition and usage
Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how
companies should be governed, applicable to UK-listed companies including NCC Group plc.
Any result described as adjusted excludes the impact of Individually Significant Items, and any tax
on any of these items.
Adjusted earnings are defined as statutory earnings before amortisation of acquisition intangibles,
Individually Significant Items and the share-based payments charge, net of the tax effect of these
items.
Adjusted operating profit margin 1
Calculated as Adjusted operating profit divided by revenue from continuing activities.
AGM
Annual General Meeting of shareholders of the Company held each year to consider ordinary
and special business as provided in the Notice of AGM.
Alternative Performance Measure
(APM)
An Alternative Performance Measure (which is denoted in each case or use thereof by a footnote)
is a non-GAAP performance metric used by management either internally or externally to present
management’s view of the underlying business performance. They are not superior to GAAP-based
measures and are simply an alternative way of looking at performance. See Note 3 for further information.
Board
The Board of Directors of the Company (for more information see pages 78 and 79).
Cash conversion ratio 1
Calculated as cash generated from operating activities before interest and taxation divided
by Adjusted EBITDA 1, expressed as a percentage.
CDO
CEO
CFO
CISO
Cyber Defence Operations.
Chief Executive Officer.
Chief Financial Officer.
Chief Information Security Officer.
Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual
Company, or to NCC Group plc and its subsidiaries collectively.
CPO
CTO
Chief People Officer.
Chief Technology Officer.
Directors, Executive Directors and
Non-Executive Directors
The Directors/Executive Directors and Non-Executive Directors of the Company whose names
are set out on pages 78 and 79 of this report.
EBIT
EBIT margin %
EBITDA
Earnings before interest and tax.
EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue.
Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit before
Individually Significant Items and adding back depreciation and amortisation charged.
EBITDA margin %
EBITDA divided by revenue.
EPS
FCA
Financial year
FRC
Free cash flow
FRS
Earnings per share. Profit for the year attributable to equity shareholders of the Parent allocated
to each ordinary share.
Financial Conduct Authority.
For NCC Group this is an accounting year ending on 31 May.
Financial Reporting Council.
Net cash from operating activities less net capital expenditure and acquisition costs.
A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC).
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
205
Additional information �Glossary of terms – other terms continued
Other terms
Gross profit
Definition and usage
Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads that
are supporting the business as a whole as opposed to a specific revenue item.
Gross margin %/GM %
Calculated as gross profit divided by revenue from continuing activities.
HMRC
IAS or IFRS
Individually Significant Items
KPMG
LTIP
MD
MDR
Net debt 1
Ordinary shares
SAYE/Sharesave
Her Majesty’s Revenue & Customs, the tax collecting authority of the UK.
An International Accounting Standard or International Financial Reporting Standard, as issued by
the International Accounting Standards Board (IASB). IFRS is also used as the term to describe
international generally accepted accounting principles as a whole.
Items that the Directors consider to be material in nature, scale or frequency of occurrence that
need to be excluded when calculating some non-statutory performance measures in order to allow
users of the Financial Statements to gain a full understanding of the underlying business
performance. See Note 5 for further information.
The Company’s external auditor, KPMG LLP.
Long Term Incentive Plan established to align the interests of senior and Executive management
with those of shareholders. The plan is formally known as the NCC Group Long Term Incentive
Plan 2013 (approved by shareholders in 2013).
Managing Director.
Managed Detection and Response.
Total borrowings offset by cash and cash equivalents.
Voting shares entitling the holder to part ownership of a company.
Save As You Earn, being a tax efficient scheme to encourage colleague share ownership.
Software Resilience
Software Resilience represents our Escrow resilience services.
Subsidiary
TSC
TSR
A company or other entity that is controlled by NCC Group.
Technical Security Consulting.
Total shareholder return, which is share price growth plus dividends reinvested (where applicable)
over a specified period of time, divided by the share price at the start of the period.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information. Further information is also
contained within the Glossary of terms on pages 203 and 204.
206
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�Other information
Directors
Chris Stone
– Non-Executive Chair
Mike Maddison
– Chief Executive Officer
Tim Kowalski
– Chief Financial Officer
Chris Batterham
–
Senior Independent
Non-Executive Director
Julie Chakraverty
–
Independent Non-Executive Director
Jennifer Duvalier
Mike Ettling
Lynn Fordham
–
–
–
Independent Non-Executive Director
Independent Non-Executive Director
Independent Non-Executive Director
Company Secretary
Tim Kowalski
Registered and head office
XYZ Building
2 Hardman Boulevard
Spinningfields
Manchester
M3 3AQ
Registered number
4627044
Registered in England and Wales
Joint brokers and corporate finance advisers
Jefferies International Limited
100 Bishopsgate
London
EC2N 4JL
Peel Hunt LLP
Moor House
120 London Wall
London
EC2Y 5ET
Auditor
KPMG LLP
1 St Peter’s Square
Manchester
M2 3AE
Solicitors
DLA Piper UK LLP
1 St Peter’s Square
Manchester
M2 3DE
Bankers
HSBC UK Bank plc
2nd Floor
4 Hardman Square
Spinningfields
Manchester
M3 3EB
National Westminster Bank plc
1 Hardman Boulevard
Manchester
M3 3AQ
ING Bank N.V. London Branch
8–10 Moorgate
London
EC2R 6DA
Registrars
Equiniti
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
207
Additional information
�Financial calendar
Ex-dividend date
Record date
AGM
Dividend payment date
2023 half-year end
2023 interim statement
2023 year end
2023 year end trading pre-close statement
2023 preliminary year end statement
These dates are provisional and may be subject to change.
13 October 2022
14 October 2022
2 November 2022
11 November 2022
30 November 2022
2 February 2023
31 May 2023
June 2023
September 2023
208
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
�CBP014484
NCC Group plc’s commitment to environmental stewardship is reflected in this
Annual Report.
The material is derived from sustainable resources and is FSC® certified. Printed in
the UK by Geoff Neal. Both the mill and the printer are certified to ISO 14001
(Environmental Management System) and ISO 9001 (Quality Management System).
��