Protecting clients and
helping to build a more
secure digital future
Annual report and accounts
for the year ended 31 May 2023
�In this report
STRATEGIC REPORT
Highlights
1
At a glance
2
Our investment case
4
Our strategic roadmap
5
Chair’s statement
6
9
CEO’s review
14 Our business model
16 Meet the CTO
18 Market dynamics
24 Our strategy
29 Meet the COO
32 Our solutions
35 Meet the Global Managing Director
of Software Resilience – Escrow
40 Stakeholder engagement
42 Culture
46 Non-financial and sustainability
information statement
53 TCFD
60 Meet the CFO
61 Financial review
70 Principal risks and uncertainties
81 Viability statement
GOVERNANCE
84 Chair’s introduction to governance
87 Governance framework
88 Board of Directors
90 Executive Committee
92
Board composition and division
of responsibilities
102 Shareholder engagement
103 Audit Committee report
110 Nomination Committee report
113 Cyber Security Committee report
115 Remuneration Committee report
138 Directors’ report
142 Directors’ responsibilities statement
FINANCIAL STATEMENTS
144 Independent auditor’s report
152 Consolidated income statement
152 Consolidated statement
of comprehensive (loss)/income
153 Consolidated balance sheet
154 Consolidated cash flow statement
156 Consolidated statement of changes
in equity
157 Company balance sheet
158 Company cash flow statement
159 Company statement of changes
in equity
160 Notes to the Financial Statements
ADDITIONAL INFORMATION
215 Glossary of terms – other terms
217 Other information
218 Financial calendar
View our latest results: nccgroup.com
NCC Group is a people-powered, tech-enabled global
Cyber Security and software escrow business. We
harness our collective insight, intelligence and innovation
to power end-to-end cyber services that protect our
clients from cyber threat.
It’s in our DNA
It’s what makes us different. A part of who we are
that underpins everything we do.
Insight
Read more on page 22
Innovation
Read more on page 30
Intelligence
Read more on page 38
While the market conditions we announced in our
March Trading Update have impacted our FY23
revenue performance and profitability, we are
confident about the medium-term growth drivers
for cyber security and that continued progress on
strategic actions will position the business to deliver
greater growth and profitability in the years ahead.”
Mike Maddison
Chief Executive Officer
�STRATEGIC REPORT
Highlights
IFRS measures
Revenue
(£m)
£335.1m
23
22
21
20
19
335.1
314.8
270.5
263.7
250.7
(Loss)/profit before taxation
(£m)
£(4.3m)
23
22
21
20
19
(4.3)
31.0
14.8
9.6
17.8
Basic EPS
(p)
(1.5p)
23
(1.5)
22
21
20
19
7.4
3.6
2.3
4.9
Alternative Performance Measures
Net (debt)/cash excluding lease liabilities 1
(£m)
Adjusted operating profit 1
(£m)
£(49.6m)
£28.8m
Adjusted EPS 1
(p)
6.1p
23
22
21
20
(49.6)
(52.4)
(4.2)
19
(20.2)
83.3
23
22
21
20
19
28.8
48.1
39.2
30.7
33.7
23
22
21
20
19
6.1
10.8
9.5
7.6
9.2
1
Net (debt)/cash excluding lease liabilities, Adjusted operating profit and Adjusted EPS are APMs and not IFRS measures. See Note 3 for an explanation
of APMs and adjusting items. Further information is also contained within the Chief Financial Officer’s Review on pages 60 to 69.
Headlines
We made significant progress implementing our Next Chapter strategy in a challenging environment:
• Market dynamics reinforced the need to implement our
• Current trading for the Group is in line with expectations
new strategy
• While material clients were retained, we saw delays in buying
decisions and project cancellations in the North American tech
sector and the UK market in general
• In our Cyber Security business we saw growth in Europe,
and the UK and APAC region with a decline in North America
• Our Software Resilience business returned to revenue
growth in H2
with cost efficiencies already being realised in FY24. North
America Cyber Security revenue performance experienced in
H2 FY23 is currently annualising through H1 FY24 giving rise
to YoY double digit Q1 revenue decline
• FY24 revenue and Adjusted operating profit1 expectations
remain the same
1
Adjusted operating profit is an APMs and not IFRS measure. See Note 3 for an explanation of APMs and adjusting items. Further information is also
contained within the Chief Financial Officer’s Review on pages 60 to 69.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
1
Strategic report�At a glance
What we do
NCC Group is a global Cyber Security and Software Resilience business operating
across multiple sectors, geographies and technologies.
The trend of technological change within increasingly complex, connected ecosystems, means cyber threats continue
to evolve and grow at pace.
We bring decades of collective experience and expertise across the whole cyber spectrum to assess, manage
and deliver cyber resilience for clients in both the public and private sector.
We are driven by a collective purpose – to help create a more secure digital future.
Our business
We have two distinct businesses, through which we deliver solutions to support our clients’ operational goals, budgets
and risk appetite, providing confidence that their most important assets – business reputation, software and personal
data – are safe and secure. As we went to print we concluded the new distinct brand for our Software Resilience
business to Escode, which will roll out from January 2024. See page 36 for more about this.
CYBER SECURITY
SOFTWARE RESILIENCE – ESCROW
We demystify cyber and ensure clients:
• Understand the cyber threats and vulnerabilities
across their technology environments, supply chains,
processes and products
• Maintain their licence to do business, having achieved
their governance, compliance and accreditation
objectives in a changing regulatory environment
• Materially improve their resilience against ever-
increasing cyber threats by implementing remediation
plans and solutions
• Reduce risk and achieve greater resilience for
less investment
• Can improve their cyber defence operations and
increase their confidence in detecting and responding
to cyber event
We protect the development, supply and
use of business critical technology and
software applications:
• Buyers are safeguarded from supplier failure, software
vulnerabilities and unforeseen technology disruption
• Our on-premise and cloud offering can demonstrate
robust business continuity and risk mitigation,
and suppliers benefit from enhanced credibility
and intellectual property rights protection
• Escrow contract services secure the long-term availability
of business critical software data and applications
• Our verification services assure clients that the
knowledge and guidance are readily available to
manage, maintain or recreate an application from
the original source, should it ever be needed
• Our cloud Escrow-as-a-Service (EaaS) offering
helps clients transition to the cloud securely, so they
can adopt the latest technology with confidence
Read more on Our solutions on page 32
Read more on Our solutions on page 34
2
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Where we operate
We operate as one global business, with in-country delivery tailored to local needs and
cultures, as well as a global delivery team to respond quickly to our clients’ challenges.
We have a significant market presence in the UK, Europe and North America, and a growing footprint in Asia Pacific,
with offices in Australia and Singapore, and our new global delivery and operations centre in Manila, the Philippines.
Key:
Our offices
Group revenues
UK and Asia Pacific
£144.2m
(2022: £140.0m)
North America
£133.8m
(2022: £120.9m)
Europe
£57.1m
(2022: £53.9m)
Cyber Security revenue
£270.8m
(2022: £258.5m)
• Global Professional Services: £199.3m (2022: £195.4m)
• Global Managed Services: £67.8m (2022: £58.6m)
• Products: £3.7m (2022: £4.5m)
Software Resilience revenue
£64.3m
(2022: £56.3m)
• Escrow contracts: £42.8m (2022: £38.1m)
• Verification services: £21.5m (2022: £18.2m)
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
3
Strategic report�Our investment case
With decades of experience and a
rich heritage, NCC Group is trusted
by the world’s leading businesses
and governments to protect them
from cyber threats
We draw on our expertise, capabilities and global footprint to develop sustainable
solutions to help our clients meet their current and future cyber security challenges.
With the ability to attract top talent with both technical expertise and passion,
we continue to deliver results in what is a competitive and dynamic market.
Structural growth in an addressable market
A strategy to enhance growth by focusing
on Cyber Security
• Cyber Security is not optional; increasingly it’s a C-suite
and Board issue to operate safely, protect reputation
and comply with growing regulatory requirements
• The global threat landscape continues to evolve as
new technologies enable even more connectivity in our
day-to-day lives, creating new, larger and more complex
vulnerabilities for threat actors to exploit
• Global Cyber Security market is expected to exhibit
a CAGR of 10% between 2022 and 2027 1
• Focused on broadening our Cyber Security offer in
priority sectors, ensuring clients address their full
Cyber Security lifecycle
• Building an alliance ecosystem to enhance routes
to market, and developing our global delivery model
to better serve client needs in the future
• Complemented by a focused acquisition strategy
where it makes strategic and financial sense
Read more on page 27
Client focused with two distinct businesses
A hub for both attracting and developing
talent and active alumni network
• Cyber Security: a global footprint protecting companies
• Investment in professional development with career
against an evolving spectrum of cyber threats
paths to promote talent from within
• Software Resilience (Escrow): market leading business
managing commercial risk with software vendors
• Underpinned by insight, innovation and intelligence
across our whole organisation
• Established next generation talent programme bringing
new cyber talent from non-traditional tech backgrounds
• Partnerships to enhance diversity and make cyber
accessible for all
Read more about our Cyber Security business on pages 32
and 33. Read more about our Software Resilience business
on page 34
Read more on page 43
1
EMR Global Cyber Security Market Report and Forecast 2022–2027.
www.expertmarketresearch.com/pressrelease/global-cyber-security-market
4
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Our strategic roadmap
Our connected society
presents a world of opportunity
It is essential that we all proactively manage any risk to our safety and security. Our purpose is to help
organisations to do this by keeping their personal data, and the technology and devices they use, as well
as the critical assets and software they rely on, safe and secure. It’s what drives our strategic roadmap:
Purpose
Vision
Creating a more secure digital future.
Our aspiration is to move beyond our historical strengths to
become a truly global Cyber Security and Software Resilience
services provider capable of delivering an end-to-end cyber
solution that harnesses our strengths in insight, intelligence and
innovation and is accompanied by a fantastic client experience.
Creating growth by putting the client experience at the heart of our proposition
We have a relentless focus on creating value for our stakeholders. Guided by our purpose, focused on our vision,
we will continue to evolve and transform with our new growth strategy focused on four core areas:
Our clients
Deeper client engagement
on the most pressing Cyber
Security needs.
Our capabilities
Broader service portfolio
addressing the full Cyber
Security lifecycle.
Global delivery
Transitioning from an
international to a fully
global business.
Brands
Distinct and relevant
brands for Cyber Security
and Software Resilience.
Read more on our strategy on pages 24 to 27
Creating value for our clients
Insight (page 22), Innovation (page 30) and Intelligence (page 38) are in our DNA, helping us to meet future challenges,
adapt to changing environments and deliver exceptional value for our clients.
Read more on our business model on pages 14 and 15
Our Code of Ethics and values
We are guided by our Code of Ethics – treating everyone and everything with respect,
underpinned by common values to bring us together.
We work together
We are brilliantly creative
We embrace difference
We take responsibility
Read more on our culture on pages 42 to 45
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
5
Strategic report�Chair’s statement
Delivering value
2022/23 key activities
• Developed and communicated
the Group’s next chapter strategy
• Completed the full operational review
of the Software Resilience business
to create additional contribution
• Commenced a strategic review
of Software Resilience
• Commenced planning for a new global
delivery and operations centre in Manila
• Improved Board and executive
management diversity and enacted
succession planning
• Planning the broad restructuring
of the business
2023/24 priorities
• Realise cost efficiencies across Cyber
Security and corporate functions
• Implement our next chapter strategy
with a renewed focus on priority sectors
and development of end-to-end
Cyber Security services
• Open the new delivery and operations
centre in Manila
• Complete the rebrand of both
Software Resilience and Cyber
Security businesses
• Revisit the strategic review
of Software Resilience
It has been a challenging
year for NCC Group.
However, we have a clear
direction of travel and a
strategy that will drive us
to a new, brighter future.”
Chris Stone
Non-Executive Chair
Introduction
It has been a challenging year for NCC Group. Despite the
decline in the rate of our revenue growth and the loss for the
year, our new strategy, which gives us a clear direction of travel,
fills me with optimism that we are on track for a brighter future.
This was very much a year of two halves. We enjoyed a strong
first half, which saw us post strong revenues and profits, but our
North American and UK Cyber Security businesses were materially
affected by changes in the macro-economic environment in the
second half. We are trusted partners to the most significant
businesses on the North American West Coast – and each one
of these businesses paused projects as they grappled with their
own costs and made extensive layoffs. This led to a reduction in
our revenues with a direct impact on utilisation and margins.
While this had a considerable effect on our revenues in the year,
it validated the next chapter strategy set out in February 2023
by our new CEO Mike Maddison following his appointment in
July 2022. It’s a strategy designed to set us up for consistent,
global growth creating a sustainable business. By focusing on
clients, our capabilities, global delivery and brand, harnessing
insight, innovation and intelligence, we’ll be more resilient in the
future. A tangible difference to our business will be the creation
of more recurring revenues, giving us a more stable base.
6
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�There were several positives in the year, and we are pleased
with the performance of our Software Resilience business.
Our strategic review announced at our half-year results has
been stopped and will be revisited later in the calender year.
This ensures a focus on navigating the market conditions for
Cyber Security and implementing strategic actions, so the Group
is well positioned to return to growth when the market improves.
In the meantime, the Software Resilience business continues
to grow and reap the benefits of our acquisition of IPM last year
– making us the largest software escrow player globally.
The operational improvement programme and new management
team that we announced last year have delivered the expected
benefits, and we will see the consequent improvement in Software
Resilience operating profit margins flow through into next year’s
results, as well as the benefit we have experienced this year.
In our Cyber Security business, while our financial performance
was ultimately disappointing due to the drop off in short-term
demand from clients in the US West Coast tech sector in the
second half, our underlying technical capability and our next
chapter strategy give us solid foundations to diversify our client
base. There is a reason the biggest brands in the world trust us
to manage their security, and the executive team is building on
this trust while ensuring our Cyber Security offer is wholly
designed around the needs of our clients. This is why the
creation of a new global delivery and operations centre is a
central element of the strategy, reflecting our focus on adapting
to the changing needs of our clients.
Further details on our strategy and business model are provided on
pages 24 to 27 and pages 14 and 15 respectively
Business performance 1
The Group delivered revenue growth of 1.5% at constant
currency1 (6.4% at actual rates). Gross margin percentage
decreased by 2.7% pts to 39.4% due to reduced revenue
contribution from Global Professional Services within Assurance
(Cyber Security) and the consequential impact on direct
utilisation, offset by an improvement in Software Resilience
revenue contribution.
Adjusted EBITDA1 declined by 30.0% to £41.4m (2022: £59.2m)
and Adjusted operating profit1 40.1% to £28.8m (2022: £48.1m).
On a statutory basis, operating profit decreased by 94.5% to
£1.9m (2022: £34.7m) due to:
• Reduced trading performance in Assurance (Cyber Security)
offset by an improvement in Software Resilience profitability
which was driven by improved operating efficiency, as
targeted at the time of the May 2022 operational review
• Recognition of Individually Significant Items (SIs) of £14.7m
(of which £9.8m related to the impairment of North American
Goodwill within the Assurance (Cyber Security) business)
Loss before taxation of £4.3m after increased finance costs of
£2.5m due to an increase in borrowing following the IPM acquisition
and an increase in base interest rates. All of the above, resulted in a
Basic EPS of (1.5p) (2022: 7.4p) and Adjusted basic EPS1 of 6.1p
(2022: 10.8p).
This performance led us to a broad restructuring of the business,
which has been planned and implemented with the assistance of a
third party and has given rise to Individually Significant Items and
cost efficiencies being realised in FY24.
At 31 May 2023, our cash conversion 1 was 102.9% (2022: 101.9%).
Net debt 1 amounted to £79.6m (2022: £85.0m). Net debt
(excluding lease liabilities) 1 amounted to £49.6m (2022: £52.4m).
Total borrowings (including lease liabilities) offset by cash and
cash equivalents amounted to £79.6m (2022: £85.0m).
Our business performance can be found in more detail on page 61
Dividend
We are recommending an unchanged final dividend of 3.15p
(2022: 3.15p) per ordinary share, making a total for the year
of 4.65p (2022: 4.65p). The final dividend of approximately
£10m will be paid on 8 December 2023, to shareholders on
the register at the close of business on 10 November 2023.
The ex-dividend date is 9 November 2023.
Board and executive management composition
I am responsible for the leadership of our Board, and I am very
pleased with the progress we have made to increase diversity
across both the Board and the executive team. We appointed
Lynn Fordham to the Board on 1 September 2022 and she
is Head of the Audit Committee as well as the appointed
Non-Executive Director for Sustainability. Julie Chakraverty,
who joined us in 2022, has taken over as Senior Non-Executive
Director from Chris Batterham and is Head of the Cyber Security
Committee. In addition, I am very pleased with our internal
promotion of Guy Ellis to Chief Financial Officer following
Tim Kowalski’s decision to step down on 30 June 2023 after
five years in the role.
Guy joined NCC Group in 2021, as Director of Commercial
Finance, as well as serving as Interim Managing Director of
our Software Resilience business, and most recently as
Interim Managing Director of our UK Cyber Security business.
Guy has over 25 years’ experience in finance and commercial
roles in the retail sector for brands including Asda and
Specsavers. This experience and the recent interim roles in NCC
Group have given him a breadth of understanding of the
commercial drivers and operations across the whole business.
Turning to our executive management team composition, Mike
Maddison has continued to review the organisation and made
good progress in establishing a new Executive Committee, with
the appointment of Angela Brown (Chief Marketing Officer),
Kevin Brown (Chief Operating Officer), Siân John (Chief
Technology Officer), Andrew Lemonofides (Managing Director,
Software Resilience) and Rebecca Fox (Chief Information
Officer). I am confident this diversity of perspectives and
experiences will ensure we make better Board and executive
decisions, particularly as the business starts to execute its next
chapter strategy in earnest.
Further details on our Board composition are provided on pages 92 to 101
Further details of our executive management composition are provided on
pages 90 and 91
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
7
Strategic report�Chair’s statement continued
Sustainability
We continue to recognise the importance of an environmental,
social and governance (ESG) framework that drives our
operations and measures our sustainability and ethical impact.
The Board had a debrief workshop with our environmental
partner Planet Mark as part of developing our net zero journey.
We also fully supported the partnership with Ever Sustainable to
lead our independent materiality assessment – looking at not
only inward but also outward impacts – addressing future
requirements to comply with the European Corporate
Sustainability Reporting Directive (CSRD). The launch of our new
sustainability strategy fully supports and will be integral to our
business strategy and I am proud of the continuous improvement
we make year on year regarding ESG factors.
Further information on risk management and the key risk identification
procedures is set out on pages 70 to 80
Summary
Overall, this year and in particular the second half, has been
challenging. The drop in value of our business has been
disappointing, and the Board and Executive Committee are fully
focused on restoring shareholder value. However, this has also
been a particularly challenging year for our colleagues, and on
behalf of the Board I offer our thanks and appreciation for their
unwavering commitment and focus. As always, I am personally
very grateful for their continuing commitment to NCC Group.
It is through this continued hard work that we will achieve
our vision to become the leading Cyber Security and Software
Resilience provider globally. We move into this next phase
whereby we will realise cost efficiencies across Cyber Security
and corporate functions and implement our next chapter strategy.
Chris Stone
Non-Executive Chair
28 September 2023
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted
operating profit, cash conversion and net debt excluding lease liabilities
are APMs and not IFRS measures. See Note 3 for an explanation of APMs
and adjusting items. Further information is also contained within the
Financial Review.
8
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�CEO’s review
A people-powered, tech-enabled
business centred around the
needs of clients
2022/23 key activities
• Completed an operational review
of the Software Resilience business
to create additional Group contribution
• Introduced the next chapter
of our strategy
• Created a new executive team
• Embraced new ways of working
including hybrid
• Commenced planning for a new global
delivery and operations centre in Manila
• Planning the Restructuring of the business
following H2 FY23 performance
2023/24 priorities
• Realise cost efficiencies across Cyber
Security and corporate functions
• Embed our new strategy with a renewed
focus on our clients, priority sectors and
development of end-to-end Cyber
Security services
• Open the new delivery and operations
centre in Manila
• Continue focus on relevant
stakeholder engagement and
evolve our sustainability agenda
I want to thank colleagues
for their support during the
challenges this year. They
have been truly remarkable
and the resilience they have
shown in the circumstances
has been inspiring.”
Mike Maddison
Chief Executive Officer
An ever-changing market
There is only one certainty in our industry: change.
I have worked in this space since the 1990s when “computing
security” was a niche specialism. Today, Cyber Security is
high on the risk registers of every enterprise and government
in the world, and this industry will continue to change as Cyber
Security becomes even more fundamental to societies and
economies. Our lives are becoming more digitally connected
each year, cyber criminals and nation states are constantly
innovating and improving their attack capabilities, and AI and
quantum computing have the potential to cause paradigm shifts
that will reverberate around the globe.
As a business we have to be alive to the pace of this change.
If we stand still, we will be left behind.
Our next chapter strategy is designed to address this challenge
head on, creating an organisation that gets ahead of its market
drivers with foundations that are fit for today and the future. It
is relentlessly focused on clients and our ability to address the
issues they face.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
9
Strategic report�CEO’s review continued
An ever-changing market continued
It sees us become even more globally integrated, while confidently
telling our story with an energised, simplified brand. This is why
– even against the backdrop of a challenging year – I am so
optimistic about where we are heading.
NCC Group exists to make the world safer and more secure.
This purpose remains unchanged. But the market has changed
around us, so as a business we must adapt.
A client-centric approach
When I joined NCC Group I was immediately struck by the breadth
and depth of our technical expertise. It is truly world class. Our
insight, innovation and intelligence are respected globally.
This expertise sits at our core. However, we have to unlock its
potential by harnessing it to create solutions that are designed
around the needs of our clients.
This starts with clarity around the markets we serve. It’s why our
strategy sees us focus on our fastest growing sectors – specifically
those which are highly regulated and most exposed to cyber risk,
like financial services, industrials and technology. We will build
deeper relationships at the C-level within those businesses to
give us the opportunity to move beyond transactional sales and
into the position of trusted advisor. We have brilliant individuals
in our business who are already working at this level, but we will
invest in the right talent to enable scale.
With that in place, we can properly unlock the potential of our
expertise and be a true end-to-end Cyber Security services
partner that can deliver business outcomes.
In practice, this means rather than simply testing a client’s
infrastructure annually, we’ll also work with them to address the
security vulnerabilities we discover. Rather than providing a
one-off incident response to a client following a cyber-attack,
we’ll provide consultancy and remediation after the event to
enable greater resilience – and then manage their Cyber Security
operations 24/7.
This is why we are making targeted investments into specific
capabilities – like building out our consulting team and enhancing
our Managed Services offering. It is all driven by our target
customers and their needs.
We will have all the constituent parts to continually create these
customer journeys. Our strategy sees us knit them together to
ensure consistent, consultative client relationships globally – all
powered by our unrivalled technical expertise.
Further details on this are provided on pages 24 to 27
True global delivery
As our industry continues to change, the way we deliver work is
changing too. A standard penetration test – the evaluation of
software or hardware to identify security vulnerabilities – is
carried out in a very different way now to how it was 15 years
ago. We are now more efficient, there is more automation, and
we can test on a much larger scale.
The need for us to continually adapt was underlined during the
pandemic. A significant amount of testing that previously took
place on site at secure client locations was being delivered
remotely. It showed that some low-level testing could be done in
a different way, and at a lower cost.
Fast forward to 2023 and the cost cutting across the industry,
and layoffs led by North American West Coast tech firms accelerated
this move and we felt this acutely. Clients still need this service,
but they want it delivered in a more cost-effective way.
We are trusted by the
most significant businesses
globally to protect their
digital assets.”
This shift has informed our strategic focus on global delivery and
flexible resourcing. We can get better at using capabilities in our
Dutch business for client work in New York or harnessing our UK
expertise for an Australian assignment. Our delivery has been
too local and rigid in the past.
It’s been a driving factor in our decision to open in September
2023 an offshore delivery and operations centre. Some of the
best Cyber Security talent in the world is found in emerging
markets – I’ve seen that first hand throughout my career – and
this investment will mean we can harness that talent and
complement it with our existing colleagues to be more flexible
to our clients’ needs.
We are trusted by governments and the most highly regulated
organisations to test and manage their security. There will
always be demand for in-market talent to work on sensitive,
complex programmes of work. Our new delivery and operations
centre simply means we can expand our capabilities and provide
more value for our clients.
Further details on this are provided on pages 24 to 27
Communicating with impact
We also have an opportunity to better tell our story and explain
the value we offer.
We provide counsel to governments around the world on high
level Cyber Security issues. We are handpicked by the most
significant businesses globally to protect their digital assets. We
are trusted by critical national infrastructure providers to secure
their systems and keep them running.
This trust has been created through our insight, intelligence and
innovation. It has taken years to build. It enables us to act as a
convenor of decision makers – on policy, regulation and the macro
forces affecting our collective ability to secure our digital future.
This credibility and track record should form the core of our
messaging. We have a unique position in the market. As a client,
this is what you gain access to when you engage with us. Yet we
have been reluctant to talk about it.
We are going to seize this opportunity, with our new Chief
Marketing Officer bringing together our global marketing,
communications and public affairs team to deliver on this
strategy. It starts through the creation of distinct and relevant
brands for Cyber Security and Software Resilience, with clearer,
simpler propositions. From here we will focus on boosting our
profile through marketing programmes designed around the
C-suite in our target sectors. We will become more present,
more active and bolder in our marketing and communications.
10
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Financial performance summary
It’s been a challenging year for the Group with a decline in the
rate of revenue growth and overall profitability, resulting in a loss
for the year. Our revenue performance and profitability suffered
from the market dynamics within Cyber Security. In particular,
the Group experienced buying decision delays and cancellations
in the North American tech sector and to a lesser extent in our
UK market, effecting our Global Professional Services revenue
and overall gross profit performance. These headwinds have
further reinforced the need to accelerate the implementation of
our next chapter of the Group strategy.
Group revenues increased by +1.5% on a constant currency basis1
and +6.4% (2022: +16.4%) at actual rates. After considering the
prior year Software Resilience fair value revenue adjustment
(£4.4m)2, Group revenues were flat at constant currency1 (+4.8%
at actual rates).
In our Cyber Security business, the Europe and UK and APAC
businesses grew on a constant currency basis1 by +3.9% and
+3.0% respectively (+6.6% and +3.3% at actual rates), whereas
our North American business declined -4.9% on a constant
currency basis1 (+5.5% at actual rates) following the decline in
tech sector spend.
Global Professional Services declined by -3.1% to £199.3m on a
constant currency basis1 (+2.0% at actual rates) with delivered
day rates increasing by +7.5% (2022: +2.1%) and direct utilisation
decreasing by -10.0% pts. Global Managed Services (GMS) grew
by +12.4% to £67.8m (2022: +6.7%) on a constant currency basis1
(+15.7% at actual rates). New XDR service global sales orders for
the forthcoming years increased +72.5% from £11.6m in 2022 to
£20.0m in 2023.
In our Software Resilience business, following the completion of
the acquisition of IPM in June 2021, we experienced our first full
year of IPM contract renewals which contributed to overall
growth in the division of +7.5% on a constant currency basis1 to
£64.3m (+14.2% at actual rates). However, considering the prior
year Software Resilience fair value revenue adjustment (£4.4m),
total Software Resilience revenue (on an unaudited pro forma
basis 2) decreased by -0.5% at constant currency1 (+5.9% at
actual rates). Our Escrow-as-a-Service (EaaS), our cloud-based
escrow proposition, generated sales orders of £4.8m, an increase
of 38% compared to the prior year (2022: £3.4m). It’s therefore
pleasing to see that our new leadership team (appointed in November
2022) is starting to deliver momentum, consistency in quarterly
growth, price rises, and realisation of efficiency contribution
targeted at the time of the May 2022 operational review.
Gross profit decreased by -0.5% to £132.0m (2022: £132.6m)
with gross margin percentage decreasing to 39.4% (2022: 42.1%).
The 2.7% pts gross margin (%) decrease was due to the revenue
performance of the Cyber Security business and the consequential
impact on direct utilisation decreasing by -10% against a backdrop
of lower attrition (15.5%).
Total administrative expenses have increased by 32.9% (£32.2m)
to £130.1m (2022: £97.9m). This was mostly due to an increase in
Individual Significant Items of £13.8m and an increase in people
and training costs arising from inflationary pressures and further
investment (including XDR set up) to support the business of
c.£6.5m. Other higher costs include an increase in non-client
travel and office costs (including the impact of our NCC
Conferences) of c.£5m, depreciation and amortisation (including
amortisation on acquisition intangibles) of c.£3m, marketing
c.£1m and foreign exchange c.£1m.
1
Revenue at constant currency is an Alternative Performance Measures
(APMs) and not IFRS measures. See Note 3 for an explanation of APMs
and adjusting items, including a reconciliation to statutory information.
2 See Note 3 for an explanation of unaudited proforma total Revenue and a
revenue adjustment of £4.4m to 2022 Revenue. Unaudited proforma total
Revenue is an APM and not a IFRS measure.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
11
Strategic report�CEO’s review continued
Financial performance summary continued
Adjusting items to operating profit of £26.9m (2022: £13.4m) consists of amortisation of acquired intangibles (£10.0m), share-based
payments (£2.2m) and Individually Significant Items (£14.7m). The Group has recognised an overall operating profit of £1.9m
(2022: £34.7m), a decrease of -94.5%. As the Group manages its performance internally at an Adjusted operating profit1 level,
Adjusted operating profit1 decreased by -40.1% to £28.8m (2022: £48.1m). This information which shows a decline in Cyber Security
gross profit and overall profitability and an improvement in Software Resilience gross profit and overall profitability is disclosed below
and reconciled to profit after taxation:
2023
2022
Revenue
Cost of sales
Gross profit
Gross margin %
Cyber
Security
£m
Software
Resilience
£m
Central
and
head office
£m
270.8
(184.7)
86.1
31.8%
64.3
(18.4)
45.9
71.4%
–
–
–
–
Group
£m
335.1
(203.1)
132.0
39.4%
Administrative expenses 2
(70.7)
(14.7)
(5.2)
(90.6)
Adjusted EBITDA 1
Depreciation and amortisation 3
15.4
(8.5)
31.2
(0.6)
Adjusted operating profit 1
6.9
30.6
(1.2)
(1.6)
(12.3)
(5.8)
(0.1)
(2.4)
(8.2)
22.3
(3.0%)
34.7%
Amortisation of acquired
intangibles
Share-based payments
Individually Significant Items
Operating (loss)/profit
Operating margin %
Finance costs
(Loss)/profit before taxation
Taxation
(Loss)/profit after taxation
EPS
Basic EPS
Adjusted basic EPS 1
(5.2)
(3.5)
(8.7)
(3.0)
(0.5)
–
(12.2)
n/a
41.4
(12.6)
28.8
(10.0)
(2.2)
(14.7)
1.9
0.6%
(6.2)
(4.3)
(0.3)
(4.6)
(1.5p)
6.1p
Cyber
Security
£m
Software
Resilience
£m
Central
and
head office
£m
258.5
(166.2)
92.3
35.7%
(53.2)
39.1
(7.2)
31.9
(0.9)
(2.1)
–
56.3
(16.0)
40.3
71.6%
(17.5)
22.8
(0.8)
22.0
(4.8)
(0.3)
(0.9)
–
–
–
–
(2.7)
(2.7)
(3.1)
(5.8)
(2.9)
(1.5)
–
Group
£m
314.8
(182.2)
132.6
42.1%
(73.4)
59.2
(11.1)
48.1
(8.6)
(3.9)
(0.9)
28.9
11.2%
16.0
28.5%
(10.2)
n/a
34.7
11.0%
(3.7)
31.0
(8.0)
23.0
7.4p
10.8p
1
Adjusted EBITDA, Adjusted operating profit, and Adjusted basic EPS are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting
items. Further information is also contained within the Financial Review.
2 Administrative expenses excludes depreciation and amortisation, Individually Significant Items, amortisation of acquired intangibles and share-based payments.
3 Depreciation and amortisation excludes amortisation of acquired intangibles.
Individually Significant items (ISIs) incurred during the year
amounted to £14.7m. These items are represented mainly by
an impairment in Goodwill of £9.8m for the North American
Assurance business following the recent reduction in spend
by technology clients and £4.2m in relation to fundamental
reorganisation costs as we reshaped the Group to implement
the next chapter of the Group’s strategy. The impairment of
North American Goodwill has been recognised based on the
annual assessment of circumstances as at 31 May 2023. ISIs
also include costs associated with the strategic review of our
Software Resilience business (£3.0m) and an impairment of
Goodwill (£3m) relating to our Danish business following its
reorganisation. These were partially offset by a profit on
disposal of our DDI business (£4.7m).
Profit before taxation decreased -113.9% to a loss of £4.3m
(2022: profit of £31.0m) following the above revenue and gross
profit performance, increased ISIs (mainly the impairment of
North American Assurance Goodwill) and increased borrowing
costs. Consequently, profit after taxation decreased -120.0% to
a loss of £4.6m (2022: profit of £23.0m) giving rise to a basic
EPS of (1.5p) (2022: 7.4p); Adjusted basic EPS1 amounts to 6.1p
(2022: 10.8p).
At 31 May 2023, our cash conversion1 was 102.9% (2022: 101.9%).
Net debt1 amounts to £79.6m (2022: £85.0m). Net debt
excluding lease liabilities1 amounts to £49.6m (2022: £52.4m).
Total borrowings (including lease liabilities) offset by cash and
cash equivalents amounts to £79.6m (2022: £85.0m).
12
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�In Software Resilience:
• We expect revenue growth in low single digits, underpinned
by sustainable actions successfully taken on pricing and sales
execution. The operating profit growth will be delivered net of
in-year systems investments that will realise newly identified
contribution efficiencies of c.£1m from FY25 onwards
The Board is confident that continued execution of the strategy
will deliver double-digit revenue growth and mid-teens operating
profit margins from FY26 onwards.
Strategy
• Execution of the Next Chapter strategy progressing well
following key leadership appointments with deep industry
recognised expertise
• New global delivery and operations centre opened in Manila
in September 2023
• New distinct brand for our Software Resilience business will
roll out early in 2024
Mike Maddison
Chief Executive Officer
28 September 2023
A global leader
We have faced a number of challenges this year. We’ve had to
make some difficult decisions to ensure we are set up to achieve
our purpose – to create a more secure digital future.
I want to thank colleagues for their support during the
challenges this year. They have been truly remarkable and
the resilience they have shown in the circumstances has been
inspiring. And it’s this resilience, which provides the foundations
for us to execute our strategy and make NCC Group the global
leader in Cyber Security, and Escrow Software Resilience services.
We will emerge as a more confident and sustainable business
built around the needs of our clients – one that is set up to adapt
to our ever-changing industry.
This confidence is already starting to emerge as our strategic
roadmap (Clients, Our capabilities, Global Delivery and
Differentiated brands) begins to yield tangible results. Our
relentless focus on being a global, agile and client focused
business led by my new leadership team with recognised deep
cyber industry experience, is resonating with our stakeholders.
I’m particularly proud of the efforts of a multi-disciplinary team,
who have enabled our new global operations and delivery centre
in Manila to launched in September 2023. Not only do we have a
fully staffed business ready to go, led by Saira Acuna, who
previously ran our sales and client experience team in the APAC
region, but we’ve also won work that we wouldn’t previously
have won as a result.
This is just one example of the progress being made across the
strategy and if we continue to execute on what we said we would
do – the future is bright.
FY24 current trading
Current trading in line with expectations with:
• Cost efficiencies across Cyber Security and corporate
functions already being realised
• Global Professional Services sales orders stabilised, no
material clients lost, however North America revenue performance
experienced in H2 FY23 is currently annualising through H1
FY24 giving rise to YoY double digit Q1 revenue decline
• YoY double digit Q1 revenue growth in Global Managed Services
• YoY single digit Q1 revenue growth in Software Resilience
against a low comparator
Outlook
• The Board expects FY24 to be a period of considerable
change for the Group, targeting a modest improvement in
Group Adjusted Operating profit driven by both the Cyber
Security and Software Resilience businesses
In Cyber Security:
• We expect low single digit revenue growth driven by stronger
performance in high value Managed Services, including XDR.
This will offset the annualisation of the sales declines in North
American Professional Services and UK Professional Services
experienced during H2 FY23
• Identified various cost efficiencies across Assurance (Cyber
Security) and corporate functions as announced in the June
2023 trading update and are on track to meet these
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
13
Strategic report�Our business model
Resetting for future growth
We draw on our expertise, capabilities and global footprint to develop solutions tailored to
sectors most at risk to meet current and future cyber challenges. We help to educate policymakers
and regulators and we give back to protect our local communities. To address the changing
landscape NCC Group needs to continually evolve. In February 2023 we launched our next
chapter strategy, resetting how we go to market aligned with our clients’ changing needs.
Read more on market dynamics on page 16
Inputs
How we create value
e
s
n
o
p
s
e
R
t
n
e
d
i
c
n
I
r
e
b
y
C
M a n a ged Services
I n n ovation
I
n
t
e
l
l
i
g
e
n
c
e
t
h
Insig
Escro w
Technical Ass u r a n c e
C
o
n
s
u
l
t
i
n
g
&
I
m
p
l
e
m
e
n
tatio
n
Insight (page 22), innovation (page 30) and intelligence (page 38) are
in our DNA, helping us to meet future challenges, adapt to changing
environments and deliver exceptional value for our clients.
At the heart of our proposition is a global delivery model, from our
new state of the art centre in the Philippines, to our hubs in Australia,
Europe, North America, Singapore and the United Kingdom. This enables
us to deliver our complete range of cyber and escrow services in the
most efficient and cost effective way for our clients.
Sustainable growth strategy
In a fast-moving and complex environment,
our strategy puts clients’ needs first, with a
roadmap of investments designed to develop
future capabilities and a global delivery model
to provide clients with the best solution.
People-powered, tech-enabled
We are a diverse global community of talented
and creative individuals, working together and
united by the same goal – to make the digital
world safer and more secure.
Culture of innovation
With our roots stretching back to the 1990s
we have a track record of being at the cutting
edge of innovation. NCC Group was created
in 1999 when the National Computing Centre
sold its commercial divisions to its existing
management; from there we continued to
grow through acquisitions. And while history
is important, so is the future, with innovation,
insights and intelligence the core elements
of our DNA.
Stronger partner relationships
We are active members of the global cyber
community, working in collaboration and in
partnership with key industry players. Many
successful global partnerships have delivered
integrated, seamless solutions to clients.
Market-leading reputation
We understand our clients’ challenges and the
risks to their business. We continually enhance
our global delivery model to bring our insights,
intelligence and innovation together to help
clients understand and improve the cyber
resilience posture.
Read more on our strategy on pages 24 to 27
14
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�How we create value
We operate two distinct businesses offering clients
a range of services to help secure their digital assets:
CYBER SECURITY
Providing clients with a clear understanding of cyber threats and
vulnerabilities. We help them maintain their licence to operate,
by achieving governance, compliance and accreditation objectives.
By implementing remediation plans and solutions, we enhance their
resilience against cyber threats. We offer the option to outsource
cyber defence operations, as well as complementing existing
resources, to reduce risk, achieve greater resilience and give
confidence in detecting and responding to cyber threats.
Read more on pages 32 to 33
SOFTWARE RESILIENCE – ESCROW
Specialist solutions that protect business critical technology
and software applications. Our proposition safeguards buyers
from various risks, provides robust business continuity, secures
long-term availability of essential business software, and offers
assurance and guidance for application management. And with
our Escrow-as-a-Service proposition, we facilitate a secure
transition to the cloud, enabling clients to adopt cutting-edge
technology with confidence.
Read more on page 34
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Value creation
Colleagues
We strive to create a safe and respectful
environment where everyone is empowered
to be their very best, able to follow their
vocation and say with conviction that what
they do helps make our digital society safe
and secure.
Clients
Our resilience solutions enable clients
to confidently innovate and embrace
new technologies, and build responsible,
sustainable and resilient organisations
that thrive and succeed.
Our network
We engage proactively to ensure our insights
and vision deliver the best societal outcomes
in support of our mission. Our expertise provides
access to basic cyber knowledge for the
communities we live and work in.
Shareholders
We operate responsibly aiming to create an
inclusive and diverse workplace, taking action
to reduce our impact on the environment.
We strive to be an ethical, responsible employer
and supply chain partner to ensure future
long-term growth and return on investment
opportunity for our shareholders.
Read more on stakeholder engagement
on pages 40 and 41
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
15
�Meet the CTO
Q&A with Siân John
Siân John was appointed
Chief Technology Officer
(CTO) in July 2023. She joins
NCC Group from Microsoft and
is the current Chair of techUK’s
Cyber Security Management
Committee and a council
member for the Engineering
and Physical Sciences
Research Council (EPSRC), the
funding body for engineering
and physical sciences research
in the UK. She was awarded
an MBE in 2018 for services
to Cyber Security.
Q. Tell us a bit about your career so far
I’ve been immersed in technology for over 30 years and 25 of
those in cyber, starting off in the Houses of Parliament looking
after IT for the guys who carry the mace. I’ve since worked for
a number of major technology businesses, most recently with
Microsoft where I had a range of strategic Cyber Security roles.
The pace of change in the industry has been relentless, which
is one of the reasons I find this space so fascinating.
Q. What is your overall approach and ethos when
it comes to Cyber Security?
Security is often seen as a barrier to growth because
of a consensus that you can either be secure or productive.
But that’s simply not true. If we bake security into our products
and processes in a way that reflects the right level of risk,
it will actually unlock productivity. Security becomes
a competitive advantage.
I think it’s incumbent on us as Cyber Security advisors
to have digital empathy – and by that, I mean a real understanding
of the impact security measures have on the user. If we start
from that perspective, we typically end up with better solutions
to challenges that businesses face.
Q. What attracted you to NCC Group?
This is a business that is so well respected in our industry
because of the quality of its people.
NCC Group is known for having technical abilities at the
bleeding edge, and so the opportunity to work with some of the
brightest minds globally was one I simply couldn’t turn down.
Q. Talk to us about NCC Group’s insight, intelligence
and innovation
This is what gives us a position in the market that no one else
can match, and an offer to our clients that is incredibly strong.
Firstly, insight. We work with thousands of clients across
the world. We see directly the challenges they are facing.
We understand their pressures. We have a deep understanding
of what’s happening today, and where it might go tomorrow.
And we bring this to every client engagement.
We then add intelligence – our ability to see what threats are
out there in the wild in real time. What are our adversaries doing?
What techniques are they using? And what is the impact?
This means our advice to clients is solely focused on the
risks that matter.
And finally, innovation. This is where we drive the market
forward through our research – shaped by the challenges
we see our clients facing and the passions of our experts.
This is a combination that is unique to NCC Group and what
gives me so much confidence about our future.
16
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�This is a business that is
so well respected in our
industry because of the
quality of its people.”
Siân John
CTO
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
17
�Market dynamics
Operating in a dynamic market
The ever-changing threat landscape and exponential digital transformation, coupled with
society’s continued reliance on digital technologies and increasing regulatory and legislative
requirements, mean investment in Cyber Security and Software Resilience is not optional
and NCC Group’s addressable market continues to grow.
A changing threat landscape
2022 was another year that kept us on our toes. The threat
landscape was heavily influenced by the conflict between Russia
and Ukraine, during which we have seen the whole arsenal of
offensive cyber capabilities, deployed by criminals, hacktivists
and nation state groups. Though perhaps not the “cybergeddon”
that some expected from the next big global conflict, we have
seen state-sponsored attacks ramp up, with cyber warfare
proving to be critical across this hybrid cyber-kinetic battlefield.
The threat from ransomware will remain. However, we are seeing
an evolution in the way groups operate not only because of
law enforcement intervention but also co-operation among
governments and regulations to tackle the problem. Groups will
continue to diversify operations and we have started to see less
focus on encryption of data and more emphasis on exfiltration
of data along with an increase in the use of distributed denial
of service attacks.
Threats will persist and organisations must remain vigilant
and understand how they could be exposed and take steps
to mitigate any risk.
CIRT cases by impact techniques (2022)
4040+
Ransomware: 40%
Business email
compromise (BEC): 33%
Coin mining: 13%
Banking malware: 7%
Data breach: 7%
Analysis of our cyber incident response team’s (CIRT) activities
show that successful ransomware attacks (where data encryption
was actually achieved and not just the prior phases) are only slightly
more common than business email compromise (BEC) attacks.
2021
2022
Total hack and leak cases year on year
There has been a general upward trend from July – December, showing that threat actors have now
begun readjusting after any major internal changes (rebranding or redistributions) and thus are able
to compromise more victims.
s
e
s
a
c
k
a
e
l
d
n
a
k
c
a
h
f
o
r
e
b
m
u
N
350
300
250
200
150
100
50
0
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
18
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
+
33
33
+
+
13
13
+
+
7
7
+
+
7
7
M
M
�Society’s ever-growing reliance on digital technologies
There is no slowdown of the exponential digital transformation,
with investment continuing to be made in technologies, from the
increasingly ubiquitous use of machine learning and large language
models to significant public and private investment in future
telecommunications networks and quantum computing. Digital
supply chains upon which our connected environment depends
are complex and interdependent, a reality that’s been driven
home, too, by heightened geopolitical tensions and conflicts.
Increasing regulatory and legislative requirements
Governments around the world are trying to respond to a threat
landscape that is more dynamic than ever. We are seeing significant
growth in regulations and legislation globally, creating an ever more
complex environment for organisations to navigate and make sense
of, and we expect them to focus their cyber investments on
meeting growing regulatory requirements.
What is more, we expect the trend of growing cyber regulation
to continue as thinking converges that: improved cyber resilience
is ultimately an issue of national security; the rising cost of cyber
crime needs to be tackled; and (better) regulation should unlock
growth, as the assured safety and security of digital technology
will drive trust, confidence and therefore uptake.
As a result, we expect to see more coherence and co-ordination
of policy and regulatory initiatives across like-minded governments
around the world. For example, the governments of the UK, Canada
and Singapore published a joint statement of intent on Cyber
Security for Internet connected products. It signalled the three
governments’ intention to promote global alignment on standards
and security requirements, reducing “duplication of testing and
similar assessments and the challenge for industry of needing to
apply to multiple schemes underpinned by identical or very similar
requirements”. See pages 22 to 23 for how we are contributing to
the changes to cyber-related policies and regulations across the world.
Hotspot map representing concentration of global attacks
There were 230,519 observed Distributed Denial of Service (DDoS)
events over the whole of 2022. We can see from the below
graphical representation the proportion of yearly global attacks
levied against the ten most targeted nations.
% of total
1.06
45.08
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
19
Strategic report�Market dynamics continued
Increase in regulatory developments across our key operating regions
US National Cyber
Security Strategy
Significant shift away from
voluntary measures to regulation.
Digital Operational Resilience Act
(DORA)
Enacted.
NIS2
Enacted.
Cyber Resilience Act
In progress.
Cyber Solidarity Act
In progress.
Discussion paper on Australia’s
Cyber Security Strategy 2023–
2030: a new Cyber Security Act?
Privacy Act review
Security of Critical Infrastructure
(SOCI) Act
Telecommunications (Security) Act
Product Security &
Telecommunications
Infrastructure Act
NIS Regulations
Reforms progressing slowly.
App: Code of Practice
Consulting on software regulation
Other common trends include:
• Shifting the “burden for security” to those with the broadest
shoulders: The US National Cyber Security Strategy announced
a clear shift in responsibility for cyber to software vendors and
manufacturers in March.
• More confident regulatory interventions to define
dynamically what constitutes critical national infrastructure
in the digital sphere and make it more secure and resilient:
The UK announced plans to move forward with legislation
to reform its Network and Information Systems (NIS) Regulations
in November, extending its scope to managed service
providers, and giving the government powers to extend
the scope of NIS more easily.
• Efforts around improving incident reporting, driven by the
desire to improve visibility and situational awareness of the
threat landscape more holistically: The Australian government
launched an updated Critical Infrastructure Resilience Strategy
and Plan in February, outlining those activities the Cyber and
Infrastructure Security Centre (CISC) and critical infrastructure
community will pursue to enhance resilience, with a clear
focus on a greater role for the Trusted Information Sharing
Network (TISN).
• Greater emphasis on developing frameworks and principles
for regulating technologies rather than detailed regulatory
proposals per se: Attempts to govern artificial intelligence (AI)
are underway in many jurisdictions – a common trend appears
to be the desire to open AI decision making to greater scrutiny,
as seen in the UK’s AI Paper, the US blueprint for an AI Bill of
Rights, and the AI Risk Management Framework and the
European Commission’s AI Act and AI Liability Directive
proposals. Similarly, many jurisdictions are working on plans to
develop (and regulate) central bank digital currencies, while global
initiatives are underway by the Financial Stability Board, and the
Organisation for Economic Cooperation and Development (OECD)
to regulate crypto-assets and decentralised finance (DeFi).
NCC Group’s continued portfolio evolution
and differentiation
As Cyber Security threats change and technology develops
to counter them, organisations are demanding fewer, more
comprehensive solutions rather than having to manage an
increasing number of interdependent but separate tools.
As client needs change in this fast moving, evolving threat,
technology and regulatory landscape, we are staying agile
to best serve them – and deliver on our purpose.
We are investing in our cyber capabilities. Above all, that means
a broader portfolio addressing the full Cyber Security lifecycle:
• Maintain our high quality of Incident Response services
to help clients at their critical moments
• Enhance the suite of Managed Services we offer to deliver
a global, high quality managed security service that is led with
world-class threat intelligence capability, provides transparent
value, and is delivered through a consistent technology stack
and operating model
• Invest in our core Technical Assurance capabilities, such
as continuous, always-on cyber threat detection and
penetration testing
• Building additional Consulting & Implementation services
proposition to help C-suite buyers confidently meet
increasing Cyber Security requirements
20
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�As client needs change in this
fast moving, evolving threat,
technology and regulatory
landscape, we are staying
agile to best serve them –
and deliver on our purpose.”
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
21
Strategic report�It’s in our DNA
Insight
We understand the sectors our clients operate
in, including market trends, regulatory and
overall business environment, and the specific
threat landscape. We do this by investing in
research and data analysis, listening to clients
to understand the intricate details in their field
of operation.
The value to clients is solutions, which are relevant and personalised
and anticipate their current and future requirements. Through our
global capability we provide unique perspectives and strategic
advice to help clients make more informed decisions and ultimately
grow their business responsibly and sustainably.
22
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Insight
How insight supports our strategy
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
In focus
As the deadline to meet the UK Telecoms (Security) Act (TSA) compliance
looms large over the coming years, UK telecoms providers are under
pressure to ensure their systems and services are aligned with the TSA-
related Code of Practice (CoP).
While the UK is, in some ways, leading the charge with its TSA,
it’s actually part of an overall trend in global policymaking aimed at
creating a more secure and resilient telecommunications infrastructure.
Across the globe, governments in Europe, Canada, the United States,
Australia and Singapore have moved, or are moving quickly, to implement
telecoms security standards affecting thousands of industry businesses.
Beyond mandatory compliance, there’s also a compelling business case
for organisations to use the TSA, and its international equivalents, as an
opportunity to build more secure, resilient infrastructure.
Working with NCC Group’s government affairs team, and our industry
partners, our global team brings cyber expertise within the context
of telecoms and cloud services, to simplify these new regulations,
and explain not only what’s required but how achieving compliance
proactively can be a competitive differentiator.
To enable the UK – and societies
around the world – to take
advantage of innovation, it’s
important that government policies
and regulatory frameworks
accurately reflect and address
security challenges.”
Mike Maddison
CEO
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
23
Strategic report
�Our strategy
Executing our strategy
To be more client centric and
operate as a global firm, we are
restructuring how we operate.
This will help us achieve our
ambition, providing clients with
not only the best, but also the
breadth of NCC Group’s
ever‑advancing Cyber Security
and Software Resilience solutions.
We are engaging colleagues, helping them to get excited about
NCC Group’s future, building on the past, and identifying the role
they play in delivering for our clients. Every single person at NCC
Group takes responsibility for client delivery.
To co-ordinate, execute and track progress, we have created
a modest transformation office – bringing together, for the first
time, central co-ordination of strategy delivery for the Group.
This will help us continue to deliver value – creating a bright
new future for colleagues, clients and shareholders alike.
Over the next couple of pages, we outline each of our strategic
pillars, what we’ve achieved since the launch in February 2023
and what is coming up in the near to mid-term future.
Diji Akinwale
Director of Strategy and Transformation
This section provides more information on these four
elements, what we’ve achieved so far, how we will
measure progress, and our FY24 priorities in service
of our vision to become a truly global Cyber Security
and Software Resilience services provider capable of
delivering an end-to-end cyber solution that harnesses
our strengths in insights, intelligence and innovation,
accompanied by a fantastic client experience.
Link to risks:
A Strategy
B Cyber and information security
C Innovation and product development
D People and partners
E Market and competition
F Brand and reputation
G Quality and delivery
H Legal, regulatory compliance and governance
Read more on our risks on pages 70 to 80
Read more on our business model on pages 14 and 15
In February 2023 we announced our new strategy, signalling the next chapter of NCC
Group’s story and focused on:
Our clients
Deeper client engagement on the most
pressing Cyber Security and Software
Resilience needs.
Global delivery
Transitioning from an international
to a fully global business.
Read more on page 25
Read more on page 26
Our capabilities
Offering a broader service portfolio
addressing the full Cyber Security lifecycle.
Brands
Creating distinct and relevant brands for
our Cyber Security and Escrow Software
Resilience businesses.
Read more on page 25
Read more on page 26
24
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Our clients
Our capabilities
Deeper client engagement on the most pressing
Cyber Security and Software Resilience needs
Offering broader service portfolio addressing
the full cyber security lifecycle
What we said we would do:
In February 2023 we announced our plan to concentrate on
the rapidly growing, highly regulated sectors most vulnerable to
cyber risk. These sectors include financial services, technology,
media, telecommunications, government and public sector,
infrastructure, and industrials.
To implement this we are restructuring the organisation. This
means moving away from the previous regional P&L model to
establishing a global, revenue-focused team, aligned by regions
and the sectors identified above.
The aim of this restructure is to enhance our client relationships
through targeted expertise, while consistently assessing our
impact across different regions. This strategy will expand our
range of services within existing client relationships and better
capture the global scale of the insight, innovation and
intelligence we have historically delivered to clients.
What we have done:
Since initiating our strategy in February 2023, we’ve streamlined
our market approach by implementing a sales structure that
aligns our major regions by verticals. We have successfully
established this vertical alignment in the UK, and the same
structure is currently being scaled in North America.
For our smaller regions, we’ve strategically aligned them with
a country-centric focus, incorporating elements of the vertical
structure where suitable. This restructuring forms a crucial part
of our commitment to meet our clients’ needs more effectively
across various geographies and sectors.
We have also invested in Cheltenham and New York offices to
ensure our property portfolio echoes our commitment to client
service and reflects both the needs of our business and our colleagues.
We have also further established our strategic partnerships.
We have accelerated our strategic relationship with Microsoft
by delivering continued double-digit growth of XDR, achieved
‘Global Validation’ status from Microsoft, enabling greater
access to discount and Microsoft sellers and been awarded
a ‘managed account’ status by Microsoft, recognising our
investment and growth.
Beyond Microsoft, we have now signed a global partnership with
Splunk that enables better pricing for our clients and access to
wider Splunk sales teams.
What we said we would do:
We proposed that in the coming years, we would look to build
out a broader service portfolio addressing the full cyber security
lifecycle, including:
• Continuing to invest in our core Technical Assurance capabilities
• Maintaining high quality of Incident Response services to help
clients at their critical moments
• Further development of our Managed Services offering,
increasing annual recurring revenues (ARR)
• Building an additional Consulting & Implementation services
proposition to help C-suite confidently meet increasing
cyber security requirements
What we have done:
Since February 2023, when we announced our next chapter
strategy, we’ve actively sought to enhance global alignment
across our cyber security capabilities by establishing three
global capability groups, spearheaded by our new Chief Operating
Officer, Kevin Brown; see page 29. This structural shift aims to
better manage our global cyber security capabilities and our
global delivery and operations centre in Manila (see global delivery
pillar). This setup plays a vital role in driving global growth by
creating the capacity and ability to cater to our clients’ needs.
Our Managed Services sector was the first to align globally, and
has seen revenue growth of c.16% in FY23. This underpins the
positive impact of a more globally centred focus, particularly
under the leadership of Doug Klotnia, who joined NCC Group in
the second half of the financial year.
Our ongoing reputation for cyber can be seen in our recent
announcement to be one of the first six providers for the
UK NCSC’s new Level 2 Cyber Incident Response scheme.
This recognises our ability to help private and public sector
organisations (big or small) as well as charities recover from
cyber-attacks and should give buyers confidence about the
breadth of our capabilities.
Read more about this story on our newsroom: https://newsroom.
nccgroup.com/news/ncc-group-announced-as-an-assured-service-
provider-in-latest-ncsc-cyber-incident-response-cir-scheme-470825
Link to risks:
A Strategy
Link to risks:
A Strategy
B Cyber and information security
B Cyber and information security
D People and partners
E Market and competition
F Brand and reputation
G Quality and delivery
H Legal, regulatory compliance and governance
C Innovation and product development
D People and partners
E Market and competition
F Brand and reputation
G Quality and delivery
H Legal, regulatory compliance and governance
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
25
Strategic report�Our strategy continued
Global delivery
Brands
Transitioning from an international to a fully
global business
Creating distinct and relevant brands for our
Cyber Security and Escrow businesses
What we said we would do:
We promised we would globalise our delivery capabilities.
This would allow us to move from an international to a truly
global business and would involve building a global delivery
organisation with new leadership tasked with developing the
best skills through flexible resourcing, including a new global
delivery and operations centre, with implementation in FY24.
What we have done:
We have concluded our search process for a new global delivery
and operations centre and selected Manila as the location for our
new office. A sustainable site has been secured, with recruitment
(both internally and externally) underway and on track to be
operational in 2023.
To drive this accelerated launch, our experienced leadership
and implementation team have developed local relationships
with universities to attract the best skills that will complement
recruitment of experienced hires, alongside our global delivery
capability, and help deliver existing and new services to clients.
This launch of a global delivery centre has required us to rollout
a new scheduling system, Kantata, to our US region as the
precursor to a global rollout. Putting this system in place will
allow us to seamless schedule and allocate work from clients in
any region to any of our global delivery colleagues, whether they
are based in Manchester or Manilla.
What we said we would do:
In February 2023, we announced we would create distinct
and relevant go-to-market brands for both our Cyber Security
and Software Resilience businesses. These would help to us
to differentiate and grow our brand profile.
As part of our broader brand and marketing programme, we said
we would increase our focus at key industry events and be more
visible in market, and invest in sustained activity to build and
strengthen relationships at C-suite level in our target markets.
Finally, we said that we would better leverage our world-class
insight and intelligence, such as our regular research from
consultants or monthly Threat Intelligence reports.
What we have done:
We undertook the work to rebrand the Software Resilience
business and it will rollout from January 2024. You can read
more about this on page 34. Work is also underway for our Cyber
Security rebrand.
We’ve invested in significant presence at key cyber events such
as Gartner’s EU Risk and Security Summit 2023, and Black Hat
USA 2023 with bolt-on relationship building activity planned.
In the autumn of 2023, we will launch our own events
programme, for example, featuring our Global Head of Threat
Intelligence, among others, to add value to our clients and the
broader cyber community.
Link to risks:
A Strategy
Link to risks:
A Strategy
B Cyber and information security
C Innovation and product development
D People and partners
G Quality and delivery
E Market and competition
F Brand and reputation
G Quality and delivery
26
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
Strategy in
action in our
Cyber Security
business
Part of the vision for NCC Group is to become a go-to provider
of cyber services for decision makers through a greater focus
on clients, capabilities, global delivery and differentiated brands.
This means being able to leverage the moments when we add value
for our new and existing clients to create greater impact through
offering a broader range of services.
We demonstrate this with a case where we were brought in
to support an international organisation possessing a complex
on-premise and multi-cloud architecture. They had experienced
multiple Cyber Security incidents in recent years and brought
us in to provide consultancy services to consolidate and enhance
their Cyber Security posture quickly.
As part of the consulting services initially requested, our team
conducted a compromise assessment, where we deployed tools
to identify indicators of compromise that threat actors leave during
an attack. This led to us carrying out a high level review of its whole
infrastructure to identify any vulnerabilities that would present
a critical risk to its business operations, examining its external
attack surface (including its public cloud services) for potential
exposure of data or vulnerable services, analysing data sets related
to previous breaches for evidence of undetected data exfiltration.
As a result of this consulting work, the client was able to move forward
with confidence that there were no urgent issues to address before
thinking about the long-term requirements. One of the long-term
critical gaps identified during the consulting review was the lack
of ongoing protective monitoring.
Through our development of Managed Services, we were perfectly
placed to plan and implement a rapid deployment of our NCC Group
Managed XDR service using Microsoft Sentinel and Defender.
The initial launch of this service was completed within five weeks
and addressed the on-premise and high priority cloud infrastructure
requirements. Later phases completed the roll out to the whole
organisation and the client is moving forward with its programme
of security improvement in the knowledge its starting position is not
critical, and any new threats will be identified quickly if they arise
through protective monitoring.
We expect in future that much of our growth will come from our
ability to offer and embed a greater variety of services with our
clients. Our strategy enables this by ensuring that our expanding
range of capabilities can be delivered to clients across the globe.
This allows us to build on our historical strengths and create greater
impact for our clients across the full lifecycle of Cyber Security
decisions that they will make.
Read more on our cyber solutions pages 32 and 33
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
27
�We are a Company with a unique perspective.
Most Cyber Security business’s operate
from the outside in – they attempt to sell and
advise without having a real understanding
of what’s going on within a business’s
technology infrastructure. But we operate
from the inside out.”
Kevin Brown
COO
28
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Meet the COO
Q&A with Kevin Brown
Kevin Brown was appointed
COO in June 2023. He spent
20 years in high level UK
policing before moving to
BT in 2012, where he built
a $1bn managed security
services business. Most
recently, he has been
resident CISO for private
equity firm Insight Partners,
leading its “C-suite in
residence” programme
and working with cyber
companies to challenge
and refine their strategies.
Q. What attracted you to NCC Group?
I gave a lot of thought to what I wanted in my next role.
I was looking for three things.
Firstly, I only wanted to join a pure-play Cyber Security business.
This is where my passion lies. Secondly, I was looking for
a company with a clear vision and going for growth. And finally,
it had to have the right culture – somewhere that people were
supported to do brilliant work.
I found all three at NCC Group so in the end it was an easy
decision to make.
Q. What makes NCC Group different?
We are a company with a unique perspective. Most Cyber
Security businesses operate from the outside in – they attempt
to sell and advise without having a real understanding of what’s
going on within a business’s technology infrastructure.
But we operate from the inside out. We are often in privileged
positions where we gain an intimate knowledge of our clients’
challenges through our world-class incident response capability
or ongoing penetration testing. We are trusted to hold the
“tip of the spear”. And this means the subsequent consultancy
and end-to-end support we deliver is designed around the
specific needs of each client. This really sets us apart.
Q. Where do you see the biggest opportunities?
We are building out a set of services that will act as a natural
flywheel. There’s a sequential nature to what we do – one
informs the other and allows us to create deeper relationships
with our clients.
We have all the constituent parts, as well as from some of
the most significant businesses globally. This is simply about
knitting each element together – and we are already taking
some very meaningful steps forward.
Q. How do you view the global opportunity for
NCC Group?
We are already an international business. We have fantastic
client relationships and incredible talent in every major market.
The opportunity for us lies in greater global consistency –
ensuring shared best practice across markets – and flexibility
in resourcing, both of which will result in an even better service
for clients. Our new global delivery centre in Manila is a prime
example of how a global approach can make our business more
efficient, agile and scalable.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
29
Strategic report�It’s in our DNA
Innovation
The world around us continuously evolves and
so must how we operate to stay at the cutting
edge of our industry. We think forward, we adapt
and we’re not afraid to take calculated risks.
For our clients this means access to the latest Cyber Security
solutions that offer them peace of mind, knowing that, working
in collaboration, we’ll always be scanning and preparing for
threats to ensure their business stays operational.
30
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Innovation
How innovation supports our strategy
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
In focus
NCC Group drives for innovation, to improve
the security of the industry, our capabilities
and the way that we support our clients
Strategic partnership
Innovation thrives in the land of collaboration, which is why we have
built strategic relationships with industry leaders, allowing us to quickly
integrate cutting-edge technologies and capabilities into our solutions
providing well-rounded competitive offerings.
Expert Cyber Security professionals
Our Company strengths lie in the proficiency of our Cyber Security
experts. We lean upon this core strength to innovate our product and
services to provide continuous consultant-led solutions.
As an example of this, we continue to evolve our threat intelligence
capability to help our clients and the broader cyber community dealing
with the rapidly changing risk landscape. Our insights have been cited
in the press and clients are increasingly looking to us for intelligence and
advice and insights on their exposure and response. This has culminated
in our newest threat intelligence service, Online Exposure Monitoring.
Online Exposure Monitoring is an example of how we’ve built a partnership,
fed requirements and utilised our internal experts to create a new innovative
service that fits with our wider portfolio to solve multiple client problems.
Online Exposure Monitoring provides a lens that looks from the inside
out, creating continuous visibility into a client’s digital risk.
Our Company strengths
lie in the proficiency of our
Cyber Security experts.”
Siân John
CTO
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
31
Strategic report
�Our solutions
Cyber Security
INCIDENT RESPONSE
MANAGED SERVICES
Our global response capability provides immediate
support to clients under attack and in preparing for attacks.
In the event of an attack our service minimises disruption
to their business, mitigates threats, protects valuable data,
reduces financial loss and safeguards reputation by swiftly
identifying, containing and recovering from cyber attacks.
Our managed security services are known for delivering
high quality, consistent protection, informed by our
world-class threat intelligence. Our clients can expect
us to deliver solutions fit for their unique environment,
presented transparently. The outcome is real time threat
protection against a very sophisticated group of bad actors.
Impact
Sector: IT/technology
Impact
Sector: Education
Challenge: Highly sophisticated threat actor had
maintained elevated access over considerable part
of the environment for months.
Solution: NCC Group enabled the client to increase its
visibility in the environment while tracking the threat
actor’s activity and reverse engineer its custom tooling
to achieve a successful eradication outcome.
Value: The full extent of the compromise was identified,
and the threat actor was successfully removed from the
environment. The client improved its overall security
posture and additional recommendations to further
fortifyxthe environment were provided, as well as
additional reports to satisfy any enquiring authorities.
Revenue sources
• Non-recurring revenue but is an entry point for other
services that we offer
Strategic objectives
• Continue to evolve and maintain the high quality
we have today of this critical, niche service
Challenge: Ireland’s National Education and Research
Network organisation, HEAnet, was looking for a partner
for its new dedicated Security Operations Centre (SOC)
to support the Irish education sector’s fight against
cyber crime.
Solution: Building on a similar engagement for the
Netherlands (SURFnet), we are providing a Managed
Detection and Response (MDR) service, with 24/7
security information and event management (SIEM),
and security operation centre services, along with
rapid intelligence sharing.
Value: We provide a critical support service to HEAnet’s
offering to over 30 educational institutions in its network.
With our integrated, collaborative alert system, and ongoing
monitoring, HEAnet is able to provide institutions with the
knowledge they need to build strong defences and quickly
respond to evolving threats.
Revenue sources
• Largely recurring revenue
Strategic objectives
• As a future growth driver we are investing to enhance
our offer to increase annual recurring revenues, and gain
a larger share of our client’s Cyber Security spend
32
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�CONSULTING & IMPLEMENTATION
TECHNICAL ASSURANCE
Our Cyber Security experts work in collaboration with
our clients to identify potential vulnerabilities, develop
a strategy to mitigate these weaknesses, and then execute
the plan to strengthen the overall security posture to
protect valuable assets from potential threats.
Impact
Sector: Technology, media and telecommunications (TMT)
Challenge: Group executives lacked confidence in an
external security review and wanted an expert technical
opinion to drive security spend.
Solution: We baselined their technical capability and
researched their threat landscape. We expanded our
review into a comprehensive understanding of their
system security and produced a roadmap for security
investment and capability development.
Value: Provided peace of mind and a solution to reduce
the client’s attack surface, removed system vulnerabilities,
increased security awareness, and improved its ability to
monitor for and respond to threats.
Revenue sources
• Non-recurring revenue but with potential for other services
Strategic objectives
• As a future growth driver, we are investing in broadening
our portfolio of Cyber Security consulting services so
that we can better advise clients on their cyber risk
strategy and then help them implement technologies
and supporting processes that mitigate their cyber risk
We provide clients with proactive defence of their digital
assets through vulnerability assessment, penetration
testing, sophisticated adversary simulation, staff training,
third party assurance, and constant compliance and
security monitoring to enhance their system resilience
and data protection.
Impact
Sector: Technology
Challenge: The client lacked security coverage and
needed a partner to provide manual testing services and
manage critical vulnerabilities with remediation testing to
verify fixes were in place.
Solution: We provided the client with 24/7 coverage from
our global team, focusing on security testing and providing
reliable and effective coverage to help maintain the
security of its applications, as an extension to the in-house
security team covering multiple time zones and technical
specialities.
Value: The client had access to a global team of skilled
testers bringing diverse expertise and knowledge to
address potential security vulnerabilities. As a result
it reduced pressure on the in-house team and avoided
costly recruitment costs by outsourcing the capability.
Revenue sources
• Non-recurring revenue but with potential for
other services
Strategic objectives
• Invest in our core Technical Assurance capability,
including our continuous, always-on testing proposition
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
33
Strategic report�Our solutions continued
Software Resilience – Escrow
ESCROW AGREEMENT
ESCROW VERIFICATION
An Escrow Agreement is a simple and effective tri-party
arrangement with mutually agreed terms between the
software customer, software supplier and NCC Group.
Under the Escrow Agreement, the supplier periodically
deposits a copy of the software source code and
associated materials for secure storage within NCC
Group’s secure physical or virtual vaults, ensuring that the
material can be accessed and released should the need
arise. In the event of a release, the software customer
can utilise the escrow deposit to maintain the software,
working from the source code, whether that be in house
or by engaging with another supplier.
Impact
Sector: Renewable energy
Challenge: When solar energy pioneer BrightSource
wanted to develop large-scale innovative projects, its
partners and bankers needed insurance against any
potential risks that may disrupt the smooth construction
and operation of its plants.
Documenting the build and technical know-how through
IP escrow and verification added a level of reassurance
at every stage with key project milestones included tied
to the release of project funding.
Solution: To meet the needs of both BrightSource and
investors, NCC Group and BrightSource worked together
to develop a tailor-made business continuity and risk
management solution to allow investors to witness
important developmental stages themselves and to have
access to important documentation should the need arise.
Revenue sources
• Recurring annual revenue through contract renewal
Strategic objectives
• Increase our footprint in key growth areas of North
America, Australia and the critical infrastructure market
Software Escrow Verification tests the source code and
material held under the Software Escrow Agreement to
ensure it is correct and complete and can be rebuilt into
the working application, providing a higher level of
resilience and business continuity assurance.
Impact
Sector: Financial services
Challenge: One of our customers, a multinational systemic
bank, had two challenges:
(1) Risk aversion – storage of source code to mitigate crisis
scenarios where supplier was no longer able to provide
support for software deployed in house
(2) Regulatory – ability to demonstrate that the mitigation
process was a successfully stressed exit plan as
required by the PRA SS2/21 outsourcing and third
party regulation
Solution: An Escrow Agreement had been in place for
several years, but the appropriate level of verification had
not yet been completed. To meet the requirements of the
PRA SS2/21 regulation, a complete end-to-end Escrow
Verification was completed. This was conducted in a
clean environment at NCC Group, without reliance on
the software owner’s infrastructure, using the deposit
materials collated as a result of an Entry Level Verification.
Value: All results were documented in a comprehensive
report and distributed to all stakeholders. Successfully
delivering this verification demonstrates the scenario
of a release event and ensured that the application could
be built from the source code.
With the escrow arrangement and the confirmation of the
Independent Build Verification, the bank has the peace
of mind that it is compliant with the PRA requirements
and has a tried and tested plan, should anything happen
to its supplier.
Revenue sources
• Recurring annual revenue through contract renewal
and a schedule of verification tests
Strategic objectives
• Continue to increase our verification attach rate
to Escrow Agreements
34
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Meet the Global Managing Director
of Software Resilience – Escrow
Q&A with Andrew Lemonofides
Andrew was appointed as
Global Managing Director
for NCC Group’s Software
Resilience – Escrow
business in November 2022.
Before joining NCC Group,
Andrew was CEO of the then
AIM-listed Tungsten Network,
and Group Chief Strategy and
Transformation Officer of IWG
plc (formerly Regus). Prior to
that, Andrew held a variety
of leadership roles within the
technology sector, at Dell
Computer Corporation and
Toshiba Information Systems,
having begun his career
with IBM.
Q. What have you learned since joining NCC Group?
My greatest learning has been that the Software Resilience
business has more untapped opportunity than I realised.
In any business where revenue has plateaued, you expect to
find operating model inefficiencies. The ability to address these
comes down to the support from the Board, from the ExCom,
our people and our clients. I have found that in abundance,
with everyone becoming involved in, and committed to,
delivering sustainable growth through a plan that addresses
those operating inefficiencies to build the right foundations
that underpin growth. The future growth of the Software
Resilience – Escrow business hinges on continuing to put the
client at the centre of all that we do, radically simplifying our
processes and utilising new and emerging technology to
deliver an enhanced client experience.
Q. What are your achievements of note since stepping
into the role?
As a team, I am proud that we returned the business to growth
in H2 FY23 by focusing our sales and delivery teams on a single
objective – which was to meet the needs and requirements of
our clients. Overburdened with priorities, this was achieved
through identifying and focusing on the “critical few actions”,
which are transformative to our business, our bottom line and
our client experience. These included improving internal
communications, developing and launching a roadmap
to simplify our processes, and building and implementing
a credible growth plan.
We have witnessed a strong increase in colleague engagement
over the period and I am incredibly proud of not only what the
team has achieved, but the drive to be innovative in what we
deliver to our clients. Today, we have a team who believe in
themselves and in the value they are adding and who are
passionately committed to our clients and to achieving growth.
Q. What makes NCC Group’s Software Resilience
business different?
Without question our people, our offerings and our clients.
At the heart of our organisation are the teams that sell to,
support and deliver for our clients. I have spent a great deal of
time getting to know the team and listening to their input, which
has been used to help shape our change agenda. The commitment
and passion the team show continues to make me proud to have
each of them within the organisation.
Our product portfolio is impressive, not just software escrow,
but extending into many related products and offerings, which
are some of our best kept secrets. In FY24, we need to be far
more vocal about what we offer and what we can do to meet
our clients’ needs.
Our clients are highly innovative and working with them has
enabled us to change the way that we work to help deliver the
right solutions to them at the right time. At the end of the day,
our clients want to feel protected, safe and reassured that they
are receiving the best levels of service and that their needs
matter and are being answered.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
35
Strategic report�Meet the Global Managing Director
of Software Resilience – Escrow continued
I believe the future for
Software Resilience is bright.
There is opportunity within
our existing client base,
within the existing market
whitespace for acquiring
new clients, and within
new and emerging markets,
and we have new and
emerging products.”
Andrew Lemonofides
Global Managing Director,
Software Resilience – Escrow
Q. Where do you see the opportunity for
Software Resilience?
I believe the future for Software Resilience is bright. There is
opportunity within our existing client base and within the existing
market whitespace for acquiring new clients, and within new and
emerging markets, and we have new and emerging products. What
we need to maintain is a planned and focused approach, which
gives a rigorous approach to the way we manage and develop
our business. We will deliver on our simplified, scalable business
model to underpin our ability to realise the market opportunities.
Q. What are the key initiatives for FY24?
In FY24, we will continue to invest in simplifying our processes;
we will retire several duplicated systems, enabling us to have
a simplified and more effective client journey. We will build out
our presence in our existing markets, while also growing our
presence in both Europe and Asia. Another focus area for us
will be to expand our product portfolio and identify key market
adjacencies to further drive growth.
Added to this, we will launch our new brand, which will see us
move away from the Software Resilience name, amplifying our
brand presence and creating a distinct and separate brand
from NCC Group’s Cyber Security business.
In all, FY24 will be an exciting year for the business, as we
demonstrate what the team is truly capable of.
Q. How would you describe how the Software
Resilience business contributes to the performance
of the Group?
Our profitability and recent flat revenue performance clearly
make us a cash cow for the Group; however, with our team,
our client base and our growth plan, we can be so much more!
Q. How well known is Software Resilience in the
market?
It’s a little-known fact that NCC Group is the creator of software
escrow as a service, and today we are the world’s largest
software escrow provider. We protect and verify code for some
of the world’s leading companies and Government
organisations. But we don’t tell people enough – now all that’s
about to change! Back in February 2023, Mike Maddison, our
CEO, said that NCC Group would create distinct brands for both
the Cyber and Software Resilience businesses. I’m pleased to
say that as of now, we are on the cusp of rolling out our new
brand for escrow.
Q. What will be the new brand for Software Resilience,
and what difference do you think it will make?
I’m really excited about our own distinctive brand, Escode, that I
think will help us to differentiate and stand out in the market.
Visually it’s striking, but a brand is so much more than that. This
creates the opportunity for us to build our own identity, to
reconnect, and to engage with customers past and present,
helping us to build a better connection and creating an
opportunity to tell our story.
Q. When will we start to see the new brand in
the market?
We unveiled our new brand to colleagues in September 2023,
and expect Escode to be rolled out, including a new website,
early in 2024. Exciting times!
36
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Our new centre in Manila
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
37
37
�It’s in our DNA
Intelligence
We use, analyse and interpret the
vast amount of data we collate to make
strategic decisions – for our own business
and that of our clients through the solutions
we offer. We use technology, data and
machine learning to make smarter, data‑
driven decisions, to operate efficiently
and predict trends.
The value to our client comes from our ability to
turn that intelligence into smart solutions. And while
we utilise artificial intelligence and other technologies
to deliver services at a faster rate, and lower cost, it’s
the intelligence of our expert colleagues that provides
a higher quality and trusted service to our clients.
38
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Intelligence
How intelligence supports our strategy
S
t
r
a
t
e
g
c
i
r
e
p
o
r
t
In focus
Feeding intelligence into our Managed XDR solution – aligning
60 unique data feeds – helps our clients defend against the latest
indicators of compromise (IOCs) and attacker techniques.
We’re constantly assessing, investigating and aggregating threat
intelligence from the dark web, research and our learned insights
from client engagements across the globe.
Our intelligence provides for the deployment of defences against
the latest attacker techniques and IOCs.
Our clients are able to leverage NCC Group’s advanced threat
intelligence which feeds directly into our custom threat detections.
With a local presence in all
continents around the world,
we constantly enrich our
threat intelligence database
with global incident data –
we identify and discover the
threats that others do not.”
Siân John
CTO
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
39
Strategic report
�Stakeholder engagement
Listening to learn
We believe we have a responsibility to listen to our stakeholders,
considering all their needs, and using insights and learnings to improve
how we make important decisions. Our Code of Ethics guides us,
informing and helping us to build enduring and trusted relationships.
Listening insights are used to inform decision making at every level
of the organisation.
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Colleagues
We are a people-led, tech-enabled business and our colleagues around the world each play an important role in helping to make
the digital world safer and more secure.
The opportunity
• Know they are contributing to our success
• Feel confident they have the skills to do their job or are
supported to learn on the job
• Know what is expected of them through structured
and fair performance management process
• Have the opportunity to grow their career through our
learning and development offering
• Spend quality time with their line manager and feel listened to
How we listen and engage
• Regular virtual and in-person meetings at different levels
in the organisation with line managers and Executives
• Internal news and collaboration channels to connect
colleagues to what is happening and also enabling them
to easily share approved content
Clients
• Elected colleague forums and a works council (Europe)
where appropriate
• Quarterly engagement pulse and Non-Executive Director
led engagement sessions with colleagues (see page 95)
Highlights in 2022/23
• Launch of new Talent Partnership Framework to attract
diverse talent – entering into partnerships with Women
in Cyber Security (WiCyS), SANS Cyber Diversity, Uptree
and Dutch Innovation Factory
• Launch of a global Speak Up policy to provide clear guidance
and signposting to colleagues across our global teams
• Scoped and planned launch of gathering of diversity data,
due to launch in FY24
Rooted in our sector knowledge, we develop solutions tailored to the unique needs of our clients. Bringing our in-depth
understanding of the threat and regulatory landscape, we assist our clients in addressing their complex Cyber Security challenges.
The opportunity
• Using our research and intelligence expertise to understand
the threat and how that affects our customers’ operations
in their sector
• Using our insights to develop “right-fit” solutions, which
improve and enhance our customers’ current and future
cyber resilience
• The ability to work collaboratively with our clients, their
partners and broader supply chains
• Horizon scanning regulations and legislation, and
contributing to government consultations based on
understanding of future market needs
How we listen and engage
• Active account management
• Client satisfaction surveys and complaints procedure in
place Industry collaboration with investment in sector-based
approach to understand and mitigate risks of current and
future technologies
Highlights in 2022/23
• Streamlined our market approach implementing a sales
structure aligning our major regions by verticals. Smaller regions
have been strategically aligned with a country-centric focus
incorporating elements of the vertical structure where suitable.
This forms a crucial part of our commitment to meet our clients’
needs more effectively across various geographies and sectors
40
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Shareholders
We are committed to engaging with our shareholders, creating an opportunity to understand our business, the market, how we
are responding and the opportunity to secure growth.
The opportunity
• Financial performance
• Dividend
• Responsible long-term sustainable strategy
• Sound corporate governance and stewardship
How we listen and engage
• Strategic and financial updates issued via RNS Reach
and RNS respectively
• Regular meetings with investor relations, management
and Board members
• Investor roadshows after the full and half-year results
• Open-door policy with investors
• AGM
Suppliers
Highlights in 2022/23
• Appointment of NCC Group’s first Director of Investor
Relations in January 2023
• Implementation of investor management system –
Ingage IR – to improve how we communicate and engage
with both shareholders and analysts
• New strategy launched in February 2023, with investor
roadshow to build deeper understanding of our vision
• Following our trading update in March 2023, the management
team offered shareholders the opportunity to meet to discuss
what had happened and further engage how the new
strategy would address concerns
We engage with many different suppliers across our global business and value the role our supply chain plays in supporting
responsible business operations. Our procurement operations have been endorsed in line with industry best practice and we
proactively work with a consolidated supply chain network to drive innovation, deliver commercial value, mitigate risk and improve
operational benefit.
The opportunity
• Long-term trusted partnerships facilitating sustainable
overhead cost reduction and cost of sale margin improvement
• Fit for purpose contracts and payment terms, ensuring a safe
and responsible supply chain with suppliers delivering to
acceptable service levels and protecting NCC Group from
any long-term commercial inflation
How we listen and engage
• Regular meetings are held with key suppliers to help them
understand our strategy and future forecasting of service
• Due diligence completed at the beginning of our relationship
with suppliers and structured on-boarding process
Highlights in 2022/23
• Engaging existing suppliers in ESG to support our journey
to net zero
• Introduction of a consistent global supplier on-boarding
and due diligence process to gain better visibility and control
of third party risks
• Improved supplier relationship management process
implemented to drive better commercial value, operational
delivery and future innovation
• Successful progression and management of the Group’s real
estate strategy to provide quality and productive environments
Our network
Our expertise plays a pivotal role in shaping evidence-based policy decisions. By adopting a proactive engagement approach,
we harness our insights to contribute meaningfully towards a more secure digital society and differentiate ourselves in the market.
The opportunity
• Building on our technology heritage and our role as trusted
advisors to governments and regulators we provide independent,
technical expertise to improve cyber resilience policies
• By understanding and shaping new and emerging regulations
and policy proposals we can develop the right solutions to
prepare for our clients’ future needs and requirements
How we listen and engage
• Building alliances with global think tanks and foundations,
trade associations and campaign groups to pool resources,
amplify our messages and maximise impact
• Strategic relationships with national technical authorities,
and support for government initiatives across all our regions
through direct engagement
• Representation on senior government advisory panels
Highlights in 2022/23
• Engaged with regulators around the world to advocate for
the adoption of “Resilience by Design” shaping regulations
in Canada, Switzerland, the UK and India, paving the way
for our Software Resilience – Escrow services to effectively
support compliance
• Joined the United Nations’ intersessional consultation
on a new cyber crime convention, making recommendations
on how to improve international collaboration between law
enforcement authorities, promote cyber capacity building,
and protect the contribution of the industry in tackling
cyber crime
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
41
Strategic report�Culture
Our culture
At NCC Group we embrace
difference and are connected
by our purpose to make the
digital world safer and more
secure. Across our global
operations we form a
phenomenal network, working
together, collaborating and
innovating to support our clients.
We are guided by our Code
of Ethics and our values,
which define our behaviours
– treating everyone and
everything with respect.
This is the foundation of
our culture and we strive to
create an environment where
everyone is welcome, feels
safe and can be successful.
Our values
We work together
We have each other’s back
We are brilliantly creative
We look at things differently
We embrace difference
We respect each other
Our mission unites us as a global community.
Our colleagues are technically outstanding, and
work on challenging, exciting projects to protect
many of the world’s leading businesses. Our focus
is to create a culture where these talented colleagues
are supported to be their very best, and they feel
empowered with managers and leaders who inspire
them. We provide clarity on their role and as
a people-led business, support for wellbeing
is at the heart of our proposition.
Above all, we give colleagues the opportunity to
follow their vocation and say with conviction that
what they do makes the digital world safer and
more secure, whatever role they play at NCC Group.”
We take responsibility
We get things done in the right way
Michelle Porteus
Chief People Officer
42
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Wellbeing
Our work can be exciting and intense, delivered by passionate,
committed teams. We recognise the level of focus required to
deliver to high standards, and acknowledge that the pressures
of external and internal factors, when combined, can lead to
burnout. We’ve come through a pandemic where the focus was
very much on mental and physical wellbeing, into some challenging
economic headwinds – not just for NCC Group but also personally
for colleagues. This year we enhanced our wellbeing programme
to cover financial wellbeing too. As we headed into the Group’s
first redundancy programme in February 2023, the support was
welcomed by those impacted, and their teammates who remained.
Mental wellbeing
We have a global network of trained Mental Health First Aiders,
who provide support to their colleagues as required or requested.
This complements the Employee Assistance Programmes (EAP)
in place for colleagues around the world, as well as on the ground
support through the people team. All managers are offered training
in mental health awareness and throughout the year we run
various colleague engagement campaigns to ensure that
it’s always okay to talk about mental health.
Physical wellbeing
As we continue to evolve how we work, we have made decisions
to close offices and embrace hybrid working practices for those
close to our main office hubs. Colleagues are supported financially
to set up their homeworking space, to ensure they are operating
in a safe environment.
Financial wellbeing
In the US we ran our first financial wellbeing week providing
colleagues with an extensive programme of support on personal
budgeting, saving for the future, retirement and much more.
We also introduced a wellness bundle that supports financial,
physical and mental wellness.
Our UK financial wellbeing programme included introducing new
mortgage broker benefits and free one-to-one pension adviser
meetings as well as a host of other internal and external
resources for colleagues to access.
In Spain we ran two external training sessions to help colleagues
learn how to manage stress and build financial resilience.
Bringing it all together we also launched Perkbox, a global discounts
and perks app which also includes access to a wellbeing hub.
Professional development
NCC Group has become a hub for talent, a place where people
can develop personally and professionally. We offer a broad
range of career options across our technology, sales
and professional practices. We strive to create an inclusive
environment to grow, and we have an embedded transparent
performance management process to support this.
Performance management
Colleagues and their managers are encouraged to meet on
a regular basis to review performance, with a formal documented
review at the half and full year.
In the US, we changed the policy for new colleagues, to enable
them to access negative vacation of up to 40 hours within their
first six months (a period that is normally used to accrue future
time off) and putting emphasis on the balance of work and time
away from the business, ensuring they are empowered to take
time off to rest and recharge as needed.
The performance review plays an important role in supporting
colleagues’ personal development opportunities, while providing
role purpose and clarity. Career paths guide options, and our
commitment to internal mobility and the open approach to
vacancies support our ambition to retain our talented teams
and enhance careers within the Group.
In the UK we launched a new salary sacrifice benefit – Holiday
Buy Scheme – to enable colleagues to purchase up to five
additional days off. 18% of eligible colleagues took up the offer.
In FY23 504 colleagues were promoted to more senior roles,
64 colleagues took up new roles within the organisation,
and 518 colleagues were hired across our global operations.
In addition, long-service colleagues received additional days
off added to their annual allowance with the first milestone for
an additional day being four years.
Learning and development
In FY23 we brought the local training teams together as one global
team to enhance our learning and development programme. The
team is focused on building capabilities to support our move to
a global operating model – we’ll continue to invest in career paths and
equipping colleagues with the tools and knowledge to develop their
own careers, supported by our performance management process.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
43
Strategic report�Culture continued
Professional development continued
Colleague engagement
In 2022 we decided to move away from the annual colleague
survey to a more progressive way of measuring sentiment
on a quarterly basis. We partnered with Glint, the LinkedIn
engagement programme, with the benefits of managers having
direct access to results (while still preserving anonymity of
participants) and being empowered to own the results, the
conversation and actions locally with their teams.
This regular pulse is critical while NCC Group moves through this
phase of transformation in the next chapter of the strategy and
provides the executive team with a rounded view on how colleagues
are feeling. Other sources of feedback are also sought, and this
includes regular and very successful listening sessions hosted
by Non-Executive Director Julie Chakraverty (see page 113) and
local town halls, as well as the team meetings and one-to-one
sessions as part of the performance management process.
We use these sessions to encourage discussion and opinion
on executive remuneration and how this aligns with the wider
Company pay policy. Our designated NED also reminds colleagues
where the information can be located and answers any questions
as they arise.
In the UK, Spain and Australia we operate colleague forums, where
colleagues are elected by their peers to meet with management
on a regular basis to discuss what’s on their minds. And in the
Netherlands, colleagues have appointed representatives forming
a Works Council.
With the implementation of our new strategy and changing
organisation, we are refreshing our popular NCC Diamonds
colleague recognition scheme with the aim of relaunching
it in the second half of FY24.
Diversity and inclusion
We want to create an environment where all colleagues feel
psychologically, emotionally and physically safe to be authentic,
share their personal experiences and have equal opportunities
to achieve, and that is representative of the diversity of the
world they live in.
In 2020 we established our colleague resource groups in support
of our four focus areas: Gender, LGBTQIA+, Neurodiversity, and
Race and Ethnicity, and in 2022 we also launched an Accessibility
group. Each of the groups has a people team partner who supports
it in running engagement activities and making change happen.
Our colleague resource groups have been actively engaged in:
• Reviewing and editing our US and Canada Colleague Handbook
• Enabling the choice in use of pronouns in Workday – our HR
management system – and use of these in our Active Directory
and across our Microsoft tools
• Developing our first diversity data collection project to
enable us to benchmark where we are today and track year
on year improvement
• Changing the US holiday calendar from 2024 to enable
colleagues to observe Martin Luther King Jr. Day, in addition
to Juneteenth being observed from 2022
Colleague Resource Groups continue to actively create
engagement opportunities for the wider community, bringing
everyone together to learn, embrace and celebrate differences.
Gender diversity
As a UK-based company we see the requirement to publish
gender pay gap figures as a positive indicator of our progress
towards a fully inclusive workplace. From 2022 we extended
this practice to include North America and the Netherlands.
We are seeing steady progress but not as fast we would like it to
be. Pay gaps exist because genders are not represented equally
at different levels in the Company – not because we’re not paying
equally. NCC Group still has too few women at senior levels of the
organisation and while female representation has significantly
improved, and we see women moving from lower pay quartiles
to upper pay quartiles, we know there’s still much more to do.
Improving gender representation really matters to us. Overcoming
the barriers of inclusion to achieve a gender-balanced workplace
will take time and sustained effort, underpinned by a plan to drive
change. We remain committed to progress on inclusion for the
longer term, both for our current colleagues and future talent
coming into our industry.
45%
Direct reports to the Executive Committee5555+
55%
Male
Female
Undisclosed
*
Includes the CEO and CFO.
37%
63%
Board6363+
New hires in FY226565+
65%
26%
9%
44
56%
44%
Group
Executive Committee*5656+
7373+
25%
73%
2%
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
+
45
45
+
+
0
0
+
+
0
0
+
+
M
M
+
37
37
+
+
0
0
+
+
0
0
+
+
M
M
+
44
44
+
+
0
0
+
+
0
0
+
+
M
M
+
25
25
+
+
2
2
+
+
0
0
+
+
M
M
+
26
26
+
+
9
9
+
+
0
0
+
+
M
M
�NCC Group has
become a hub for
talent, a place where
people can develop
personally and
professionally.”
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
45
Strategic report�STRATEGIC REPORT
Non-financial and sustainability information statement
Championing sustainability
through strategic action
As a part of our commitment to bolstering sustainability, this year
marks an important milestone in our journey. We partnered with
Ever Sustainable to undertake a comprehensive materiality
assessment. This initiative has granted us the chance to engage
directly with our colleagues, clients and shareholders, and the
broader industry to benchmark our current standing, define our
future priorities and integrate sustainability deeply into our operations.
The change begins within
Recognising the vital role of sustainability, we assigned
a Board member, Non-Executive Director and Head of the Audit
Committee Lynn Fordham, to be responsible for sustainability
in January 2023. Last summer, the Board took part in a workshop
with our climate partner, Planet Mark, and now, with our new
sustainability strategy in place, we are ready to enhance
sustainability engagement at every level of our organisation.
Expanding our Climate Change Working Group to support TCFD
reporting, we are setting in motion a structure wherein each key
area identified in our sustainability launch report has executive
ownership and associated KPIs. This will enable us to measure,
track and report our progress, in alignment with our overarching
business strategy.
Read more on our strategy on pages 24 to 28
Upon completion of the materiality assessment, we proudly
present our inaugural sustainability strategy, available in our
detailed launch report.
Making the digital world safer and more secure
We recognise the paramount importance of Cyber Security as
the world becomes more connected and relies on technology
to progress. As a people-driven, technology-empowered global
Cyber Security and Software Resilience business, we provide
solutions that aim to make the digital world more secure and
resilient. Our focus extends from cutting-edge technologies
critical to achieving net zero transition plans, to fortifying existing
technologies against potential cyber threats. It’s what we
do every day for our clients.
To further share our expertise, we developed a global giving back
programme. This initiative empowers our colleagues to actively
protect our local communities and fosters the next generation
of cyber talent through partnerships and sponsorships.
Delve into our business model on pages 14 and 15
Explore our sustainability strategy launch report
We are wholly committed to doing
the right thing in the right way. It is
our responsibility to uphold the promise
we’ve made to our stakeholders, placing
sustainability at the core of our business
ethos. We are at the dawn of our journey,
and armed with a culture of resilience and
passion and a sustainability strategy shaped
by our materiality assessment, we look
forward to amplifying our positive impact.”
Mike Maddison
Chief Executive Officer
46
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�In preparation for reporting against the European
Union Corporate Sustainability Reporting
Directive (CSRD), we commissioned an
independent materiality assessment that sought
to understand stakeholder perception of how
an issue could impact the Company and how
the Company’s activities have an external impact.
This double materiality approach enables us
to consider both the risk and the opportunity.
Methodology
Based on the insights we have gained over the past few years
from our stakeholders – from rating agencies to colleague surveys
and client bid requests – we decided to assess impact against
26 topics across environmental, social and governance factors.
It was important to us that we didn’t restrict this list or close out
any risks or opportunities, and we gave stakeholders further
opportunity to comment on anything they thought was missing.
The assessment process sought to integrate industry research,
risk, opportunity and impact analysis and insights gained from
the stakeholder engagement process. These were then converted
into quantitative scores where possible.
Taking a multidimensional approach to materiality
3. MANAGE
1. MAXIMISE
Diversity and inclusion
Employee
engagement
Data privacy
and ethics
Employee mental
health and wellbeing
GHG emissions
l
s
r
e
d
o
h
e
k
a
t
s
o
t
e
c
n
a
c
i
f
i
n
g
S
i
Energy management
Waste and e-waste
Labour practices
and human rights
Professional development
Cyber Security
Executive
remuneration and
incentivisation
Supply chain
management
Product innovation
and impact
Product design and
lifecycle management
Product accessibility
and inclusion
Social value
Community outreach
Digital capabilities
and access
Opportunities
in cleantech
Anti-bribery
and corruption
Product security
Systemic risk
management
Sustainability
awareness
and capability
Biodiversity loss
Selling practices and
product labelling
Climate adaptation
4. MONITOR
Impact on the business/external impact
2. MITIGATE
1. MAXIMISE
2. MITIGATE
3. MANAGE
Diversity and inclusion
Supply chain management
Executive remuneration
and incentivisation
Labour practices
and human rights
Energy management
4. MONITOR
Social value
Product accessibility
and inclusion
GHG emissions
Data privacy and ethics
Professional development
Cyber Security
Employee mental health
and wellbeing
Employee engagement
Product innovation and impact
Waste and e-waste
Community outreach
Opportunities in cleantech
Sustainability awareness
and capability
Digital capabilities and access
Systemic risk management
Climate adaptation
Product security
Anti-bribery and corruption
Product design and
lifecycle management
Selling practices and
product labelling
Biodiversity loss
Key:
Environmental
Social
Governance
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
47
Strategic report
�Non-financial and sustainability information statement continued
Taking a multidimensional approach to materiality continued
In assessing the relative importance of the topics in our materiality assessment we used the following process:
Setting the scope
Assigning values
Prioritising topics
Step 1
Define and decide the final list of
topics keeping scope broad enough
to capture the best possible picture.
Step 2
Identify the main risks, opportunities
and impacts of each topic.
Step 5
Map each topic onto a matrix to help
visualise the relative importance.
Step 3
Assign values for outward and inward
impacts and a likelihood rating for risks
and opportunities associated with
each topic, combining to define a final
impact value to plot on the X-axis.
Step 4
Input outcome of stakeholder
engagement with each topic scored
on its significance to the stakeholder
group, weighted on importance and
size of the sample group.
Step 6
Prioritise the topics, linking to the
NCC Group purpose, vision and strategy
to determine where resources should
be allocated to have the greatest
impact, minimise risks and maximise
opportunities for the business.
Using materiality to drive strategy and impact
The materiality assessment helped us to identify what environmental, social and governance issues were most material
and significant to our business and stakeholders. We looked at the topics plotted on the matrix through four lenses to
do this and to identify areas to maximise, mitigate, monitor and manage.
3. Manage
• Engage with stakeholders to gather views
on the issue
• Disclosure level determined by
regulation/stakeholder feedback
1. Maximise
• Issues that are core to the sustainability strategy
• High level of disclosure to demonstrate ambition
and progress
l
s
r
e
d
o
h
e
k
a
t
s
o
t
e
c
n
a
c
i
f
i
n
g
S
i
4. Monitor
• Monitor the issue for changes to materiality
• Lower level of disclosure
2. Mitigate
• Build understanding and internal capability
to mitigate potential impacts
• Transparent disclosure needed
Impact on the business/external impact
48
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�The materiality assessment is just the start, and we will now
develop specific goals and targets within our control in line
with our business objectives and stakeholder expectations.
Enhancing our approach to sustainability enables us to mitigate
risks (see page 70) and take advantage of new opportunities for
growth and innovation – something that is at the heart of NCC
Group’s DNA.
Securing our future
We firmly believe that our purpose and approach to sustainability
are intertwined, ultimately securing our future as a business.
Central to our purpose is the drive to make the digital world
safer and more secure, building a global Cyber Security and
Software Resilience capability that enhances and advances
sustainable development.
Read more in our Q&A with Siân John on page 16
With a new framework, informed by the materiality assessment,
we will continue to improve not only how we report and adhere
to reporting regulations, but more importantly how we continue
to drive responsible business practice.
The full detail of this and how that led to our new framework
can be found in the sustainability strategy launch report.
Sustainable development relies on the adoption of digital
technologies. The transition to a greener, more equitable
and inclusive society manifests through the development
of innovative solutions such as smart cities, renewable energy
grids and clean transportation, as well as the accessibility
and widespread adoption of remote education and healthcare
solutions. However, these transformative benefits can only
be fully realised when these digital solutions are resilient
and trusted, which requires robust Cyber Security measures.
By advancing Cyber Security solutions and capacity building,
we are facilitating a secure digital space that allows for the
full potential of these sustainable initiatives to be unleashed.
This makes Cyber Security not merely a defensive measure
but a proactive enabler of progress and development.
Our purpose to make the digital world safer and secure transcends
all five pillars of The United Nations Global Goals – peace, prosperity,
people, the planet and partnerships. Digital transformation is a
key enabler for all 17 of the Sustainable Development Goals
(SDGs). Through effective global partnerships, we can ensure a
safer, fairer world for everyone, in our increasingly digital lives.
Our purpose and our vision as a people-led, tech-enabled
business position us as an essential partner in digital
transformation and sustainable development.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
49
Strategic report�Non-financial and sustainability information statement continued
Climate action
Greenhouse gas (GHG) emissions
For the second consecutive year, NCC Group’s Scope 1, Scope 2
and Scope 3 emissions were calculated and verified by Planet
Mark in line with the GHG Protocol Corporate Standard. Planet
Mark calculated this from verified third party data and invoices
as part of our overall carbon certification. Note the certification
has not been independently audited by KPMG.
Scope 3 emissions for transmission and distribution, and travel
distances were calculated using the units of energy consumption
and travel distances provided respectively, multiplied by the
relevant BEIS emissions factors. Some conversions were used,
for example gigajoules (GJ) to kilowatt-hours (kWh) and miles
to kilometres (km).
The reporting period is aligned with our financial reporting year
– 1 June to 31 May – and details GHG emissions from activities
for which NCC Group is directly responsible. Having considered
the production metrics within the business, we have concluded
that annual turnover is the most appropriate to achieve
a benchmark, which aligns with the carbon reduction policy
and methodology we will work towards in FY24.
Our benchmark was set against a year still impacted by
restrictions on travel caused by the global pandemic, and
therefore this year we’ve observed an increase in travel and
office usage. This has led to a temporary rise in our overall
carbon intensity.
Scope 3 emissions are not complete in FY23 – a survey was
sent to our top suppliers (circa 80% of global spend) and to
colleagues but neither received the response rate required
to provide accurate benchmark data for their respective
calculations. Our priority in FY24 is to improve on this with
an engagement plan.
As a people-led business, this revitalisation of travel and
face-to-face time was essential, and this is something impacting
other businesses too. Despite the overall increase in emissions
we were successful in reducing emissions per colleague by
4.6%, which is one of our metrics as we mature our carbon
disclosure reporting capability.
In FY23 we committed to improving the data collection process
required from landlords. We significantly improved the number of
offices in our calculations through improved landlord engagement,
as well as extending coverage of our external data centres.
We have outlined our commitment to decarbonisation and our
continuing net zero journey in our new sustainability strategy -
and this includes focusing on including the relevant Scope 3
categories in future reporting. Once we have an accurate report
on our emissions, we can then work with Planet Mark, and other
experts where applicable, to set credible, science-based targets
to achieve net zero before 2050.
Our focus continues on improving data, to fully understand
the source of our emissions, and to enable us to set credible,
science-based reductions to achieve net zero before 2050.
By net zero, we follow the guidance from Planet Mark, which
is aligned to the principles of the Science Based Targets initiative
(SBTi) Corporate Net-Zero standard, which requires us to reduce
absolute emissions across all three Scopes by at least 90%.
Emissions by type (%)
74+
Electricity: 74%
(2022: 78.1%)
Heat and
steam: 1%
(2022: 0.4%)
Natural gas: 9%
(2022: 15.1%)
Company car
travel: 6%
(2022: 1.1%)
Electricity and heat
and steam (tCO2e)
Gas (tCO2e)
979
999
298
189
125
80
2020/21
2021/22
2022/23
2020/21
2021/22
2022/23
Company owned cars (tCO2e)
Business travel (tCO2e)
Business
travel: 10%
(2022: 5.3%)
47
2020/21
13
2021/22
72
135
29
67
2022/23
2020/21
2021/22
2022/23
50
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
1
+
9
+
6
+
10
+
M
�Source
Scope 1
Gas
Company vehicles
Diesel
Petrol
Hybrid
Fleet fuel – petrol
Total Scope 1
Scope 2
Electricity
Heat and steam
Company vehicles – electric
Total Scope 2
Total Scope 1 and 2
Scope 3
Business travel
Transmission and distribution losses
Heat and steam transmission and distribution losses
Fleet transmission and distribution losses
Total Scope 3
Total Scope 1, 2 and 3
Total GHG tCO2e
2021
2022
2023
tCO2e
change
from
previous
year
% change
from
previous
year
80.0
189.1
124.7
(64.4)
(34%)
22.6
24.2
—
—
46.8
126.8
5.2
2.1
4.0
—
11.3
3.0
12.3
—
43.0
58.3
200.4
183.0
297.8
924.5
979.0
—
—
297.8
424.6
29.1
—
—
—
29.1
453.7
4.9
1.9
931.3
1,131.7
66.7
54.9
0.3
—
121.9
19.8
13.7
1,012.5
1,195.5
134.7
52.9
—
0.3
187.9
(2.2)
10.2
(4.0)
43.0
47.0
(17.4)
54.5
14.9
11.8
81.2
63.8
68.0
(2.0)
(0.3)
0.3
66.0
(42%)
485%
(100%)
—
415%
(9%)
6.0%
304%
621%
9%
6%
102%
(4%)
(100%)
—
54.0%
10.0%
1,253.6
1,383.4
129.8
Underlying energy use
The table below shows the proportion of energy use that occurs in the UK and non-UK countries alongside the total carbon emissions.
In FY23, 43% of the Group’s energy consumption and 35% of carbon emissions arose from the UK.
Area
UK
Non-UK
Total
Intensity metric
1 June 2021–31 May 2022
1 June 2022–31 May 2023
Comparison
FY23 energy use
FY23 carbon emissions
kWh
2,201,099
2,925,189
5,126,288
% of global
energy use
43%
57%
100%
Total emissions (tCO2e)
% of global emissions
484.5
898.9
1,383.4
View our full
carbon report
on our website
35%
65%
100%
Amount
4,453,010.00
5,126,288.00
15.10%
Total per £m turnover – location based
Turnover
(£m)
315
335
6.30%
Total emissions
(tCO2e)
Intensity per turnover
(tCO2e)
1,253.00
1,383.40
10.40%
4.00
4.10
2.50%
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
51
Strategic report�Non-financial and sustainability information statement continued
Disclosure index
The following table provides readers with an index of where to find relevant non-financial
information within this Annual Report and Accounts, in line with the Financial Reporting
Directive requirements contained in sections 414CA and 414CB of the Companies Act 2006.
Where relevant, additional information is signposted to further support the requirements.
Policies and standards
which govern our approach
Annual Report and Accounts
section reference
Page
Website resources
Reporting topic
Climate‑related
disclosures
• Environmental policy
• Sustainability report
• TCFD report
• Principal risks and uncertainties
• Stakeholder engagement
• Sustainability report
• Stakeholder engagement
• Remuneration Committee report
• Our culture
• Sustainability report
• Stakeholder engagement
• Sustainability report
• Stakeholder engagement
• Culture
• Sustainability strategy
launch report
• Planet Mark certification
• Streamlined Energy
Carbon Report
• Sustainability strategy
launch report
• Sustainability strategy
launch report
• Sustainability strategy
launch report
• Sustainability strategy
launch report
53
70
40
40
115
42
40
40
42
103
14
70
103
Colleagues
• Whistle-blowing policy
• Code of Ethics
• Disciplinary and grievance policy
Social and
community matters
Respect for
human rights
• Modern slavery statement
• Code of Ethics
• Supply chain Code of Conduct
• Giving back policy
• Matched funding policy
• Modern slavery statement
• Data privacy policy
• Global equal opportunities and
diversity policy
Anti‑bribery
and corruption
• Anti-bribery and corruption policy
• Gifts and entertainment policy
• Sustainability report
• Audit Committee Report
Business model
• N/A
• Our business model
Principal risks
and uncertainties
• Risk register
• Principal risks and uncertainties
• Audit Committee Report
52
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�TCFD
Evolving our sustainability agenda
We are pleased to present NCC Group’s second annual report in accordance
with the Task Force on Climate-related Financial Disclosures (TCFD).
TCFD reporting helps organisations like ours disclose climate-
related financial risks and opportunities in a structured way.
Each pillar of our report includes a table detailing our current
disclosure and areas of focus for 2024.
Our assessment indicates a low risk of exposure to physical
and transitional climate changes, thanks to our business model.
However, we acknowledge the high importance of mitigating
greenhouse gas emissions, which emerged as a priority from
stakeholder feedback in our recent materiality assessment.
We continue to partner with Planet Mark, a leading sustainability
certification organisation, to calculate, verify and target
reductions in our carbon footprint and support our commitment
towards net zero before 2050.
We recognise the considerable opportunities presented by the
growing climate-focused market. Our collaborations with clients in
industries such as electric vehicles, renewable energy, operational
technology and other climate-friendly technologies underscore
our readiness to seize these opportunities for sustainable growth.
In alignment with the financial Listing Rule 9.8.6R(8) – which
mandates climate-related disclosure for all UK listed companies
– we have produced a comprehensive TCFD Report. Our report
covers the four pillars recommended by TCFD: governance,
strategy, risk management, and metrics/targets and the
11 disclosures recommended by TCFD except as noted below.
To ensure consistency across our report, we adhered to section
C of the TCFD Annex, titled “Guidance for All Sectors”.
As a result the following are documented as partially compliant
with further detail available within this report:
• Strategy B and C – we are in the process of considering
financial implications of climate scenarios into our financial
planning and in the next reporting period will look to
develop a quantitative scenario analysis and integrate
into financial planning.
• Metrics and Targets B – Scope 3 emissions are limited to
business travel, electricity and distribution losses, heat and
steam transmission and distribution losses. We continue to
improve data collection from suppliers and understanding of
colleague commuting impacts to enhance our reporting across
other Scope 3 categories, through various planned engagement
activities in the next period.
Governance
TCFD recommended disclosure
Compliance
NCC Group disclosure
Focus areas for FY24
Governance
A. Describe the
Compliant
Board’s oversight of
climate‑related risks
and opportunities
• From the 2023 materiality assessment,
set goals for FY24, with at least quarterly
updates through the CFO report, to show
progress against the plan and continue to
mature the process by which the Board will
oversee progress against the targets for
addressing climate-related issues.
• Meet at least quarterly with the nominated
NED responsible for sustainability to reflect,
discuss and ensure actions are being taken.
• Continue to develop NCC Group’s net
zero journey and broader sustainability
strategy with oversight and input from
the Board.
• The Board has appointed the Head
of the Audit Committee as the lead
Non-Executive Director responsible
for sustainability. Monthly updates
are provided via the CFO report to the
Board as well as directly from regular
(at least twice per year) discussions
with the Director of Investor Relations
and Sustainability with the full Board,
including an update on progress
against the Group’s goals and targets
where appropriate.
• The Board takes overall accountability for
the management of climate-related risks
and opportunities and considers them as
part of its overall risk review processes.
For example, the Board (and management
team) applied a range of relevant ESG
criteria to facilitate conscious decision
making on the location of NCC Group’s
new global delivery centre to support
execution of the strategy.
• We are in the process of incorporating
ESG criteria into the Group’s budgetary
planning process and financial planning
for FY25.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
53
Strategic report�TCFD continued
Governance continued
TCFD recommended disclosure
Compliance
NCC Group disclosure
Focus areas for FY24
Governance continued
B. Describe the
Compliant
management’s role
in assessing and
managing climate‑
related risks and
opportunities
• A new role was created in January 2022
to bring sustainability and investor
relations together. The newly appointed
Director of Investor Relations and
Sustainability (formerly Director of
Corporate Affairs and Sustainability),
reporting to the Chief Financial Officer,
provides advice and updates to the
Executive Committee on climate-related
issues as and when relevant.
• An Executive Risk Management (ERM)
Committee, established in 2021, which
meets quarterly addresses climate risk
as part of that process.
• Continue to mature NCC Group’s net zero
journey, including improvement of
collation of Scope 3 emissions.
• Review and update the terms of reference
for the Climate Change Working Group in
line with the materiality assessment and
integrate into the existing Board and
executive governance processes.
• Once all new executive members are
appointed and upon completion of the
sustainability strategy, identify executive
ownership for each element including
climate change and how this is supported
through the Climate Change Working Group.
• Integrate the output from the double
materiality assessment conducted in FY23
into our newly launched business strategy,
to incorporate key ESG considerations
into decision making where relevant.
Lynn Fordham, the lead Non-Executive Director for Sustainability,
was appointed by the NCC Group Board Chair. In addition to her
position as the Head of the Audit Committee, Lynn’s role is to
oversee the Company’s sustainability strategy, ensure its
integration with the overall business strategy, and provide
regular sustainability updates to the Board.
While there is no specific Board committee for environmental
issues, an Executive Risk Management (ERM) Committee chaired
by the Director of Global Governance addresses these issues.
The ERM meets bi-monthly and is attended by our CEO and CFO.
It discusses, among other risks, sustainability and environmental
challenges, which are then reported to the Board.
From March to May 2023, we conducted our first materiality
assessment considering both inward and outward impacts (see
page 47 of the Annual Report for details). This exercise involved
various stakeholders, including shareholders, colleagues and
clients. The results formed the foundation of our newly launched
sustainability framework, which outlines our priority areas for
the next one to three years.
As NCC Group’s business strategy evolves, the sustainability
framework will be integrated into our strategic planning.
An engagement programme is being developed to ensure that
our internal stakeholders, including the Board, are informed, and
engaged on not just climate change but all priority sustainability
topics. This programme will feature training sessions, workshops
and continued awareness-building initiatives.
The Board and the Executive Committee are committed to
communicating their dedication to addressing climate change.
This will be demonstrated through our annual Sustainability
Report and reinforced through other appropriate internal and
external communication channels throughout the financial year.
How ERM fits into the Group Committee structure
Board
Audit Committee
Cyber Security Committee
Enterprise Risk
Management (ERM)
Committee
ExCom
E
x
t
e
r
n
a
l
a
n
d
I
S
O
a
u
d
i
t
o
r
s
t
i
d
u
a
l
a
n
r
e
t
n
I
The above diagram shows how the Enterprise Risk Management Committee feeds into the Audit and Cyber Security Committees,
which in turn reports to the Board. Actions are also driven back down from the Board as reflected in the above diagram.
54
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Strategy
TCFD recommended disclosure
Compliance
NCC Group disclosure
Focus areas for FY24
Strategy
A. Describe the climate‑related
risks and opportunities the
organisation has identified
over the short, medium
and long term
B. Describe the impact
of climate‑related risks
and opportunities in
the organisation’s
business strategy
and financial planning
Compliant
Partially
compliant
• See tables on page 56 describing risks and
opportunities, which were selected based on
location of our existing business and known
climate change risks affecting the broader
region we operate in.
• An impact in our ability to meet climate-related
disclosures that are required by clients in their
capture of Scope 3 emissions. Each sector we
operate in has its own requirements, because
of legislation and their own commitments. Not
understanding or assessing this could have an
impact on NCC Group’s ability to meet the
requirements in a contract.
• Climate-related taxes, or fines for non-compliance
could impact the business if we fail to take action.
• Our ability to raise capital to invest in growth,
may be restricted if we fail to make progress
on climate related action, which forms part of
sustainable lending requirements.
• As part of the verticalisation element of our
strategy, we are undertaking research to ensure
we meet the broader ESG criteria that applies to
our clients. We are creating a knowledge bank for
sales teams and will conduct regular briefings/
updates through internal channels.
C. Describe the resilience of
the organisation’s strategy,
taking into consideration
different climate‑related
scenarios, including a
2OC or lower scenario
Partially
compliant
• We have conducted an initial quantitative
analysis against two scenarios of 1.5 OC and 4 OC.
• Monitor actions arising from
the risk register.
• Develop a knowledge
management repository that
supports sales/bid teams in
accurately representing how
NCC Group supports clients
in meeting their specific
climate-related disclosures.
• Working in collaboration with
strategy, marketing and public
affairs, ensure that environment
and broader sustainability
considerations are built into the
understanding of client needs
by sector and by region.
• Develop the initial scenario
analysis and integrate, aligned
to NCC Group’s strategy
development, into future financial
and strategic planning activities
as our net zero journey matures.
In our ongoing commitment to the TCFD’s Strategy pillar, we are
not only advancing our approach to managing climate-related risks
but also actively pursuing growth opportunities within the climate
change sphere. We’ve formed strategic partnerships, such as our
collaboration with Planet Mark, to help us lower our carbon footprint
and develop more sustainable business practices. As a proud
member of techUK’s Responsible Business Community, we’re
also exchanging insights and best practices with industry peers
to collectively address climate change.
In early 2023, we appointed our first Director of Strategy, who
will play a crucial role in our internal Climate Change Working
Group. This group is currently tasked with evaluating the
potential impact of climate change on our business operations,
identifying both risks and opportunities. To date, the group has
been focused on improving the collation of climate-related data
to assess our current state and instrumental in helping to
progress our ambitions to set achievable targets for reducing
our carbon emissions over the next five years. New terms of
reference for this working group are to be defined along with
clearly identifying how it is embedded into our existing
governance process from the Board down.
Our focus is not limited to risk mitigation but extends to
exploring opportunities where we can make a positive impact.
This includes improving the energy efficiency of our operations,
collaborating with our landlords and requesting renewable
energy sources, and identifying ways our technology solutions
can contribute to our clients’ sustainability efforts. As we
continue our climate change journey, we are committed to
regularly reporting our progress against these objectives,
showing transparency in our endeavours, and constantly
seeking ways to better our efforts.
Climate-related risks
Our comprehensive risk management framework (summarised
in the Risk Management section of the Annual Report on pages
70 to 80) has been instrumental in identifying and assessing
climate-related risks. We categorise these risks into:
• Short term (less than one year) – based on short-term regulatory or
policy changes impacting climate-related risks and opportunities as
well as existing forecasting processes considered by management
which are reviewed and evaluated on an annual basis.
• Medium term (one to five years) – based on regulatory changes
that may affect climate-related risks and opportunities.
• Long term (more than five years) – based on the likely timeline
of international agreements and commitments, technological
trends and changes to policy or carbon pricing and their
impact on our operations, client services and supply chain.
For instance, short-term risks might include immediate regulatory
changes or extreme weather events, while long-term risks could
be major shifts in our industry driven by the transition to a low carbon
economy. Each identified risk is paired with corresponding mitigation
measures, such as implementing energy-efficient technologies
or diversifying our supply chain, aimed to reduce our vulnerability.
While these risks apply to the Group as a whole, we do recognise
that certain locations face unique challenges. For example, our
operations in coastal areas are more susceptible to rising sea
levels and increased frequency of extreme weather events.
For a more detailed understanding of the climate-related
risks and opportunities we face, please refer to the table
below. It provides a snapshot of the specific challenges we’re
addressing and the strategic responses we have undertaken.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
55
Strategic report�TCFD continued
Strategy continued
Climate-related risks continued
Risk
Risk impact
Short/medium/long term
Regions impacted
Mitigating activities
Physical risks
Extreme weather
(acute)
Causing business disruption
and loss of service delivery
and therefore revenue
Short to medium term
Sea level rises
(chronic)
Increased likelihood of
flooding in Delft and
Amsterdam offices causing
increased insurance premiums
Long term
• Business interruption cover
• Business Continuity Plans
• Remote working in place
• Dutch flood defences in place
All but particularly
North America
(San Francisco)
and Europe (Delft
and Amsterdam)
Europe – Delft and
Amsterdam offices
Transition risks
Increase in taxes
and levies for
greenhouse
gas emissions
Disruption and increased
costs to ensure compliance
with new legislation
Medium term
Depends on
local legislation
Move to net zero
Increased costs required
to lower emissions
Long term
Global
Margin risk
Impact on results due
to extra costs incurred
to lower emissions
Medium term
Global
Reputation risk
Increased stakeholder
concern and changing
customer behaviours
Medium term
Global
Supply chain risk
Substitution of existing
products and services with
lower emission options
Medium to long term
Global
56
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
• Working with Planet Mark
to calculate our carbon
footprint, ways to reduce
it, and colleague and
Board engagement, and
helping progress our net
zero journey
• Remote delivery of client
services where possible
• Company car scheme
only for electric and hybrid
vehicles (UK)
• Annual calculation of
Scope 1 and 2 emissions
with Scope 3 emissions
collation started
• Rigorous and transparent
budget setting will
identify increasing costs
associated with carbon
emissions reduction
• Accounting policies
regularly reviewed
• Rigorous and transparent
budget setting will
identify increasing costs
associated with carbon
emissions reduction
• Ongoing dialogue
with investors
• Benchmarking and
independent reviews
undertaken through a double
materiality assessment
• ESG information
publicly available
• Scope 3 questionnaires sent
to supply chain partners
equating to 80% of our spend
• Business Continuity Plans
• Reviewing office strategy
�Opportunities to further reduce NCC Group’s impact
on the environment:
Resource efficiency: By embracing more efficient modes
of transport, promoting recycling, encouraging hybrid working
models and operating within efficient buildings, we can lessen
our environmental footprint, improve colleague satisfaction and
reduce operational costs. For instance, removing unnecessary
travel not only reduces our carbon emissions but also empowers
colleagues with more control over their work-life balance,
contributing to improved morale and productivity (anticipated
medium to long-term benefits).
Energy source: Our transition to lower emission energy sources,
underpinned by the introduction of an electric/hybrid car scheme
for all UK colleagues, demonstrates our commitment to sustainable
practices. By giving colleagues access to green car options, we
are mitigating our exposure to future fossil fuel price fluctuations
and regulations. It also addresses our colleagues’ material
concerns, fostering a culture of environmental responsibility and
enhancing overall job satisfaction (medium to long-term impact).
Market: As industries evolve in response to climate change,
we’re strategically positioned to leverage these transformations.
For example, by partnering with companies transitioning into
alternative energy sources or working on projects involving smart
meters, electric vehicles, IoT technology for waste reduction and
cloud data centres, we anticipate strengthening our market
position and enhancing our reputation as a sustainable and
innovative enterprise (short to medium-term outlook).
Resilience: Our sustainable business model increases our resilience
to climate-related risks, demonstrating our commitment to being
a responsible and ethical supply chain partner. This commitment
to sustainability not only aligns us with an increasingly eco-aware
market but also empowers us to lead in the space, fostering
a culture of innovation and responsible business practices (short
to long-term perspective).
Scenario analysis
To understand the risks and opportunities our business faces
considering climate change, we have conducted a quantitative
scenario analysis using two distinct scenarios: a “<2°C” scenario
(Scenario 1), where global warming is limited to less than 2°C
with net zero achieved by 2050, and a “4°C” scenario (Scenario
2), where the goal of net zero by 2050 is not reached. A summary
of the scenarios selected is provided below.
These scenarios are chosen to reflect the diverse spectrum
of possibilities that could unfold due to different levels of global
effort to curb climate change. In the context of these scenarios,
“transition risks” refer to the challenges associated with the shift
towards a lower carbon economy, while “physical risks” denote
the potential damage caused by climate change itself.
In terms of the risks selected, these were based on physical
locations and the nature of our business in key locations of
North America, the UK, Europe and Asia Pacific. We are in the
process of flowing this into our financial planning and will continue
to do so as we mature our climate action planning and reporting.
Under Scenario 1, we anticipate higher transition risks due to
rapid shifts in regulatory and market conditions, but the physical
risks would be significantly reduced due to the effective global
action on climate change. Conversely, Scenario 2 predicts lower
transition risks but considerably higher physical risks due to the
lack of substantial progress towards climate goals.
We’ve further broken down these risks by timeline, classifying
them as short term (less than one year), medium term (one to
five years), and long term (more than five years). The table below
offers a comprehensive overview of NCC Group’s potential
exposure to both transition and physical risks under each scenario.
While our current analysis is qualitative, we are working towards
quantifying these risks and opportunities as we progress towards
our net zero targets and improve our data collection across Scope
1, 2 and 3 emissions. At this point, we don’t foresee a significant
impact on our Financial Statement disclosures based on our
materiality assessment results see page 47 of the Annual Report
and known near to mid-term regulatory developments. However,
we will continuously monitor both transition and physical risks,
adjusting our mitigation strategy as necessary.
Risk type
Risk
Risk impact
Scenario
Short term
(<1 year 2023)
Medium term
(1–5 years 2024–2029)
Long term
(>5 years >2029)
Physical
risk
Rising sea
levels
Risk to NCC Group offices
located in high risk areas, e.g.
Delft, as well as colleague and
customer homes resulting in
business disruption
Flooding
Impact to service quality and
disruption to systems, increased
costs to relocate colleagues
Transition
risk
Increase in taxes
and levies
Disruption and increased
costs to ensure compliance
with new legislation
Margin risk
Impact on results due to extra
costs incurred to lower emissions
Reputation risk
Increased stakeholder
concern and changing
customer behaviours
Supply chain risk Substitution of existing
products and services with
lower emission options
1
2
1
2
1
2
1
2
1
2
1
2
Low
Low
High
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
High
Low
High
Medium
Low
Medium
Low
Medium
High
Medium
Low
High
Low
High
High
Low
High
Low
High
High
High
High
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
57
Strategic report
�TCFD continued
Strategy continued
Financial planning
We recognise the significant implications of climate-related risks
and opportunities on our financial planning. We anticipate shifts
in our future business model and strategy in response to evolving
market conditions due to climate change. We foresee potential
changes in customer preferences towards more sustainable
products and services, along with possible disruptions in our
supply chain due to extreme weather events. These factors are
thoroughly considered in our business strategy development.
Our business strategy has been designed to be resilient to future
economic and climate-related scenarios. And by running regular
scenarios we can test that resilience, and ensure it’s considered
in future business strategy development, enabling us to adapt
accordingly, without disrupting or negatively impacting
current operations.
The scenarios are based on industry insights, which were used
in the expert input into our materiality assessment. We will look
to assess the potential financial implications of various climate
scenarios and factor these into our revenue forecasts, expenditure
Risk management
plans and asset valuations from FY25 onwards. This will include
a detailed analysis of potential climate-related liabilities and their
impact on our financial stability.
Our future aspiration is to incorporate climate considerations
to influence future investment decisions by the Group, always
reducing our carbon footprint, and gradually divesting areas that
carry high climate-related risks. For now though, we are actively
working to improve our operational efficiency and addressing
things we can directly influence to reduce our impact on the
environment and realise cost savings.
In summary, our organisation is committed to integrating
climate considerations into our financial planning process.
We will continue to refine our approach as we gain more
data and insights into the evolving climate scenarios.
TCFD recommended disclosure
Compliance
NCC Group disclosure
Focus areas for FY24
Risk management
A. Describe the organisation’s processes
Compliant
for identifying and assessing
climate‑related risks
B. Describe the organisation’s processes
for managing climate‑related risks
Compliant
C. Describe how processes for identifying,
Compliant
assessing, and managing climate‑
related risks are integrated into the
organisation’s overall risk management
• Climate-related risks are managed
through our enterprise risk
management framework.
• Climate-related risks are documented,
mitigating actions are considered, a risk
rating is assigned and associated actions
are documented and followed up.
• Monitor actions arising
from the risk register.
• Monitor actions arising
from the risk register.
• Climate-related risks are managed
through our enterprise risk
management framework.
• Monitor actions arising
from the risk register.
As part of our robust materiality assessment, we conducted
in-depth, topic-based and industry research to identify our
most material sustainability issues.
Through a detailed materiality matrix, we also identified
opportunities to enhance our sustainability performance by
focusing on reducing GHG emissions, monitoring product design
and lifecycle management, and mitigating biodiversity loss.
Our approach is to address these opportunities through targeted
initiatives in cleantech, increasing sustainability awareness and
capability, and climate adaptation.
Addressing these issues will involve closer collaboration with our
supply chain, particularly our global landlords and our top suppliers.
A key initiative in this regard is our Data Centre Management
Strategy, aimed at reducing our energy consumption. In collaboration
with our web development partner, Nexer, we have successfully
reduced the energy consumption of our websites by 50%, applying
eco-design principles.
Climate-related risks are managed through our NCC Group
Enterprise Risk Management (ERM) framework. This framework,
which is detailed in the Risk Management section of the Annual
Report on page 70, uses a sophisticated risk model to assess
and score each risk based on likelihood and impact. Risks are
re-evaluated consistently to ensure we’re responsive
to evolving circumstances.
Our risk management approach combines “top-down strategic”
and “bottom-up operational” perspectives, fostering collaboration
and promoting efficient risk identification. With respect to climate-
related risks, we have outlined our strategies and targets for GHG
emissions reduction and biodiversity preservation.
These climate-related risks are integrated into our Principal Risks
section (page 70). The Executive Risk Management Committee
plays an active role in the ongoing review of these risks, their
mitigations, controls and associated actions. This Committee
meets on a regular basis and follows a stringent process for
identifying, assessing, responding to and escalating serious
concerns related to these risks.
We firmly believe that this integrated and transparent approach
will ensure effective risk management aligned with the principles
of TCFD, while driving our strategic objectives for sustainability.
58
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�How we manage risks
Secure leadership buy-in
Establish Committee oversight
e
m itt e
dit Co m
u
A
Obtain
assurance
Implement
internal
control
Ris
k
C
o
m
m
i
t
t
e
e
Perform
scenario
analysis
Adapt
ERM
Integrate
into
reporting
Assess
financial
impacts
Collaborate
across the
business
Use
existing
tools
Solicit
investor
feedback
Metrics and targets
TCFD recommended disclosure
Compliance
NCC Group disclosure
Focus areas for FY24
Metrics and targets
A. Disclose the metrics used by the
organisation to assess climate‑
related risks and opportunities
in line with its strategy and risk
management process
Compliant
• Improve Scope 3
data collection and
management to
accelerate NCC Group’s
net zero journey.
• Reporting of greenhouse gas emissions
for FY23 compared to prior years.
• Commitment to net zero before 2050
in line with the Paris Agreement with
regular reviews to improve as and when
broader Scope 3 data is available.
• Climate-related performance metrics
incorporated into Remuneration
Committee Report (see page 115). This is
in line with our Planet Mark certification
commitment to reduce greenhouse gas
emissions year on year. In our first two
years, we are aiming to reduce our total
greenhouse gas emissions by 5%
recognising that as our data collection
matures and improves, we may need to
re-evaluate. In FY23 we achieved a -4.6%
reduction in colleague intensity, but an
overall increase of 10% as we saw a
return to travel and office use following
the pandemic.
B. Disclose Scope 1, Scope 2, and,
if appropriate, Scope 3 greenhouse
gas emissions and the related risks
Partially
compliant
– Scope 3
emissions
still in their
infancy
C. Describe the targets used
Compliant
by the organisation to manage
climate‑related risks and
opportunities and performance
against targets
• Scope 1 and 2 greenhouse gas
emissions for FY23 vs FY22.
• Scope 3 emissions limited to business
travel, electricity transmission and
distribution losses, heat and steam
transmission and distribution losses.
• Supplier engagement to provide data
was limited in response.
• Colleague commuting data collated
as part of the materiality assessment but
not enough responses to
enable calculation.
• Set year two reduction in line with
Planet Mark recommendations of 5%. This
includes reducing colleague intensity by
2.5% (4.6% achieved in FY23), and market
intensity by 2.5%. We will also continue to
seek location intensity through better
understanding of our data and the steps
we can take to reduce our impact.
• Improve supplier and
colleague engagement
to gather required Scope
3 data from supply chain
activities and colleagues
in relation to commuting
and working from
home impact.
• Seek opportunities,
as NCC Group’s
management of climate
change matures, to
accelerate achieving
net zero before 2050.
Further details on our action to tackle climate change are provided in our Sustainability strategy launch report
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
59
Strategic report
�Meet the CFO
Q&A with Guy Ellis
Guy was appointed Chief
Financial Officer (CFO) in
June 2023. He joined the
business in July 2021 as
Group Commercial Finance
Director after senior commercial
roles at Asda, Mothercare
and Specsavers. We sat down
with Guy to find out his views
on all things finance. Prior to
his appointment to CFO,
Guy spent time as Interim
Managing Director of the
Software Resilience business
and latterly Interim Managing
Director of the UK and APAC
Cyber Security business.
Q. What do you think the role of a finance department
should be?
The most effective finance functions act as a strategic force
within a business. Within the NCC Group finance function,
we have the traditional finance teams, as well as governance,
legal, investor relations, sustainability and procurement.
Powered by the right data, the value is created when we
are working together to unlock the insights.
It’s what allows us as a function to challenge, provoke and
provide new perspectives.
Q. What are you going to bring to the role?
I’m experienced in driving through transformational change.
That’s what really excites me. I’m going to bring this experience
to the role to ensure we execute our strategy successfully.
In the short term I’m focused on standardisation and simplification
across our business. This is what will give us the foundations to
scale at pace globally.
And I will use financial insights to provide continual challenge
to both the executive team and the Board. I see that as a critical
element of my role.
Q. How do you view the current Cyber Security market?
The world is becoming more connected and Cyber Security
risk increases in tandem – so overall I have a positive outlook.
Yes, we suffered in the second half from changes to buying
habits from the West Coast tech giants and our UK clients,
but I’m confident that our strategy will see us able to better
navigate these short-term challenges, as well as thrive long
into the future.
Q. Where do you think the opportunities lie?
We have a business filled with incredible people. We have
technical abilities that are well respected within the Cyber
Security industry. We are building out our capabilities to offer
clients true end-to-end Cyber Security services designed
around their needs. And we are moving from an international
company to a fully global business.
The opportunities are significant. This is the right strategy.
Right now we are focused on relentless execution – and I am
certain we will come out the other side as the global leader
in our space, and a sustainable, adaptable, agile business.
60
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Financial review
2023 has been a challenging year for
the Group, as our expected revenue
performance, and consequently our
profitability, suffered from the market
dynamics within Cyber Security.”
Guy Ellis
Chief Financial Officer
2022/23 key activities
• Finalised the full operational review of the Software
Resilience business to create additional
Group contribution
• Completed a scheduled refinance process with
enhanced banking facilities
• Continued to demonstrate effective cash management
with strong cash conversion
2023/24 priorities
• Identify cost efficiencies across Cyber Security and
corporate functions, achieving in-year savings and full
annualised contribution from FY25 onwards
• Drive transformational change in processes and insights
to support the business as we embed our strategy
• Maintain strong cash conversion
Overview of financial performance
2023
2022
Revenue
Cost of sales
Gross profit
Gross margin %
Cyber
Security
£m
Software
Resilience
£m
Central
and
head office
£m
270.8
(184.7)
86.1
31.8%
64.3
(18.4)
45.9
71.4%
–
–
–
–
Group
£m
335.1
(203.1)
132.0
39.4%
Administrative expenses 2
(70.7)
(14.7)
(5.2)
(90.6)
Adjusted EBITDA 1
Depreciation and amortisation 3
15.4
(8.5)
31.2
(0.6)
Adjusted operating profit 1
6.9
30.6
(1.2)
(1.6)
(12.3)
(5.8)
(0.1)
(2.4)
(8.2)
22.3
(3.0%)
34.7%
Amortisation of acquired
intangibles
Share-based payments
Individually Significant Items
Operating (loss)/profit
Operating margin %
Finance costs
(Loss)/profit before taxation
Taxation
(Loss)/profit after taxation
EPS
Basic EPS
Adjusted basic EPS 1
(5.2)
(3.5)
(8.7)
(3.0)
(0.5)
–
(12.2)
n/a
41.4
(12.6)
28.8
(10.0)
(2.2)
(14.7)
1.9
0.6%
(6.2)
(4.3)
(0.3)
(4.6)
(1.5p)
6.1p
Cyber
Security
£m
Software
Resilience
£m
Central
and
head office
£m
258.5
(166.2)
92.3
35.7%
(53.2)
39.1
(7.2)
31.9
(0.9)
(2.1)
–
56.3
(16.0)
40.3
71.6%
(17.5)
22.8
(0.8)
22.0
(4.8)
(0.3)
(0.9)
–
–
–
–
(2.7)
(2.7)
(3.1)
(5.8)
(2.9)
(1.5)
–
Group
£m
314.8
(182.2)
132.6
42.1%
(73.4)
59.2
(11.1)
48.1
(8.6)
(3.9)
(0.9)
28.9
11.2%
16.0
28.5%
(10.2)
n/a
34.7
11.0%
(3.7)
31.0
(8.0)
23.0
7.4p
10.8p
1
Adjusted EBITDA, Adjusted operating profit and Adjusted basic EPS are Alternative Performance Measures (APMs) and not IFRS measures. See Note 3 for
an explanation of APMs and adjusting items.
2 Administrative expenses excludes depreciation and amortisation, amortisation of acquired intangibles, Share-based payments and individual significant items.
3 Depreciation and amortisation excludes amortisation of acquired intangibles.
2023 has been a challenging year for the Group, as our expected Revenue performance and consequently our gross profit and overall
profitability suffered from market volatility within Cyber Security in H2 2023 after a strong H1 2023. In particular, the Group
experienced buying decision delays and cancellations in the North American tech sector and to lesser extent our UK market for Global
Professional Services.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
61
Strategic report�Financial review continued
Overview of financial performance continued
Encouragingly, no material clients have been lost, however this
sharp market correction had a direct impact on our revenue,
direct utilisation, gross profit and ultimately our profitability due
to the level of employee costs in the business and recognition of
Individually Significant items that mainly relate to the impairment
of North American Assurance Goodwill. These headwinds have
further reinforced the need to implement the next chapter of our
Group strategy and identify cost efficiencies across Cyber
Security and corporate functions, achieving FY24 savings and
full annualised contribution from FY25 onwards.
Turning back in detail to our FY23 performance, Group revenues
increased by +1.5% (2022: +17.9%) on a constant currency basis1
and at +6.4% (2022: +16.4%) at actual rates. After considering
the prior year Software Resilience fair value revenue adjustment
(£4.4m), Group revenues were flat at constant currency1 (+5.1%
at actual rates).
In our Cyber Security business, the Europe, and UK and APAC
Cyber Security businesses grew on a constant currency basis1
by +3.9% and +3.0% respectively (+6.6% and +3.3% at actual
rates). Whereas our North American business declined -4.9% on
a constant currency basis1 (+5.5% at actual rates) following the
decline in tech sector spend.
Global Professional Services declined by -3.1% to £199.3m on a
constant currency basis1 (+2.0% at actual rates) with delivered
day rates increasing by +7.5% (2022: +2.1%) and direct utilisation
decreasing by -10.0% pts. Global Managed Services (GMS) grew
by +12.4% to £67.8m (2022: +6.7%) on a constant currency basis1
(+15.7% at actual rates). We experienced a net decrease of -107
technical heads (2022: +271) and lower attrition of 15.5% (2022:
20.9%) compared to the level typical of our industry.
in person global NCC Conferences in June 2022 for the first time
since 2019, estimated to amount to a total direct and indirect
impact of c.£5m year-on-year, of which c.£2.3m related directly
to the conferences (non-client travel costs).
Individually Significant Items incurred during the year amounted
to £14.7m. These items are represented mainly by an impairment
in Goodwill of £9.8m for the North American Assurance business
following the recent reduction in spend by North American
technology clients and £4.2m in relation to fundamental
reorganisation costs as we reshape the Group to implement the
next chapter of the Group’s strategy. The impairment of North
American Assurance Goodwill has been recognised based on the
annual assessment of circumstances as at 31 May 2023. ISIs also
include costs associated with the strategic review of our
Software Resilience business (£3.0m) and an impairment of
Goodwill (£3.0m) relating to our Danish business following its
reorganisation. These were partially offset by a profit on disposal
of our DDI business (£4.7m).
Profit before taxation decreased by 113.9% to a loss of £4.3m
(2022: profit of £31.0m) following the above revenue and gross
profit performance, recognition of ISIs and after an increase in
borrowing costs following the acquisition of IPM in June 2021.
The variable rate of interest cost increased due to the macro-
economic environment and the write off of existing arrangement
fees (£0.6m) following the scheduled refinance in December 2022.
Consequently, the profit for the year decreased by -120.0% to a
loss of £4.6m (2022: profit of £23.0m) resulting in a material
decrease in the basic EPS to (1.5p) and diluted EPS to (1.5p)
(2022: basic and diluted 7.4p). Adjusted basic EPS1 amounted to
6.1p (2022: 10.8p).
Global Managed Services (GMS) grew by +12.4% to £67.8m
(2022: +6.7%) on a constant currency basis1 (+15.7% at actual
rates). New XDR service global sales orders for the forthcoming
years increased +72.5% from £11.6m in 2022 to £20.0m in 2023.
On 31 May 2023, our cash conversion1 was 102.9% (2022: 101.9%).
Net debt excluding lease liabilities1 amount to £49.6m (2022:
£52.4m). Total borrowings (including lease liabilities) offset by
cash and cash equivalents amounts to £79.6m (2022: £85.0m).
In our Software Resilience division, following the completion of
the acquisition of IPM in June 2021, we experienced our first full
year of IPM contract renewals, which contributed to overall
growth in the division of +7.5% on a constant currency basis1 to
£64.3m (+14.2% at actual rates). However, considering the prior
year Software Resilience fair value revenue adjustment (£4.4m)
to these potential contract renewals, total Software Resilience
revenue decreased by -0.5% at constant currency1 (+5.9% actual
rates). Escrow-as-a-Service (EaaS), our cloud escrow proposition,
generated sale orders of £4.7m, an increase of 38% compared to
the prior year (2022: +£3.4m).
Gross profit decreased by -0.5% to £132.0m (2022: £132.6m)
with gross margin percentage decreasing to 39.4% (2022: 42.1%).
The 2.7% pts gross margin (%) decrease was due to the revenue
performance of the Cyber Security business and lower direct
utilisation (61.6%).
Total administrative expenses have increased by 32.9% (£32.2m)
to £130.1m (2022: £97.9m). This was mostly due to an increase in
Individual Significant Items of £13.8m and an increase in people
and training costs arising from inflationary pressures and further
investment (including XDR set up) to support the business of
c.£6.5m. Other higher costs include an increase in non-client
travel and office costs (including the impact of our NCC
Conferences) of c.£5m, depreciation and amortisation (including
amortisation on acquisition intangibles) of c.£3m, marketing
c.£1m and foreign exchange c.£1m.
Operating profit for the year has decreased by 94.5% to £1.9m
(2022: £34.7m) following the above decrease in gross profit
(£0.6m) and the increase in overheads noted above. Our
performance also incurred the indirect trading cost hosting our
Our Balance Sheet and facility headroom remains strong, during
December 2022 we secured a new four-year £162.5m multi-currency
revolving credit facility. This replaced our existing £100m
multi-currency revolving credit facility and the remaining $46.7m
of the original $70m term loan that was maturing in June 2024.
The new facility now matures in December 2026 and includes a
£75m uncommitted accordion option. In addition, we also
secured an increase to our leverage covenant from 2.5x to 3.0x
with an additional acquisition spike to 3.5x for the first twelve
months of any acquisition. The weighted average margin of the
facility also decreased and is payable on a ratchet mechanism
above SONIA & SOFR in the range of 1.00% to 2.25% depending
on the level of the Group’s leverage. The average interest rate for
the year was 4.54% and is currently 6.27% following recent
changes to base interest rates.
The Board is declaring an unchanged final dividend of 3.15p per
ordinary share (2022: 3.15p). This represents a dividend equal to
that paid in the prior year as the Board is conscious of the need
to invest in new strategy and manage its net debt accordingly
following the challenging year.
Alternative Performance Measures (APMs)
Throughout this Financial Review, certain APMs are presented.
These APMs used by the Group are not defined terms under IFRS
and may therefore not be comparable with similarly titled
measures reported by other companies. They are not intended to
be a substitute for, or superior to, Generally Accepted
Accounting Practice (GAAP) measures. All APMs relate to the
current year results and comparative periods where provided.
62
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�This presentation is also consistent with the way that financial
performance is measured by management and reported to the
Board, and the basis of financial measures for senior
management’s compensation schemes and provides
supplementary information that assists the user in understanding
the financial performance, position and trends of the Group. At
all times, the Group aims to ensure that the Annual Report and
Accounts give a fair, balanced and understandable view of the
Group’s performance, cash flows and financial position. IAS 1
‘Presentation of Financial Statements’ requires the separate
presentation of items that are material in nature or scale in order
to allow the user of the accounts to understand underlying
business performance.
We believe these APMs provide readers with important
additional information on our business and this information is
relevant for use by investors, securities analysts and other
interested parties as supplemental measures of future potential
performance. However, since statutory measures can differ
significantly from the APMs and may be assessed differently by
the reader we encourage you to consider these figures together
with statutory reporting measures noted. Specifically, we would
note that APMs may not be comparable across different
companies and that certain profit related APMs may exclude
recurring business transactions (e.g. acquisition related costs
and certain share-based payment charges) that impact financial
performance and cash flows.
As the Group manages internally its performance at an Adjusted
operating profit level (before Individually Significant Items,
amortisation of acquired intangibles and share-based
payments), which management believes represents the
underlying trading of the business; this information is still
disclosed as an APM within this Annual Report. This APM is
reconciled to statutory operating profit, together with the
consequently Adjusted basic EPS (before amortisation of
acquisition intangibles, share-based payments and Individually
Significant Items and tax effect thereon) to statutory basic EPS.
The Group has the following APMs/non-statutory measures:
• Adjusted EBITDA (reconciled in Note 3)
• Adjusted operating profit (reconciled in Note 3)
• Adjusted basic EPS (pence) (reconciled in Note 11)
• Net debt excluding lease liabilities (reconciled in Note 3)
• Net debt (reconciled in Note 3)
• Cash conversion which includes Adjusted EBITDA (reconciled
in Note 3)
• Constant currency revenue (reconciled in Note 3)
The above APMs are consistent with those reported for the year
ended 31 May 2022, except for the removal of Group revenue
and Software Resilience revenue excluding IPM acquisition
which have been removed now that the Group has comparable
data following the acquisition in June 2021.
The Group also reports certain geographic regions on a constant
currency basis to reflect the underlying performance considering
constant foreign exchange rates period on period. This involves
translating comparative numbers to current period rates for
comparability to enable a growth factor to be calculated. As
these measures are not statutory revenue numbers, management
considers these to be APMs.
Further detail is included within the Glossary of terms to
the Financial Statements that provides supplementary
information that assists the user in understanding these
APMs/non-statutory measures.
Financial summary
Summary Income Statement
Revenue
Cost of sales
Gross profit
Depreciation and amortisation 2
Administrative expenses 3
Adjusted operating profit 1
Individually Significant Items
Acquired intangible amortisation
Share-based payments
Operating profit
Finance costs
(Loss)/profit before taxation
Taxation
(Loss)/profit Profit for the year
EPS
Basic EPS
Adjusted Basic EPS 1
2023
£m
2022
£m
% change
335.1
314.8
(203.1)
(182.2)
6.4%
11.5%
(0.5%)
13.5%
23.4%
132.6
(11.1)
(73.4)
48.1
(40.1%)
(0.9)
1,533.3%
(8.6)
(3.9)
34.7
(3.7)
31.0
(8.0)
16.3%
(43.6%)
(94.5%)
67.6%
(113.9%)
(96.3%)
23.0
(120.0%)
132.0
(12.6)
(90.6)
28.8
(14.7)
(10.0)
(2.2)
1.9
(6.2)
(4.3)
(0.3)
(4.6)
(1.5p)
6.1p
7.4p
(120.3%)
10.8p
(43.5%)
1
Adjusted EBITDA, Adjusted operating profit, and Adjusted basic EPS, are Alternative Performance Measures (APMs) and not IFRS measures. See Note 3 for an
explanation of APMs and adjusting items.
2 Depreciation and amortisation excludes acquired intangible amortisation.
3 Administrative expenses excludes depreciation and amortisation, amortisation of acquired intangibles, share-based payments and Individually Significant Items.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
63
Strategic report�Financial review continued
Financial summary continued
Revenue summary
Cyber Security
Software Resilience
Total revenue
2023
£m
270.8
64.3
2022
£m
%
change at
actual rates
258.5
56.3
4.8%
14.2%
2023
£m
270.8
64.3
335.1
314.8
6.4%
335.1
330.3
Constant
currency 1
2022
£m
% change at
constant
currency 1
270.5
59.8
0.1%
7.5%
1.5%
After considering the prior year Software Resilience fair value revenue adjustment (£4.4m), Software Resilience revenue decreased by -0.5%
at constant currency1 (+5.9% actual rates). This gives rise to total revenue increasing by +0.1% at constant currency 1 (+5.1% actual rates).
Divisional performance
Cyber Security
The Cyber Security division accounts for 80.8% of Group revenue (2022: 82.1%) and 65.2% of Group gross profit (2022: 69.6%).
Cyber Security revenue analysis – by originating country:
UK and APAC
North America
Europe
2023
£m
118.4
99.3
53.1
2022
£m
% change at
actual rates
114.6
94.1
49.8
3.3%
5.5%
6.6%
2023
£m
118.4
99.3
53.1
Constant
currency 1
2022
£m
% change at
constant
currency 1
115.0
104.4
51.1
3.0%
(4.9%)
3.9%
Total Cyber Security revenue
270.8
258.5
4.8%
270.8
270.5
0.1%
Cyber Security revenue increased by +0.1% on a constant currency basis1 and at +4.8% at actual rates. UK & APAC increased by +3.0%
on a constancy currency basis1 (+3.3% at actual rates). North America declined by -4.9% on a constant currency basis1 (increased
+5.5% at actual rates) due to buying decision delays and cancellations in the North American tech sector, while Europe experienced
an increase of +3.9% on a constant currency basis1 (+6.6% at actual rates).
Turning to the performance between each half of the financial year, the following revenue analysis by originating country demonstrates
the growth in H1 2023 compared to a decline in H2 2023 following buying decision delays and cancellations in the North American
tech sector and the UK Market within Global Professional Services.
UK and APAC
North America
Europe
H1 2023
£m
H1 2022
£m
% change at
actual rates
H1 2023
£m
Constant
currency 1
H1 2022
£m
% change at
constant
currency 1
61.6
59.2
24.2
54.6
44.0
24.6
12.8%
34.5%
(1.6%)
61.6
59.2
24.2
55.0
51.0
24.9
12.0%
16.1%
(2.8%)
Total Cyber Security revenue
145.0
123.2
17.7%
145.0
130.9
10.8%
UK and APAC
North America
Europe
H2 2023
£m
H2 2022
£m
% change at
actual rates
H2 2023
£m
Constant
currency 1
H2 2022
£m
% change at
constant
currency 1
56.8
40.1
28.9
60.0
50.1
25.2
(5.3%)
(20.0%)
14.7%
56.8
40.1
28.9
60.0
53.4
26.2
(5.3%)
(24.9%)
10.3%
Total Cyber Security revenue
125.8
135.3
(7.0%)
125.8
139.6
(9.9%)
64
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Divisional performance continued
Cyber Security revenue analysed by type of service/product line:
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
2022
(restated) *
£m
% change
at actual
rates
2023
£m
Constant
currency 1
2022
(restated) *
£m
% change at
constant
currency 1
195.4
58.6
4.5
2.0%
15.7%
(17.8%)
199.3
205.6
67.8
3.7
60.3
4.6
(3.1%)
12.4%
(19.6%)
2023
£m
199.3
67.8
3.7
Total Cyber Security revenue
270.8
258.5
4.8%
270.8
270.5
0.1%
* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £6.4m has been restated within GPS rather
than product sales.
Global Professional Services declined by -3.1% to £199.3m on a constant currency basis1 (+2.0% at actual rates) with delivered day
rates increasing by +7.5% and direct utilisation decreasing by -10.0% pts. The decline was mainly due to buying decision delays and
cancellations in the North American tech sector and our UK market.
Global Managed Services (GMS) grew by +12.4% to £67.8m on a constant currency basis1 (+15.7% at actual rates) with new XDR
service global sales orders for the forthcoming years increasing 72.5% YoY.
Turning to the performance between each half of the financial year, the following revenue analysis by type of service/product line
demonstrates the growth in H1 2023 compared to a decline in H2 2023 following buying decision delays and cancellations in the
North American tech sector and the UK Market with Global Professional Services.
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
H1 2023
£m
H1 2022
£m
111.1
32.2
1.7
93.6
28.4
1.2
% change
at actual
rates
18.7%
13.4%
41.7%
H1 2023
£m
111.1
32.2
1.7
Constant
currency 1
H1 2022
£m
% change at
constant
currency 1
100.6
29.1
1.2
10.4%
10.7%
41.7%
Total Cyber Security revenue
145.0
123.2
17.7%
145.0
130.9
10.8%
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
H2 2023
£m
H2 2022
£m
88.2
35.6
2.0
101.8
30.2
3.3
% change
at actual
rates
(13.4%)
17.9%
(39.4%)
H2 2023
£m
88.2
35.6
2.0
Constant
currency 1
H2 2022
£m
% change at
constant
currency 1
105.2
(16.0%)
31.2
3.4
14.1%
(41.2%)
Total Cyber Security revenue
125.8
135.3
(7.0%)
125.8
139.8
(9.9%)
Cyber Security gross profit is analysed as follows:
UK and APAC
North America
Europe
2023
£m
40.3
26.1
19.7
2023
% margin
34.0%
26.3%
37.1%
2022
£m
46.4
29.8
16.1
2022
% margin
% pts
change
40.5% (6.5% pts)
31.7% (5.4% pts)
32.3%
4.8% pts
Cyber Security gross profit and % margin
86.1
31.8%
92.3
35.7% (3.9% pts)
Gross margins declined -3.9% pts following investment in technical capacity, inflationary pressures, lower utilisation combined with
lower technical attrition.
Turning to the performance between each half of the financial year, the following gross profit analysis by originating country further
demonstrates the performance between H1 2023 and H2 2023 compared to the corresponding periods in the prior year.
UK and APAC
North America
Europe
H1 2023
£m
H1 2023
% margin
H1 2022
£m
H1 2022
% margin
% pts
change
22.9
16.6
9.7
37.2%
28.0%
40.1%
22.4
14.1
7.9
41.0% (3.8% pts)
32.0% (4.0% pts)
32.1%
8.0% pts
Cyber Security gross profit and % margin
49.2
33.9%
44.4
36.0%
(2.1% pts)
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
65
Strategic report�Financial review continued
Divisional performance continued
Cyber Security continued
Gross margins in Europe increased by 8.0% pts due to the recognition of historic project cost compensation of £1.5m. Excluding this
one-off item, the margin would have increased 3.8%.
UK and APAC
North America
Europe
H2 2023
£m
H2 2023
% margin
H2 2022
£m
H2 2022
% margin
% pts
change
17.4
9.5
10.0
30.6%
23.7%
34.6%
24.0
15.7
8.2
40.0% (9.4% pts)
31.3% (7.6% pts)
32.5%
2.1% pts
Cyber Security gross profit and % margin
36.9
29.3%
47.9
35.4%
(6.1% pts)
Software Resilience
The Software Resilience division accounts for 19.2% of Group revenues (2022: 17.9%) and 34.8% of Group gross profit (2022: 30.4%).
Software Resilience revenue analysis – by originating country:
UK
North America
Europe
Total Software Resilience revenue
2023
£m
25.8
34.5
4.0
64.3
2022
£m
25.4
26.8
4.1
56.3
% change
at actual
rates
1.6%
28.7%
(2.4%)
14.2%
Constant
currency 1
2022
£m
% change
at constant
currency 1
25.4
30.2
4.2
1.6%
14.2%
(4.8%)
59.8
7.5%
2023
£m
25.8
34.5
4.0
64.3
After considering the prior year Software Resilience fair value revenue adjustment (£4.4m)2, Software Resilience revenue decreased
by -0.5% at constant currency1 (+5.9% actual rates).
Turning again to the performance between each half of the financial year, the following revenue analysis by originating country further
demonstrates the performance between H1 2023 and H2 2023 compared to the corresponding periods in the prior year.
UK
North America
Europe
Total Software Resilience revenue
UK
North America
Europe
Total Software Resilience revenue
Software Resilience revenues analysed by service line:
On a statutory basis
Software Resilience contracts
Verification services
Total Software Resilience revenue
H1 2023
£m
H1 2022
£m
% change
at actual
rates
H1 2023
£m
Constant
currency 1
H1 2022
£m
% change
at constant
currency 1
12.3
17.3
2.0
31.6
12.6
12.3
2.0
(2.4%)
40.7%
—
26.9
17.5%
12.3
17.3
2.0
31.6
12.7
14.7
2.0
(3.1%)
17.7%
—
29.4
7.5%
H2 2023
£m
H2 2022
£m
% change
at actual
rates
H2 2023
£m
13.5
17.2
2.0
32.7
2023
£m
42.8
21.5
64.3
12.8
14.5
2.1
5.5%
18.6%
(4.8%)
29.4
11.2%
2022
£m
38.1
18.2
% change
at actual
rates
12.3%
18.1%
56.3
14.2%
13.5
17.2
2.0
32.7
2023
£m
42.8
21.5
64.3
Constant
currency 1
H2 2022
£m
% change
at constant
currency 1
12.7
15.5
2.2
6.3%
11.0%
(9.1%)
30.4
7.5%
Constant
currency 1
2022
£m
% change
at constant
currency 1
40.4
19.4
5.9%
10.8%
59.8
7.5%
66
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Divisional performance continued
Software Resilience continued
After considering the prior year Software Resilience fair value revenue adjustment2 (£4.4m), Software Resilience contracts revenue on
a like for like basis decreased by -4.9% at constant currency1 (+1.2% actual rates). Verification services increased by +9.7% at constant
currency1 (+16.8% actual rates). The prior year fair value adjustment in relation to deferred revenue of £4.4m is no longer relevant to
FY23 statutory results, as the adjustment has unwound following the renewal of IPM contracts or completion of verification services.
Gross margin is analysed as follows:
UK
North America
Europe
2023
£m
18.2
25.0
2.7
2023
% margin
70.0%
72.9%
67.5%
2022
£m
17.7
19.8
2.8
2022
% margin
% pts
change
69.3%
1.2% pts
74.3%
(1.8% pts)
68.3% (0.8% pts)
Software Resilience gross profit and % margin
45.9
71.4%
40.3
71.6% (0.2% pts)
After considering the prior year Software Resilience fair value revenue adjustment (£4.4m)2, Software Resilience gross profit decreased
by -2.2% pts due to continued investment to enable Software Resilience to achieve sustainable revenue growth and profitability.
Turning again to the performance between each half of the financial year, the following gross profit analysis by originating country
further demonstrates the performance between H1 2023 and H2 2023 compared to the corresponding periods in the prior year.
UK
North America
Europe
H1 2023
£m
H1 2023
% margin
H1 2022
£m
H1 2022
% margin
% pts
change
8.4
12.6
1.3
68.3%
72.8%
65.0%
9.0
8.9
1.4
71.4%
(3.1% pts)
72.4%
0.4% pts
70.0% (5.0% pts)
Software Resilience gross profit and % margin
22.3
70.6%
19.3
71.7%
1.1% pts
UK
North America
Europe
H2 2023
£m
H2 2023
% margin
H2 2022
£m
H2 2022
% margin
% pts
change
9.8
12.4
1.4
72.6%
72.1%
70.0%
8.6
11.0
1.4
67.2%
5.4% pts
75.9% (3.8% pts)
66.7%
3.3% pts
Software Resilience gross profit and % margin
23.6
72.2%
21.0
71.4%
0.8% pts
Individually Significant Items
During the year, the Group has incurred £14.7m in individually Significant Items (ISIs) (2022: £0.9m) as follows:
North America Cyber Security goodwill impairment
Fundamental re-organisation costs
Costs associated with strategic review of Software Resilience business
NCC Group A/S goodwill impairment
IPM Software Resilience bushiness deferred income adjustment
Profit on disposal of DDI business
Costs directly attributable to the acquisition of IPM
Total ISIs
2023
£m
9.8
4.2
3.0
3.0
(0.6)
(4.7)
—
14.7
2022
£m
—
—
—
—
—
—
0.9
0.9
Individually Significant Items incurred during the year amounted to £14.7m represented mainly by an impairment in Goodwill of £9.8m
for the NA Assurance business following the recent reduction in spend by North American technology clients and £4.2m in relation to
fundamental reorganisation costs as we reshaped the Group to implement the next chapter of the Group’s strategy. Costs associated
with the strategic review of our Software Resilience business (£3.0m) and an impairment of Goodwill (£3.0m) relating to our Danish
business following its reorganisation were partially offset by a profit on disposal of our DDI business (£4.7m).
Finance costs
Finance costs for the period were £6.2m compared to £3.7m in 2022 due to an increase in borrowing following the IPM acquisition
and an increase in base interest rates. Finance costs include lease financing costs from IFRS 16 of £1.1m (2022: £1.2m). Borrowing
costs also include the write off of existing arrangement fees (£0.6m) following the refinance in December 2022 to a new facility. The
new facility entered in December 2022 incurred arrangements fees of £1.7m that will be amortised over the new facility maturing in
December 2026. The average interest rate for the year was 4.54% and is currently 6.27% following recent changes to base interest
rates. Average borrowings during the year amounted to £87.1m.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
67
Strategic report�Financial review continued
Taxation
The Group’s effective statutory tax rate is (7.0%) (2022: 25.8%). The decrease in tax rate from 2022 to 2023 is due to a number of
factors including the non-deductibility impact of goodwill impairment. See note 6 for further details. The Group’s adjusted tax rate is
16.4% (2022: 24.5%). The decrease in the adjusted tax rate from 2022 to 2023 is mainly due to a combination of a provision release
against the benefit of US R&D tax claims and a prior year credit in relation to the tax treatment of the IPM acquisition.
Earnings per share (EPS)
Statutory
Basic EPS
Diluted EPS
Adjusted 1
Basic EPS
Weighted average number of shares (million)
Basic
Diluted
Cash flow and net debt 1
The table below summarises the Group’s cash flow and net debt 1:
Operating cash inflow before movements in working capital
Decrease/(increase) in trade and other receivables
Decrease in inventories
(Decrease)/increase in trade and other payables
Cash generated from operating activities before interest and taxation
Interest element of lease payments
Finance interest paid
Taxation paid
Net cash generated from operating activities
Purchase of property, plant and equipment
Software and development expenditure
Sale proceeds of business disposal (DDI)
Acquisition of trade and assets as part of a business combination
Equity dividends paid
Repayment of lease liabilities (principal amount)
Purchase of own shares
Proceeds from the issue of ordinary share capital
Net movement
Opening net (debt)/cash 1
Non-cash movements (release of deferred issue costs)
Foreign exchange movement
Closing net debt excluding lease liabilities 1
Lease liabilities
Closing net debt 1
68
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
2023
2022
(1.5p)
(1.5p)
7.4p
7.4p
6.1p
10.8p
310.4
311.2
309.5
310.9
2023
£m
37.9
19.7
0.1
(15.1)
42.6
(1.1)
(4.0)
(5.4)
32.1
(3.9)
(3.4)
2.0
(1.0)
(14.5)
(6.1)
(0.5)
0.1
2022
£m
49.3
(1.8)
0.2
12.6
60.3
(1.2)
(2.1)
(2.2)
54.8
(5.2)
(3.0)
—
(153.0)
(14.4)
(5.3)
—
0.8
4.8
(125.3)
(52.4)
(0.8)
(1.2)
(49.6)
83.3
(0.4)
(10.0)
(52.4)
(30.0)
(32.6)
(79.6)
(85.0)
�Cash flow and net debt 1 continued
Net debt 1 can be reconciled as follows:
Cash and cash equivalents
Bank overdraft
Borrowings (net of deferred issue costs)
Net debt excluding lease liabilities 1
Lease liabilities
Net debt 1
The calculation of the cash conversion ratio 1 is set out below:
Net operating cash flow before interest and taxation (A)
Adjusted EBITDA 1 (B)
Cash conversion ratio 1 (%) (A)/(B)
2023
£m
34.1
(1.8)
2022
£m
73.2
—
(81.9)
(125.6)
(49.6)
(30.0)
(52.4)
(32.6)
(79.6)
(85.0)
2023
£m
42.6
41.4
2022
£m
60.3
59.2
% change/
% pts
(29.4%)
(30.1%)
102.9%
101.9%
1.0% pts
1
Net debt excluding lease liabilities, net debt and cash conversion and Adjusted EBITDA are Alternative Performance Measures (APMs) and not IFRS
measures. See Note 3 for an explanation of APMs and adjusting items.
The increase in tax paid is mainly due to the historic Spanish tax payments (£2.0m) and the phasing of US tax payments.
Net cash capital expenditure during the period was £7.3m (2022: £8.2m) which includes tangible asset expenditure of £3.9m
(2022: £5.2m) and capitalised software and development costs of £3.4m (2022: £3.0m).
Acquisition of trade and assets as part of a business combination of £1.0m relates to the further consideration payable in relation to
the Adelard acquisition that occurred on 20 April 2022 following novation of contracts in H1 2023.
On 31 December 2022, the Group disposed of its DDI business for consideration of £5.8m, of which £2.0m was satisfied in cash and
the remaining £3.8m is contingent on novation of certain customer contracts. £2m has been received post year end and it is expected
that the remaining proceeds will be received in FY24.
Borrowings
During December 2022 we secured a new four-year £162.5m multi-currency revolving credit facility. This replaced our existing £100m
multi-currency revolving credit facility and the remaining $46.7m of the original $70m term loan that was maturing in June 2024. The
new facility now matures in December 2026 and includes an £75m uncommitted accordion option. In addition, we also secured an
increase to our leverage covenant from 2.5x to 3.0x with an additional acquisition spike to 3.5x for the first twelve months of any
acquisition. The weighted average margin of the facility also decreased and is payable on a ratchet mechanism above SONIA & SOFR
in the range of 1.00% to 2.25% depending on the level of the Group’s leverage. As noted above, the average interest rate for the year
was 4.54% and is currently 6.27% following recent changes to base interest rates.
Dividends
Total dividends of £14.5m were paid in the year (2022: £14.4m), which represented the final dividend for FY22 of 3.15p and the interim
dividend of 1.50 per ordinary share for FY23 (2022: 1.50p). The Board is declaring an unchanged final dividend of 3.15p per ordinary
share (2022: 3.15p).
This represents a dividend equal to that paid in the prior year as the Board is conscious of the need to invest in new strategy and
manage its net debt accordingly following the challenging year.
The final dividend of approximately £10m will be paid on 8 December 2023, to shareholders on the register at the close of business on
10 November 2023. The ex-dividend date is 9 November 2023.
Guy Ellis
Chief Financial Officer
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
69
Strategic report�Principal risks and uncertainties
Embedded risk
management systems
Risk management
Risk is an inherent part of doing business and risk management
is a fundamental part of good corporate governance. A successful
risk management process balances risk and reward and is
underpinned by sound judgement of their impact and likelihood.
The Board has overall responsibility for ensuring that NCC Group
has an effective risk management framework, which is aligned
to our business objectives.
The Board has established a Risk Management Policy, which
has established protocols, including:
• Roles and responsibilities for the risk management framework
• Risk scoring framework
• A definition of risk appetite
The integrated approach to risk management diagram on page 71
summarises the Group’s overall approach to risk management,
which is supported by a web-based tool – the Integrated Risk
Management System (IRMS). The tool is designed to follow the risk
management model described in the next section and records
both strategic and operational risk registers and tracks risk
mitigation action plans, helping embed ownership of risks and
treatment actions while also providing access to live management
information, which is used at both a Board and operational
management level.
NCC Group’s approach to risk management
NCC Group adopts both a “top-down” and “bottom-up” approach
to risk, to manage risk exposure across the Group to enable the
effective pursuit of strategic objectives. The approach is
summarised in the diagram on page 71.
The approach is one of collaboration, which supports our
comprehensive approach to risk identification, from the “top
down” and “bottom up”. The Group believes that this is the most
efficient and effective way to identify its business risks.
Top down
The Board, Audit Committee and Cyber Security Committee
review risks on an ongoing basis and are supported by the Executive
Committee and subject matter specialists (including Software
Resilience, Assurance, information security, data protection and
health and safety). The Board gives consideration to the Group’s
strategic objectives and any barriers to their achievement.
Bottom up
The Board and senior leadership team engage with colleagues
at every level of the Group in recognition of the importance of
their expertise, contribution and views. In relation to matters
of wrongdoing, or risks not being recognised and adequately
managed, the Group has a robust and effective whistleblowing
procedure, which is supported by the Safecall reporting line.
70
70
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Top down
Strategic risk management
Bottom up
Operational risk management
• Establishing guidance on the Group’s
approach to risk management and
establishing the parameters for risk
appetite and associated decision making
• Identification, review and management
of identified Group strategic risks and
associated actions
• Ongoing consideration of:
– IT and cyber-centric risk
– Environmental risk
• Implementing and embedding the Group’s
Risk Management Policy and approach
• Directing the delivery of the Group’s
identified actions associated with
managing/mitigating risk
• Identification of key risk indicators,
monitoring and taking timely action
where appropriate
• Instrumental in developing the risk
management framework adopted by
the Board
• Providing governance and control over
the IRMS
• Conduit between the Board and the
business units – providing training
and support where appropriate
• Developing and executing a risk-based
internal audit plan to assess the
management of risks
• Execution of the delivery of the Group’s
identified actions associated with
managing risk
• Timely reporting on the implementation
and progress of agreed action plans
• Provision of key risk indicator updates
n
w
o
d
p
o
t
e
h
t
m
o
r
f
k
s
i
i
r
g
n
g
a
n
a
M
Board
Audit Committee
Cyber Security
Committee
• Periodically assessing the effectiveness
of the embedded Group risk
management process
• Challenging the content of the strategic
risk register to support a comprehensive
and balanced assessment of risk
• Reporting on the principal risks and
uncertainties of the Group
Executive Board
and
leadership team
Global governance
function, incl.
dedicated CISO
• Responsible for reviewing the operational
risks across the business units and Group
• Challenging the appropriateness and
adequacy of proposed action plans
to mitigate risk
• Giving due consideration to the
aggregation of risk across the Group
• Provisioning suitable cross-functional/
business unit resource to effectively
manage risk where appropriate
• Ongoing monitoring and reporting to
the Board in relation to the progress being
made by the business units in implementing
agreed action plans to mitigate strategic risk
• CISO dedicated to the identification,
management, monitoring and reporting of
data security risks
M
a
n
a
g
n
g
r
i
i
s
k
f
r
o
m
t
h
e
b
o
t
t
o
m
u
p
Business units
• Identification and reporting of strategic risk
to the Board
• Provision of reports and data relating
to significant emerging risks to the Group
(internal and external)
• Implementation of risk management
approach which promotes the ongoing
identification, evaluation, prioritisation,
mitigation and monitoring of
operational risk
Effective pursuit of strategic objectives
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
71
Strategic report
�Principal risks and uncertainties continued
C o r p o r a te governance
M o nit o r
Monitor
delivery of
action plans/
risk universe
Identify
risks
Id
e
n
t
i
f
y
Identify
inherent risks
and likelihood
of impact
Risk
management
model
Develop
action plans
(treat, transfer,
tolerate,
terminate)
Assess
adequacy and
effectiveness
of existing
controls
A
d
d
r
e
s
s
Assign
Director-
level
sponsorship
Evaluate
mitigated risks
and likelihood
of impact
A s sess
Corporate gov e r n a n c e
Risk management model
The Board has overall responsibility for ensuring that NCC Group
adopts an effective risk management model, which is aligned to
our objectives and promotes good risk management practice.
We have therefore adopted the model described in this section
and summarised in the diagram above.
The Board, Audit Committee, Cyber Security Committee and
executive management team review risks on an ongoing basis
throughout the year. The appropriateness and relevance of the
risks and issues tracking system – IRMS – are monitored by the
global governance team to ensure that it continues to be updated,
meets the needs of the Group and remains in line with good risk
management practice. In addition, there is a robust process in place
for monitoring and reporting the implementation of agreed actions.
In addition to ongoing risk identification, an annual exercise is
undertaken to review the Group’s strategic risk universe by the
Board. This exercise is reliant on the “top-down”, “bottom-up”
approach discussed earlier.
Assess
Post-identification of the Group’s inherent risk exposure,
a comprehensive assessment of the effectiveness of current
mitigating controls is undertaken. This exercise takes account
of the design of the current control environment and the
application of these controls prior to assessing the Group’s
current exposure to risk – mitigated risk score. The Board uses
a number of sources of information to support the scoring
of risk and these include, but are not limited to:
• Management updates
• Action tracking and reporting
• Control environment policies and procedures
• Independent audit activity
• Project monitoring reports
Address
Having identified and assessed the risks faced by the Group, the
risks are scored according to likelihood of occurring and impact
to the business should they occur. The risks are then mapped
according to their rating onto a risk heat map, which reflects the
Group’s overall risk appetite set by the Board. The Group’s Risk
Management Policy then provides guidance on the expected
level of response to those risks, depending on where they sit on
the risk heat map. The heat map shows the four bandings in the
different shades of risks as set out below as well as expected
actions and responses to risks in these areas:
• Green – within appetite. Ongoing monitoring in place.
• Amber – out of appetite. Some actions are required to treat
the risk to bring this within acceptable levels.
• Purple – significantly out of appetite. High combination of
residual probability and impact. Management actions are
required, with some urgency, to treat the risk, reducing this
to acceptable levels.
• Grey/black – risks that are deemed to have such an impact
that they could theoretically impact the ability of the business
to continue in existence. If any, they would need consideration
in assessing in the Directors’ Viability Statement.
We are satisfied that the Risk Management Policy, framework
and model currently in place are sufficient to manage risk across
the Group.
The below heat map shows the residual risk after mitigation.
The impact and likelihood are on a scale of 5x5 where 5 is
catastrophic/almost certain and 1 is negligible/rare.
The key areas of identifying, assessing, addressing and
monitoring risks are explained in more detail below:
Identify
Risks exist within all areas of our business and it is important for
us to identify and understand the degree to which their impact and
likelihood of occurrence will affect the delivery of our key objectives.
This is achieved through day-to-day working practices and
incorporates risks in both the internal and external environment.
Examples of identification include horizon scanning for emerging
risks such as increasing energy costs, takeover risks, legislative
and market changes and geopolitical risks.
All identified risks are initially assessed for their “inherent” risk
(risk with no controls in place), using a scoring mechanism that
accounts for the likelihood of an event occurring and the impact
that it may have on the Group. The scoring mechanism adopted
takes account of high impact, low likelihood events and these
risks are managed in a timely manner.
An assessment of whether additional actions are required to
reduce our risk exposure is undertaken, with actions falling
into the one of four categories:
• Treat – develop an action plan (applying responsibility,
deadlines and prioritisation) that may include the
implementation of additional controls, or increase the
requirement for additional assurance over the adequacy
and effectiveness of the existing controls.
• Transfer – use a third party specialist to undertake the activity,
thus mitigating the risk.
• Tolerate – determine the risk is within appetite.
• Terminate – exit the activity.
Output from the evaluation of strategic risks has resulted in
milestone plans owned by senior business leaders, or has been
used in the development of the Group’s transformation programme.
72
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�h
g
H
i
t
c
a
p
m
I
5
4
3
2
1
5
19
20
7
11
4
17
21
22
23
15
3
1
14
12
13
24 16
9 10 6
8
2
18
w
o
L
0
Low
1
2
3
4
Likelihood
5
High
Monitor
Ongoing monitoring of risks and related actions is key to the
implementation of our risk management model and, therefore,
NCC Group is committed to making enterprise-wide risk
management part of business as usual. Examples of ongoing
monitoring of business risks include, but are not limited to:
• Annual review of the external audit strategy and plan by the
Audit Committee and Chief Financial Officer to ensure inclusion
of key financial risks
• Annual review of the annual internal audit plan to validate
that it incorporates key areas of business risk
• A review of internal audit reports issued during the period,
including a summary of progress against previously raised
management actions at each Audit Committee meeting
• Annual review of the strategic risk register by the Enterprise
Risk Management Steering Group and Board to ensure that
it includes risks arising in year
Internal control
While risk management identifies threats to the Group achieving
its strategic objectives, internal controls are designed to provide
assurance that these objectives are being achieved, such as the
effectiveness and efficiency of operations and delivery, accurate
and reliable financial reporting, and compliance with applicable
laws and regulation.
NCC Group has established a robust internal control framework,
which is made up of a number of components:
Control environment
The control environment has primarily been established taking
account of the Group’s values (working together; being brilliantly
creative; embracing difference; and taking responsibility), and its
Code of Ethics, which sets the foundations for the expected
behaviours, values and competencies for all colleagues across the
Group. The Board, Executive Committee and extended leadership
team lead by example and strive to maintain effective control
environments, while also maintaining integrity and transparency.
Risk assessments
Risk assessments are conducted at both a strategic and operational
level of the Group and support the Group in understanding the
risks that it faces and the controls in place to mitigate them.
Importantly, they provide a mechanism to identify operational
improvements and are vital in our transformational programmes.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
FY23
number
FY22
number Risk
1
2
n/a
6
4
Ineffective execution of the Group’s strategy
(previously business strategy)
Poor and/or ineffective change management
mechanisms (previously management of
strategic change)
Over-reliance on market sector, region, products/
service or client (new risk)
Cyber attack (previously information security risk
(including cyber risk))
Significant business systems failure (previously
availability of critical information systems)
n/a
Loss of client/colleague data (new risk)
7
n/a
n/a
n/a
n/a
5
3
n/a
n/a
n/a
n/a
9
n/a
n/a
n/a
8
Insufficient quality, integrity and availability
of management information (previously quality
of management information systems and internal
business processes)
Intellectual property theft or exposure (new risk)
Ineffectual product/service management (new risk)
Failed product/service launch (new risk)
Insufficient workforce resilience (new risk)
Inability to retain/recruit colleagues to meet
the resource needs of the business (previously
attracting and retaining appropriate colleague
capacity and capability)
Poor colleague health and wellbeing, including
pandemic (previously global pandemic)
Economic changes/volatility impact on revenue
and profitability (new risk)
Unable to meet the service and resource needs
of our clients (new risk)
Lack of visibility in the marketplace (new risk)
Reliance on relationships with third parties (new risk)
International trade (previously international trade
(formerly post-Brexit))
Adverse publicity in news and social media (new risk)
Undertaking work with disreputable clients or
in sanctioned/undesirable jurisdictions (new risk)
Service delivery does not achieve established
quality standards (new risk)
Loss of internationally recognised quality
and security standards (previously quality
and security management systems)
Criminal and civil legal action resulting in fines
and incarceration (new risk)
Inability to identify and adopt emerging
regulations in a timely manner (previously
sustainability/climate change)
23
n/a
24
10
Policies and procedures
Established policies communicate expected behaviours and
these are supported through procedures and guidelines defining
required processes and controls. This in turn supports the
business to adopt efficient and effective control environments.
Information and communication
Access to accurate and timely data is key in supporting our
colleagues to make decisions and to be well informed in order
to conduct, manage and control their areas of responsibility.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
73
Strategic report�Principal risks and uncertainties continued
Internal control continued
Activity monitoring
The minimum financial controls framework was established in
FY20. Further enhancement of the framework is being designed
and implemented to align with the Corporate Reform and
upcoming Directors’ attestation of internal controls.
Principal risks and uncertainties
The introduction of the new strategy in February 2023, and
introduction of new Executive Committee members, has resulted
in a revisit and relaunch of the Company’s risk management
framework giving rise to a robust assessment of principal risks and
thus resulting in changes to the identified risks and uncertainties.
Financial accounting and reporting follow generally accepted
accounting practices.
Group review and approval procedures exist in relation to major
areas of risk and require Executive Committee/Board approval,
including mergers and acquisitions, major contracts, capital
expenditure, litigation, treasury management and taxation policies.
Compliance with all legislation, current and new, is closely monitored.
Risk and control reporting structure
During the current financial year, NCC Group has continued
to focus on embedding the “three lines of defence” to provide
a robust internal controls structure that will support the Board,
Audit Committee, Cyber Committee, Executive Committee and
extended leadership team with accurate and reliable information
in relation to the systems of internal control.
Three lines of defence:
• First line – Group policies and procedures
• Second line – information security, data protection, health
and safety, and legal
• Third line – risk and assurance, incorporating internal audit,
standards and support, assessing compliance with standards
and external audit, both financial and operational, providing
independent challenge and assessment
The Group continues to operate in a particularly dynamic
and evolving marketplace. The current risk register has been
developed to reflect those factors and includes those risks that
would threaten its business model, future performance, solvency
or liquidity. Detailed descriptions of the current principal risks
and uncertainties faced by the Group, their potential impact
and mitigating processes and controls are set out below.
The heat map on page 73 provides a pictorial representation
of the Group’s net risks and their direction of travel.
The strategic risks are based on the four pillars: our clients,
our capabilities, global delivery and differentiated brands.
We have identified eight risk themes:
A. Strategy – this is the overarching strategic risk
B. Cyber and information security
C. Innovation and product development
D. People and partners
E. Market and competition
F. Brand and reputation
G. Quality and delivery
H. Legal, regulatory compliance and governance
Extraordinary risk during the year
Customer concentration risk materialised and due to some large US-based tech customers not renewing their contracts, this had
an adverse effect on revenue resulting in the profit warning. We did recognise this as a risk in FY22 as part of business strategy
and viability risk, but the new strategy looks to diversify our client base to ensure this does not occur again.
A. Strategy
1. Ineffective execution of the Group’s strategy
VR
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
Business strategy
Risk owner
Mike Maddison,
CEO
Risk impact
A poor strategy or ineffective execution of a
strategy could have a material negative impact
on the Group’s financial performance and value.
Key controls and mitigating factors
New strategy launched in February 2023 and in
process of being implemented with full Board
support.
It would potentially weaken the Group
compared to its competitors and risk the
Group’s established position in the marketplace.
Risk movement
New leadership team in place, including new Head
of Strategy.
Strategy accelerated (delivery centre in Manila due
to be launched in September 2023) and progress
being made.
2. Poor and/or ineffective change management mechanisms
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
Management of
strategic change
Risk owner
Mike Maddison,
CEO
Risk impact
Implementation of projects that then cost more
to deliver, take longer to deliver and result in
fewer benefits being realised (or all three).
Key controls and mitigating factors
The Group has recently recruited a new Head
of Strategy who will manage the implementation
alongside key stakeholders.
Poor delivery of change could ultimately impair
business performance.
New leadership team in place to drive the new
strategy.
As the Group adapts and executes its strategy,
there are a number of complex projects and
initiatives that not only need to be delivered
but also require understanding and support
from all colleagues.
Risk movement
Development of business cases which clearly
articulate project objectives including delivery
metrics which are monitored.
74
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�A. Strategy continued
3. Over-reliance on market sector, product/service or client
VR
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
N/A
Risk owner
Mike Maddison,
CEO
Risk impact
A loss of key customers or over-reliance
on market sector can result in a reduction
in revenue and consequential impact on
profitability and cash generation.
Risk movement NR
Key controls and mitigating factors
The new strategy looks to help mitigate this risk
and ensure we don’t have any future overexposure
to a market sector or client.
Viability risk considers this as part of the
scenarios modelled.
B. Cyber and information security
4. Cyber attack
VR
Link to strategy:
Our capabilities
Global delivery
Differentiated brands
Previous risk name
Information security risk
(including cyber risk)
Risk impact
Data breach leading to fines from regulators
and reputational damage.
Key controls and mitigating factors
The Board operates a Cyber Security Committee
chaired by a NED.
Risk owner
Rebecca Fox,
CIO
Lack of availability in systems.
Inability to operate services resulting in loss
of customer trust, resulting in loss of revenue
and negative impact on share price.
Impact on national security due to our work
with government clients.
Risk movement
All colleagues globally are required to undertake annual
and ongoing security training and updates to alert
them to potential methods of security breach and to
their responsibilities in safeguarding information and
reporting potential issues.
Security testing is regularly carried out on the
Group’s infrastructure and there are extensive
response plans, which are tested.
Comprehensive plans are in place and being
delivered associated with discharging our data
protection obligations.
Deployed an Information Security Management
System (ISO2 7001). All key locations are certified.
5. Significant business systems failure
VR
Link to strategy:
Our capabilities
Global delivery
Differentiated brands
Previous risk name
Availability of critical
information systems
Risk owner
Rebecca Fox,
CIO
Risk impact
Inability to transact, operate and deliver
services resulting in loss of customer trust,
resulting in loss of revenue and negative
impact on share price.
Risk movement
Key controls and mitigating factors
Deployed an Information Security Management
System (ISO2 7001). All key locations are certified.
IT strategy of continued cloud migration which
has greater resilience and availability.
Business Continuity Plans, including Crisis
Management, in place and tested regularly.
Change management process in place within
IT which assists a reduction in incidents caused
by human error.
Backups in place and single points of failure
identified and mitigated in the event of
prolonged loss of systems.
6. Loss of client/colleague data
Link to strategy:
Our clients
Differentiated brands
Previous risk name
N/A
Risk owner
Guy Ellis,
CFO
Risk impact
Data breach leading to fines from regulators
and reputational damage.
Key controls and mitigating factors
Deployed an Information Security Management
System (ISO2 7001). All key locations are certified.
Risk movement NR
Regular compliance training, including data
protection, provided to all colleagues at least annually.
Information classification and handling and data
privacy policies in place.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
75
Strategic report�Principal risks and uncertainties continued
Principal risks and uncertainties continued
B. Cyber and information security continued
7. Insufficient quality, integrity and availability of management information
VR
Link to strategy:
Our clients
Our capabilities
Global delivery
Previous risk name
Quality of management
information systems and
internal business processes
Risk impact
Suboptimal business decision making and
performance as key financial performance
data is not available or trusted.
Risk owner
Guy Ellis,
CFO
Risk movement
C. Innovation and product development
8. Intellectual property theft or exposure
Link to strategy:
Differentiated brands
Previous risk name
N/A
Risk owner
Siân John,
CTO
Risk impact
Reputational damage from losing client data
and industrial espionage, resulting in loss of
revenue and loss of competitive advantage
from threat of malicious actors.
Risk movement NR
9. Ineffectual product/service management
Link to strategy:
Global delivery
Key controls and mitigating factors
We are ISO9 001 accredited across key locations.
Standardised business process control standards are
in place and subject to regular review by the global
standards and support team.
Key controls and mitigating factors
Security and technical controls in place through our
Information Security Management System (ISO2 7001).
Previous risk name
N/A
Risk owner
Siân John,
CTO
Risk impact
Loss of revenue from uncompetitive solutions
and failure to compete effectively.
Failure to align to the business strategy
resulting in lack of client trust leading
to a loss of clients.
Failure to maintain competitive advantage.
Ineffectual marketing strategy.
Risk movement NR
Key controls and mitigating factors
Suitably qualified and experienced product managers.
Quality review process.
Customer feedback and escalation process.
Marketing strategy in place focused on
product development.
10. Failed product/service launch
Link to strategy:
Global delivery
Previous risk name
N/A
Risk impact
Cost implications.
Risk owner
Kevin Brown,
COO
Reputational damage.
Loss of colleague morale.
Loss of customer trust.
Poor development processes.
Insufficient speed of execution.
Risk movement NR
Key controls and mitigating factors
Robust planning processes and consultation
with customers (“voice of the client”).
Management oversight and review process.
Use of modern development practices such
as “Agile” and “design thinking”.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
76
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�D. People and partners
11. Insufficient workforce resilience
Link to strategy:
Our capabilities
Previous risk name
N/A
Risk owner
Michelle Porteus,
Chief People Officer
Risk impact
Inability to deliver to clients resulting in loss
of revenue.
Key controls and mitigating factors
Workforce resourcing managed by Chief
People Officer.
Loss of colleague morale and risk of “burnout”.
Full review of workforce requirements
undertaken as part of strategic review.
Risk movement NR
12. Inability to retain/recruit colleagues to meet the resource needs of the business
VR
Link to strategy:
Our capabilities
Previous risk name
Attracting and retaining
appropriate colleague
capacity and capability
Risk owner
Michelle Porteus,
Chief People Officer
Risk impact
Loss of key colleagues or significant colleague
turnover could result in a lack of necessary
expertise or continuity to execute the
Group’s strategy.
Key controls and mitigating factors
Colleagues are offered an industry aligned
salary and benefits package, which can include
participation in share schemes, salary sacrifice
car scheme and retail discount offerings.
An inability to attract and retain sufficient high
calibre colleagues could become a barrier to the
continued success and growth of NCC Group.
Improved communications with our colleagues
managed by the new Chief Marketing Officer.
New global delivery and operations centre opened
in Manila in September 2023
Risk movement
13. Poor colleague health and wellbeing, including pandemic
Link to strategy:
Our capabilities
Previous risk name
Global pandemic
Risk owner
Michelle Porteus,
Chief People Officer
Risk impact
High turnover of staff based on low colleague
morale or “burnout”.
Key controls and mitigating factors
Various channels available to colleagues
to support with health and wellbeing.
If significant number of colleagues are unable
to work this will impact client delivery and
could lead to a loss of revenue.
Risk movement
Colleagues continue to successfully work in a
hybrid manner, delivering remote client services.
Mental health allies across the business.
Attractive office environments globally.
Risk assessments carried out regularly, for
example display screen equipment and shift workers.
E. Market and competition
14. Economic changes/volatility impact on revenue and profitability
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
N/A
Risk owner
Mike Maddison,
CEO
Risk impact
Loss of clients or reduction in client spend will
result in a loss of revenue. Increases to interest
rates or inflation will impact profitability.
Risk movement NR
Key controls and mitigating factors
Strategy accelerated (delivery centre in Manila due
to be launched in September 2023) and progress
being made, making NCC Group more resilient to
economic changes. Increased cost control
measures and actions.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
77
Strategic report�Principal risks and uncertainties continued
Principal risks and uncertainties continued
E. Market and competition continued
15. Unable to continue to meet the service and resource needs of our clients
VR
Link to strategy:
Our capabilities
Global delivery
Previous risk name
N/A
Risk owner
Mike Maddison,
CEO
Risk impact
Loss of clients will result in a loss of revenue
and reputational damage.
Key controls and mitigating factors
New strategy includes capabilities as a key
pillar and the business has been restructured
to mitigate this risk.
Risk movement NR
16. Lack of visibility in the marketplace
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
N/A
Risk impact
Loss of clients will result in a loss of revenue.
Risk owner
Mike Maddison,
CEO
Risk movement NR
17. Reliance on relationships with third parties
Key controls and mitigating factors
Chief Marketing Officer is planning a rebrand
as per the new strategy.
Continue to publish expert advice and
content publicly.
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Previous risk name
N/A
Risk impact
Loss of margin.
Key controls and mitigating factors
Contracts in place with third parties.
Risk owner
Mike Maddison,
CEO
18. International trade
Reputational damage if third parties
don’t deliver.
Ongoing review of service and delivery
from third parties.
Risk movement NR
Link to strategy:
Our clients
Our capabilities
Global delivery
Differentiated brands
Risk impact
Failure to comply with changing global regulations
may cause disruption to our business.
Key controls and mitigating factors
The new strategy is focused on globalisation
and thus the resource structure is being designed
to promote global delivery.
Risk movement
Previous risk name
International trade
(formerly post-Brexit)
Risk owner
Kevin Brown,
Chief Operating Officer
F. Brand and reputation
19. Adverse publicity in news and social media
Link to strategy:
Differentiated brands
Previous risk name
N/A
Risk owner
Angela Brown,
Chief Marketing Officer
Risk impact
Reputational damage leading to loss of existing
and potential clients resulting in loss of revenue.
Key controls and mitigating factors
Policies and procedures in place which follow
good practice and ethics.
Risk movement NR
Research quality review process managed
by a panel of experts.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
78
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�F. Brand and reputation continued
20. Undertaking work with disreputable clients or in sanctioned/undesirable jurisdictions
Link to strategy:
Our clients
Global delivery
Previous risk name
N/A
Risk owner
Angela Brown,
Chief Marketing Officer
Risk impact
Reputational damage.
Potential fines.
Risk movement NR
G. Quality and delivery
Key controls and mitigating factors
Country risk assessment process in place
for new business.
Higher risk countries have a risk assessment
completed and approved appropriately.
21. Service delivery does not achieve established quality standards
VR
Link to strategy:
Our clients
Our capabilities
Previous risk name
N/A
Risk owner
Cyber Security – Kevin Brown,
Chief Operating Officer
Software Resilience – Escrow
– Andrew Lemonofides,
Managing Director
Risk impact
Clients don’t renew, have their SLA breached
or cancel mid-service leading to loss of revenue.
Negligence in delivery leading to legal action
or loss of revenue and reputational damage.
Key controls and mitigating factors
Quality assurance processes in place.
Standard methodologies and procedures followed.
Customer feedback and complaints process.
Ongoing internal training programmes.
Risk movement NR
22. Loss of internationally recognised quality and security standards
VR
Link to strategy:
Our capabilities
Global delivery
Differentiated brands
Previous risk name
Quality and security
management systems
Risk owner
Guy Ellis,
CFO
Risk impact
The risk of the Group failing to retain a core
standard, e.g. 9001, 27001 or PCI, with a
consequential loss of key customer accounts
or ability to operate.
Risk movement
Key controls and mitigating factors
We operate a comprehensive programme
to ensure the retention of our core standards.
Policies and procedures in place and audited
against the design and application.
External assessors conduct audits at least
annually confirming the retention of our quality
and security standards.
We have extended our ISO standards to more
locations during FY23.
H. Legal, regulatory compliance and governance
23. Criminal and civil legal action resulting in fines and incarceration
VR
Link to strategy:
Our clients
Global delivery
Differentiated brands
Previous risk name
N/A
Risk owner
Guy Ellis,
CFO
Risk impact
Reputational damage from legal action being
taken and financial impact of the fines and the
impact it may have on key customer accounts.
Risk movement NR
Key controls and mitigating factors
Legal team reviews customer contracts.
Annual compliance training undertaken including ethics
(covering anti-bribery and corruption, whistleblowing,
gifts and hospitality), criminal corporate offences, health
and safety, information security and data protection.
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
79
Strategic report�Principal risks and uncertainties continued
Principal risks and uncertainties continued
H. Legal, regulatory compliance and governance continued
24. Inability to identify and adopt emerging regulations in a timely manner
Link to strategy:
Our clients
Global delivery
Differentiated brands
Previous risk name
Sustainability/climate change
Risk owner
Guy Ellis,
Chief Financial Officer
Risk impact
Non-compliance with regulations resulting in
fines from regulators and reputational damage
leading to loss of key customer accounts and
shareholder investment.
Key controls and mitigating factors
TCFD came in last year and we disclosed accordingly.
Horizon scanning for new regulations, for example
CSRD, ISSB, Corporate Governance Reform and NIS.
Risk movement
Risk movement:
Increased
Decreased
Unchanged
Risk impact:
High
Medium
Low
Viability risk: VR New risk: NR
In addition to identifying the Group strategic risks, we continuously review and monitor emerging risks through horizon scanning;
publications; assessing regulatory changes and how they may impact the Group; and ensuring adequate oversight over
significant projects.
Emerging risks
Risk area
Risk
Risk description
Mitigating controls
People and partners
Pandemic
Already experienced with Covid-19
(remains on the risk register).
Colleagues can deliver client
services remotely.
Market and
competition
Blackouts
Potential energy supply shortages
as a result of supply issues created
by the Russian invasion of Ukraine.
Emergency backup generators
in place and tested.
Property portfolio being reviewed.
Increasing energy costs
Energy costs have increased
significantly since the Russian
invasion of Ukraine.
Factored into budget.
Legislative change; political party
change; and Russian invasion of Ukraine.
Country risk assessment process
in place for new business.
Geopolitical
Takeover
Quality and delivery
Off-shoring
Profit warning and significant drop
in the share price expose the Group
to a takeover.
Geopolitical landscape, including
changing legislation and taxation.
New strategy being implemented.
Project team considering all key
risks and using subject matter
experts (SMEs) where required.
Extending ISO certifications to
include new centre of excellence.
New Head of Strategy responsible
for project management.
Development of business cases
which clearly articulate project
objectives including delivery
metrics which are monitored.
Project management
Significant number of large
scale projects which need
to be adequately managed.
80
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Viability statement
Viability statement
The context for assessment In accordance with the requirements
of the UK Corporate Governance Code, the aim of the Viability
Statement is for the Directors to report on the assessment of the
prospects of the Group meeting its liabilities over the assessment
period, considering the current financial position, outlook,
principal risks and uncertainties, and key judgements and
estimates in preparing the Financial Statements.
The Directors have based their assessment of viability on the
Group’s current business model and strategic plan, which is
updated and approved annually by the Board, in line with our
objectives to deliver sustainable and profitable growth, increase
shareholder value and offer an improved service and product
offering to our customers. This is underpinned by the strategic
priorities outlined on pages 24 to 27 of the Strategic Report. The
effective management of principal risks and uncertainties is
outlined within pages 70 to 80 and this assessment emphasises
those risks that could theoretically threaten the Group’s ability to
operate, or to continue in existence (with the VR designation).
The assessment period
The Directors have assessed the viability of the Group over the
three-year period to May 2026, as this is an appropriate planning
time horizon given the speed of change and customer demand in
the industry and is in line with the Group’s strategic planning period.
Assessment of viability
The viability of the Group has been assessed considering the
Group’s current financial position, available bank facilities, and
the Board approved FY24 budget and three-year strategic plan.
It’s been a challenging year for the Group with a decline in the rate
of revenue growth and overall profitability, resulting in a loss
before taxation of £4.3m. The Group’s revenue performance and
profitability suffered from market volatility within Cyber Security1.
In particular, the Group experienced buying decision delays and
cancellations in the North American tech sector and our UK
market. These headwinds have further reinforced the need to
accelerate the implementation of our next chapter of the Group
strategy following its communication in February 2023. This strategy
requires a level of additional investment in 2024. Despite the above,
the Group has maintained consistent cash generation during the year.
Following the year end, the Group has engaged in additional
generating cost efficiencies across Cyber Security1 and corporate
functions which is resulting in the implementation of a fundamental
reorganisation generating further savings compared to the prior
year. As a result of all of the above, the base case budget for
FY24 has been prepared on the basis that market volatility within
Cyber Security1 partially continues with overall profitability
remaining similar to 2023.
In addition, the base case budget for FY24 also reflects recent
growth patterns in the other geographical regions and operating
segments, relevant growth opportunities for the Group based on
existing propositions and factoring in current macro-economic
factors most specifically existing inflationary pressures.
The Directors have also modelled the impact of certain severe
but plausible scenarios arising from the principal risks, which
have the greatest potential impact on viability in the period under
review, as set out in the table below. Further details of how these
sensitivities have been applied are provided in the going concern
disclosures in Note 1 to the Financial Statements.
The impact of these sensitivities has been reviewed against the
Group’s projected cash flow position, available bank facilities
and compliance with financial covenants over the three-year
viability period. Please see note 1 for further discussion of the
Group’s financing arrangements and expiry dates. The sensitivities
applied under stress testing show adequate levels of headroom
and that no mitigating actions are required to address severe but
plausible scenarios modelled by management.
While noting that no mitigating actions are required to address
severe but plausible scenarios modelled by management, options
available include a reduction of planned capital expenditure,
headcount reduction, freezing pay and recruitment and not
paying a dividend to shareholders, all of which are within the
Directors’ control and give an additional level of headroom.
Conclusions
Based on these severe but possible scenarios, the Directors
have a reasonable expectation that the Group and Company will
be able to continue in operation and remain commercially viable
over the three year period of assessment.
Viability risk
Ineffective
execution of the
Group’s strategy
Inability to retain/
recruit colleagues
to meet the
resource needs
of the business
Over reliance
on market sector
or client
Economic changes/
volatility impact
on revenue
Economic changes/
volatility impact
on profitability
Risk as applied to viability
assessment
A poor strategy or ineffective
execution of a strategy could
have a material negative
impact on the Group’s financial
performance and value.
Loss of key colleagues or
significant colleague turnover
could result in a lack of
necessary expertise or
continuity to execute the
Group’s strategy.
A loss of key customers or
over-reliance on market sector
can result in a reduction in
revenue and consequential
impact on profitability and
cash generation.
Loss of clients or reduction in
client spend will result in a loss
of revenue.
Being a global organisation the
Group is exposed to global and
regional macro-economic
factors such as inflation and
rising interest rates.
Specifics of scenario modelled
Potential impact
In order to consider the impact of the
risks identified management has
modelled two scenarios:
1) The performance of FY24 within the
Assurance business does not improve
beyond that seen in FY23 Q4.
2) Percentage of expected cost savings
to be implemented as part of the
Group’s strategy are not executed.
Scenario modelled assumes annualised
impact of £3.2m adverse impact
on profitability.
Scenario modelled assumes loss of key
customers resulting in a reduction in
profitability of £4.2m.
The impact of these sensitivities has been
reviewed against the Group’s projected cash
flow position, available bank facilities and
compliance with financial covenants over the
three year viability period. The sensitivities
applied under stress testing show adequate
levels of headroom and that no mitigating
actions are required.
The impact of these sensitivities has been
reviewed against the Group’s projected cash
flow position, available bank facilities and
compliance with financial covenants over the
three year viability period. The sensitivities
applied under stress testing show adequate
levels of headroom and that no mitigating
actions are required.
Scenario modelled assumes additional
wage increases to align with regional
inflation rates across different
geographies of £5.0m. UK Interest rates
on borrowings forecast to rise a further
0.75% from original forecast. Incremental
annual utility costs of £0.2m included.
The impact of these sensitivities has been
reviewed against the Group’s projected cash flow
position, available bank facilities and compliance
with financial covenants over the three year
viability period. The sensitivities applied under
stress testing show adequate levels of headroom
and that no mitigating actions are required.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
81
Strategic report�82
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�GOVERNANCE
Governance
The Board is committed to creating and
maintaining a culture where strong levels
of governance thrive throughout the
organisation, specifically ensuring that we send
out consistent messages on our values and
acceptable behaviours for our colleagues,
our customers, our suppliers and our advisers.
In this section
84 Chair’s introduction to governance
87 Governance framework
88 Board of Directors
90 Executive Committee
92
Board composition and division of responsibilities
102 Shareholder engagement
103 Audit Committee report
110 Nomination Committee report
113
Cyber Security Committee report
115
Remuneration Committee report
138 Directors’ report
142 Directors’ responsibilities statement
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
83
�Chair’s introduction to governance
A continued commitment
to good governance and
improving diversity
Image to be supplied
2022/23 highlights
• Continued to hear from our designated NED for workforce
engagement who reports to every Board meeting
• Recruited and on-boarded a new independent
Non-Executive Director (Lynn Fordham) who has brought
a new perspective and dynamic to our Board discussions,
and now chairs the Audit Committee
• Undertook our first ever externally facilitated Board
and Committee evaluation
• Agreed a revised strategy
• The Board visited North America and had the opportunity
to meet with colleagues
2023/24 priorities
• On-boarding our new CFO and supporting him to make
a successful start
• Continuing to focus on our stakeholders, particularly
in-person colleague engagement
• Supporting the executive team with embedding the
new strategy
• Working through the key priorities raised in the Board
evaluation and having regular check-ins on these
throughout the year
• Supporting the executive team to set up our delivery
centre in the Philippines
With our recent appointments,
we have now delivered on our
commitment and are also on course
to meet the FTSE Women Leaders
Review target of 40% female
representation by the end of 2025.”
Chris Stone
Non-Executive Chair
Dear Shareholder
On behalf of the Board, I am pleased to present the Corporate
Governance Report for the year ended 31 May 2023. Throughout
the year the Board has worked cohesively as a team to enable
the Company to successfully navigate a turbulent and uncertain
period. I would like to thank the Board for its wise counsel and
continued efforts during this time. The Board is composed of
highly skilled and experienced Directors from a diverse range of
industries and backgrounds, all of whom contribute towards the
long-term success of the Company and show commitment and
enthusiasm in the performance of their roles and duties. The
Board believes that good governance is key to the long-term
success of the Group and is committed to achieving high
standards of governance.
I would like to thank all of my Board colleagues for their commitment,
support and flexibility over the past year. While we welcome
a return to face-to-face meetings, a number of our Board
meetings were conducted in a virtual environment by necessity.
This new hybrid way of working has enabled us to maintain
strong governance and robust decision making, delivering
against our strategy. During the year, a particular highlight was
our visit as a Board to North America in November 2022 and we
enjoyed spending time with colleagues in our New York office,
and we look forward to visiting more offices and meeting more
colleagues in the coming year.
The Board is committed to creating and maintaining a culture
where strong levels of governance thrive throughout the
organisation, specifically ensuring that we send out consistent
messages on our values and acceptable behaviours for our
colleagues, our customers, our suppliers and our advisers.
84
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Governance standards
As a Board we continue to focus our attention on the requirements
of the UK Corporate Governance Code 2018 (the “Code”) and are
reporting against this Code in our Annual Report and Accounts.
A key focus of the Code is culture and ensuring it aligns with the
Group’s purpose, strategy and values. Culture has been high on
the Board’s agenda for a long time and the Board considers
culture to be an essential ingredient in meeting our long-term,
sustainable returns to shareholders and indeed our stakeholders.
The Board, the Executive Committee and the senior management
continue to promote our culture and standards throughout the
business and lead by example to provide a strong corporate
governance framework.
One of the most significant changes to the Code affecting NCC
Group is in respect of workforce engagement. Our main stakeholder
is our colleagues and we continue to maintain meaningful
mechanisms to ensure that we, as a Board, have constructive
and regular dialogue with our dedicated and committed workforce.
This then puts us in a strong position to deliver our strategy.
To assist us with this, during the year, Julie Chakraverty (our Senior
Independent Director) has continued her excellent work as our
designated Non-Executive Director for workforce engagement.
Julie (along with other Non-Executive colleagues, including me)
has been meeting (sometimes physically but if not virtually) and
speaking with colleagues around the world and reporting back
on findings at each Board meeting via a dedicated agenda slot.
We have not let distance or differing time zones be a barrier
to hearing our colleagues’ opinions around the Board table.
As a people business, this is a crucial area for us to focus on
and continue to get right.
Our approach
As individual Directors we recognise our statutory duty to act
in the way we each consider, in good faith, would be most likely
to promote the success of NCC Group for the benefit of its
members as a whole, as set out in section 172 of the Companies
Act 2006. Our role as the Board is to set the strategy of the
Group and ensure that management operates the business
Board tenure as at 31 May 2023
Chris Stone
Mike Maddison
Guy Ellis
Tim Kowalski
Chris Batterham
8 years 1 month
Julie Chakraverty
Jennifer Duvalier
Mike Ettling
Lynn Fordham
6 years 2 months
0 years 11 months (appointed 7 July 2022)
0 years 0 months (appointed 30 June 2023)
4 years 10 months
1 year 5 months
5 years 1 month
5 years 8 months
0 years 9 months (appointed 1 September 2022)
31 May:
2016
2017
2018
2019
2020
2021
2022
2023
in accordance with this strategy. We believe this approach will
promote the Group’s long-term success and our customers’
interests as well as create value for shareholders and have
regard to our other key stakeholders such as our colleagues.
The Board’s intention is to hand over the business to our
successors in a better and more sustainable position for the
future. We recognise the renewed focus on the contribution
that a successful company can make to wider society in general,
in addition to generating value for shareholders, and as a Board
we want to ensure that we have effective engagement with,
and encourage participation from, shareholders and other
stakeholders. During the year we have continued to reflect
on who our key stakeholders are and assessed our current
engagement mechanisms to ensure the effectiveness of that
engagement. We then factor into our decision making any
feedback from that engagement.
Board changes
During the year, Lynn Fordham was appointed as an independent
Non-Executive Director on 1 September 2022, and became Audit
Committee Chair on 1 February 2023. Mike Maddison joined us
as our new CEO on 7 July 2022. As announced on 22 June 2023,
Tim Kowalski stepped down as CFO on 30 June 2023 and Guy
Ellis replaced him on the same date. Tim supported an orderly
handover to Guy, who joined the Board on 30 June 2023.
I would like to thank Tim for his dedicated service over the past
five years and wish him well for the future. The biographies of all
the Board members can be found on pages 88 and 89. After over
eight years’ service on the Board (along with being Senior
Independent Director and Chair of the Audit Committee), Chris
Batterham will retire from the Board at the November 2023 AGM.
I would like to pay tribute to Chris for all that he has done for the
Company over the past eight years and the wise counsel he has
provided both to me and the Board during this time. We also wish
him well for the future.
Board composition and diversity
With regard to our current diversity, I am satisfied that we have
an appropriately diverse Board in terms of experience, skills and
personal attributes among our Board members. The Directors
have many years of experience gained across a variety of
industries and sectors, ensuring a mix of views and providing
a broad perspective.
During the year, we continued to make further strides to improve
the diversity around our Board table, although we recognise that
we still have some progress to make in terms of improving the
diversity of the Board and our executive team (and indeed our
workforce as a whole). With that in mind, during the year ended
31 May 2021, we made the firm commitment that by 2024, we
will have at least 33% female representation on our Board and
at least one person of colour.
With our recent appointments, we have now delivered on our
commitment and are also on course to meet the FTSE Women
Leaders Review target of 40% female representation by the end
of 2025. Although this is best practice for FTSE 350 companies,
we have committed to this target regardless of which share
index we are in. To achieve this commitment by the end of 2025
based on our current Board size of eight Directors, we would
need to have at least four female Directors out of the eight. Our
Board now has 37.5% female representation (three out of eight),
and we will look to improve this further still during any future
appointments to the Board.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
85
Governance�Chair’s introduction to governance continued
Board composition and diversity continued
We will look to continue to address this during future Board and
Executive Committee appointments. Improvements in diversity
are often not a quick process but we are very mindful of the
need to take positive action, and the matter remains fully on
our agenda, as can be seen with the action we have taken during
recent years. Accessing the candidates we require to reach this
target will involve us looking beyond the obvious pool of existing
Board Directors within the UK and we intend to ensure that we
extend our talent search to other sectors and countries to ensure
we find a diverse pool of candidates from which to choose to
provide us with true diversity around our Board table.
Effectiveness
As Chair, I am responsible for providing leadership to ensure that
the Board operates effectively. I have been supported in this by
all the Directors, but in particular our Senior Independent
Director (Chris Batterham until 1 February 2023, and Julie
Chakraverty from 1 February 2023). The annual reviews of Board
effectiveness help the Board to consider how it operates and
how its operations can be improved. This year, we undertook our
inaugural externally facilitated Board and Committee evaluation
and the findings of this review have provided us with ideas to
further improve the manner in which the Board operates, and
build on previous internally facilitated evaluations. The results
were very useful and insightful and have been incorporated into
our plans for the coming year. In particular, Board succession
planning remains a priority, particularly as we look to ensure the
Board and Executive Committee have the right set of skills and
experience to support the Group as the business evolves.
You can read more about the Board and the Committee evaluation
on page 96
Our investors
We are in regular contact with our large investors through a regular
scheduled programme of meetings attended by our CEO, CFO
and Chair. Julie Chakraverty (Senior Independent Director),
Lynn Fordham (Audit Committee Chair) and Jennifer Duvalier
(Remuneration Committee Chair) are also available to meet
with investors should the need arise.
I met with our larger investors in February and March 2023
and fed back my findings to Board colleagues at the next Board
meeting. In addition, our brokers undertook an investor survey
on the back of our half-year results in February 2023 and the
results of this were presented and discussed at a Board meeting.
Our aim is to engage with our shareholders in an open and
meaningful way. We also had more contact with our shareholders
following our trading update on 31 March 2023 and some churn
occurred in our shareholding base and we embraced the
opportunity to engage with new investors with a different
perspective. During the year, we also appointed Yvonne Harley
as our first ever Director of Investor Relations and Sustainability.
This was an internal appointment and Yvonne has brought
energy and rigour to the role and ensures that our engagement
with shareholders is done efficiently and properly.
Ensuring that the Directors’ remuneration packages align the
Directors’ and senior managers’ interests with the long-term
interests of NCC Group and its shareholders is always a key area
of interest for investors. Our Directors’ Remuneration Policy was
approved by shareholders at the 2021 AGM and will last until 2024.
The 2021 Directors’ Remuneration Policy received 87.43% of
votes in favour at the 2021 AGM, and it was pleasing that our
2022 Directors’ Remuneration Report received 93% of votes in
favour, recognising the continued support of our shareholders
for our approach to executive remuneration.
This year, we undertook our inaugural
externally facilitated Board and
Committee evaluation and the
findings of this review have provided
us with ideas to further improve the
manner in which the Board operates,
and build on previous internally
facilitated evaluations.”
As part of our 2021 Remuneration Policy, we have now aligned
our Executive Directors’ pensions with our wider colleague
population, and introduced post-employment shareholding rules.
Statement of compliance with the UK Corporate
Governance Code
The Company measures itself against the requirements of the
UK Corporate Governance Code 2018 (the “Code”), which is
available on the Financial Reporting Council website
(www.frc.org.uk).
The following area of non-compliance is noted below:
• Combined Chair and CEO (17 June to 7 July 2022) – we did
not comply with Provision 10 of the Code. There was a three-
week window between Adam Palser leaving us as CEO and
Mike Maddison joining us as it was very difficult to ensure that
Mike was on board before Adam left. One option considered
was for a senior colleague to take on the CEO role but it was
felt that Chris Stone was best placed given his length of time at
NCC Group and his career experience as a CEO elsewhere, plus
the fact that Chris was Executive Chair for a number of months
back in 2017. There is always a risk that having both roles
exercised by the same individual results in poor quality decisions
being made and power concentrated in the hands of one
individual. This was mitigated by the fact the non-compliance
was of an extremely short timeframe with limited material
decisions to be made within an existing governance framework.
This is no longer an area of non-compliance.
Thank you
We are immensely proud of our colleagues for their extraordinary
efforts during a challenging year, acting in the best interests of
our customers and our stakeholders. I would like to thank all our
colleagues for their incredible contribution in stepping up and
meeting the challenges that the Group has faced over the past year.
Chris Stone
Non-Executive Chair
28 September 2023
86
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Governance framework
The different parts of the Company’s governance framework
are shown below, with a description of how they operate and
the linkages between them.
Board
Provides leadership and is responsible for the overall management of NCC Group, its strategy, long-term objectives
and risk management. It ensures the right Company structure is in place to deliver long-term value to shareholders
and other stakeholders.
Board Committees
Support the Board in its work with specific areas of review and oversight objectives and risk management. They ensure
the right Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Audit
Committee
Nomination
Committee
Cyber Security
Committee
Remuneration
Committee
Primary function is
to assist the Board
in fulfilling its financial
and risk responsibilities.
It also reviews financial
reporting, the internal
controls in place and the
external audit process.
Responsible for
considering the
Board’s structure,
size, composition,
diversity and
succession planning.
Responsible for
overseeing and advising
on the Group’s exposure
to cyber risk and its future
cyber risk strategy, its
Cyber Security breach
response and its crisis
management plan and the
review of reports on any
Cyber Security incidents.
Responsible for
determining the overall
remuneration of the
Executive Directors and
the remuneration of
senior managers (ExCom)
within the broader
institutional context of
remuneration practice.
Read more on pages
103 to 109
Read more on pages
110 to 112
Read more on pages
113 and 114
Re ad more on pages
115 to 137
Chief Executive Officer
Has responsibility for managing the business and overseeing the implementation of the strategy agreed by the Board.
Executive Committee (ExCom)
Currently comprises the Group’s most senior business and operational Executives. It is responsible for assisting
the Chief Executive Officer in the performance of its duties including:
• Developing the budget
• Monitoring the performance of the different
divisions of the Company against the plan
• Carrying out a formal risk review process
• Reviewing the Company’s policies and procedures
• Prioritisation and allocation of resources
• Overseeing the day-to-day running of the Company
• Being responsible for people, talent and culture
For further details on Board composition and division of responsibilities, see pages 92 to 101
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
87
Governance�Board of Directors
Our business is led by our Board of Directors.
Biographical and other details of the Directors are as follows:
Chris Stone
Non-Executive Chair
Mike Maddison
Chief Executive Officer
Guy Ellis
Chief Financial Officer
Chris Batterham
Independent Non-Executive
Director
N
C
A
C
N
R
Appointment to the Board:
6 April 2017
Appointment to the Board:
7 July 2022
Appointment to the Board:
30 June 2023
Appointment to the Board:
1 May 2015
Career experience
Chris has held various
Non-Executive Director and
Chief Executive roles at listed
and private equity backed
technology companies. He was
CEO of Northgate Information
Solutions plc from 1999 to
2008, until its sale, and stayed
as CEO until 2011. From 2013
to 2016, he was CEO of Radius
Worldwide. Chris was also
a Non-Executive Director
of CSR plc, and Chair of the
Remuneration Committee, from
2012 until its sale in 2015. Chris
was also Chair of AIM listed
CityFibre plc from January 2017
until June 2018, when it was
sold to private equity buyers.
External appointments
Chris is the Chair of Everynet
BV, a privately owned Internet
of Things infrastructure
business, and Chair of AIM
listed Idox plc. Chris is also
a Non-Executive Director of
Rural Broadband Solutions Plc.
Career experience
Mike was formerly head of EY’s
Cyber Security, privacy and
trusted technology practice for
EMEA, a role he has held since
2017. During that time Mike has
successfully delivered strong
growth across the 97 countries
in the region and reinforced
EY’s position as a leading
Cyber Security adviser.
Previously he led PwC’s risk
services practice across the
Middle East and before that
was head of Deloitte’s Cyber
Security consultancy in EMEA
for ten years where he also
drove significant growth.
External appointments
Mike does not currently have
any external appointments.
Career experience
Guy joined NCC Group in 2021,
as Director of Commercial
Finance as well as serving as
Interim Managing Director of our
Software Resilience business,
and most recently as Interim
Managing Director of our UK
Cyber Security business.
Guy has over 25 years’
experience in finance and
commercial roles in the retail
sector for brands including
Asda and Specsavers. This
experience and the recent
interim roles in NCC Group
have given him a breadth
of understanding of the
commercial drivers and
operations across the
whole business.
External appointments
Guy does not currently have
any external appointments.
Career experience
Chris is a qualified Chartered
Accountant, spending his early
career with Arthur Andersen,
and also has significant
experience in senior finance
roles across the technology
sector. Chris was Finance
Director of Unipalm plc (the
first Internet company to IPO
in the UK) from 1996 until 2001,
before becoming CFO of
Searchspace Limited until
2005, and has since held
a wide variety of non-executive
and advisory roles, the majority
having a technology focus.
Chris was (until March 2022)
the Senior Independent
Director and Non-Executive
Deputy Chair of Blue Prism
Group plc (also chairing the
nomination committee, as well
as being a member of its audit
and remuneration committees).
External appointments
Chris is a Non-Executive
Director at Nanoco Group plc
(and also chairs the audit
committee, as well as being
a member of its nomination
and remuneration committees).
Chris is also Chair of Racing
Digital Limited, and Chair
of Send Technology
Solutions Limited.
88
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Other Directors during the year
Adam Palser
Served as Chief Executive Officer during the early part of the
year, stepping down on 17 June 2022.
Tim Kowalski
Served as Chief Financial Officer throughout the year,
stepping down on 30 June 2023.
Committee key:
A
Member of
Audit Committee
C
Member of
Cyber Security
Committee
N
Member of
Nomination Committee
R
Member of
Remuneration Committee
Committee Chair
Julie Chakraverty
Senior Independent Non-
Executive Director (and
designated Non-Executive
Director for Colleague
Engagement)
Jennifer Duvalier
Independent
Non-Executive Director
Mike Ettling
Independent
Non-Executive Director
Lynn Fordham
Independent Non-Executive
Director (and lead
Non-Executive Director for
Sustainability)
A
C
N
R
R
C
N
A
A
C
N
R
Appointment to the Board:
1 January 2022
Appointment to the Board:
25 April 2018
Appointment to the Board:
22 September 2017
Appointment to the Board:
1 September 2022
Career experience
Julie has a wealth of PLC board
experience, recently serving as
a Non-Executive Director on
the boards of Santander UK
and Abrdn plc (formerly
Standard Life Aberdeen plc,
having been Senior
Independent Director
and Chair of the Risk and
Innovation Committees for
Aberdeen Asset Management
plc prior to merging). She has
also been Chair of the
Remuneration Committee for
the global insurer MS Amlin plc,
a Non-Executive Director for
Spirit Pub Company Limited
and a Trustee for The Girls’
Day School Trust. During her
executive career Julie was
a board member of UBS
Investment Bank where
she held a number of global
leadership positions and won
industry awards for innovation
every year from 2001–2009
for her “CreditDelta”
technology product.
External appointments
Julie is a Director and founder
of Rungway Limited, a colleague
engagement platform that
empowers people to seek and
share advice at work, used by
leading global firms.
Career experience
Jennifer was Executive Vice
President of People at ARM
Holdings plc, with responsibility
for all people and internal
communications activity
globally, from September 2013
to March 2017.
External appointments
Jennifer is currently the Senior
Independent Director of
Trainline plc (where she is also
a member of the audit and risk,
nomination and remuneration
committees) and an
independent Non-Executive
Director and Chair of the
Remuneration Committee of
Mitie Group plc (as well as
being a member of its
nomination committee)
(she is also the designated
Non-Executive Director for
colleague engagement at both
companies) and (until the end
of April 2023) of Guardian
Media Group plc. She is a
Trustee of Somerset House
(a UK-based charity) and also
an advisor to the New York
Presbyterian hospitals in
the US. Jennifer is also a
Non-Executive Director of
The Cranemere Group Ltd,
and a member of The Council
of the Royal College of
Art and Chair of the
Remuneration Committee.
Career experience
Mike has strong sector and
non-executive experience.
He has had an extensive
career in global technology
businesses including
SAP-Sucessfactors,
NorthgateArinso, Unisys,
Synstar and EDS and was
formerly a Non-Executive
Director of Backoffice
Associates LLC, a US PE
backed data business, and
also formerly a Non-Executive
Director of Telkom BCX Ltd,
a South African IT and
telecommunications business.
Mike has also served as a
Non-Executive Director with
Topia Inc, a Silicon Valley cloud
relocation software business.
External appointments
Mike is currently CEO of Unit4,
a world leader in enterprise
applications for services and
people organisations. He is
also Non-Executive Director
of Impellam PLC, an AIM listed
recruitment business.
Career experience
Lynn, a Chartered Accountant,
was most recently Managing
Partner of private investment
firm Larchpoint Capital LLP,
a position she held from 2017
to 2021. Prior to joining
Larchpoint, Lynn was CEO
of SVG Capital for eight years
having previously served as
CFO. Before that she held
senior finance, risk and
strategy positions at Barratt
Developments, BAA, Boots,
ED&F Man, BAT and Mobil Oil.
She also served as a Non-
Executive Director on the board
of Fuller, Smith & Turner for
seven years until 2018, chairing
its audit committee. Lynn was
also a supervisory board
member of Varo Energy BV.
External appointments
Lynn is currently a Non-Executive
Director and Chair of the Finance,
Risk and Audit Committees of
Caledonia Investments plc,
Domino’s Pizza Group and
Enfinium Limited. Lynn is also
Chair of RMA – The Royal
Marines Charity.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
89
Governance�Executive Committee
Angela Brown
Chief Marketing Officer
Kevin Brown
Chief Operating Officer
Angela joined the Group in January 2023 and is the Chief
Marketing Officer responsible for the Group’s brand, PR,
marketing and communications.
Angela has more than 25 years of international experience in
business-to-business (B2B) marketing, communications and
brand, including with PwC and Merrill Lynch, and is the founder
of a successful marketing agency.
During 15 years at PwC, she held positions as Head of Marketing
for the firm’s Business Recovery function, as well as leading the
marketing, brand and communications team in the Middle East.
Prior to PwC, Angela was Assistant Vice President in Merrill
Lynch’s media relations and research communications function
in both London and New York, and also spent time at a PR agency.
Angela is an Ambassador for the Institute of Directors (IoD)
as well as a Regional Director of PM Forum, a network for
marketing and business development people in the professional
services sector.
Kevin joined the Group in June 2023 and leads NCC Group’s
global Cyber Security capabilities and global delivery centres
with overall responsibility for the Group’s Managed Services,
Consulting & Implementation, Technical Assurance Services
(TAS) and Incident Response offerings.
Kevin spent 20 years in UK policing before moving across
to the private sector in 2012. He joined BT initially, transforming
its ability to manage risk, and progressed to leading and building
a $1bn managed security service business. As the Managing
Director of BT Security, he was responsible for all Chief Security
Officer, National Security and Commercial functions. Most
recently, he has been resident CISO for private equity firm
Insight Partners, leading its “C-suite in Residence” programme
and working with many cyber portfolio companies to refine
strategies and further strengthen growth plans.
Nick Rowe
Managing Director,
Assurance North America
Harmen Dikkers
Interim Managing Director,
Fox-IT
Nick is Managing Director of the North American Assurance
division based in California. He has held positions across
business development, consulting and operations management
since joining the firm in 1998. Currently Nick is responsible for
the Group’s North American operations since relocating from
the UK in 2013 and while the primary focus is on the growth
of this region Nick also sponsors global initiatives across
sales, marketing and, as part of the Group-wide commitment
to diversity and inclusion, the Neurodiversity Resource Group
in FY22.
Harmen, as Interim Managing Director, leads the primary process
within Fox-IT and he is responsible for the implementation of the
strategic business plans of all divisions: Managed Services,
Professional Services, Crypto and DetACT.
After completing his Master’s in Computer Science at TU Delft,
Harmen started his career as a Strategy Consultant at ABN
AMRO. He then joined Bain & Company, first as a Consultant
and later as an Associate Partner, in the telecoms, technology and
banking sectors. Before Harmen started at Fox-IT, he worked
at BAM Infra. As the Director of BAM Infra Rail he was responsible
for maintenance (incl. HSL), finance, ICT and all improvement
processes. In January 2021 Harmen started as Director of
Fox Crypto at Fox-IT, and in June 2023 he became Interim
Managing Director.
90
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Michelle Porteus
Chief People Officer
Siân John
Chief Technology Officer
Michelle is the Chief People Officer and responsible for all
aspects of the Group’s people strategy, leading on our global
talent strategy to attract, develop and retain our talented teams
by maximising their engagement and potential. She also sponsors
all inclusion and diversity initiatives, and supports our colleague
resource groups.
Joining the Group in 2019, Michelle has spent time as the HRD
of the UK, Spain and APAC region, as well as supporting the
global functions.
Michelle is a fellow of her professional institute and has
a broad range of experience in both consulting and in-house roles
leading transformation and organisational change. Her sector
experience spans financial services, retail, manufacturing and
pharmaceutical, public sector, utility and transport infrastructure.
Siân joined the Group in July 2023 and is responsible for driving
innovation, insights and intelligence at NCC Group, defining the
future direction of services through close interaction with clients,
industry and academia. Siân leads the Group’s commercial
research, threat intelligence and commercial product management
teams – central to the Group’s strategic goals of growing its
global position and reputation as the first choice, go-to Cyber
Security expert.
A recognised Cyber Security thought leader and strategist,
Siân has 25 years of Cyber Security experience across strategy,
business risk, privacy and technology and joined NCC Group
from Microsoft and is the current Chair of techUK’s Cyber
Security Management Committee and a council member
for EPSRC, the funding body for engineering and physical
sciences research in the UK.
Rebecca Fox
Chief Information Officer
Andrew Lemonofides
Global Managing Director,
Software Resilience
Rebecca is Group Chief Information Officer responsible for
technology and application strategy and delivery in NCC Group.
Rebecca has over 15 years’ experience of leading technology
functions but has also led sales and commercial teams and had
a successful interim career and is also the founder of a technology
consultancy business.
During her career, Rebecca has led digital transformation,
system implementations, organisation design and complex
and diverse technical and development teams on a global scale.
Rebecca comes from a technical development background,
but her experiences include large-scale project/programme/
portfolio management, data management and strategy, and
service operations.
Andrew joined the Group in November 2022 as Global Managing
Director for NCC Group’s Software Resilience division, which
specialises in selling global escrow solutions. Andrew was
formerly CEO of the then AIM listed Tungsten Network, a
leading provider of invoice automation solutions and Group
Chief Strategy and Transformation Officer of FTSE listed IWG plc
(formerly Regus) for eight years. Previously he worked across the
technology sector in a variety of Managing Director and General
Manager roles where he drove significant growth. He spent
13 years at Dell Computer Corporation and seven years at
Toshiba Information Systems, and started his career with
IBM where he trained as a Systems Engineer.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
91
Governance�Board composition and division of responsibilities
Role profiles are in place for the Chair and Chief Executive Officer, which clearly set out the duties of each role.
Role
Responsibilities
Chair of the Board
(Chris Stone)
Is responsible for the running and leadership of the Board, setting its agenda and ensuring its
effectiveness on all aspects of its role, and promoting a culture of openness, debate and the highest
standards of corporate governance. The Chair, in conjunction with the CEO and other Board members,
plans the agendas, which are issued with the supporting Board papers in advance of the Board
meetings. These supporting papers provide appropriate information to enable the Board to discharge
its duties, which include monitoring, assessing and challenging the executive management of the Group.
Chief Executive Officer
(Mike Maddison)
Together with the senior management team (ExCom), is responsible for the day-to-day running of the
Group’s business, implementing the strategy and policies approved by the Board, and regularly providing
performance reports to the Board. The role of CEO is separate from that of the Chair to ensure that
no one individual has unfettered powers of decision.
Chief Financial Officer
(Tim Kowalski/Guy Ellis)
Works closely with the CEO with specific responsibility for all financial matters, including Group
accounting policies, financial control, tax and treasury management, risk management and financial
probity. The CFO is also accountable for the transparency and appropriateness of management
information and key performance indicators, internally and externally.
Senior Independent
Director
(Julie Chakraverty)
Provides a sounding board for the Chair and serves as an intermediary for other Directors, colleagues
and shareholders when necessary. The main responsibility is to be available to the shareholders should
they have concerns that they have been unable to resolve through normal channels or when such
channels would be inappropriate.
Non-Executive Directors
(Chris Batterham,
Jennifer Duvalier,
Mike Ettling and
Lynn Fordham)
Designated Non‑
Executive Director
for engagement with
the workforce
(Julie Chakraverty)
Company Secretary
(Jonathan Williams)
Bring experience and independent judgement to the Board. Maintain an ongoing dialogue with the
Executive Directors, which includes constructive challenge of performance and the Group’s strategy.
Leads on Board engagement with the workforce (please see separate section on page 97).
Ensures good information flows within the Board and its Committees and between senior management
and Non-Executive Directors. The Company Secretary is responsible for facilitating the induction of new
Directors and assisting with their professional development as required. All Directors have access to the
advice and services of the Company Secretary to enable them to discharge their duties as Directors.
The Company Secretary is responsible for ensuring that Board procedures are complied with and for
advising the Board through the Chair on governance matters. The appointment and removal of the
Company Secretary is a matter for the Board as a whole.
92
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Meetings and attendance
The Board considers that each Director is able to allocate sufficient time to the Company to discharge their responsibilities effectively.
The Non-Executive Directors are contracted to spend a minimum of 24 days per annum on the Group’s affairs, and the Chair 60 days.
A summary of each current Director’s attendance at meetings that they were eligible to attend of the Board and its Committees during
the financial year ended 31 May 2023 is shown below. Unless otherwise indicated, all Directors held office throughout the year.
The Board held more meetings during the year than initially envisaged at the start of the financial year and a number were called at
extremely short notice, meaning that despite their best efforts, sometimes Directors were unable to attend. The main reason for calling
Board meetings at short notice was in relation to the trading update in March 2023 and subsequent decisions. For the avoidance
of doubt, no concerns have been raised about the attendance record of any Directors, nor their continued commitment to their work
and NCC Group.
Chris Stone
Mike Maddison
Tim Kowalski
Chris Batterham 1
Lynn Fordham 2
Julie Chakraverty
Jennifer Duvalier 3
Mike Ettling 4
Board
Audit
Nomination
Cyber Security
Remuneration
14 14
13 13
14 14
12 14
14 14
14 14
12 14
11 14
n/a
n/a
n/a
4 4
3 3 *
3 3
n/a
3 4
5 5 *
n/a
n/a
4 5
4 4
5 5
5 5
n/a
4 4
n/a
n/a
2 4
3 3
4 4 *
4 4
n/a
n/a
n/a
n/a
4 5
4 4
5 5
5 5 *
n/a
At all times, all of the Board and Committee meetings remained quorate.
Meetings attended
Possible meetings
* Committee Chair
n/a Director is not required to attend the meeting, but may have attended by invitation
1
Missed meetings due to them being held at short notice, or clashing with pre-existing commitments which could not be rearranged.
Chaired the Audit Committee until 1 February 2023.
2 Lynn Fordham was appointed to the Board on 1 September 2022. Chaired the Audit Committee from 1 February 2023.
3 Missed two Board meetings due to them being held at short notice, or clashing with pre-existing commitments which could not be rearranged.
4 Missed meetings due to them being held at short notice, or clashing with pre-existing commitments which could not be rearranged.
What principal decisions have been made and what have we looked at as a Board during 2022/23?
Section 172 statement
Section 172 of the Companies Act 2006 requires a director of a company to act in the way they consider, in good faith, would most likely
promote the success of the company for the benefit of its members as a whole, but having regard to a range of factors set out in section
172(1)(a)–(f) of the Companies Act 2006. In discharging our section 172 duty, we have regard for these factors, taking them into
consideration when decisions are made.
The Board understands the importance of stakeholder engagement and, through regular updates from the Executive Directors and
other senior managers, it has provided challenge and oversight throughout the year. The Company’s stakeholders are set out on pages
40 and 41, with an overview of how we engage with them, how they relate to our strategy and highlights from the previous year.
Principal decisions made during the year
Throughout this Annual Report, we have provided examples of how we have thought about the likely consequences of long-term
decisions and detailed below are how the Board considered stakeholders, and the information we received through engagement,
into a number of its key decisions in 2022/23.
When making each decision, the Board carefully considered how it impacted on the success of the Group and its long-term (financial
and non-financial) impact and had due regard to the others matters set out in section 172(1)(a)–(f) of the Companies Act 2006.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
93
Governance�Board composition and division of responsibilities continued
What principal decisions have been made and what have we looked at as a Board during 2022/23? continued
Principal decisions made during the year continued
The below should be read in conjunction with our stakeholder section on pages 40 and 41, along with other sections of the Annual
Report where appropriate.
Topic
Stakeholder group Decision taken
Engagement process
Reference
Board changes
Colleagues,
shareholders,
customers,
our network
In FY22 we recruited Julie
Chakraverty, and in FY23
we recruited Lynn Fordham
(both as independent
Non-Executive Directors).
With these appointments, we
have now delivered on our Board
diversity commitment (to have at
least 33% female representation
and one person of colour on the
Board by 2024) and we are also
on course to meet the FTSE
Women Leaders Review target
of 40% female representation
by the end of 2025.
With Chris Batterham announcing
his intention to retire at the 2023
AGM, on 1 February 2023 Julie
was appointed as the Senior
Independent Director, and Lynn
was appointed as Chair of the
Audit Committee, and also lead
NED for Sustainability.
Also during the year, the Board
noted Tim Kowalski’s decision to
step down as CFO and approved
the internal promotion of Guy Ellis
on 30 June 2023.
As a result of market conditions
causing NCC Group to experience
a reduction in utilisation rates and
attrition, we took the decision
to accelerate the implementation
of our strategy and reshape
the business, with a proposed
reduction in headcount in the
near term. Following the
implementation of the next
chapter of our strategy to
enhance future growth, we
realised that we needed to
reshape our global delivery
and operational model and
came to the difficult decision
that we needed to reduce our
global headcount by c.7%.
Reduction in
workforce
Shareholders,
colleagues,
customers
Our Board
biographies on
pages 88 and 89
Nomination
Committee Report
on page 110
Colleague
engagement
section on page 97
We have been cognisant for a
while of the need to improve the
diversity around our Board table
and a number of colleagues and
shareholders had also
commented on our historical lack
of progress on this. We recognised
that our Board was not
representative of the society
in which we operate, and of our
colleague and customer bases.
The Board had feedback sessions
from investors following the half
and full-year results and
numerous briefings from the
Chief People Officer.
When bidding for work, a number
of customers have commented on
our lack of progress with diversity
and it was important for us to
really pay attention to this to
ensure that we would not lose
future opportunities based on
our lack of diversity.
Mindful that decisions such as this
are not easy, we endeavoured
to communicate with affected
colleagues as soon as we could
and ensured that any redundancy
processes were run efficiently and
fairly, mindful of communicating
well and in a timely manner with
colleagues. We were also mindful
of the feelings of colleagues
unaffected by the redundancy
process who could be potentially
losing long-term colleagues
and friends.
Although not an easy decision,
it was necessary in protecting
roles for other colleagues in the
business, as well as ensuring
NCC Group’s long-term health,
and ensuring we demonstrated
a good level of stewardship for our
investors, protecting future returns.
We engaged with investors via
stock exchange announcements
and briefings that Board
members and management
had with shareholders.
94
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Topic
Stakeholder group Decision taken
Engagement process
Reference
Global delivery
centre in the
Philippines
Colleagues,
customers,
shareholders
Revised
strategy and the
strategic pillars
Colleagues,
customers,
shareholders
Page 26
Pages 24 to 27
As part of our revised strategy
to transition from an international
to a fully global business
(and following extensive due
diligence and internal planning),
we took the decision to set up
a global delivery and operations
centre in Manila in the Philippines.
In the months following his arrival,
our CEO (Mike Maddison) and his
senior management team reviewed
the strategy NCC Group was
pursuing and concluded that a
change was needed to improve the
medium and long-term prospects
for the business for colleagues,
clients and, ultimately, investors.
These proposals were shared with
the Board and following debate the
Board agreed that our strategy
should be based around revised
strategic pillars.
We engaged with investors via
stock exchange announcements
and briefings that Board
members and management
had with shareholders.
Colleagues were engaged with
via briefings, updates on emails
and the internal communication
channels that we have.
Customer feedback suggested
we needed to focus more on
clients’ most pressing Cyber
Security needs, broadening our
service portfolio, transitioning
from an international to a fully
global business, and having
differentiated brands. The ways
we were operating were not
conducive to achieving these
aims and ultimately delivering on
client needs would result in more
secure and long-term work for
colleagues, and higher returns
for investors.
We engaged with investors via
stock exchange announcements
and briefings that Board
members and management
had with shareholders.
Colleagues were engaged with
via briefings, updates on emails
and the internal communication
channels that we have.
Refinancing our
bank facilities
Colleagues,
customers,
shareholders,
our network
Page 62
Our current credit facilities
were due to expire in June 2024.
During the year, it was recognised
that it would be beneficial and
prudent to the Group to refinance
its facilities enabling it to have
appropriate terms and tenure for
the new strategy. The new
facilities were secured until
December 2026.
Engagement with incumbent and
prospective relationship banks
began early during the financial
year, along with a number of
Board updates and briefings.
We engaged with investors via
stock exchange announcements
and briefings that Board
members and management
had with shareholders.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
95
Governance�Board composition and division of responsibilities continued
What have we looked at as a Board during 2022/23?
At every meeting the Board reviews the minutes from the
previous meeting and the status of any outstanding actions.
Colleague engagement is a standing agenda item presented by
Julie Chakraverty as our designated Non-Executive Director for
workforce engagement. The CEO and CFO present their monthly
performance update reports, which are also circulated to Board
members in months where there is no scheduled Board meeting.
The Board has also reviewed the following during 2022/23:
Leadership and colleagues
• Appointed a new CEO (Mike Maddison) and a new
independent Non-Executive Director (Lynn Fordham)
• Received an update on colleague engagement and the
results of the annual colleague engagement survey, and any
questions colleagues have raised on executive remuneration
and how this aligns with the wider Company pay policy
• Approved a number of share scheme grants to colleagues
including UK Sharesave, International Sharesave (in the
Netherlands and Spain), and the Employee Stock Purchase
Plan (in the US and Canada)
• Been updated on the progress of the launch of the new
Share Incentive Plan (SIP)
• Discussed a number of colleague deaths in service
and approved the application of the insurance proceeds
to beneficiaries
• Continued with the colleague engagement programme,
with an appointed designated Non-Executive Director
leading, with an update to the Board at every Board meeting
• Been updated on senior management changes to the
Executive Committee
• Received updates on the Group’s pension scheme
Strategy
• Discussed and agreed a revised strategy and had numerous
updates on this throughout the year
• Held a dedicated one-day strategy session (see page 97)
• Discussed the strategy day and the key points arising out of it,
and had a strategy day progress check six months later, along
with regular check-ins on progress against strategy
• Approved the establishment of a new subsidiary company
and operations in the Philippines
• Discussed a number of sector IPOs, divestments and M&A
activity, plus investments that competitors had made during
the year
Governance
• Continued with the colleague engagement programme,
with an appointed designated NED leading the Board’s
engagement activities
• Completed the externally facilitated Board, Committee and Chair
effectiveness reviews and discussed the results of these
reviews with the facilitator, agreeing on key focus areas for
the coming year
• Approved the Notice of AGM and Proxy Form
• Had a number of presentations on the Group’s ESG work and
progress (labelled as “sustainability” internally)
• Attended the AGM
• Received regular reports from the Deputy Company Secretary
on governance matters and best practice updates
• Had presentations on the Group’s key stakeholders, e.g. our
customers, suppliers and network, and reflected on Board
stakeholder engagement and improving the mechanisms for
this Noted and approved the Group’s tax strategy
• Received updates on a number of high profile cyber attacks
that had been targeted at other companies and organisations
• Approved some minor amendments of an administrative nature
to share plan rules
• Discussed and approved the Group’s Modern Slavery Statement
• Reviewed Directors’ outside directorships and potential conflicts
of interest and also Directors’ shareholdings, along with the
annual review of Non-Executive Director independence
• Reappointed the external auditor following recommendation
from the Audit Committee
• Received reports on any material litigation and colleague
litigation issues affecting the Group
• Received a presentation from Planet Mark on NCC Group’s
carbon footprint and net zero
• Received an update from the public affairs team
• Reviewed and approved a number of deal country risk
assessments for work in certain countries
• Approved the appointment of Lynn Fordham as the lead
Non-Executive Director for Sustainability
Financial
• Reviewed and approved the Annual Report and Accounts,
ensuring that it is fair, balanced and understandable
• Discussed and approved the full-year and half-year results
and associated presentations to investors
• Approved the interim and final dividends and discussed
the dividend policy
• Noted and approved the 2022/23 Group insurance cover renewal
• Discussed and approved the 2023/24 budget
• Received presentations from the brokers and financial
PR advisers
• Received a presentation from the Director of Investor Relations
• Considered and approved trading updates at the full and
half-year end
• Reviewed and responded to an FRC enquiry letter in March
2023 in relation to the 2022 Annual Report and Accounts.
The FRC confirmed in April 2023, following the Group’s
response, it was able to close enquiries
• Received regular updates from investor meetings and noted
circular investor letters
• Received external presentations on shareholder perspectives
on the Company
• Received a number of updates and approved revised
refinancing facilities with relationship banks
• Considered a change to the year end (deciding not to at this
time) with a further review in the future
Other Group business
• Continued to be kept updated on the integration progress
following the IPM acquisition in June 2021
• Kept updated on a number of strategic projects
• Had a number of sales and marketing presentations
• Received briefings on the North American Assurance division
during the Board visit to the United States
• Had update briefings from the Group IT Director
• Approved a number of major customer contracts and bids
• Received regular updates on material litigation affecting
the Group
• Received an update from the Research and
Development Director
• Received initial first impressions from the new Managing
Director of Software Resilience
96
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Board strategy review
Following the approval and subsequent announcement of the
new Group strategy that was made as part of the half-year results
in February, the Board met in March to hold a detailed strategy
review day. The objective of the day was to review the set-up,
scope and proposed scope of each of the workstreams initiated
to begin the implementation of the Next Chapter strategy.
The day began with a senior client giving their perspective on the
Cyber Security market from a client’s perspective, covering the
threats, trends and vendor developments that they were seeing,
together with their perception as a buyer and user of NCC Group
services. The rest of the day was structured around the four pillars
of the Next Chapter strategy, with programme leads for each pillar
presenting their workstream plans with objectives, roadmaps,
timelines and deliverables. This was an opportunity for Board
members to give valuable input and feedback on the emerging
plans and it also enabled the Board to get a sense of the
implementation risks and the mitigations being put in place to
underpin the programme delivery. Specific topics addressed as
part of the pillar programmes included NCC Group’s partnerships
strategy, the development of the Global Managed Services
growth plan, the set-up of an Asia Pacific delivery centre
(in Manila) and the brand refresh.
Workstream leaders took the collective feedback, ideas
and direction to help shape the strategy implementation plans
and agreed it was a useful insight at a more detailed level than
is usually possible during update and review sessions.
Independent advice
All Directors have access to the advice and services of the
Company Secretary and Directors are entitled to take independent
professional advice if necessary, at the expense of the Company.
Conflicts of interest
The Companies Act 2006 requires Directors to avoid situations
where they have, or could have, a direct or indirect interest that
conflicts or potentially conflicts with the interests of the Company.
The Company’s Articles of Association require any Director with
a conflict or potential conflict to declare this to the Board.
That Director will not then be involved in the discussions relating
to the proposal, transaction, contract or arrangement in which
they have an interest, unless agreed otherwise by the Directors
of the Company in the limited circumstance specified in the
Articles of Association, nor will they be counted in the quorum
or be permitted to vote on any issue in which they have an
interest. Directors are required to inform the Board without
delay should they be aware of any actual or potential conflicts
of interest and a check on conflicts is undertaken each year
with a report to the Board.
Colleague engagement
Julie Chakraverty is the Board’s designated Non-Executive
Director to lead the Board’s colleague engagement programme
and is committed to understanding the views of our colleagues
and ensuring they are incorporated into the Board’s
decision-making process.
In addition, there is also opportunity for colleagues to ask any
questions they have on executive remuneration and how this
aligns with the wider Company pay policy.
Prior to meeting with Julie at one of the engagement sessions,
colleagues are introduced to Julie via our internal social channels
where she explains her role through a video and written
communications. Julie has access to these channels to enable
her to engage fully outside of the formal events.
We were keen to build on the momentum generated in previous
years and Julie is sometimes joined by our Chair, Chris Stone,
or other Non-Executives, to meet colleagues, all of whom are
invited from below the mid-management level and all parts of
the business to ensure diversity of thought. We ensure that no
one has their line manager in either the physical or the virtual
room to ensure they can speak freely and tell Julie what is on
their mind.
Feedback from each session’s participants is shared anonymously
to the Board and to our CEO. This enables action to be taken,
further strengthening the value of listening. Colleagues attending
are invited to give their feedback and, so far, results have been
positive and valued.
Board independence
As required by the Code, at least 50% of the Board, excluding
the Chair, are independent Non-Executive Directors. The
Board comprises two Executive Directors, five independent
Non-Executive Directors, and the Non-Executive Chair.
The Board has debated and considers that all of the current
Non-Executive Directors are independent, and in so doing
considered the profile of all of the individuals, concluding
that none of them:
• Has ever been a colleague of the Group
• Has ever had a material business relationship with the Group
or receives any remuneration other than their salary or fees
• Has close family ties with the advisers, other Directors
or senior management of the Group that could reasonably
be expected to cause a conflict
• Holds cross-directorships or has significant links with
other Directors through involvement with other companies
or bodies
• Represents a significant shareholder
• Has at the point of this report served on the Board for
more than nine years from the date of their first election
The Non-Executive Directors provide a strong independent
element on the Board and are well placed to constructively
challenge and help develop proposals on strategy and
succession planning. Between them they bring an extensive
and broad range of experience to the Group.
Details of the Directors’ respective experience are set out
in their biographical profiles on pages 88 and 89.
The terms and conditions of appointment of Non-Executive
Directors are available for inspection at the Company’s
registered office during normal business hours.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
97
Governance�Board composition and division of responsibilities continued
Diversity
The principle of Board diversity (and indeed diversity across the
Group) is strongly supported by the Board. It is the Board’s policy
that appointments to the Board will always be based on merit so
that the Board has the right balance of individuals in place. The
Board recognises that diversity of thought, approach and experience
is an important consideration and is therefore one of the selection
criteria used to assess candidates prior to any Board appointments.
Read more about diversity in the Nomination Committee Report on
pages 110 to 112.
The Company’s policy is to find, develop and maintain a diverse
workforce at all levels with an initial focus on developing a
culture where women can achieve and retain senior positions.
Annual re-election
In accordance with the Code, any Directors appointed in the
financial year are subject to election by shareholders at the AGM
and, in line with best practice, all the other Directors are subject
to re-election annually.
Director induction, training and development
New Directors are provided with an induction on appointment,
which would include visits to the Group’s operations and meetings
with operational and executive management. Each Director’s
induction is tailored to their experience and background with the
aim of enhancing their understanding of the Group’s strategy,
business, operating divisions, colleagues, customers, suppliers
and advisers, and the role of the Board in setting the tone of our
culture and governance standards.
Lynn Fordham – induction and first impressions
Lynn Fordham
Independent Non-Executive Director
We announced in July 2022 that Lynn would join our Board
(and all of its Committees) with effect from 1 September
2022. Before Lynn joined on 1 September 2022, an induction
plan was created for her which involved Lynn meeting with
all of the Executive Committee plus other key colleagues,
including the Director of Global Governance and the CISO.
Lynn also met with the Company’s brokers, financial PR
consultants, executive remuneration advisers, and KPMG
as the Group’s auditor. We made the most of the window
between announcing Lynn’s appointment and Lynn joining
the Board so that Lynn had a real understanding of NCC
Group before she started.
The Company acknowledges the importance of developing the
skills of the Directors to run an effective Board. To assist in this,
Directors are given the opportunity to attend relevant courses
and seminars to acquire additional skills and experience to
enhance their contribution to the ongoing progress of the Group.
All of the Directors attend sessions which are aimed at updating
the Board on trends and developments in corporate governance.
During the coming year we will ensure that our new CFO
(Guy Ellis) is provided with formal, comprehensive and tailored
induction programmes and we will report back on this more fully
in next year’s Annual Report.
Board and Committee effectiveness review
The performance of the Board and its Committees is appraised
annually and an externally facilitated Board Effectiveness Review
was undertaken by Manchester Square Partners (MSP) in March
and April 2023. This was the Board’s first ever externally facilitated
effectiveness review. MSP has no other links or connections to
NCC Group other than that it also provided outplacement support
to our former CEO, Adam Palser. We reviewed whether there was
any conflict of interest with MSP’s Board Effectiveness Review
and concluded that there was none.
My comprehensive induction programme and meeting
the right colleagues and advisers before I started on
1 September 2022 meant I had a good appreciation
of NCC Group and for the Company’s issues before my
first Board meeting.
I believe that the insights I gained allowed me to make
a positive contribution from the outset and although my
first Board meeting was a virtual one, I have now had
the opportunity to attend four in-person Board meetings
(with one of these being in New York) and the Group’s
Strategy Day and these, together with various events
and site visits, have allowed me to further engage with
a number of colleagues.
Being on the Audit Committee and then recently
taking over from Chris Batterham as Chair has really
allowed me to “get under the skin of NCC Group”
and add value from my experiences gained elsewhere.
I have really enjoyed my early months with NCC Group
and look forward to contributing further and driving
improvements at NCC Group particularly those within
the Audit Committee’s sphere of influence, and also
in my work as lead NED for Sustainability.”
98
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Board, Committee and Chair evaluation process 2023
MSP reviewed, with the Company
Secretary, the 2022 questionnaires
and evaluation exercise results
and, based on this, recommended
using the same questionnaires for
the 2023 Board Effectiveness
Review to maintain continuity and
provide year on year comparisons.
MSP also attended a Board
meeting as an observer.
This approach was approved
by the Chair and, for the
Chair’s review, the Senior
Independent Director.
Questionnaires were added to
an online survey website, which
ensured the anonymous and
efficient collection of answers.
MSP met with each member of the
Board to conduct a structured
interview on the effectiveness of
the Board. It also met with selected
members of the senior
management team.
The results were made available
to MSP, under an agreed
Non-Disclosure Agreement.
MSP then prepared a report
to summarise its findings and
to deliver the output of the
online questionnaire.
This was discussed with the
Chair before being submitted
to the Board.
MSP then presented a summary
of its findings at the Board meeting
in May 2023 for discussion.
The Senior Independent Director
met with the Chair to feed back and
discuss the Chair evaluation results.
The Senior Independent Director
met with the other Non-Executive
Directors (without the Chair being
present) to discuss the Chair’s
performance during the year.
MSP also obtained feedback on
the performance of the Chair, the
results of which were then provided
to the Senior Independent Director
to deliver feedback to the Chair.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
99
Governance�Board composition and division of responsibilities continued
Outcomes
The results were presented at the May 2023 Board meeting.
The overall rating of the Board performance was positive. The Board and its Committees continue to function well, but MSP did make
several observations and recommendations, which are detailed below. Further, MSP also recommended a progress check towards the
end of 2023 to ascertain how the Board is doing against the proposed improvements and whether the Board needs to do anything
differently in the second half of the financial year.
MSP’s recommendations included the following:
Areas identified in
previous evaluations Outcome
Board composition
• Consider the next NED appointment, notably whether this appointment should be a candidate with
Cyber Security expertise and/or B2B marketing experience
Board agendas
• Review the annual cycle of meetings and topics on each meeting’s agenda
• Ask NEDs for suggestions for future agenda items
• Increase focus on:
• Risk management
• Customer behaviour
• Competitive environment
Board behaviours
• Ensure that the Board has enough “no agenda” time together
• Consider giving the Executives advanced notice of questions/challenges so they can prepare responses
Strategy
• Ensure that the Board spends time to discuss and develop clarity on:
• NCC Group’s “go to market” strategy
• Understanding of our service lines
• Global positioning
Performance
monitoring
• Develop KPIs relevant to future strategic needs
Succession planning • Ensure clarity on the future needs of the business and recruit accordingly
• Increase exposure of the Board to second/third lines of management
Stakeholder
management
• Increase awareness/engagement with shareholders
• Increase engagement with clients
Information flows
• Require that papers have a more “forward-looking” agenda
• More “market intelligence”
• More sales/marketing metrics
• Less “what happened?”, more “why did this happen and what will we do about it?”
• More presentations from the second/third lines of management
Risk management
• Ensure that the Board broadens its focus on risk management and make it a standing agenda item
Committees
• Review whether the Cyber Security Committee’s agenda could be better managed as a standing Board
agenda item
MSP’s services were also used to provide outplacement support to our former CEO, Adam Palser. We reviewed whether there was
any conflict of interest with MSP’s Board Effectiveness Review and concluded that there was none.
100
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Operation of governance framework
Role of the Board
The Board is responsible for reviewing, challenging and
approving the strategic direction of the Group, while providing
strong values-based leadership of the Company, within a
framework of prudent and effective controls, which enable risk
to be assessed and appropriately managed. The Board reviews
the Group’s business model and strategic objectives to ensure
that the necessary financial and human resources are in place
to achieve these objectives, to sustain them over the long term
and to review management’s performance in their delivery.
The Board sets the tone of the Company’s values and ethical
standards and manages the business in a manner to meet its
obligations to shareholders and other stakeholders.
The Board receives information on at least a monthly basis to
enable it to review trading performance, forecasts and strategy
and it has a schedule of matters specifically reserved for
its decision. The most significant of these are:
• Approval of strategic plans, the annual budget and any
material changes to them
• Oversight of the Group’s operations, ensuring competent
and prudent management, sound planning, and an adequate
system of internal control and governance
• Through the Audit Committee, oversight of financial reporting
systems and information and adherence to appropriate
accounting policies
• Changes to the structure, size and composition of the Board
and Executive Committee, and oversight of the Company
culture and the ethical standards of the leadership and the
independence of Non-Executive Directors, taking into
consideration prudent succession planning
• Approval of the acquisition or disposal of subsidiaries
and major investments and capital projects
• Approval of the dividend, treasury and banking policies,
including the Group’s capital structure
• Through the Remuneration Committee, the delivery
of an effective executive and senior management
Remuneration Policy
• Receiving reports on the views of shareholders and approval
of all documents put to shareholders at a general meeting or
circulated to shareholders
• Approval of the appointment of key advisers
The Board has a schedule of specific matters reserved for its
decision where it feels they are critical to the ongoing success
of the business and are of a significant nature to merit the Board
having such a decision reserved to it. The Group also has a
Group Authority Matrix (which documents the levels of authority
delegated from the Board to various role holders within the
Group). The schedule of matters reserved for decision by
the Board and the Group Authority Matrix are complementary
documents and are designed to ensure that decisions are
either made by the Board or delegated to an appropriate
senior colleague within the Group.
As noted above, the operational management of the Group is
delegated to the Executive Committee. The Board also delegates
other matters to Board Committees and management as appropriate.
Risk management
The Board has ultimate responsibility for ensuring that business
risks are effectively managed. The Board has delegated regular
review of the risk management procedures to the Cyber Security
Committee in relation to cyber risks, and to the Audit Committee
in relation to all other risks. The Board reviews the overall risk
environment on at least an annual basis. The day-to-day
management of business risks is the responsibility of the
Executive Committee (ExCom).
Internal control
The Group has a system of internal controls which aims to
support the delivery of the Group’s strategy by managing the
risk of failing to achieve business objectives and to protect the
stewardship of the Group’s assets. As with all such systems, the
goal is to manage risk within acceptable parameters, rather than
to eliminate risk entirely. The Group can therefore only provide
reasonable and not absolute assurance that the business
objectives and asset stewardship will be delivered successfully.
In addition, the Group insures against various risks, but certain
risks remain difficult to insure, due to the breadth and cost of
cover. In some cases, external insurance is not available at all,
or at least not at an economically viable price. The Group regularly
reviews both the type and amount of external insurance that it
buys in conjunction with its insurance brokers. For a more
detailed review of risk management processes, the principal risks
faced by the Group and their mitigation, see pages 70 to 80.
The Audit Committee is responsible for reviewing the
effectiveness of the risk management and internal control
systems. The steps it takes in relation to the review are set out
on page 104.
The Audit Committee makes recommendations to the Board
on the effectiveness of risk management and internal controls,
which the Board considers, together with reports from the Cyber
Security Committee, in forming its own view on the effectiveness
of the risk management and internal control systems.
During the year ended 31 May 2023, the Board reviewed
the effectiveness of the Group’s risk management and internal
control systems together with internal control findings issued by
our auditor, including the mitigating factors surrounding the use
of IT users with certain access rights to our systems. We confirm
that the processes outlined above and on page 104 have been in
place for the year under review and up to the date of this Annual
Report and Accounts, and that these processes accord with the
UK Corporate Governance Code and the FRC Guidance on Risk
Management, Internal Control and Related Financial and Business
Reporting. We also confirm that, while no significant failings
or weaknesses were identified in relation to the internal audits
performed, there is a programme of continuous improvement to
support the achievement of higher standards. This has resulted
in an increase in benchmarking our systems of internal control
against recognised frameworks. For example, while our score
against the NIST Framework is in line with similar organisations,
we have taken a conscious step to exceed these standards.
Therefore, we have established and continue to monitor an
aggressive action plan to achieve our objective of being
a leader in the market.
Executive remuneration
During the year, we operated within the Remuneration Policy
approved by shareholders at the 2021 AGM. Details of how
the Remuneration Policy has been applied during this financial
year are set out on pages 115 to 137 of the Remuneration
Committee Report.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
101
Governance�Shareholder engagement
Share capital structure
The Company’s issued share capital at 31 May 2023 consists
of 312,128,892 ordinary shares of 1p each. There are no special
control rights or restrictions on share transfer or special rights
pertaining to any of the shares in issue and the Company does
not have preference shares.
As far as is reasonably known to the Board, the Company
is not directly or indirectly owned or controlled by another
company or by any government.
Board engagement with shareholders
Communications with shareholders are given high priority.
There is a regular dialogue with institutional investors including
presentations after the Company’s year end and half-year
results announcements.
A programme of meetings takes place throughout the year with
major institutional shareholders, and private shareholders have
the opportunity to meet the Board face to face and ask
questions at the AGM.
We are in regular contact with our large investors through
a regular scheduled programme of meetings attended by either
our CEO or CFO or both of them. Julie Chakraverty, our Senior
Independent Director, and I are also available to meet with
investors should the need arise. I met with our larger investors
in February, March and April 2023 and I fed back my findings
to Board colleagues at the next Board meeting. In addition,
our brokers undertook an investor survey on the back of our
half-year results in February 2023 and the results of this were
presented and discussed at a Board meeting. Our aim is to
engage with our shareholders in an open and meaningful way.
During the financial year the Directors held a number of
meetings with shareholders as set out below.
Substantial shareholdings
As at 31 May 2023, the Company had been notified of the
following interests of 3% or more in the issued share capital of
the Company under the UK Disclosure and Transparency Rules:
Number of
ordinary
shares
% of NCC
Group’s
total share
capital
Shareholder
Aberforth Partners LLP
Odyssean Investment Trust plc
Montanaro Asset Management
Legal & General Investment
Management Limited
16,221,626
16,000,000
15,353,573
13,606,370
Sanford Deland Asset Management
15,550,000
Canaccord Genuity Group Inc
16,393,627
Schroder Investment Management
15,364,318
5.20%
5.13%
4.92%
4.36%
4.99%
4.96%
5.53%
The following changes to the above interests have been notified
to the Company from 31 May 2023 to 28 September 2023:
Shareholder
Number of
ordinary
shares
% of NCC
Group’s
total share
capital
The Wellcome Trust Limited
Schroders Plc
Odyssean Investment Trust plc
9,662,944
14,515,897
18,750,000
NFU Mutual Insurance Society Limited
12,981,143
Spreadex
Richard Griffiths
11,929,630
13,296,911
3.10%
4.65%
6.01%
4.16%
3.82%
4.26%
Board shareholder updates
Feedback from major institutional shareholders is provided to the
Board on a regular basis and, where appropriate, the Board takes
steps to address their concerns and recommendations.
Directors’ shareholdings
For details of Directors’ shareholdings, remuneration and
interests in the Company’s shares and options, together with
information on service contracts, see pages 115 to 137 of the
Directors’ Remuneration Report.
Investor meetings
One‑to‑one meetings
66
Group meetings
4
Annual General Meeting
The AGM is an opportunity for shareholders to vote on certain
aspects of Group business and provides a useful forum for
one-to-one communication with private shareholders. At the AGM
shareholders receive presentations on the Company’s performance
and may ask questions of the Board. The Chair seeks to ensure that
the Chairs of the Audit, Remuneration, Nomination and Cyber
Security Committees are available at the meeting to answer
questions and all Directors attend.
The Company prepares separate resolutions on each substantially
separate issue to be voted upon at the AGM. The result of the vote
on each resolution is published on the Company’s website after
the AGM and will be announced via the regulatory information
service. At the 2022 AGM, shareholders representing over 81.96%
of the Company’s issued share capital returned their proxy votes.
On behalf of the Board
Chris Stone
Non-Executive Chair
28 September 2023
102
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Audit Committee report
Sustained focus on and
improvement of our internal
control and risk environments
NCC Group, in a period of
considerable change, has maintained
a focus on control, risk management
and governance with the objective of
continuously improving our systems
and our processes as the business
strategy evolves.”
Lynn Fordham
Committee Chair
• Reviewing and monitoring controls
• Ensuring continued improvement of the effectiveness of the
Group’s risk management and internal control systems
• Planning for regulatory changes arising from the new
corporate governance reform requirements, including
ensuring that we review and consider all UK governance
changes following the establishment of Audit Reporting
and Governance Authority (ARGA)
• Monitoring ESG reporting, including progress on TCFD,
and embedding sustainability into the business
• Undertaking a thorough and comprehensive independent
auditor tender process, leading to the reappointment of
KPMG, or the on-boarding of a new auditor
• Monitoring implementation of the recently implemented
delivery system (Kantata)
I am pleased to present the Audit Committee Report for the
year ended 31 May 2023 to explain how we have discharged
our responsibilities with an overview of our principal activities
and their outcomes.
Committee membership, attendees’ access
and objectives
The Audit Committee had a change of Chair during the year.
I took over the role from Chris Batterham on 1 February 2023.
I am a Chartered Accountant with diverse sector experience
across listed companies, private equity and financial services
in a number of disciplines including risk management, internal
control and financial reporting. I am also currently Chair of the
Audit and Risk Committees at Caledonia Investments plc, Domino’s
Pizza Group plc and Enfinium Group, all of which provide me with
an additional external perspective to bring to my chairing of this
Committee. The Board therefore considers that I have the recent
and relevant financial experience required by the Code.
2022/23 key activities
• Assessed the quality of earnings by reviewing one-off,
out of period or non-trading items arising over the year
considering the background of a challenging year
• Continued focus on the adherence to the Individually
Significant Items accounting policy
• Reviewed Alternative Performance Measures (APMs)
to ensure there is a clear description and explanation,
reconciliation, presentation and consistency applied
• Critical review and discussion with our external auditor
on the assumptions and models used within the Group
annual impairment review and resultant disclosures
considering the background of a challenging second half
performance, a new strategy and managements future
action plans
• Consideration of going concern and viability assessment
and disclosures considering the background of a
challenging year and a new strategy
• Monitoring integration of IPM business including
associated risks, controls and costs of integration and
then ensuring that existing Group controls have been
implemented within the newly acquired business
• Reviewing Task Force on Climate-related Financial
Disclosures (TCFD)
• Consideration of the findings of the Financial Reporting
Council’s (FRC) review into the 2022 Annual Report and
reviewing and approving the Group’s response
• Considered a change to the year end (deciding not to at
this time) with a further review in the future
2023/24 priorities
• Review of the risk management and control environment of
any significant strategic or operational projects and the
resulting changes in the business
• Monitoring the project risk management of key new
initiatives, ensuring that satisfactory internal controls are
embedded from the outset
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
103
Governance�Audit Committee report continued
Committee membership, attendees’ access and objectives continued
Chris Batterham, Mike Ettling and Julie Chakraverty all served on the Committee throughout the year. I joined the Committee from
1 September 2022 when I joined the Board. All members of the Committee are considered to be independent, and the Committee
as a whole continues to have competence in the technology sector.
Summary biographies of each member of the Committee are included on pages 88 and 89.
The purpose of the Audit Committee is to assist the Board in the discharge of its fiduciary duties of stewardship of the Group’s assets.
The Committee particularly focuses on systems and processes of management control, and the reporting of internal management
information and externally reported financial information. The Committee also provides a forum for reporting by the external auditor.
Cyber risk and controls are also considered in the Cyber Risk Committee. A full copy of the Committee’s terms of reference can be
found in the Investor Relations section of the Group’s website at www.nccgroupplc.com/investor-relations/corporate-governance/.
Principal duties delegated to the Audit Committee
Areas delegated to
the Audit Committee
Financial reporting
Committee responsibilities
Activities during the year
• Monitoring the integrity of the Financial Statements
relating to the Group’s financial performance and
their compliance with the provisions of IFRS, the UK
Corporate Governance Code, the Disclosure Guidance
and Transparency Rules and other regulations
• Reviewing material information and significant
accounting judgements contained in the Annual
Report and Accounts
• Continued focus on quality of earnings and adherence
to Individually Significant Items accounting policy
• Reviewed all significant accounting areas and areas
of key estimation. Reviewed KPMG audit conclusions
in these areas with significant discussions around
the Group’s annual impairment review, assumptions
and resultant disclosures considering the
challenging second half performance.
• Advising the Board on the continuing appropriateness
of the Group’s existing accounting policies and the
application of any new or modified accounting and
reporting standards
• Consideration of the findings of the Financial
Reporting Council’s (FRC) review into the 2022
Annual Report and reviewing and approving the
Group’s response
Narrative reporting
• Advising the Board on the effectiveness of the
processes ensuring that the Annual Report and
Accounts, when taken as a whole, is fair, balanced
and understandable
Internal controls
and risk
management
systems
• Reviewing the effectiveness of the Group’s internal
control systems
• Reviewing the nature and extent of significant financial
risks and how they can be mitigated
• Undertook an externally facilitated Committee
evaluation exercise to assess where the
Committee should best focus its attention
• Considered recent technical updates including
guidance issued by the Financial Reporting Council
• Reviewed management’s going concern and
Viability Statement assessment, including
macro-economic considerations. Reviewed
KPMG audit conclusions in these areas
• Reviewed and responded to an FRC enquiry letter in
March 2023 in relation to the 2022 Annual Report and
Accounts. The FRC confirmed in April 2023, following
the Group’s response, it was able to close enquiries
• Reviewed a summary of why management
considers the Annual Report is fair, balanced
and understandable
• Received regular briefings from the Director of
Global Governance summarising risk
management and control issues
• Received a self-assessment of the finance controls
highlighting enhancements made during the year,
areas of continuous improvement and specific
actions to implement minimum control standards
Compliance,
whistleblowing
and fraud
Internal audit
External audit
• Reporting to the Board on the procedures for
responding to whistleblowing, fraud or potential
breaches of anti-bribery legislation
• Received a summary of regulatory updates
including health and safety updates documenting
new initiatives and activities
• Reviewing the internal audit reports discussing
any major control failures or weaknesses
• Reviewing the audit findings with the external auditor
including discussing any major issues that arise during
an audit, the accounting and audit judgements made,
the level of any errors identified during the audit and
the effectiveness of the audit process itself
• Making recommendations to the Board in relation to
the appointment of the external auditor, approving its
remuneration and terms of engagement
• Overseeing the relationship with the external auditor
including, but not limited to, assessing its
independence, objectivity and effectiveness
• Reviewed the findings from the internal audit reviews
and projects conducted during the year and approved
the internal audit plan for the forthcoming year
• Assessed the effectiveness of the 2022 external
audit process and Audit Committee effectiveness
• Reviewed the FRC Audit Quality Inspection and
Supervision Report with respect to KPMG LLP
• Reviewed the findings from the audit for the year
ended 31 May 2023
• Commenced the planning process for the audit
retender for the year ended 31 May 2024
104
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Significant accounting areas and areas of significant
management judgement or estimation uncertainty
The table below summarises the significant accounting issues,
judgements and estimates that the Committee considered
during the year in relation to the Financial Statements. These are
split between those items which are identified either as recurring
items that the Committee regularly reviews or as items of current
year focus. The table also shows the degree of judgement or
estimation that the Committee feels has to be applied for each
item. Items with a significant impact but with a “low” judgement
level will typically have extensive independent third party
evidence of the bases for any judgement. Areas assessed as
requiring a “high” level of judgement tend to rely more heavily
on management estimates and historical trends than extensive
independent third party evidence.
Review items
Accounting
judgement
Estimation
required
Impairment of goodwill
Valuation of separately identifiable
intangible assets (prior year)
n/a
n/a
High
High
Significant issues considered during the year
in relation to the Financial Statements
During the year, the Committee reviewed and considered
the following areas in respect of financial reporting and the
preparation of the interim and annual Financial Statements:
• The appropriateness of the accounting policies used
• Compliance with external and internal financial reporting
standards and policies
• Significant areas of management judgement or estimation
• Assumptions and models used to determine fair value of all
key business units for the Group annual impairment review
• Assessed the quality of earnings by reviewing one-off,
out of period or non-trading items arising over the year
• Continued focus on the adherence to the Individually Significant
Items (ISIs) accounting policy and presentation of ISIs
• Disclosure and presentation of GAAP and Alternative
Performance Measures (APMs)
• The effectiveness and changes to the financial control environment
• Whether the Annual Report and Accounts, taken as a whole,
is fair, balanced and understandable and provides the information
necessary to assess the Group’s financial position, performance,
business model and strategy
• Revenue recognition
• Going concern and viability assessment
In carrying out this review the Committee challenged the
significant estimates and judgements made by the Group’s
finance team and considered the external auditor’s reports
setting out its views on the accounting treatments and
judgements included in the Financial Statements.
Financial Reporting Council (FRC) review of Annual
Report and Accounts to 31 May 2022
During the year, a letter was received from the FRC in relation
to the Group’s Annual Report and Accounts for the year ended
31 May 2022. The only question requiring a response was raised
in relation to the recognition of set-up fee revenue included in
Global Managed Services (GMS). The Committee responded to
the FRC’s enquiries explaining the rationale and that we would
enhance our disclosures in our accounting policy to explain
why the set-up fees are considered a separate performance
obligation which was acknowledged and agreed by the FRC.
Following this review, which included consideration of the appendix
points raised in the review by the FRC, management performed their
own review of the annual report and adjustments were made to
certain disclosures presented in the prior year annual report.
The scope and limitations of the review were as follows:
• The review was based on the Group’s Annual Report and
Accounts and did not benefit from detailed knowledge of our
business or an understanding of the underlying transactions
entered into. It is, however, conducted by staff of the FRC who
have an understanding of the relevant legal and accounting
framework. The FRC supports continuous improvement in the
quality of corporate reporting and recognises that those with
more detailed knowledge of our business, including the Audit
Committee and auditor, may have recommendations for future
improvement, consideration of which the FRC would encourage.
• This, and any subsequent letter, provides no assurance that
our Annual Report and Accounts was correct in all material
respects; the FRC’s role is not to verify the information provided
but to consider compliance with reporting requirements.
• The FRC letters are written on the basis that the FRC (which
includes the FRC’s officers, employees and agents) accepts
no liability for reliance on them by the Company or any third
party, including but not limited to investors and shareholders.
The Committee welcomes the comments received by the FRC.
Meeting frequency and attendance
The terms of reference for the Committee require at least three
meetings per year. During this financial year the Committee met
four times. As well as the members of the Committee, standing
invitations are given to the Company Chair, the other independent
Non-Executive Director, the Chief Executive Officer, the Chief
Financial Officer, the Group Financial Controller and the Group
Director of Global Governance, with other attendees also
attending by invitation. The external auditor also attends each
meeting. During the year the Committee conducts meetings
with the external auditor and the Group Director of Global
Governance without the Executive Directors being present.
Attendance during the year of individual Audit Committee
members is shown in the table below:
Attendee
Lynn Fordham 1
Chris Batterham
Julie Chakraverty
Mike Ettling 2
Meetings attended
33
44
44
43
Meetings attended
Possible meetings
All Committee meetings throughout the year were quorate.
1 Lynn Fordham was appointed to the Board on 1 September 2022.
2 Missed one meeting due to it clashing with a pre-existing commitment
which could not be rearranged.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
105
Governance�Audit Committee report continued
Goodwill carrying value
(Recurring item: see Note 12 to the Financial Statements).
The Group has significant balances relating to goodwill at 31 May
2023 as a result of acquisitions of businesses in previous years.
The carrying value of goodwill at 31 May 2023 is £255.8m
(2022: £266.1m). Goodwill balances are tested annually for
impairment. The Group allocated goodwill to cash-generating
units (CGUs) which represent the lowest level of asset groupings
that generate separately identifiable cash inflows that are not
dependent on other CGUs. During the year, the Group has
recognised goodwill impairments (within Individually Significant
Items) in relation to North America Cyber Security and NCC
Group A/S of £9.8m and £3.0m respectively, which has been
determined by taking into account a market participant view of
the performance of these businesses based on market volatility
and uncertainty as at 31 May 2023.
Fair value less costs to sell
In accordance with IAS 36, for the year ended 31 May 2023,
tests for impairment are based on the calculation of a fair value
less costs to sell (FVLCTS) which has been used to establish the
recoverable amount of the CGU. The FVLCTS valuation has been
calculated by assessing the value of each standalone CGU
calculated using an Adjusted EBITDA1 multiple based on estimated
sustainable earnings adjusted for specific items where relevant.
Estimated sustainable earnings has been determined taking into
account past experience and includes expectations based on a
market participant view of maintainable performance of the business
based on market volatility and uncertainty as at 31 May 2023.
The sustainable earnings input is a level 3 measurement; level 3
measurements are inputs which are normally unobservable to
market participants.
The sustainable earnings figures used in this calculation include
key assumptions regarding sustainable revenues and costs for
the business. If the assumptions and estimates used in this
valuation prove to be incorrect, the carrying value of goodwill
may be overstated.
For context, the Committee considered the trading update
provided In March 2023, whereby market volatility had materially
increased significantly impacting on cyber security revenue and
profitability in the second half of the year, particularly in the
North American technology sector. The Committee also considered
the new strategy and managements future action plans.
The Group incurs certain overhead costs in respect of support
services provided centrally to the CGUs. Such support services
include Finance, Human Resources, Legal, Information Technology
and additional central management support in respect of
stewardship and governance. In calculating sustainable earnings
these overhead costs have been allocated to the CGUs based on
the extent to which each CGU has benefited from the services
provided. Commonly this is driven by time spent by the relevant
central department in supporting the CGU, informed by headcount
or where possible specific cost allocations have been made.
During the year, this allocation has been refined to ensure the
allocation is representative of the business operating model.
The Adjusted EBITDA1 multiple used in the calculations is based
on an independent third-party assessment of the implied enterprise
value (from a market participant perspective as at 31 May 2023) of
each CGU based on a population of comparable companies. The
estimated cost to sell was based on other recent transactions
that the Group has undertaken.
The two CGUs which are most sensitive to reasonably possible
changes in sustainable earnings are North American Cyber
Security and Europe Cyber Security. On this basis, Sensitivity
analysis has been performed in respect of certain scenarios where
management considers a reasonably possible change in key
assumptions as at 31 May 2023 could occur giving rise to a
further impairment.
The Committee reviewed this sensitivity analysis and disclosure
contained within the note 12 to the consolidated financial
statements and concurred with management’s assessments.
These assessments considered reasonable possible changes in
expected revenue and costs as a key assumption in sustainable
earnings and how sustainable earnings would need to change to
have not created an impairment for the North American Cyber
Security business as at 31 May 2023.
The Committee has reviewed the rationale used to determine the
CGUs. The Committee also reviewed the FVLCTS calculations
including the sustainable earnings used and the multiple applied
(considering the independent third party valuation as at 31 May 2023
that takes into account a market participant view of the performance
of the business based on market volatility and uncertainty as at
31 May 2023). The Committee concurred with the view of
management that impairments should be taken as at 31 May
2023 in relation to North America Cyber Security CGU and NCC
Group A/S and that no other impairments should be recognised
as recoverable amount was higher than carrying value for all
other CGUs.
The Group’s approach to materiality
In considering the materiality of any individual issue or issues in
aggregate, the Group looks at a range of qualitative and quantitative
measures to assess whether or not omitting, misstating or obscuring
information could reasonably be expected to influence decisions
that the primary users of general purpose financial statements
make on the basis of those financial statements. The range of
measures includes (but is not limited to) the primary Financial
Statements themselves, the individual line item in question,
and whether or not the issue moves the result from one side of
an inflection point to another (for example, turning a profit into
a loss or a net asset into a net liability). Qualitative and quantitative
measures are both considered as is any potential impact on
remuneration or banking arrangements such as debt covenants.
Internal audit
The Internal Audit function is responsible for internal audit, the
assurance of other quality systems and processes, and monitoring
the embedding of risk management processes throughout our
operations. The internal audit plan was approved by the Committee
during the financial year and a number of audits were performed,
the findings of which have been reviewed by the Committee.
During the year, 11 internal audit reports were issued covering
a range of risk areas including key financial controls, procurement
processes, controls over expenses, IR35 review and sales
commission payments.
The work of Internal Audit is a regular agenda item at Committee
meetings. We continually review the internal audit plan and adjust
to the environment taking a risk-based approach. Reports from the
Internal Audit team routinely include updates on audit and assurance
activities, progress on the internal audit plan, and commentary and
tracking of the implementation of agreed management actions
where deficiencies are addressed in an expedited manner. All
Internal Audit reports are also provided to the KPMG external audit
team and discussed with it during regular catch-up meetings.
106
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Internal audit continued
The control environment is also continually monitored by Internal
Audit, which supports continuous improvement and adjusts to
the ever-changing landscape. There is a high focus on our cyber
environment given the nature of the business which is under
constant review. The Group will look to increase the scope of
the internal audit plan during FY24 as it takes on an additional
internal auditor.
Internal controls and risk management
The Board is responsible for establishing, maintaining and
monitoring the Group’s system of risk management and internal
control and reviewing its effectiveness. The Committee monitors
the performance of management in this area.
We have an ongoing process for identifying, evaluating and
managing the principal risks faced by the Group, which has
been in place for the year under review and is deemed effective
up to the date of approval of the Annual Report and Accounts.
The Group’s non-Cyber Security risks are monitored by the Audit
Committee on behalf of the Board, which sets aside time for an
in-depth discussion of notable or changing risks to the business.
A description of the process for managing risk, together with
a description of the principal risks and strategies to manage those
risks, is provided on pages 70 to 80. Cyber risks are reviewed by
the Cyber Security Committee; the Cyber Security Committee
Report can be found on pages 113 to 114.
Internal control systems are designed to meet the particular needs
of the Group and the risks to which it is exposed. By their nature,
however, internal control systems are designed to manage rather
than eliminate the risk of failure and can provide only reasonable
but not absolute assurance against material misstatement or loss.
Key elements of the risk management and internal control system
are described below.
Controls relating to financial reporting and preparation
of the Annual Report and Accounts
• Information provided to management covering financial
performance and key performance indicators, including
non-financial measures
• A detailed budgeting process where business units prepare
plans for the coming year
• Procedures for the approval of capital expenditure and
investments and acquisitions
• Monthly operational reviews to monitor and reforecast results as
required against the annual operating plan, with major variances
followed up and management action taken where appropriate
Other controls
• Defined management structure and delegation of authority
to Committees of the Board, subsidiary boards and associated
business units
• Recruitment standards and compliance training to ensure
the integrity and competence of staff
• Anti-bribery, security and compliance training for all colleagues
• Clearly documented internal procedures set out in the Group’s
ISO 9001-2015-accredited quality manual
• Regular internal audits of key processes and procedures under
the Group’s ISO 9001 and ISO 27001-accredited quality
assurance process
• Monitoring of any whistleblowing or fraud reports
The external auditor regularly reports its findings on those areas
of internal control which it assesses as part of the external audit
to the Board and the Audit Committee.
Our internal control effectiveness is assessed through the
performance of regular checks, which in the year ended
31 May 2023 included:
• Assessment of the identification and management of risks
connected to the Group’s new strategy and management
of strategic change
• Reviewing and testing the Group’s financial reporting processes
• Performing compliance monitoring activities
• Assessment of the Group’s processes for identifying and
mitigating potential conflicts of interest
• Monitoring the completion of the Group’s mandatory
colleague training
Following these regular checks, it was deemed that the controls
were effective and the internal control systems are designed
to meet the particular needs of the Group and the risks to which
it is exposed.
Whistleblowing and confidential reporting procedures
The Group operates a confidential reporting and whistleblowing
procedure (known as our “Whistleblowing Policy”). The policy
aims to support the stewardship of the Group’s assets and
the integrity of the Financial Statements as well as protecting
colleague welfare. The procedure is reviewed annually by
the Committee to ensure that it remains fit for purpose.
The Group has appointed an independent third party reporting
agent to be the first point of contact for those who do not wish
to use normal internal line management channels for reporting
their concerns. This is advertised both internally, via colleague
noticeboards and our intranet, and externally on the website.
Colleagues are asked to undertake mandatory training on an
annual basis including a reminder on the Code of Ethics Policy
and the Whistleblowing Helpline.
The Committee reviews any whistleblowing or confidential
reporting of concerns raised during the year with respect to
their nature, scale and any associated or consequential risks.
Review of the Audit Committee’s effectiveness
The Committee has reviewed and considered the effectiveness of
its performance during the year via an externally facilitated Board
and Committee evaluation process. The review included the views
of members of the Committee and of regular attendees at the
various meetings (including the Executive Directors). I am satisfied
that the degree of rigour and challenge applied in performing the
Committee’s responsibilities is appropriate and effective and
continues to improve. Please see pages 103 to 109 for further
details of the Committee evaluation process.
Auditor’s independence and objectivity
The Committee received a formal statement of independence
from the external auditor.
The Company also operates a rigorous policy designed to
ensure that the auditor’s independence is not compromised by it
undertaking inappropriate non-audit work. The Audit Committee’s
approval is therefore required for any fees for any non-audit work
undertaken by the auditor. However, the Company recognises that
it can receive particular benefit from certain non-audit services
provided by the external auditor due to its technical skill and
detailed understanding of the Company’s business.
During this financial year no half-year review was carried out by
KPMG and on this basis non-audit fees of £nil (2022: £80,000)
were paid to the external auditor for the half-year review.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
107
Governance�Audit Committee report continued
Auditor’s independence and objectivity continued
All significant pieces of non-audit work are put to informal tender
to suitable parties that, if appropriate, can include the external
auditor. Upon review as to suitability and price, the work will then
be placed with the service provider recommended. If this is the
external auditor, then Audit Committee approval is required.
The external auditor was not engaged during the year to provide
any services which may have given rise to a conflict of interest.
The Committee is satisfied that the overall levels of audit and
non-audit fees are not material relative to the income of the
external auditor as a whole and therefore that the objectivity and
independence of the external auditor were not compromised.
During the year, our external auditor received ad hoc cyber
resilience services in the ordinary course of business, totalling
£82,907 (2022: £113,516). The Committee is satisfied that this
work is immaterial to both the external auditor and the Company
and therefore the objectivity and independence of the external
auditor are not compromised.
External auditor’s effectiveness and appointment
The Committee reviews and makes recommendations regarding
the reappointment of the external auditor following a formal
review of the auditor’s performance upon completion of the prior
year Financial Statements’ audit. In making these recommendations
the Committee considers:
• The experience, industry knowledge and expertise
of the auditor
• The scope and planning of the audit and any variations
from the plan
• The quality of the processes adopted
• The auditor’s explanations of significant risks to audit quality
by reference to the Company’s specific circumstances
and changes to the risks
• The fees charged
• Its attitude to, and handling of, key audit judgements
• Its ability to challenge and communicate effectively
with management
• The quality of the final report
• The FRC’s Audit Quality Review report relating to KPMG
• The appropriate and effective use of experts and specialists
During the financial year, I attended regular meetings with
KPMG’s engagement partner without management being
present. This provided the opportunity for open dialogue.
The engagement partner demonstrated her understanding of
the Group’s business risks and the consequential impact on the
Financial Statements. Feedback on the conduct of the audit from
the engagement partner’s perspective is used to determine if
any challenges in the prior year audit would be sufficiently
addressed in the next audit cycle.
Therefore, having fully considered the effectiveness,
independence and objectivity of the external auditor and the
reports it has produced in the current financial year, the
Committee has concluded that it is appropriate to recommend
to the Board the reappointment of KPMG LLP as the Group’s
external auditor for the next financial year.
The Group’s current auditor, KPMG LLP, has been in place since
1 November 2013 with a competitive audit tender process having
last been undertaken in November 2011 for the year ended
31 May 2014.
On this basis, the Committee will be carrying out a competitive
audit tender process for the next audit cycle (year ending
31 May 2024).
The firms requested to tender will be chosen having given
proper regard to the complexity of the Group, with the tender
completed by highly capable and experienced audit firms with
strong track records and technical expertise. The tender will be
open to audit firms outside the Big Four. KPMG has been invited
to tender and has indicated its willingness to do so.
Key milestones of the external audit tender process are as follows:
• August 2023 – formal invitations for prospective audit firms
to tender for the audit
• Tender process to run between September and November
2023 with formal pitches being delivered, and prospective
firms meeting key internal and external stakeholders
• Final decision expected to be made in late November/early
December 2023
In accordance with section 489 of the Companies Act 2006,
a resolution for the reappointment of KPMG LLP as auditor of the
Company is to be proposed at the forthcoming AGM. Following
the outcome of this process, if KPMG does not retain the audit,
a new auditor would be appointed in December 2023 and hold
office until the next AGM in 2024.
It is the intention of the Group to produce unaudited interim
financial statements for the period ended 30 November 2023,
in line with the prior period (30 November 2022).
108
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�1
Financial
information
4
Audit
Committee
Chair
2
Narrative
disclosures
3
Independent
reviewers
Fair, balanced and understandable
The following process was followed by the Committee in making its assessment:
1. Financial information
• Prepared by individual business units
• Consolidated by Group finance team
• Reviewed by Group Financial Controller and CFO
2. Narrative disclosures
• Prepared by Group finance team
• Reviewed by Group Financial Controller and CFO
• Various reports prepared by Committee Chairs,
CEO and CFO
3. Independent reviewers
• Senior members of the Executive Committee or
other senior colleagues
• Those who have not been major contributors
4. Audit Committee Chair
• Review of detailed verification documents
• Review of findings and observations from
independent reviewers
Related party transactions and other fees approved
by the Committee
Refer to Note 32 for related party transactions in the year.
Fair, balanced and understandable
At the request of the Board, the Committee considered whether
the 2023 Annual Report and Accounts, when taken as a whole,
was fair, balanced and understandable (FBU) and whether it
provided the necessary information for shareholders to assess
NCC Group’s position and performance, business model and
strategy. The reviews outlined in the diagram opposite include
reviews of all material matters, as reported elsewhere in this
Annual Report and Accounts, and reviews of the balance of good
and bad news and ensure the Annual Report and Accounts
correctly reflects:
• The Group’s position and performance as described on
pages 9 to 13 and 61 to 69
• The Group’s business model as described on pages 14 and 15
• The Group’s strategy as described on pages 24 to 28
The independent reviewers were not major contributors to the
Annual Report and Accounts but, at the same time, as members
of the Executive Committee or other senior colleagues, are
deemed to be sufficiently well informed on the Group’s activities
to be able to give appropriate feedback on the FBU criteria.
They undertake a qualitative review of disclosures and a review of
internal consistency throughout the Annual Report and Accounts.
The Directors’ statement on a fair, balanced and understandable
Annual Report and Accounts is set out on page 142.
Lynn Fordham
Chair, Audit Committee
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
109
Governance�Nomination Committee report
A continued focus on succession
planning and diversity
2022/23 highlights
• Significant improvement in diversity in the Executive
Committee and the Board
• Continued focus on building strength in our senior
leadership team to support succession planning, senior
management and Executive Director succession plans
• Relentless focus on diversity and inclusion in every
meeting, including undertaking unconscious bias training
• Scoped and planned the launch of gathering of diversity
data, due to launch FY24
• Launched our new colleague engagement tool Glint, and
have launched two surveys in the year which have been
challenged and reviewed by the Committee
2023/24 priorities
• Continue to build and develop diverse senior cyber
leadership across the Group
• Embed and encourage the data collection, analysis and
actionable insights coming from the diversity data launch
in Workday
• Launch gathering of diversity data and begin analysis
to create insight and action planning
• Shift the culture to create growth across the Group by
responding to colleague needs in this post-pandemic
hybrid world, and the needs of our clients by creating the
right working environment to support colleague engagement
Our objective is to have a broad
range of skills, backgrounds,
experiences and personal
attributes within the Board as this
ensures the Board is best placed
to serve the Company.”
Chris Stone
Committee Chair
The members of the Nomination Committee are Chris Batterham,
Julie Chakraverty, Jennifer Duvalier and Lynn Fordham (from
1 September 2022) along with me.
The Nomination Committee’s objectives
and responsibilities
The Nomination Committee is responsible for reviewing the
size, structure, balance, composition and progressive refreshing
of the Board and its Committees and as such its duties include:
• Reviewing the structure of the Board
• Evaluating the balance of skills, knowledge, experience
and diversity on the Board
• Making recommendations for further recruitment to the Board
or proposing changes to the existing structure of the Board,
or individual Directors
• Reviewing the leadership needs of the Company,
both Executive and Non-Executive
• Succession planning for Directors and other senior
Executives within the business
• Recruiting, appointing and exiting of Directors
• Overseeing membership of, and succession to, the various
Board Committees
• Reviewing the time commitment required from the
Non-Executive Directors on NCC Group business
The Chair of the Board leads the process for the appointment
of new Non-Executive Directors to the Board and for the
appointment of the Chief Executive Officer. The Chief Executive
Officer, in conjunction with the Chair, leads the process for the
Chief Financial Officer. The Senior Independent Director leads
the process for a new Chair of the Board.
In relation to an appointment to the Board, the Committee draws
up a specification and assesses the capabilities and experience
required for such a role, taking into account the Board’s existing
composition, including relevant experience and understanding
of our stakeholder groups.
110
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�We also assess the time commitment required. Candidates are
sought by third party executive search consultants and, where
appropriate, through the assessment of internal candidates and
are then formally considered by the Nomination Committee.
Extensive external referencing is completed.
Diversity
Our objective is to have a broad range of skills, backgrounds,
experiences and personal attributes within the Board as this
ensures the Board is best placed to serve the Company.
All appointments are made on merit and against objective
criteria with due regard for the benefits of diversity on the Board,
including gender, nationality, and educational and professional
background, as well as individual characteristics which will
enhance diversity of thinking on the Board. The Company
and the Committee value the aims and objectives of the FTSE
Women Leaders Review (formerly the Hampton-Alexander
Review on FTSE women leaders) and the Parker Review on
ethnic diversity of UK boards and support and apply the Group’s
diversity policy.
The Group’s gender diversity statistics are set out on page 44.
At Board level, we currently have three females on our Board and
one person of colour, but we note that diversity extends beyond
the measurable statistics of gender and ethnicity. As such, while
we historically have not set any particular targets, we continue
to take diversity in its wider context into account, having regard
to the diversity policy, and recommend only the most appropriate
candidates for appointment to the Board.
During the year ended 31 May 2021, we made the firm commitment
that by 2024, we will have at least 33% female representation
on our Board and at least one person of colour. With our recent
appointments, we have now delivered on our commitment and
are also on course to meet the FTSE Women Leaders Review
target of 40% by the end of 2025. Although this is best practice
for FTSE 350 companies, we have committed to this target
regardless of which share index we are in. (To achieve this
commitment by the end of 2025 based on our current Board size
of eight Directors, we would need to have at least four female
Directors out of the eight). Our Board now has 37.5% female
representation (three out of eight), and we will look to improve
this further still during any future appointments to the Board.
We will look to continue to address this during future Board and
Executive Committee appointments. Improvements in diversity
are often not a quick process but we are very mindful of the
need to take positive action, and the matter remains fully on our
agenda, as can be seen with the action we have taken during
recent years. Accessing the candidates we require to reach this
target will involve us looking beyond the obvious pool of existing
board directors within the UK and we intend to ensure that we
extend our talent search to other sectors and countries to ensure
we find a diverse pool of candidates from which to choose to
provide us with true diversity around our Board table.
When a new Director is appointed they receive a full, formal and
tailored induction into the Company and discuss with the Chair
any immediate training requirements. (To read more about
Lynn Fordham’s induction, please see page 98).
During the coming year we will ensure that our CFO (Guy Ellis)
is provided with a formal, comprehensive and tailored
induction programme through the support of internal and
external stakeholders.
The Committee’s terms of reference can be found in the Investor
Relations section of the Company’s website: www.nccgroupplc.com/
investor-relations/corporate-governance/. The terms of
reference are reviewed annually and updated when necessary.
Committee meetings
During this financial year, the Committee held five scheduled meetings.
The attendance of individual Committee members at Nomination
Committee meetings is shown in the table below. Unless
otherwise indicated, all Directors held office throughout the year.
Attendee
Chris Stone
Chris Batterham 1
Julie Chakraverty
Jennifer Duvalier
Lynn Fordham 2
Meetings attended
5 5
4 5
5 5
5 5
4 4
At all times, all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1
Missed one meeting due to it clashing with a pre-existing commitment
which could not be rearranged.
2 Lynn Fordham was appointed to the Board on 1 September 2022.
Activities during the year
During the year, the Committee:
• Approved the internal promotion of new CFO
• Recruited a new independent Non-Executive Director
• Evaluated the skills, knowledge and experience around
the Board table
• Reviewed the structure, size and composition of the Board
• Reviewed the Directors’ length of service
• Reviewed the diversity of the Board
• Reviewed the memberships of all Committees
• Reviewed the expected time commitment of the Chair
and the Non-Executive Directors
• Evaluated its own performance as a Committee
During the year, the Nomination Committee has had several
in-depth presentations from the Chief People Officer which
focused on leadership, talent management and development,
and succession planning, guided by the insights from our data
analysis and the external environment. These presentations
looked at the overall current position and in particular senior
succession, i.e. the Executive Committee and its direct reports.
Presentations and updates during the year
This year has been another busy one for the Committee and
it has had a number of presentations and updates on various
colleague matters across the Group. These include the following:
• Reviewed achievements over the previous year for the global
people team and looked forward to priorities for the year ahead
• Reviewed our development of capability with a particular
focus on senior succession and talent. We have also reviewed
our approach to accelerating and developing our global
leadership capability
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
111
Governance�Nomination Committee report continued
Presentations and updates during the year continued
• Reviewed our approach to developing leadership capabilities
at NCC Group
• Reviewed our approach to collecting colleague diversity data
in the various countries in which we operate
• Received an update since the previous year on our future state
ambition of being “a hub for cyber talent and a destination
employer with a quirky, distinctive environment”
• Reviewed the pipeline of step up candidates within the Group
• Considered the generational perspectives of colleagues within
the Group and their differing needs from an organisational and
leadership perspective
• Reviewed colleague engagement results from the quarterly
colleague survey (“MyVoice” utilising the Glint platform)
when mapped against current colleagues and former colleagues.
Exit interview data and key themes were also presented
to the Committee
• Reviewed both present and former colleague sentiment
on social media channels
• Explored our current global leadership KPIs and discussed
opportunities for improvement as we launched our leadership
development programme during the year
• Received a comprehensive briefing on the quarterly colleague
survey results (“MyVoice” utilising the Glint platform), along
with the agreed next actions
Our ambition for our future state is to be “a hub for cyber talent
and a destination employer with a quirky, distinctive environment”.
To support the ambition and our commitment to improving global
diversity, we are focusing on:
Processes
• Removing barriers to entry and making our talent attraction
and acquisition experience world class
• Continuing to review all our processes/documentation to
ensure all bias is removed including adverts and job descriptions
• A review of our selection methodology and a new framework
developed, to help to level the playing field for under-represented
communities, remove bias, and create a robust and valid way
of identifying and selecting talent
• We launched our new Talent Partnership Framework to
continue our efforts to attract diverse talent into the business.
Key highlights include entering into partnerships with Women
in Cyber Security (WiCyS), SANS Cyber Diversity, Uptree, and
Dutch Innovation Factory
• Throughout the year, the people team has been working on a
strategic project to introduce diversity data collection processes
for both future and current talent for NCC Group. The Chief
People Officer has been driving this initiative and has kept
the Board regularly updated on progress with a planned go-live
for this project early during the next financial year. Leveraging
diversity data to foster inclusion, drive equitable recruitment,
and provide equal opportunities for all candidates and colleagues
Culture
• Development of a behavioural framework (at final stages of
build) to be rolled out within the next financial year, to create
a clear articulation of the behaviours expected by colleagues
at all levels of the organisation. This has been created in
partnership with diversity, equity and inclusion (DE&I)
experts and talent consultancy Pearn Kandola
• Creation of a plan to roll out a new leadership and management
programme during the next financial year to ensure a strong
foundation of the essentials of leadership. This will focus on
core building blocks of leadership (Self Awareness,
Communication, Influence and Learning Agility)
• Continued support for our DE&I steering committees to make
positive change and build awareness, to foster inclusion,
awareness and meaningful conversations while empowering
colleagues to drive positive change and cultivate an inclusive
work environment
• A global “Speak Up” policy was launched to provide clear
guidance and signposting to colleagues across all our global
teams. It covered the various routes to raise concerns, and
the relevant policies to address these issues where required.
This activity was prioritised due to feedback that there was a
lack of clarity around the routes to take, and the expectations
of the process
Colleague voice
• Committed to an ongoing open dialogue with our colleagues,
through our quarterly engagement survey (“MyVoice”),
colleague forums, live leadership ask anything sessions, Board
engagement sessions with colleagues, the colleague resource
groups, listening sessions and our whistleblowing line, which
all play an active role in creating a great place to work (for
further information, please see the Stakeholder Engagement
section on pages 40 to 41)
• Continuing to develop and assess the broad range of opportunities
for colleagues to ask questions, to provide feedback and to
play an active role in creating a great place to work
Long term
• Developing our employer brand to broaden our attraction
strategies supported by a flexible, distinctive proposition
to ensure we remain current and attractive in an extremely
competitive tech talent market globally
• Building strategic partnerships with organisations to support
our commitment to create an inclusive and diverse environment
• Connecting the initiatives at every stage of colleagues’ lives
and careers to create enriched career pathways and achieve
the best return for investment with improved colleague
retention. Initiatives include work experience, the Next
Generation Talent programme, mentoring and CyberFirst
bursaries, and alumni programmes
• Exploring ad hoc colleague survey opportunities to deep
dive into colleague experience utilising Glint tool in areas like
inclusivity, belonging, etc.
Committee effectiveness
During the year, the Nomination Committee carried out an
externally facilitated evaluation of its effectiveness.
A number of recommendations were made, including the need to:
• Consider additional skills that might be added when making
future Board appointments, in light of potential additional skills
and perspectives that could be added
• Continue to focus on succession planning for the Board and
senior management
• Continue to improve succession plans for senior Executives
and improve exposure to senior Executives (i.e. the two layers
below the Executive Committee) at Board meetings and within
more informal settings
External search consultancies
During the prior year, the Group used two search consultancies
for appointments made during this year for Mike Maddison
(Heidrick and Struggles International Inc) and Lynn Fordham
(Sam Allen Associates Limited).
Chris Stone
Chair, Nomination Committee
28 September 2023
112
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Cyber Security Committee report
Monitoring the Cyber Security
and data protection landscapes
The Committee’s activities
aim to challenge and support
improvements to the Group’s
information security and data
protection policies, defences
and controls.”
Julie Chakraverty
Committee Chair
2022/23 highlights
• Appointment of a new Global CISO (Lawrence Munro,
in January 2023) and Head of Security (Katy Winterborn,
in February 2023)
• Ongoing alignment to the NIST Cybersecurity
Framework, tracking organisational maturity and
opportunities for improvement. This is mapped
to our existing ISO 27001 certification
• Implementation of a “three lines of defence” model for
information security, increasing oversight and
independence of risk management
2023/24 priorities
• Reviewing structure of data protection and governance
team in light of attrition and bringing all support back in house
• Greater global alignment in terms of policies and
procedures, and consolidation of our ISO 27001
accreditation under a single certificate
• Group-wide alignment for risk management and
consistent reporting of risk to the Board
• Migration of our in-house security monitoring to our new
Managed eXtended Detection and Response (XDR)
service, leveraging the latest technology
• New regulatory requirements are emerging for NCC
Group, such as NIS in the UK and NIS2/DORA in the EU.
We are starting our compliance efforts early, and working
directly with governments and regulators to ensure
successful compliance ahead of introduction
The Cyber Security Committee was formed to focus specifically
on the cyber risks faced by the Group. This reflects the significant
threat posed by cyber risks, the nature of our business, and the
potential damage to the business as a high value target for
malicious acts. The Committee’s activities aim to challenge and
support improvements to the Group’s information security and
data protection policies, defences and controls, so as to comply
with global data protection regulations around the world, and
ensure that the Group looks after its own information, and the
information that its customers entrust to it, with the proper care
and attention.
The Committee was formed in November 2016 and I have been
Chair since July 2022.
Chris Batterham and Jennifer Duvalier (both independent
Non-Executive Directors) served as members of the
Committee throughout the year. Lynn Fordham (an independent
Non-Executive Director) joined the Committee when she was
appointed to the Board on 1 September 2022. Lynn brings
welcome new experience and perspective with her strong
financial and risk background and is a strong addition to the
Committee’s membership. Chris Stone (Company Chair) is also
a member of the Committee.
The Group’s Director of Global Governance, the Group’s Chief
Information Security Officer (CISO), and the Group’s Chief Data
Protection and Governance Officer (CDPGO) are standing
invitees of the Committee. The Executive Directors are invited
to attend Committee meetings when the Committee considers
it to be appropriate.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
113
Governance�Cyber Security Committee report continued
The Cyber Security Committee’s objectives
and responsibilities
The Cyber Security Committee is responsible for assessing
the performance of the Group’s internal security and defences
and as such its duties are to:
• Oversee and advise the Board on the current cyber risk
exposure of the Group and future cyber risk strategy
• Review at least annually the Group’s Cyber Security breach
response and crisis management plan
• Review reports on any Cyber Security incidents and the
adequacy of resulting actions
• Receive and consider the regular update reports from the
CISO and CDPGO and ensure the CISO and CDPGO are given
the right of direct access to the Committee
• Consider and recommend actions in respect of all cyber and
data protection risk issues escalated to it
• Keep under review the effectiveness of the Group’s controls,
services and products to analyse potential vulnerabilities that
could be exploited
• Regularly assess what are the Group’s most valuable
intangible assets and the most sensitive Group and customer
information and assess whether the controls in place
sufficiently protect those assets and information
• Review the Group’s ability to identify and manage new cyber risks
• Assess the adequacy of resources and funding for data
protection and Cyber Security defence and control activities
• Regularly review the cyber and data protection risk posed
by third parties including outsourced IT and other partners
• Oversee Cyber Security and data protection due diligence
undertaken as part of an acquisition and advise the Board
of the risk exposure
• Annually assess the adequacy of the Group’s cyber
insurance cover
The Committee’s terms of reference can be found in the Investor
Relations section of the Company’s website: www.nccgroupplc.com/
investor-relations/corporate-governance/. The terms of
reference are reviewed annually and updated when necessary.
Committee effectiveness
During the year, the Cyber Security Committee carried out
an externally facilitated evaluation on its effectiveness, as
it continues to mature since its formation in November 2016.
The Committee was found to be working effectively and I am
satisfied that the degree of rigour and challenge applied in
performing the Committee’s responsibilities is appropriate
and effective and continues to improve.
As an output of both this and previous evaluations, the Committee,
along with the Board, reaffirmed that Cyber Security and data
protection are sufficiently important risks for the business and
that the Committee should remain focused on this specific set
of risks. Therefore, the current structure in which the responsibility
for broader risk management remains with the Audit Committee
will continue.
Committee activities during the year
• The Committee continues to make sure that the Group’s
resilience to cyber-attack is maintained and improved as the
threat landscape changes. In terms of information security
activities, the establishment of Global Technical Services
(GTS) in November 2021 and the close working between the
CISO and security team in GTS allowed us to focus on
removing legacy infrastructure and simplifying our IT estate,
while at the same time improving our security visibility across
the board
• The collective security function has increased the use of
NCC Group in-house services. We continue to leverage our
own assessment services to support benchmarking against
industry standards and to ensure best practices are followed
In terms of our global data protection programme and internal
data privacy activities, our three year strategy is underway to
pave the way for our intended application for Binding Corporate
Rules. Binding Corporate Rules provide colleagues and customers
alike with a sense of trust through demonstration of our
commitment to protecting personal data, wherever in the world
it may be processed during our business activities. The data
protection regulatory landscape is continually changing,
particularly in light of the UK GDPR, and the team is working
closely to stay abreast of such changes. The team has also
experienced a notable upswing in the number of Data Subject
Rights Requests it receives as individuals become more aware
of their rights under GDPR.
Noteworthy highlights since our previous report include:
• All Rights Requests received this year have been fulfilled
within legally compliant time periods
• We recruited a Data Protection Officer, who will join NCC Group
late August, plus contract extension for an existing DPO, in line
with the plan to bring data protection support for the business
back in house
• Significant progress with our project to achieve global
compliance with the European Court of Justice Schrems II
decision around exporting personal data outside of the EU
has been made. Phase one is completed and planning for phase
two is now underway
Committee meetings
During this financial year, the Committee met four times and
the attendance of individual Committee members at the Cyber
Security Committee meetings is shown in the table below.
Unless otherwise indicated, all Directors held office throughout
the year.
Attendee
Chris Stone
Chris Batterham 1
Julie Chakraverty
Jennifer Duvalier
Lynn Fordham 2
Meetings attended
4 4
2 4
4 4
4 4
3 3
At all times, all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1
Missed two meetings due to them clashing with pre-existing
commitments which could not be rearranged.
2 Lynn Fordham was appointed to the Board on 1 September 2022.
Julie Chakraverty
Chair, Cyber Security Committee
28 September 2023
114
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Remuneration Committee report
Annual Statement
Driving sustainable profitable growth
We seek to align remuneration to
the interests of our shareholders
and to our business strategy.”
Jennifer Duvalier
Committee Chair
On behalf of your Board, I am pleased to present our Directors’
Remuneration Report (DRR) for the year ended 31 May 2023.
The report is divided into three sections: this Annual Committee
Chair’s Statement, the Annual Report on Remuneration for FY23,
and the previously approved Directors’ Remuneration Policy.
At the AGM in November 2022, 92.68% of shareholders voted
in favour of the Directors’ Remuneration Report, and I would
like to thank shareholders for their continuing support.
Annual Statement
2022/23 was another busy year for the Remuneration
Committee and we had five meetings in total. The Committee
comprised Chris Batterham, Julie Chakraverty and Lynn Fordham
(who joined the Committee on 1 September 2022) and me
as Chair. Our Board Chair, Chris Stone, also attended all the
meetings. We invited our remuneration consultants, Chief
People Officer, Director of Reward and HR Operations, CEO,
CFO and other Executives to meetings as required, although
we always ensure that we have time without Executives present.
Corporate Governance Code remuneration
requirements for engagement with shareholders
and colleagues
The Committee closely monitors shareholder guidance and
feedback on remuneration. Shareholder voting on AGM
remuneration resolutions is reviewed annually, shareholders
are consulted when changes to policy are being considered,
and major shareholders have the opportunity to provide annual
feedback to the Board and Remuneration Committee on NCC
Group’s remuneration approach at annual engagement meetings.
2022/23 highlights
• Continuing to embed the Remuneration Policy for
2021–2024 as approved by shareholders at the 2021 AGM
• Making further grants under the Restricted Share Plan
for below-Board colleagues, to further broaden colleague
share ownership
• Launch of a new Share Incentive Plan (SIP) to enhance
colleague share ownership at all levels
• Determining the remuneration terms for the new CFO
and the leaving terms of the outgoing CFO
2023/24 priorities
• As a Committee, discuss and agree our proposed 2024–27
Remuneration Policy and consult as appropriate with our
major shareholders, before seeking shareholder approval
at the 2024 AGM
• Continue to ensure our incentive arrangements support
the Group’s revised long-term growth strategy
• Reviewing the all colleague and discretionary share plans
that the Group wishes to offer
• Continue to review when the appropriate time is to
introduce ESG measures into incentive arrangements
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
115
Governance�Remuneration Committee report continued
Annual Statement continued
Corporate Governance Code remuneration
requirements for engagement with shareholders
and colleagues continued
There are a number of existing channels of communication with
colleagues with regard to NCC Group’s remuneration policies
and executive remuneration. Our engagement survey enables
colleagues to provide feedback confidentially on many
employment issues, including remuneration. Our designated
NED for colleague engagement also holds a number of colleague
engagement sessions during the year in which colleagues
are invited to provide feedback and comments on any issue,
including executive remuneration and broader remuneration
policies. In particular, a question and answer discussion is always
held on executive remuneration and how this aligns with the wider
Company pay policy. Our designated NED also reminds colleagues
where the information can be located and answers any questions
as they arise. The Committee also receives regular feedback
from the Chief People Officer and the Director of Reward and
HR Operations on how colleagues perceive our remuneration
policies and practices in the context of recruitment, retention
and motivation. This information is used by the Committee in
its monitoring and development of remuneration policies.
Remuneration Policy for 2021–2024
Throughout the 2022/23 financial year, we operated within the
Remuneration Policy that was approved by shareholders at the
AGM in November 2021 with 87.43% of votes in favour. Our
2021–2024 Remuneration Policy can be found in this report.
As a reminder, a feature of the Policy approved by shareholders
was to make phased increases to the variable opportunity for
our CEO and CFO roles. The first of the changes took place in
November 2021 with increased levels of LTIP grants made to
the CEO (of 175% of salary) and the CFO (of 150% of salary)
(compared with previous grants of 100% for both the CEO and
CFO respectively). The implementation of the second increase
took place in 2022/23 when the annual bonus opportunity for
both the CEO and CFO increased from 100% to 125% of salary.
The Committee considered this phased approach to be
appropriate and these increases are balanced by: a reduction in
the threshold vesting level for the LTIP; a reduction of Executive
Director pension contributions to the workforce level of 4.5%;
and the adoption of a more demanding post-employment
shareholding policy. Total remuneration remains below the
market benchmark level. Further details can be seen in this
Annual Report on Remuneration.
Base salaries
For the 2022/23 financial year, no increase to Mike Maddison’s
salary took place during the year given he joined on 7 July 2022.
No increase has currently been made to the base salary of any
Executive Director for the year ending 31 May 2024; this is in line
with the majority of our colleagues who have not received an
increase to base salary due to the recent underlying performance
of the business. Instead, certain colleagues have received an
increase only on an exceptional basis.
The Committee has decided to defer the consideration
of a salary increase for the CEO to mid year, when this will
be considered against business performance and wider
workforce salary increases.
For the CFO, Tim Kowalski, recognising that his salary was below
the appropriate level given the size and nature of the role and
the incumbent’s experience, we consulted with shareholders
to increase his pay over a two year period. This plan was fully
explained in the Committee Chair’s introduction to the Remuneration
Report for 2021. In June 2021 his salary increased to £308,000,
representing an increase of 4.9% pts above the average workforce
increase (i.e. 8% in total). In June 2022, we implemented the
second stage of the planned salary change and increased his
salary by 2.9% pts above the average workforce figure. Despite
these increases, the salary remained below the relevant benchmark.
The CFO did not receive an increase for 2023/24 as he stepped
down at the end of June 2023.
Appointment terms for new CFO (Guy Ellis)
Guy Ellis was appointed CFO effective 30 June 2023. Guy’s base
salary on appointment is £300,000, which is £33,000 less than
that of his predecessor in the role. The maximum annual bonus
and LTIP grant for the role are subject to the maximums in the
approved Policy. However, the Committee has applied a
restrained approach and has determined that, for his first year,
maximum bonus should be set at 100% of base salary rather
than the 125% permitted under the Policy, and the first LTIP grant
should be at 100% of base salary rather than the 150% of base
salary permitted under the Policy. The Committee expects to
increase these levels and/or base salary in future years, up
to the Policy maximum, as Guy progresses in the role.
Leaving arrangements for outgoing CFO (Tim Kowalski)
As previously reported, Tim Kowalski stepped down as CFO on
30 June 2023. The full terms of Tim’s exit arrangements (which
follow his service contract, our Directors’ Remuneration Policy, and
the basis on which other leavers are treated) can be found on our
website (www.nccgroupplc.com/media/0sdecmbd/tim-kowalski-
section-430-2b-of-the-companies-act-statement-5-july-2023-
final-updated.pdf). In summary, during his six month notice
period Tim will continue to receive his monthly salary including
pay in lieu of pension, and access to all contractual benefits in
the usual way (his notice period ends on 31 December 2023).
In the event that Tim wishes to take up alternative employment
before the end of the notice period, the Company may cease or
reduce the monthly payments.
Tim was eligible for annual bonus in respect of the year ended
31 May 2023 as he remained CFO throughout that financial year,
subject to the normal performance conditions. Tim will not be
eligible for a bonus for the year ending 31 May 2024. Tim will
retain LTIP awards granted in 2021 and 2022, pro-rated for time
served (for awards vesting after leaving service), and subject to
the normal performance conditions, vesting dates and post-vesting
holding period. The Company’s post-cessation shareholding
policy will also apply to Tim.
Joining terms for CEO and leaver terms for former CEO
Mike Maddison’s remuneration terms as CEO were fully explained
in my introductory statement to last year’s Remuneration Report.
Adam Palser’s leaving terms were also fully explained in last
year’s statement.
116
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Performance related pay – annual bonus
The annual bonus for the year ended 31 May 2023 for both the
Chief Executive Officer and Chief Financial Officer was based on
the satisfaction of stretching financial and strategic targets.
The financial targets for the 2022/23 financial year were given
a weighting of 75% of the bonus opportunity. The performance
measures included Group operating profit and individual revenue
targets for Assurance and Software Resilience. In the context of
the Group’s financial performance and the Board’s market update
in March 2023, the performance thresholds for the financial
element of the bonus were not met. Therefore, the award under
the financial element of the bonus was 0% out of the maximum
available of 75%.
For the 2022/23 financial year, the strategic objectives for both the
CEO and CFO were given a weighting of 25% of the maximum total
bonus (i.e. up to 31.25% of base salary). The actual bonus award for
the strategic element was 7.5% of base salary of the maximum total
bonus (8.69% of base salary) for the CEO, and 5.0% of the
maximum total bonus (6.25% of base salary) for the CFO.
The strategic objectives covered three areas:
• Strategic objectives within the Assurance business: specific
revenue growth targets and to grow XDR sales orders (10% in total)
• Strategic objective for the Software Resilience business:
finalisation of the full operational review of the combined
Software Resilience division to create additional Group
contribution from FY24 (10% in total)
• Sustainability and people objectives: these included
objectives relating to our colleague engagement, retention
and corporate social responsibility (5% in total)
Further detail on performance against strategic objectives
is provided later in the report.
The Committee considered whether it should exercise any
downward discretion to the bonus outcome, in light of the
financial performance. The Committee concluded that the
outcomes for the strategic, non-financial elements were a fair
reflection of the good performance in the relevant areas, and
that the overall bonus outcome was modest relative to the
maximum opportunity. The Committee therefore decided not
to exercise any additional discretion.
For both the CEO and CFO, 35% of the bonuses achieved will be
deferred into shares and will vest after two years. Clawback and
malus provisions are also in place for the annual bonus.
Performance related pay – LTIP
The 2022–2025 LTIP was granted under the higher shareholder
approved limits (i.e. 175% and 150% of salary for the CEO and
CFO respectively) in November 2022. The awards will vest
subject to demanding EPS, cash and relative TSR targets
outlined later in this report.
The LTIP outcome for those awards granted in 2020 was
a vesting of 30% of the maximum award. This was based on the
cash conversion element (30%) being achieved in full but with
below-threshold achievement of the EPS growth and TSR metrics.
The Committee considered whether any additional downward
discretion should be applied to the overall vesting outcome of
30% of maximum. It concluded that it remained important to
recognise and continue to incentivise strong levels of cash
conversion and that it would not be appropriate to apply
additional discretion to the payment outcome.
Performance related pay – LTIP 2023 grant
Our LTIP award for 2023–2026 will be granted following our
full-year results in September 2023. As previously mentioned,
the grant level for Guy Ellis, the new CFO, will be scaled back for
2023 to 100% of base salary, compared to 150% for the previous
CFO’s grant in 2022. The Committee carefully considered
whether to reduce the size of the LTIP awards for the CEO given
the recent fall in share price. The CEO is relatively new in role,
having joined the Company in July 2022. Taking account this
joining date, and the importance of aligning the LTIP grant with
the CEO’s new strategic goals, the Committee concluded it
should proceed as normal with the grant of 175% of base salary
agreed under the Policy in 2023. On vesting, the Committee will,
as usual, consider whether the actual formulaic vesting of the
award is reflective of NCC Group’s underlying performance and
the experience of both our shareholders and wider workforce.
The Committee has reviewed targets and weightings in order
to incentivise growth, maintain high levels of cash conversion,
and take into account market expectations. The Committee
has proposed changes which will result in a rebalancing of
the performance measures as set out below. Performance will
continue to be measured against stretching targets. The metrics
and the targets for FY23 to FY26 are set out below:
1. Relative TSR (40% weighting): the weighting on relative total
shareholder return will be increased from 20% to 40% to
further emphasise growth in share price and long-term value
creation for our shareholders. TSR is well understood by both
participants and investors.
For 2023/24 the Committee has considered the weighting of
metrics in the annual bonus. The Committee concluded that
the weighting on the Group EBIT profit measure should increase
from the previous level of 37.5% of maximum to 60% of maximum,
to give appropriate emphasis to this metric. The remaining 40%
will apply to key strategic metrics, with stretching targets. These
will include targets linked to the pillars of the new strategy,
together with people and sustainability objectives. These will
be fully disclosed in the Remuneration Report for 2023/24.
2.
3.
Cash conversion (20% weighting): the target range was
increased from 80% to 90% compared to 70% to 80% for
grants made prior to the 2022 grant.
EPS growth (40% weighting): this weighting will provide an
appropriate balance between the three metrics under the
LTIP. The EPS performance metric has, since the 2022 grant,
been measured using a compound annual growth rate
(CAGR) methodology, which is more exacting and more
common in the market. The Committee has set the range
for the FY23 to FY26 performance period to ensure that the
stretch target is substantially above market norms for EPS
targets in LTIPs. The stretch performance requirement will
be 18% CAGR, which is around 5% pts higher than the typical
level in the market, and the threshold growth requirement of
6% CAGR, which compares to a FTSE 250 median typical
market levels of 5% to 6% CAGR.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
117
Governance�Remuneration Committee report continued
Annual Statement continued
Conclusion
During the coming year, we intend to focus on initial discussions
for our proposed 2024–27 Remuneration Policy and consulting as
appropriate with our major shareholders, before seeking
shareholder approval at the 2024 AGM. We also plan on
continuing to focus on the Committee’s responsibilities under the
2018 UK Corporate Governance Code (the “Code”).
This includes:
• Ensuring that the Remuneration Policy continues to
support and incentivise the achievement of our revised
strategy and further developing our environmental and
social sustainability measures
• Setting the remuneration for the Executive Committee
(i.e. the layer of senior management immediately below
Board level) and monitoring the success of the below-Board
Restricted Share Plan
• Overseeing the wider Remuneration Policy for the workforce,
taking account of colleague feedback on this policy, and
considering wider workforce remuneration when setting
Directors’ Remuneration Policy and practice
The 2023 Directors’ Remuneration Report will be put to the
usual annual advisory vote at the AGM on 30 November 2023.
The Committee is committed to engagement and transparency
and I welcome the opportunity for discussion of the Group’s
remuneration with shareholders, at our AGM or at any other
time during the year.
Jennifer Duvalier
Chair, Remuneration Committee
28 September 2023
Performance related pay – LTIP 2023 grant continued
As a reminder, these changes should also be seen in the context
of our low vesting percentage at threshold performance, which
is 15% of maximum for all metrics, compared to the market norm
of 25% of maximum.
These changes provide more focus on growing the share price
to deliver long-term value to our shareholders, while retaining
stretching EPS growth and cash conversion targets, and maintain
a conservative level of vesting at threshold performance.
Furthermore, the stretch EPS target of 18% CAGR remains above
the stretch level, calculated on a CAGR basis, for the LTIP awards
granted before the increase in quantum approved under the 2021
policy. Clawback and malus provisions are in place for the LTIP.
In order to further align Executives with shareholders, Executive
Directors are required to retain any LTIP vested shares (net of
tax) for a period of two years. After this holding period, all vested
shares must also be retained if the shareholding requirement has
not been met. In addition, our post-employment shareholding
policy requires Executives to retain the lower of the value of their
holding on cessation or 200% of salary for the first year following
cessation, reducing to 100% of salary for the second year following
cessation. This will be managed through a restricted account
maintained by our Registrar and the Company Secretariat.
Non-Executive Director and Chair’s fees
In line with our Remuneration Policy, Non-Executive Director fees
were reviewed (by the Company Chair, CEO and CFO) and it was
decided not to make any increases during 2022/23.
The Remuneration Committee also reviewed the Board Chair’s
fees using data provided by our remuneration consultants, and
again it was decided not to make any increases for 2022/23 or
for 2023/24.
Details of these fees and allowances are given in the Annual Report
on Remuneration on page 119
Grants of shares under a below-Board Restricted
Share Plan to broaden colleague share ownership
We remain committed to broadening share ownership
throughout the Group, both as a reward and retention tool.
During the year, we made further grants to around 90 colleagues
under our Restricted Share Plan (RSP), authorisation for which
had been granted at the 2020 AGM. Colleagues were given a
share award dependent on their continuing service within the
Group for a period of up to three years. RSPs are extremely
common in the technology sector, and we expect to continue
to utilise this mechanism to support colleague retention.
In addition, we also offered colleagues the opportunity to
participate in our Save As You Earn/stock purchase share plans
in the UK, the US, Canada, the Netherlands, Australia, Denmark
and Spain. Once again, these proved popular with high
take-up levels.
During the year, we also launched a new Share Incentive
Plan (SIP) for UK-based colleagues, further increasing our
commitment to cost effective colleague share ownership.
118
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Annual Report on Remuneration
Annual Report on Remuneration
This part of the report has been prepared in accordance with Part 3 of The Large and Medium-sized Companies and Groups
(Accounts and Reports) (Amendment) Regulations 2013 as amended and 9.8.8R of the Listing Rules.
The following report will be subject to an advisory shareholder vote at the 2023 AGM, which is scheduled to be held
on 30 November 2023. The information on pages 115 to 137 has been audited where indicated.
How the Remuneration Policy has been implemented in the year ended 31 May 2023
This section sets out how the Remuneration Policy was implemented in 2022/23. The key implementation decisions during the year related to:
• Review of salaries for Executive Directors
• The determination of annual bonus outcomes for the 2022/23 performance period
• The performance targets and value of awards granted under the LTIP, which will vest in 2025
Further detail on these decisions, together with other information on payments made to Directors, is set out in the following sections.
Single total figure of remuneration (audited)
The detailed emoluments received by the Executive and Non-Executive Directors for the year ended 31 May 2023 are below:
Salary/
Non-Executive
Director fees 1
£000
Benefits 2
£000
Pension
benefits 3
£000
SAYE 8
£000
Total
fixed pay
£000
Annual
bonus 4
£000
Long-term
incentive 5
(restated) *
£000
Other 10
Director
Year ended
Chris Stone
31 May 2023
Mike
Maddison
Adam
Palser
Tim
Kowalski
Chris
Batterham
Julie
Chakraverty 7
Jennifer
Duvalier 6
Lynn
Fordham 9
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
31 May 2023
31 May 2022
Mike Ettling
31 May 2023
31 May 2022
163
158
449
–
24
465
333
308
70
73
78
24
67
66
46
–
56
55
–
–
1
–
1
12
13
28
–
–
–
–
–
–
–
–
–
–
–
–
16
–
1
22
15
22
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
9
–
9
–
–
–
–
–
–
–
–
–
–
–
18
163
158
466
–
26
508
361
367
70
73
78
24
67
66
46
–
56
55
–
–
39
–
–
278
21
204
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
295
35
186
–
–
–
–
–
–
–
–
–
–
Total
variable
pay
£000
–
–
Total
£000
163
158
–
–
500
539
1,005
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
573
56
390
–
26
1,081
417
757
–
–
–
–
–
–
–
–
–
–
70
73
78
24
67
66
46
–
56
55
Total
31 May 2023
31 May 2022
1,286
1,149
15
40
32
44
1,333
1,251
60
482
35
481
500
–
595
963
1,928
2,214
1
The Chair and Non-Executive Directors each receive an allowance paid as part of their base fees of £8,200 and £4,750 respectively, to cover all travel
and expenses related to their roles on the Board.
2 Taxable benefits include the provision to every Executive Director of a car or car allowance, payment of private fuel, car insurance, private medical
insurance, life assurance and permanent health insurance. In 2020/21, Tim Kowalski switched from receiving a car allowance to a leased vehicle at
no additional cost to the Group. The P11D value of the leased vehicle is higher than the monthly cash value of the car allowance which he forfeited.
3 Pension benefits include employer contributions to the Group pension scheme and payments in lieu of pension contributions. The Company provided
pension payments in lieu of pension contributions for two Executive Directors during the year ended 31 May 2023.
4 Annual bonus payments for performance in the relevant financial year; 35% of this bonus is deferred into nominal cost share options for two years.
Dividend equivalents accrue on these shares.
5 Long-term incentive awards vesting under the LTIP – 28,763 shares vested to Tim Kowalski with respect to the LTIP granted in 2021 which had
a performance period ending on 31 May 2023. These have been valued using a share price of £1.216, which is the three month average share price
over March, April and May 2023. These shares were awarded based on a share price of £2.94 on the day before the date of grant. As a result, the change
in share price since the date of grant has resulted in an loss in value of £(49,587). With regard to the LTIP awards with a performance period ending on
31 May 2022, 145,560 shares vested to Adam Palser and 91,887 shares vested to Tim Kowalski, which have been valued using the share price at the date
of vesting of £2.025. These shares were awarded based on a share price of £1.82 on the day before the date of grant. As a result, the change in share price
since the date of grant has resulted in an increase in value of £29,867 and £18,854 respectively.
6 In 2021/22, Jennifer Duvalier received an extra £5,000 per annum to reflect her additional responsibilities for engaging with colleagues on behalf of the
Board. Jennifer handed this role over to Julie Chakraverty when she joined the Board on 1 January 2022. Jennifer also took over from Jonathan Brooks
as Remuneration Committee Chair on 1 February 2022.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
119
Governance
�Remuneration Committee report continued
Annual Report on Remuneration continued
Single total figure of remuneration (audited) continued
7 Julie Chakraverty joined the Board on 1 January 2022 and took over from Jennifer Duvalier as the designated Non-Executive Director for engaging with
colleagues on behalf of the Board. On 1 July 2022, Julie took over from Chris Stone as Chair of the Cyber Security Committee, and on 1 February 2023 took
over from Chris Batterham as the Senior Independent Director.
8 Options over 10,273 shares vested on 1 October 2021 to Adam Palser and Tim Kowalski under the all-colleague SAYE scheme. These awards have been
valued at the date of vesting using the share price on that date of £2.60.
9 Lynn Fordham was appointed to the Board on 1 September 2022 and became Chair of the Audit Committee on 1 February 2023.
10 A Special Replacement Award of 222,222 shares with a face value at grant of £500,000 was granted to Mike Maddison on 15 September 2022 (see page 123).
* Restated to correct the long term incentive amounts to be calculated in line with Sch 8 para 10(1)(d) being the cash value of awards that have met the
performance conditions at year end. The impact of this adjustment was to increase Adam Palser’s long-term incentive from £278,000 to £295,000, increase
Tim Kowalski’s long term incentive from £175,000 to £186,000 and as a result increase the total long term incentive from £453,000 to £481,000.
Additional information in respect of the single total figure of remuneration
Pension and benefits
The CEO’s and CFO’s pension provisions are now in line with the level of the wider workforce, which is currently 4.5%.
These contributions are cash payments in lieu of formal pension contributions.
Annual bonus
2022/23 annual bonus (audited)
For the year ended 31 May 2023, the maximum potential bonus opportunity for Mike Maddison was 125% of salary. For Tim Kowalski,
the maximum potential bonus opportunity was also 125% of salary. For the year ended 31 May 2023, bonuses of 8.69% and 6.25%
of base salary respectively were payable.
The actual bonus awarded to Mike Maddison was £39,063 and to Tim Kowalski was £20,790 based on the achievement of the performance
conditions set out below. The financial performance targets were missed by both the CEO and CFO. As disclosed in last year’s Annual Report,
profit targets were set £0.5m above the normal plan levels at the beginning of the year for those employees in the Group who participated in
the FY22 bonus scheme. This was to recognise the treatment of the transition costs for the former CEO in FY22. As a result, Tim Kowalski,
having participated in the FY22 bonus, had profit targets set £0.5m above those for Mike Maddison. 35% of each payment will be deferred
into nominal cost share options for two years, with the remaining 65% paid in cash. The performance measures and targets are set out below.
Financial targets – up to 75% of the bonus
Performance targets
Mike Maddison
Tim Kowalski
Adjusted operating
profit1 target for CEO 1
Adjusted operating
profit1 target for CFO
Cyber Security
(Assurance) revenue
constant currency
growth1
Pro forma Software
Resilience
revenue constant
currency growth1
Strategic
Threshold
Maximum
Actual
Threshold
Maximum
£53.5m
£59.5m
£28.8m
£54m
£60m
Weighting (% of bonus)
7.50%
Weighting (% of bonus)
37.50%
Payout (% of bonus)
Weighting (% of bonus)
Weighting (% of bonus)
n/a
n/a
n/a
7.50%
37.50%
0%
0%
n/a
n/a
n/a
Actual
£28.8m
Payout (% of bonus)
Threshold
Maximum
Actual
Threshold
Maximum
12%
18%
0.1%
1%
3%
Weighting (% of bonus)
3.75%
3.75%
Weighting (% of bonus)
18.75%
18.75%
Payout (% of bonus)
0%
0%
Weighting (% of bonus)
3.75%
3.75%
Weighting (% of bonus)
18.75%
18.75%
Actual
(0.5%)**
Payout (% of bonus)
0%
0%
The strategic targets were set individually
for the Executive Directors based on key
strategic objectives for the year in their
area of responsibility – see below.
Weighting (% of bonus)
25.00%
25.00%
Payout (% of bonus)
7.5%
5.0%
Total payout (% of bonus)
7.5%
5.0%
Bonus opportunity for FY22/23
£625,000*
£415,800
Total bonus for FY22/23
£39,063*
£20,790
Amount paid in cash
£25,391
£13,513
Amount deferred in shares
£13,672
£7,277
* Mike Maddison joined on 7 July 2022; hence, his bonus was pro-rated.
120
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Additional information in respect of the single total figure of remuneration continued
Annual bonus continued
Financial targets – up to 75% of the bonus continued
** Following the acquisition of IPM, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m respectively. Management is required
to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the level of deferred revenue acquired of £12.1m. This has resulted
in a downward adjustment to the book value of IPM’s deferred revenues reflecting the fair value of service still to be delivered. If the fair value adjustment
had not applied, revenue would be £4.4m higher for the 12 months ended 31 May 2022. On this basis, pro forma Software Resilience revenue growth of
-0.5% is Software Resilience revenue growth after considering the fair value adjustment of £4.4m (see page 177).
1
See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items. Further information is also contained within the Chief
Financial Officer’s Review and the Glossary of Terms on pages 61 to 69 and 215 and 216 respectively.
Strategic targets – up to 25% of the bonus
The table below highlights the key strategic targets and achievements for each Executive Director. Bonus target ranges have been disclosed
to the extent possible, but the achievement of some areas is determined by the Committee based on its judgement of performance.
Target and performance conditions
Outcome
CEO targets
Software Resilience – cost savings
Cost savings identified and achieved, but target missed.
XDR sales orders
Sales target missed.
North America tech revenues
Double-digit growth target not achieved.
Deliver Group strategy
Presented and launched Group strategy in February 2023.
People
Sustainability
CEO outcome
CFO targets
Reduction in voluntary attrition by 1%. The objective to improve
the net promoter colleague score was not met.
Reduced carbon footprint by 5% from Year 1 of Planet Mark
certification and delivered plan to meet important net zero
commitment by 2050.
Software Resilience – cost savings
Cost savings identified and achieved, but target missed.
Review of Assurance and Group costs
Cost savings to be identified in other projects.
Financial transformation
Reporting, budget and return
on investment
People – finance and global
governance function
Sustainability
CFO outcome
Financial transformation plan signed off on time
and efficiencies identified, but plan not yet implemented.
Process improvements effected improving the quality of reporting
throughout the Company.
Employee engagement improved above target and reduction
in voluntary attrition by 1%. The objective to improve the net
promoter colleague score was not met.
Reduced carbon footprint by 5% from Year 1 of Planet Mark
certification and delivered plan to meet important net zero
commitment by 2050 and implemented plan to reduce real
estate footprint.
Bonus award (% of
maximum total bonus)
31 May 2023
Weighting
Outcome
5.0%
5.0%
5.0%
5.0%
2.5%
0.0%
0.0%
0.0%
5.0%
1.25%
2.5%
1.25%
25.0%
7.5%
5.0%
5.0%
5.0%
0.0%
0.0%
0.0%
5.0%
0.75%
2.5%
2.5%
2.5%
1.75%
25.0%
5.0%
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
121
Governance�Remuneration Committee report continued
Annual Report on Remuneration continued
Long Term Incentive Plan (LTIP) vesting
The LTIP awards made in May 2021 (with a performance period of 1 June 2020–31 May 2023) will vest in September 2023.
Tim Kowalski was a beneficiary of these and achieved a vesting of 30% of the award of 95,875 shares, being 28,763 shares:
Executive
Number of
LTIP awards 1
Basis
Performance condition
Performance period
Tim Kowalski
95,875
100% of
base salary
Vesting determined by:
• Growth in Adjusted EPS3 over the performance period
• Average cash conversion3 ratio over the performance period
• TSR over the performance period vs FTSE 250 comparator group
1 June 2020 to
31 May 2023
The performance conditions for these awards are set out below:
Proportion
Component
Threshold
(20% vesting)
Metric
Maximum
(100%
vesting)
Actual
performance
Actual %
vested
60%
30%
Adjusted
basic
EPS3
Average growth over
a three year period
Cash
conversion3
Average cash conversion3
ratio over three years
10%
TSR
TSR over three years vs
FTSE 250 comparator group
(excluding investment trusts)
Total
9%
20%
(14.1%)
0%
70%
80%
97.7%
30%
Vesting basis
Straight line between
threshold and maximum
Straight line between
threshold and target,
then target and maximum
Median
Upper
quartile
Below
median
0%
Straight line between
threshold and maximum
30%
Long-term incentives granted during the year (audited)
During the financial year, the Executive Directors were granted awards subject to the performance conditions set out below.
The awards were as follows:
Executive
Number of
shares under
awards 1
Mike Maddison 436,408
Basis
Face value 2
Performance condition
175% of
base salary
£874,998
Vesting determined by:
• Growth in Adjusted EPS 3 over the
performance period
• Average cash conversion ratio 3 over the
performance period
• TSR over the performance period vs FTSE 250
comparator group
Performance period
1 June 2022
to 31 May 2025
Tim Kowalski
248,857
150% of
base salary
£498,958
As above
1 June 2022
to 31 May 2025
The performance conditions for these awards are set out below:
Proportion Component
Metric
60%
Adjusted basic EPS 3
20%
Cash conversion3
CAGR growth over a three
year period
Average cash conversion
ratio over three years
Threshold
(15% vesting)
Target
(50% vesting)
Maximum
(100%
vesting)
6%
n/a
18%
80%
85%
90%
Vesting basis
Straight line between
threshold and maximum
Straight line between
threshold and target, then
target and maximum
20%
TSR
TSR over three years vs FTSE
250 comparator group
(excluding investment trusts)
Median
n/a
Upper
quartile
Straight line between
threshold and maximum
1
LTIP awards are structured as nominal cost options.
2 Based on a share price of £2.005, which was the closing mid-market price of the Company’s shares on the day before the date of grant.
3 Adjusted basic EPS, cash conversion and cash conversion ratio are Alternative Performance Measures (APMs) and not IFRS measures. See Note 3
for an explanation of APMs and adjusting items.
122
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Special Replacement Award
In line with the recruitment arrangements for Mike Maddison disclosed in last year’s Annual Report, a Special Replacement Award
of 222,222 shares with a face value at grant of £500,000 was granted to Mike Maddison on 15 September 2022. The number of shares
was determined using the share price on the day before the date of grant of £2.25.
This one-off award was made in accordance with Listing Rule 9.4.2R, and the NCC Group Directors’ Remuneration Policy, to facilitate,
in unusual circumstances, the recruitment of Mike Maddison. The circumstances were unusual because Mike Maddison was foregoing
substantial remuneration on leaving his previous role to join NCC Group. The remuneration for FY23 and FY24 foregone by Mike
Maddison on leaving his previous role was of higher value than the Special Replacement Award, entirely in fixed cash, non-deferred
and not subject to performance conditions; in contrast the Special Replacement Award is delivered in the form of deferred shares to
further align Mike Maddison with shareholders.
The other principal terms of the award are:
• A nil-cost option to purchase 222,222 shares vesting on 15 September 2024, exercisable until 2032 while employment continues.
• Mike Maddison must remain employed on the vesting date of 15 September 2024. If his employment is terminated before that date,
the award will lapse unless he is treated as a good leaver – in accordance with the same terms as apply under the NCC Group plc LTIP.
• Dividend equivalents accrue on the award between grant and vesting.
• The award is non-pensionable.
• The malus and clawback provisions in the NCC Group plc LTIP also apply to this award.
• In the case of a corporate event, such as a capitalisation issue, rights issue or open offer, sub-division or consolidation of shares
or reduction of capital or any other variation of capital, the same provisions apply to the award as those under the rules of the
NCC Group plc LTIP.
• The award cannot be altered to the advantage of the participant without the prior approval of shareholders in general meeting
(except for minor amendments to benefit administration, to take account of a change in legislation or to obtain or maintain
favourable tax, exchange control or regulatory treatment for the participant in the scheme or for the company operating the
scheme or for members of its group).
Details of the award will be available for inspection at the 2023 AGM.
SAYE options granted in the year
The Group operates an HMRC-approved SAYE scheme. All eligible colleagues, including Executive Directors, may be invited to
participate on similar terms for a fixed period of three years. During the year both Mike Maddison and Tim Kowalski joined the 2023
SAYE scheme (which will mature on 1 June 2026) and have options over 14,269 shares with an option price of £1.26.
Payments to past Directors
Adam Palser stepped down as CEO in the financial year. In accordance with the treatment of his LTIP awards disclosed in last year’s
Remuneration Report, his 2020–23 LTIP award granted in May 2021 was performance tested at the end of this financial year. Out of
the 151,876 awards granted to him, 44,937 will vest after application of the performance condition and pro-rating for time served.
Directors’ interests in shares (audited)
The tables below set out details of the Executive Directors’ outstanding share awards, which will vest in future years subject
to performance conditions and/or continued service.
Summary of maximum LTIP awards outstanding
Total LTIP
options held
at 31 May
2022 1
Granted
during the
period
Exercised
during the
period
Share price
on date of
exercise 2
Lapsed
during the
period
Total LTIP
options
held at
31 May
2023 1
–
436,408
–
n/a
–
436,408
379,868
248,857
91,887
£2.025
62,989
473,849
Mike Maddison
Tim Kowalski
1
Includes only unvested and unexercised LTIP options.
2 £2.025 was the sale price.
All awards granted under the LTIP are subject to continued employment and the satisfaction of the performance conditions as set out
above. The awards were all nil-cost options.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
123
Governance�Remuneration Committee report continued
Annual Report on Remuneration continued
Share ownership (audited)
The beneficial and non-beneficial interests of the current Directors in the share capital of NCC Group plc at 31 May 2023 are set out below:
Beneficial interests
in ordinary shares 1
Maximum share
awards subject
to performance
conditions 2
Share options 3 Deferred bonus plan 4
Vested but
unexercised
nil-cost options
Special
Replacement
Award 5
Total
31 May
2023
31 May
2022
31 May
2023
31 May
2022
31 May
2023
31 May
2022
31 May
2023
31 May
2022
31 May
2023
31 May
2022
31 May
2023
31 May
2022
31 May
2023
31 May
2022
Chris
Stone
Mike
Maddison
Adam
Palser 6
Tim
Kowalski
162,843 162,843
–
–
–
–
– 436,408
– 14,269
–
–
–
–
–
–
–
–
–
–
–
162,843 162,843
– 222,222
– 672,899
–
– 195,075
– 490,223
–
11,849
– 69,595
– 145,560
147,197 96,343 440,956 287,974 14,269
– 66,921 40,958 28,764
91,888
Chris
Batterham 55,000 55,000
Julie
Chakraverty
Jennifer
Duvalier
Mike
Ettling
Lynn
Fordham
20,249
20,249
19,115
19,115
50,000 50,000
25,000
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
– 912,312
– 698,107 517,163
–
–
–
–
–
55,000 55,000
20,249 20,249
19,115
19,115
50,000 50,000
25,000
–
1 This information includes holdings of any connected persons.
2 These awards represent the outstanding LTIP interests, included in the table above, which are due to vest after 31 May 2023.
3 Representative SAYE scheme interests, which will vest after the end of the three year savings period in 2026.
4 Nominal cost share options granted under the deferred bonus plans, subject to a service condition, tax and National Insurance.
5 Relates to the Special Replacement Award granted to replace remuneration at previous employment. The award is subject to a service condition.
6 Adam Palser stepped down as a Director on 17 June 2022. At that time he held 195,075 shares. His shareholding on 31 May 2023 has not been included
as he is no longer a Director.
Following the year end, the following Directors purchased shares. The number of shares purchased and their revised totals are shown below:
• On 22 and 23 June 2023, Chris Stone purchased 550,000 shares bringing his new total to 712,843.
• On 23 June 2023, Julie Chakraverty purchased 43,665 shares bringing her new total to 63,914.
• On 22 June 2023, Chris Batterham purchased 25,000 bringing his new total to 80,000.
• On 3 July 2023, Mike Maddison purchased 10,000 shares. Mike did not previously hold any shares.
• On 17 July 2023, Mike Maddison and Guy Ellis purchased 585 and 73 shares respectively at £1.03 within the UK Share Incentive Plan.
• On 17 August 2023, Mike Maddison and Guy Ellis purchased 619 and 77 shares respectively at £0.97 within the UK Share Incentive Plan.
• On 18 September 2023, Mike Maddison and Guy Ellis purchased 624 and 78 shares respectively at £0.96 within the UK Share
Incentive Plan.
• On 27 September 2023, Lynn Fordham purchased 25,000 shares at £1.03 bringing her new total to 50,000.
Shareholding requirements
The Executive Directors are expected to build and retain a shareholding in the Group equivalent to at least 200% of base salary.
Executives will normally be required to retain all vested deferred bonus shares and LTIP shares released from the holding period,
until they have attained the minimum shareholding requirement and, even then, only when they have held vested LTIP shares for
a minimum period of two years. Executive Directors will also be required to retain all shares vesting from SAYE schemes. For the
avoidance of doubt, Executive Directors are permitted to sell sufficient shares in order to meet any tax obligation arising from
vesting shares.
The percentages within this table have been calculated using a three month average share price (1 March 2023 to 31 May 2023)
of £1.216 and include Tim Kowalski’s vested 2020–2023 LTIP of 28,763 shares respectively on a net of tax and National Insurance
basis, and all unvested deferred bonus plans on a net of tax and National Insurance basis.
124
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Mike Maddison
Tim Kowalski
Shareholding
requirements
(% of salary)
200%
200%
Shareholding
as at
31 May
2023
(% of salary)
Requirement
met
0%
72%
No
No
Appointment terms for new Directors
During the year Lynn Fordham was appointed as an independent Non-Executive Director with a base fee of £51,500 per annum and
a travel allowance of £4,750 per annum. From 1 February 2023, Lynn also received an additional fee of £11,000 per annum to reflect
her responsibilities for being the Audit Committee Chair.
Guy Ellis was appointed CFO on 30 June 2023 on a salary below that of his predecessor. The main terms of his recruitment are:
• Salary – £300,000
• Pension – contribution or allowance of 4.5% of base salary (in line with the overall workforce)
• Benefits – private medical insurance, death in service and income protection
• Bonus – potential to earn an annual bonus of up to 100% of salary in his first year, of which 35% of any payment will be deferred
in NCC Group plc shares for two years
• LTIP – eligible to be considered for participation in the Group’s Long Term Incentive Plan with awards of up to 100% of his salary
in his first year
In line with the policy, Guy’s long-term incentive awards in relation to his prior role which he held on appointment will continue subject
to their original terms.
Past Directors’ remuneration – leaving arrangements for Tim Kowalski (audited)
In June 2023, Tim Kowalski’s departure was announced and his contractual six month notice period commenced. Tim’s base salary
will continue to be paid during his notice period in monthly instalments, together with fringe benefits (including pension payments
in lieu of pension contributions) while he remains a colleague. In the event that Tim wishes to take up alternative employment before
the end of the notice period, the Company may cease or reduce the monthly payments.
Annual bonus
Tim Kowalski will be eligible for an annual bonus in respect of the year ended 31 May 2023 as he remained CFO throughout that
financial year, subject to the normal performance conditions and 35% deferral requirements. Tim will not be eligible for a bonus for
the year ended 31 May 2024.
Deferred annual bonus awards
The 2021 deferred bonus plan award will vest as normal in September/October 2023.
In accordance with the Company’s Directors’ Remuneration Policy, the Remuneration Committee has exercised its discretion to allow
the 2022 award and any 2023 award to vest at the termination date, as performance for these awards was assessed previously in
respect of the relevant bonus year. However, any shares vesting from the 2022 and 2023 awards are subject to the post-employment
shareholding policy (see below).
Long Term Incentive Plan (LTIP) awards
Tim will not receive a 2023 LTIP grant.
In respect of Tim’s existing LTIP awards, the following will apply:
• 2020 LTIP grant – this is expected to vest as normal in September/October 2023, subject to the normal performance conditions,
as Tim is expected to still be employed at the vesting date.
• 2021 and 2022 LTIP grants – these will be pro-rated for time served from the date of grant until the termination date. These are
expected to vest subject to the normal performance conditions at the normal vesting date.
The two year post-vesting holding period will apply to all LTIPs.
Post-employment shareholding requirements
The two year post-employment shareholding requirement, under the Directors’ Remuneration Policy, which came into effect from
November 2021, will apply to the 2021 and 2022 LTIPs and the 2022 and 2023 deferred annual bonus plan awards.
Other
Tim will be reimbursed for up to £5,500 for legal costs and in respect of his non-compete agreement, and up to £30,000 for
outplacement and transition support.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
125
Governance�Remuneration Committee report continued
Annual Report on Remuneration continued
Relative importance of the spend on pay
The following table sets out the percentage change in distributions to shareholders and colleague remuneration costs.
Colleague remuneration costs 1
Dividends 2
31 May
2023
£m
236.9
14.5
31 May
2022
£m
207.0
14.4
% change
14.4%
0.7%
1 Based on the figure shown in Note 7 to the consolidated Financial Statements.
2 Based on the total cash returned to shareholders in the year ended 31 May 2023 through dividends, as shown in Note 10 to the consolidated Financial
Statements (excluding the proposed 2023 final dividend).
Percentage increase in the remuneration of the Directors
The table below shows the movement in the salary or fees, benefits and annual bonus for each Director between the current
and previous financial year compared to the equivalent changes for all colleagues of the Company.
The comparator group for salaries and benefits is all colleagues in the UK – there were no benefit policy changes in this time.
The comparator group for the bonus is those in the senior management population who also have an annual scheme and excludes
those on commission and incentive plans.
Director
2020/21
2021/22
2022/23
2020/21
2021/22
2022/23
2020/21
2021/22
2022/23
% increase in salary
% increase in benefits
% increase in annual bonus
Chris Stone
Mike Maddison
Adam Palser
Tim Kowalski
Chris Batterham
Julie Chakraverty
Jennifer Duvalier
Lynn Fordham
Mike Ettling
All colleagues
(5%)
—
1%
1%
(6%)
—
2%
—
(8%)
3.1%
14%
—
3%
8%
24%
—
29%
—
20%
5.1%
3%
—
(95%)
8%
(4%)
225%
2%
—
2%
7.9%
—
—
—
—
—
—
—
—
—
—
—
—
(25%)
(10%)
—
—
—
—
—
—
—
—
(92%)
(54%)
—
—
—
—
—
—
—
—
303%
341%
—
—
—
—
—
—
—
(33%)
(17%)
—
—
—
—
—
—
—
—
(90%)
—
—
—
—
—
1.0%
(39.8%)
(89%)
The decrease and subsequent increase of NED fees in 2020/21 and 2021/22 are the results of the removal and reintroduction of
the travel allowance and a review of NED fee levels. The travel allowance was removed in 2020/21 due to the lower levels of travel
resulting from the reaction to the pandemic, and then was reintroduced in 2021/22. The combination of these factors results in
changes which are not reflective of changes to NED fee levels. The changes are also affected by the comparison of fees for
a full year to fees for a part year when a Director joins or leaves.
Chief Executive pay compared to pay of UK colleagues
The following table shows the ratio between the single total figure of remuneration (STFR) of the Chief Executive for 2022/23 and
the lower quartile, median and upper quartile pay of our UK colleagues. The salary and total pay and benefits for the lower quartile,
median and upper quartile colleagues are also shown.
Total pay ratio
Financial year
2019/20
2020/21
2020/21
2021/22
2022/23
25th
percentile
pay ratio
50th
percentile
pay ratio
75th
percentile
pay ratio
18:1
27:1
26:1
23:1
22:1
12:1
18:1
16:1
14:1
14:1
8:1
11:1
12:1
10:1
10:1
Method
Option B
Option B
Option C
Option C
Option C
Salary (£000)
Total pay and benefits (£000)
449
1,005
24
26
473
1,031
41
47
53
74
85
105
Mike
Maddison,
current CEO
Adam Palser,
former CEO
CEO pay for
single figure
25th
percentile
50th
percentile
75th
percentile
126
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Chief Executive pay compared to pay of UK colleagues continued
CEO pay ratio
The CEO pay ratio has been calculated using Option C. Under Option C, we have used the most recent P60 information (for the
2022/23 tax year) to determine the relevant colleague at the 25th, 50th and 75th percentile. As in prior years, we have omitted
joiners and leavers from the data to ensure that the data is on a like-for-like basis. This option was chosen in preference to the
other possibilities as it uses the most accurate and comprehensive data currently available and provides a fair reflection of
the total pay received by colleagues.
The CEO pay ratio has not changed since last year. This is because the aggregate total single figure for both CEO incumbents during
the year was only slightly below the CEO single figure for the prior year.
The pay ratio is consistent with the pay, reward and progression policies currently in place at NCC Group.
Performance graph and table
The following graph shows the total shareholder return, with dividends reinvested, from 31 May 2013 against the corresponding
changes in a hypothetical holding in shares in both the FTSE All Share and FTSE 250 Indices.
The FTSE All Share and FTSE 250 Indices represent broad equity indices. The Company is a constituent member of the FTSE All Share
Index and the Committee has adopted the FTSE 250 Index for part of its LTIP performance measure. Both indices give a market
capitalisation-based perspective.
During the year, the Company’s share price varied between £0.898 and £2.40 and ended the financial year at £0.909.
Ten year historical TSR performance is the growth in the value of a hypothetical £100 holding over ten years. It has been calculated
for NCC Group plc, and the FTSE All Share and FTSE 250 Indices (excluding investment trusts) based on spot values.
)
£
(
e
u
l
a
V
400
350
300
250
200
150
100
50
0
£273
£315
£232
£166
£208
£169
£166
£164
£198
£100
£101
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
Year ended 31 May
NCC Group plc
FTSE All Share Index
FTSE 250 (excluding investment trusts)
FTSE Small Cap (excluding investment trusts)
The share price was £2.125 on 1 June 2022 and £0.909 on 31 May 2023.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
127
Governance
�Remuneration Committee report continued
Annual Report on Remuneration continued
Performance graph and table continued
The table below shows the total remuneration for the Chief Executive over the same ten year period, including share awards valued
at the date they vested.
Year ended 1,2,3,4
31 May 2023 1
31 May 2023 2
31 May 2022
31 May 2021
31 May 2020
31 May 2019
31 May 2018 3
31 May 2018 4
31 May 2017
31 May 2016
31 May 2015
31 May 2014
Total
remuneration
£000
Annual bonus
% of maximum 5
Long-term
incentives
% of maximum 6
1,005
26
1,081
1,110
861
679
292 3
257 4
610
1,091
993
1,089
7.5
–
60
92
23
48
32
32
–
70
73
73
30
–
59
40
52
–
–
–
–
20
15
50
1 Mike Maddison was appointed on 7 July 2022. The amount above is in respect of the period from 7 July 2022 to 31 May 2023.
2 Adam Palser stepped down from the Board on 17 June 2022. The amount above is in respect of the period from 1 June 2022 to 17 June 2022.
3 Adam Palser was appointed on 1 December 2017. The total remuneration figure above is in respect of the period from 1 December 2017 to 31 May 2018.
4 During the year ended 31 May 2018, Brian Tenner acted as Interim Chief Executive Officer for the period 1 June 2017 to 30 November 2017. The total
remuneration figure above is the total remuneration received in relation to that six month period.
5 Note that this shows the annual bonus payments as a percentage of the maximum opportunity.
6 This shows the LTIP vesting level as a percentage of the maximum opportunity.
Membership and attendance
The Remuneration Committee membership consists solely of Non-Executive Directors and comprises Jennifer Duvalier,
Chris Batterham, Julie Chakraverty and Lynn Fordham.
The Company Chair, Chief Executive Officer, Chief Financial Officer, Chief People Officer, Director of Reward and HR Operations
and Company Secretary attend the Remuneration Committee meetings by invitation of the Chair of the Committee from time to time
and assist the Committee with its considerations. No Director is involved in setting their personal remuneration.
The attendance of individual Committee members at Remuneration Committee meetings is shown in the table below:
Attendee
Meetings attended
Jennifer Duvalier
Chris Batterham 1
Julie Chakraverty
Lynn Fordham 2
5 5
4 5
5 5
4 4
At all times, all of the Committee meetings remained quorate.
Meetings attended
Possible meetings
1 Missed one meeting due to it clashing with a pre-existing commitment which could not be rearranged.
2 Appointed to the Committee 1 September 2022.
Adviser to the Committee
During the year, the Committee received advice on senior executive remuneration from Alvarez and Marsal (A&M) and was comfortable
that the advice was objective and independent. A&M is a member of the Remuneration Consultants Group and is a signatory to its Code of
Conduct. The total fee charged in 2022/23 for providing advice in relation to executive remuneration was £111,992. A&M did not provide any
other services to the Company during the year. At the end of FY23, the Committee made the decision to move the executive remuneration
advisory relationship to Mercer, which provides below-Board reward advice to NCC Group. This change allows the upcoming executive
remuneration policy review to be linked in with other reward workstreams in the Group.
128
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Service contracts and letters of appointment
The service contracts and letters of appointment of the current Directors include the following terms:
Date of contract
Notice period
Executive
Mike Maddison
Guy Ellis
Tim Kowalski
Adam Palser
Non-Executive
Chris Stone
Chris Batterham
Julie Chakraverty
Jennifer Duvalier
Mike Ettling
Lynn Fordham
28 April 2022
30 June 2023
16 July 2018
29 November 2017
31 March 2017
9 April 2015
27 October 2021
25 April 2018
21 September 2017
19 July 2023
12 months
6 months
6 months
12 months
3 months
3 months
3 months
3 months
3 months
3 months
Dilution
The LTIP has a dilution limit, for new and treasury shares, of 10% of the issued ordinary share capital of the Company in any
ten year period for any share option scheme operated by the Company. As at 31 May 2023, the Company had utilised 20,304,107
(31 May 2022: 18,811,502) ordinary shares through LTIP, DABS, SAYE, CSOP, ISO, RSP and ESPP awards counting towards the
10% limit, which represents 6.51% (2022: 6.07%) of the issued ordinary share capital of the Company. To clarify, this figure of
6.51% includes both discretionary and all-colleague share schemes.
How will the Remuneration Policy be implemented in the year ending 31 May 2024?
Executive Directors’ base salaries
No increase was made to the base salary of any Executive Director for the year ending 31 May 2024. Due to the recent underlying performance
of the business, the majority of our colleagues have not received an increase to base salary. Instead, certain colleagues have received an
increase only on an exceptional basis. On appointment on 30 June 2023, the base salary of the new CFO was set below the level of his
predecessor. The table below details the Executive Directors’ salaries as at 31 May 2023 and salaries which took effect from 1 June 2023:
Chief Executive Officer – Mike Maddison
Outgoing Chief Financial Officer – Tim Kowalski
Incoming Chief Financial Officer – Guy Ellis
1 For Guy Ellis, the base salary shown is that on appointment on 30 June 2023.
Pension
Pensions will remain aligned with the level for other colleagues.
Base salary
at 31 May
2023
£000
Base salary
at 1 June
2023 1
£000
500
333
n/a
500
333
300 1
% change
0%
0%
n/a
Non-Executive Directors’ fees
In line with the current Policy, Non-Executive Director fees are reviewed annually.
The last increase was applied on 1 June 2022, and following the annual review in 2022, fees were increased as set out in the table
below. A review was carried out of Non-Executive Directors’ fees during the year for 2023/24 and the decision was taken not to
increase them and review the matter again in the financial year ending 31 May 2024:
Chair fee (excluding travel allowance of £8,200)
Non-Executive Director base fee (excluding travel allowance of £4,750)
Supplemental fees for additional responsibilities:
SID
Audit Committee Chair
Remuneration Committee Chair
Cyber Security Committee Chair1
Designated NED for colleague engagement
FY23/24
FY22/23
£154,500
£154,500
£51,500
£51,500
£10,000
£10,000
£11,000
£11,000
£11,000
£11,000
£8,000
£8,000
£11,000
£11,000
1
No fee was paid in FY21/22 for chairing the Cyber Security Committee as this role was performed by the Company Chair. A supplemental fee has been
introduced as the Chair of this Committee is no longer the Company Chair.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
129
Governance�Remuneration Committee report continued
Annual Report on Remuneration continued
Annual bonus
The annual bonus maximum in 2023/24 will be 125% of salary for the Chief Executive Officer and 100% for the Chief Financial Officer,
with 60% based on the achievement of Adjusted operating profit targets and 40% based on the achievement of strategic targets as
outlined on page 117.
Awards will also be subject to the Committee’s assessment of the overall financial health of the business.
In addition, to ensure that this bonus opportunity results in shareholder alignment and provides greater retention value, 35% of any
bonus payment will be deferred into nominal cost share options for two years.
The bonus, nominal cost share options and associated dividend equivalents are also subject to malus and clawback provisions.
Long Term Incentive Plan (LTIP)
It is intended that awards with a maximum value of 175% and 100% of base salary to the CEO and the CFO respectively will be made
under the LTIP in September/October 2023.
These will be subject to a two year post-vesting holding period for the Executive Directors. As well as the holding period, the
Executives have to achieve a shareholding requirement of 200% of salary (post-shares sold to cover any tax) before they can sell
any shares that vest, with these awards also counting towards the post-employment shareholding requirement. The awards are also
subject to malus and clawback provisions.
The vesting of these LTIP awards will be based on earnings per share (40%), a cash flow metric (20%) and a relative total shareholder
return metric (40%). 15% of each element will vest at the threshold performance level, rising to 100% vesting at maximum. As explained
in the Annual Statement, the Committee has reviewed the targets and weightings to ensure they remain aligned with NCC Group’s
growth strategy.
As a result, the weightings will be changed to focus on TSR by increasing the weighting on relative TSR and reducing the weighting
on EPS. The EPS growth and cash conversion targets remain unchanged from last year. The proposed targets are as follows:
Metric
Earnings per share growth
Average cash conversion
Relative TSR vs FTSE 250
(excluding investment trusts)
Weight
40%
20%
40%
Threshold (15% vests)
Maximum (100% vests)
6% CAGR
80%
Median
18% CAGR
90%
Upper quartile
For performance between threshold and maximum, awards vest on a straight-line basis.
These three measures are transparent, easy to understand, easy to track and communicate, cost effective to measure and
fundamentally aligned to the Group’s strategic goals. These targets may be subject to amendment prior to the grant of awards
in autumn 2023, if there is any significant change in outlook.
Statement of shareholder voting
The following votes were received from the shareholders in respect of the Directors’ Remuneration Report and in respect of the
Remuneration Policy:
Remuneration Report
(2022 AGM)
Remuneration Policy
(2021 AGM)
Total number of votes
% of votes cast
Total number of votes
% of votes cast
For 1
Against
Total votes cast (for and against excluding
withheld votes)
Votes withheld 2
236,586,615
18,685,025
255,271,640
10,036,817
Total votes cast (including withheld votes)
265,308,457
1
Includes Chair’s discretionary votes.
87.43
12.57
92.68
7.32
217,981,169
31,344,728
249,325,897
3,296,572
252,622,469
2 A vote withheld is not a vote in law and is not counted in the calculation of the proportion of votes cast “for” and “against” a resolution.
Approved by the Board and signed on its behalf:
Jennifer Duvalier
Chair, Remuneration Committee
28 September 2023
130
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Directors’ Remuneration Policy
Overall approach to remuneration
The Remuneration Committee determines the Company’s policy on the remuneration of the Executive Directors and (from 1 June 2019)
the Executive Committee (ExCom). The principles which underpin the Remuneration Policy for the Company are to:
• Ensure Executive Directors’ rewards and incentives are directly aligned with the interests of the shareholders in order to reinforce
the strategic priorities of the Group, optimise the performance of the Group and create long-term sustained growth in shareholder
value, without encouragement to take undue risk
• Provide the level of remuneration required to attract, retain and motivate Executive Directors and senior Executives of an
appropriate calibre
• Ensure a proper balance of fixed and variable performance related components, linked to short and longer-term objectives
and delivered in a mix of cash and shares
• Reflect market competitiveness, taking account of the total value of all the benefit elements
Our remuneration strategy has been designed to reflect the needs of a complex multinational organisation, which has grown both
organically and by acquisition.
Remuneration for the Executive Directors is structured so that the variable pay elements (annual bonus and long-term incentives)
form a significant proportion of the overall package. This provides a strong link between the remuneration paid to Executive Directors
and the performance of the Group, as well as providing a strong alignment of interest between the Executive Directors and shareholders.
For the purposes of section 226D-(6)(b) of the Companies Act 2006, this Policy was approved by shareholders and took effect from
the date of the 2021 AGM on 4 November 2021.
As a reminder, the following table summarises how our shareholder-approved Remuneration Policy fulfils the factors set out in
provision 40 of the 2018 UK Corporate Governance Code.
Area of provision 40 of the 2018 UK Corporate Governance Code
How fulfilled
Clarity – remuneration arrangements should be
transparent and promote effective engagement with
shareholders and the workforce
Simplicity – remuneration structures should avoid
complexity and their rationale and operation should
be easy to understand
Risk – remuneration arrangements should ensure
reputational and other risks from excessive rewards,
and behavioural risks that can arise from target-based
incentive plans, are identified and mitigated
Predictability – the range of possible values of
rewards to individual Directors and any other limits
or discretions should be identified and explained at
the time of approving the Policy
Proportionality – the link between individual
awards, the delivery of strategy and the long-term
performance of the Company should be clear.
Outcomes should not reward poor performance
Alignment to culture – incentive schemes should drive
behaviours consistent with Company purpose, values
and strategy
The Committee is committed to providing transparent disclosures
to shareholders and the workforce about executive remuneration
arrangements and, to this end, the Directors’ Remuneration Report sets out
the remuneration arrangements for the Executive Directors in a clear and
transparent way. Our designated Non-Executive Director for colleague
engagement engages with colleagues about our executive remuneration
approach. Our AGM allows shareholders to ask any questions on the
remuneration arrangements, and we welcome any queries on remuneration
practices from shareholders throughout the year.
Our remuneration arrangements for Executive Directors, as well as
those throughout the Group, are simple in nature and understood by all
participants, having been operated in a similar manner for a number of
years. Executive Directors receive fixed pay (salary, benefits and pension),
and participate in a single short-term incentive (the annual bonus) and
a single long-term incentive (the Long Term Incentive Plan).
The Committee has designed incentive arrangements that do not
encourage inappropriate risk taking. The Committee retains overarching
discretion in both the annual bonus and LTIP schemes to adjust payouts
where the formulaic outcomes are not considered reflective of underlying
business performance and individual contributions. Robust withholding
and recovery provisions apply to variable incentives.
Payouts under the annual bonus and LTIP schemes are dependent
on the performance of the Company over the short and long term, and
a significant proportion of Executive Director remuneration is performance
linked. These schemes have strict maximum opportunities, with the
potential value at threshold, target and maximum performance scenarios
provided in the Directors’ Remuneration Report.
Payments from variable incentive schemes require strong performance
against challenging conditions over the short and longer term. Performance
conditions have been selected to support Group strategy and consist of
both financial and non-financial metrics. The Committee retains discretion
to override formulaic outcomes in both schemes to ensure that they are
appropriate and reflective of overall performance.
Performance measures used in our variable incentive schemes are selected
to be consistent with the Company’s purpose, values and strategy. The use
of annual bonus deferral, LTIP holding periods and our shareholding
requirements provide a clear link to the ongoing performance of the Group
and ensure alignment with shareholders, which continues after employment.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
131
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Current Policy table for Executive Directors
Purpose and link to
short and long‑term
strategic objectives
Salary
To attract, retain
and reward high
calibre Executive
Directors
Benefits
To attract, retain
and reward high
calibre Executive
Directors
Pension
To provide a
competitive benefit,
which attracts high
calibre Executives
and allows flexible
retirement
planning to suit
individual needs
Annual bonus
To drive and reward
sustainable
business
performance
Operation (including framework to assess performance)
Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
The Remuneration Committee reviews salaries for Executive
Directors and also the Executive Committee (ExCom) annually
unless responsibilities change.
Details of current Executive
Director salaries are set out
on page 129.
n/a
Pay reviews take into account Group and personal performance.
Salaries are set on appointment and benchmarked periodically
against market data for companies operating in IT services,
management consulting and relevant high tech sectors, which,
although not directly comparable, provide an indicative range.
In setting appropriate salary levels the Committee takes
into account pay and employment conditions of colleagues
elsewhere in the Group, alongside the impact of any increase
to base salaries on the total remuneration package.
Any changes are normally effective from 1 June each year.
Salary increases are
normally in line with those
for other colleagues but
also take account of other
factors such as changes to
responsibility, development
and the complexity of
the role.
Benefits in kind currently include the provision of a car or car
allowance, payment of private fuel, car insurance, private medical
insurance, life assurance and permanent health insurance.
Executive Directors may be invited to participate in the
Sharesave Scheme approved by HMRC or other benefits
introduced for all colleagues.
Market-competitive benefits.
n/a
SAYE Sharesave
Scheme subject to
HMRC-approved limits.
Until 30 November 2021:
up to 10% of base salary as
a contribution into the Group
scheme or base salary
supplement of 10% of
base salary.
From 1 December 2021:
capped at the level of the
majority of the workforce
(currently 4.5%).
Alignment
of Executive
Directors’
pensions with
the wider
workforce
from
1 December
2021.
125% of base salary.
A lower maximum of 100%
of base salary was
operated in 2021/22.
With effect
from 2022/23,
the bonus
opportunity
for the CEO
and CFO was
increased
to 125%
of salary.
Executive Directors are entitled to a Company pension
contribution, which is paid into the Group defined contribution
personal pension scheme.
They can also opt to have the same level of contribution made
in the form of a cash contribution.
Based on a range of stretching targets measured over one
year. This might include, but not exclusively, profit measures
and other strategic objectives such as cash management,
brand development, customer satisfaction and retention,
business unit sales growth and colleague engagement.
Performance below the minimum performance target results
in no bonus. No more than 20% of the maximum opportunity
is paid for achievement of the threshold performance targets.
Payments rise from the threshold payment to 100% of the
maximum opportunity for levels of performance between
the threshold and maximum targets. The rate of the rise
and the various payment targets are determined annually
by the Committee.
The Committee has discretion to reduce the formulaic bonus
outcome if individual performance is determined to be unsatisfactory
or if the individual is the subject of disciplinary action.
At least 35% of any bonus payment is normally deferred into
shares or nominal cost share options which vest after a two year
period. Dividend equivalents are paid on vesting share options.
Malus and clawback provisions are in place for both cash and
deferred elements.
132
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Current Policy table for Executive Directors continued
Purpose and link to
short and long‑term
strategic objectives
Operation (including framework to assess performance)
Maximum opportunity
Long Term Incentive Plan
Awards over shares with
a face value at grant of
175% of salary p.a. for the
CEO, with awards to the
CFO normally capped at
150% of salary.
To drive long-term
performance in
line with Group
strategy and
incentivise through
share ownership
Awards have a performance period of at least three years and
normally must be held for a further two years after vesting.
The level of vesting is determined by measures appropriate
to the strategic priorities of the business. At least half of any
award will normally be subject to financial performance
measures. Measures might include, but not exclusively,
EPS, cash flow and relative TSR metrics.
The Remuneration Committee has the discretion to determine
the number of measures to be used.
Performance below the threshold target results in no vesting.
For performance between the threshold target and maximum
performance target, vesting starts at 15% and rises to 100%
of the shares vesting.
Should a change in control of the Group occur, crystallisation
of any LTIP awards is within the discretion of the
Remuneration Committee.
Malus and clawback provisions are in place.
Executive Director shareholding requirement
To align the
interests of
Executive Directors
with the interests of
all of the
Company’s
shareholders
The Executive Directors are expected to build and retain a
shareholding in the Group at least equivalent to 200% of base
salary. Executives will be required to retain all vested deferred
bonus shares and LTIP shares released from the holding period
until they have attained the minimum shareholding requirement
and even then they may normally only sell when they have held
vested LTIP shares for a minimum period of two years.
n/a
For the avoidance of doubt, Executive Directors are permitted
to sell sufficient shares in order to meet any tax or withholding
obligation arising from vesting shares.
Retention of shares post-employment: Executives will be
expected to retain the lower of their holding on cessation or
200% of salary for the first year following cessation, reducing to
100% of salary for the second year. Only shares granted from the
conclusion of the 2021 AGM will count towards this requirement.
Changes since
last Directors’
Remuneration
Policy
For any
awards made
following the
2021 AGM,
awards are
175% of salary
for the CEO,
and 150% of
salary for
the CFO.
For any
awards made
following the
2021 AGM,
the post-
employment
shareholding
policy will
require 200%
of base salary
to be held in
the first year
post-
employment,
falling to
100% for the
second year.
Choice of performance measures and target setting
For both the annual bonus and LTIPs, the objective of our Policy is to choose performance measures which help drive and reward the
achievement of our strategy and which also provide alignment between Executives and shareholders. The Committee reviews metrics
annually to ensure they remain appropriate and reflect the future strategic direction of the Group.
Targets for each performance measure are set by the Committee with reference to internal plans and external expectations.
Performance is generally measured so that incentive payouts increase pro rata for levels of performance in between the threshold
and maximum performance targets.
With regard to the annual bonus, the Remuneration Committee believes that a simple and transparent scheme with sufficiently
stretching targets and an element of bonus deferral prevents short-term decisions being made and ensures that the Executives
are focused on the delivery of sustainable business performance.
With regard to the LTIP, the Committee believes in setting demanding objectives, which reward steady, progressive growth,
in order to incentivise and encourage long-term growth and enhance shareholder value.
Performance measures and targets are disclosed in the Annual Report on Remuneration. In cases where targets are commercially
sensitive, for example annual profit targets for the annual bonus, they will normally be disclosed retrospectively in the year in which
the bonus is paid.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
133
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Differences in Remuneration Policy for colleagues and Executive Directors
The principles behind the Remuneration Policy for Executive Directors are cascaded down through the Group and their aims are
to attract and retain the best staff and to focus their remuneration on the delivery of long-term sustainable growth by using a mix
of salary, benefits, bonus and longer-term incentives.
As a result, no element of the Executive Director Remuneration Policy is operated exclusively for Executive Directors other than
the post-employment shareholding policy:
• The annual performance related pay scheme for Executive Directors is largely the same as that of the Executive Committee
and other senior managers within the business and all are aligned with similar business objectives.
• Participation in the LTIP is extended to the Executive Committee and other senior managers where possible although restricted
shares rather than performance shares are typically granted at levels below the Executive Committee.
• The pension scheme is operated for all permanent colleagues and from 1 December 2021 the Executive Directors received
the same level of contribution as the majority of other colleagues.
The main difference between pay for Executive Directors and colleagues is that, for Executive Directors, the variable element of
total remuneration is greater while the total remuneration opportunity is also higher to reflect the increased responsibility of the
role. In addition, we have the ability to grant awards of restricted shares to Executive Committee members. This will enable us to be
competitive in certain markets, most notably the US, where such plans are very much part of any executive remuneration package.
Non-Executive Director Policy table
Purpose and link to
short and long‑term
strategic objectives
Fees
Operation (including framework to assess performance)
Maximum opportunity
To attract, reward
and retain
experienced
Non-Executive
Directors
Fees for the Non-Executive Directors are determined by the
Board within the limits set by the Articles of Association and
are based on information on fees paid in similar companies,
taking into account the experience of the individuals and the
relative time commitments involved.
There will be separate disclosures of fees paid for chairing the
Audit and Remuneration Committees and for acting as Senior
Independent Director or for other additional responsibilities.
Fees for the Non-Executive Directors are reviewed annually.
Additional fees may be paid in certain circumstances such as
taking on extra duties, or if exceptionally the time commitment
is significantly increased.
An expenses allowance is paid or alternatively any reasonable
business related expenses (including tax thereon) can be
reimbursed if determined to be a taxable benefit.
Current fee levels are set
out on page 129.
The overall fee limit will
be within the current
£750,000 limit set out in
the Company’s Articles of
Association, approved on
25 September 2019,
which is subject to
increase on 25 September
each year by the same
percentage increase as
the percentage increase
in the General Index of
Retail Prices for all items
(or such other
comparable index as may
be substituted for it from
time to time before such
anniversary) in the
12 months immediately
preceding such date.
Changes since
last Directors’
Remuneration
Policy
The overall
fee limit is
now £750,000.
Extra fees
may be paid
in certain
circumstances
such as taking
on extra duties.
134
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Approach to recruitment
The principle applied in the recruitment of a new Executive Director is for the remuneration package to be set in accordance with the
terms of the approved Remuneration Policy for existing Executive Directors in force at the time of appointment. Further details of this
Policy for each element of remuneration are set out below.
Pay element
Approach
Areas of flexibility
Salary
Benefits
and pension
Set to reflect the Executive’s skills and
experience, the Company’s intended pay
positioning and the market rate for the
applicable role.
Benefits will be provided in line with those
offered to other Executive Directors, taking
account of local market practice, with
relocation expenses or arrangements
provided if necessary.
The Committee will have the discretion to allow phased salary
increases over a period of time for newly appointed Directors,
even though this may involve increases in excess of the rate
for the wider workforce and inflation in circumstances where
starting salary was below median levels.
Tax equalisation may also be considered if an Executive
Director is adversely affected by taxation due to their
employment with the Company. The Company may also pay
legal fees and other costs incurred by the individual. These
would all be disclosed. Pension would be set in line with the
workforce level.
Pay element
Approach
Areas of flexibility
Incentive
opportunity
“Buyout” awards
The aggregate ongoing incentive opportunity
offered to new recruits will be no higher than
that offered under the annual bonus plan and
the LTIP to the existing Executive Directors.
Different performance measures and targets may be set
initially for the annual bonus plan, taking into account the
responsibilities of the individual and the point in the
financial year at which they join.
Sign-on bonuses are not generally offered by the Group
but, at Board level, the Committee may offer additional
cash and/or share-based “buyout” awards when it
considers these to be in the best interests of the Company
and, therefore, shareholders, including awards made under
Listing Rule 9.4.2R. Any such “buyout” payments would be
based solely on remuneration lost when leaving the former
employer and would reflect the delivery mechanism such
as cash, shares, options, time horizons and performance
requirements attaching to that remuneration.
Transitional
arrangements
for internal
appointments
to the Board
In the case of an internal appointment, any
variable pay element awarded in respect of the
prior role may be allowed to pay out according
to its terms on grant, adjusted as relevant to
take into account the appointment.
In addition, any other ongoing remuneration obligations
existing prior to appointment may continue, provided that
they are put to shareholders for approval at the first AGM
following their appointment.
Approach to service contracts and letters of appointment
The Committee’s policy is to offer service contracts for Executive Directors with notice periods of between six and 12 months
exercisable by either party. In addition, the Executive Directors are subject to a non-compete clause from the date of termination,
where enforceable.
All Non-Executive Directors’ appointments are terminable on at least three months’ notice on either side.
The Executive Directors and Non-Executive Directors offer themselves for re-election at the AGM every year.
Policy on payment for loss of office
Payments on termination for Executive Directors are restricted to the value of salary and contractual benefits for the duration of the
notice period. It is the policy of the Remuneration Committee to seek to mitigate termination payments and pay what is due and fair.
There are no predetermined special provisions for Executive Directors with regard to compensation in the event of loss of office.
The Company may also pay an amount considered to be reasonable by the Committee where loss of office is due to redundancy or
in respect of fees for legal advice for the outgoing Director or to settle or compromise any legal claims. Assistance with outplacement
may also be provided.
Elements of variable remuneration would be treated as follows:
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
135
Governance�Remuneration Committee report continued
Directors’ Remuneration Policy continued
Policy on payment for loss of office continued
Pay element
Approach
Areas of flexibility
Annual bonus
Determined on a case-by-case basis. When the Committee
determines that the payment of an annual bonus is
appropriate, the annual bonus payment is typically:
• Pro-rated for the period of time served from the start
of the financial year to the date of termination and
not for any period in lieu of notice or garden leave
• Subject to the normal bonus targets, tested at the
end of the year, and would take into account
performance over the notice period
• Subject to deferral of 35% of the value
The Committee has the discretion to pay cash bonus
amounts or allow deferred bonus awards to vest on
cessation or whether they lapse. If the Committee
exercises this discretion, it can also determine if the
vesting should be pro-rated to reflect time served
since the beginning of the deferral date. The same
discretionary principle would apply to the payment
of dividend equivalents on any shares that have been
deferred, but not yet vested.
Long Term
Incentive Plan
Unvested awards will normally lapse upon cessation
of employment.
The Committee has discretion to allow awards to
vest at the normal vesting date or earlier. If the
Committee exercises this discretion, awards are
normally pro-rated to reflect time served since the
date of grant and based on the achievement of the
performance criteria. The holding period detailed
above will apply to such incentives.
All‑colleague share
schemes
The Executive Directors, where eligible for
participation in all-colleague share schemes,
participate on the same basis as for other colleagues.
None.
Illustration of remuneration scenarios
The chart below details the hypothetical composition of each Executive Director’s remuneration package and how it could vary
at different levels of performance under the new Remuneration Policy set out above.
3,000
2,500
2,000
1,500
0
0
0
£
1,000
500
0
£2,461
£2,024
£967
14%
32%
£524
43%
53%
31%
25%
£1,074
£924
32%
42%
32%
28%
Long-term incentives
£519
9%
29%
£324
100%
54%
26%
22%
100%
62%
36%
30%
Minimum
Target
Maximum
Chief Executive Officer
Maximum +
50% share
price
growth
Minimum
Target
Maximum
Chief Financial Officer
Maximum +
50% share
price
growth
Annual bonus
Fixed pay
136
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Illustration of remuneration scenarios continued
Note that the charts are indicative, as actual amounts may depend on share price. Assumptions made for each scenario are as follows:
• Minimum. Fixed remuneration only: salary, benefits and pension. Salary based on 2023/24 salary and benefits based on 2022/23
disclosed benefit amounts.
• Target. Fixed remuneration plus “target” annual bonus opportunity of 62.5% of salary for the Chief Executive Officer and 50%
of base salary for the Chief Financial Officer, plus 15% vesting of the maximum award under the LTIP. NCC Group does not use the
concept of a “target” bonus; however, in order to be fully compliant with the regulations, an assumption of 50% of the maximum
for 2023/24 has been used.
• Maximum. Fixed remuneration plus maximum annual bonus opportunity equivalent to 125% of salary for the Chief Executive Officer
and 100% of salary for the Chief Financial Officer for 2023/24, as well as 100% vesting of the maximum award under the LTIP, being
175% of salary for the CEO and 100% of salary for the CFO.
• Effect of a 50% increase in share price. Same assumptions as for the maximum scenario, but with the additional assumption that
the value of LTIP awards increases by 50% as a result of share price appreciation over the performance period.
Statement of consideration of employment conditions elsewhere in the Group
The Remuneration Committee does not consult directly with colleagues when determining the Remuneration Policy for Executive
Directors. However, as stated above, the annual bonus and LTIP are operated for other colleagues to ensure alignment of objectives
across the Group and the terms of the pension scheme are comparable with the majority of the UK workforce. In addition, the
Committee compares information on general pay levels and policies across the Group when setting Executive Director pay. Until
1 January 2022, Jennifer Duvalier and, from 1 January 2022, Julie Chakraverty have undertaken regular colleague engagement
sessions where colleagues are able to ask about Executive Director pay. During the year no questions or concerns on executive
pay were raised to Julie (please see page 97 for further information).
How shareholder views are taken into account
The Remuneration Committee considers shareholder feedback received on the Directors’ Remuneration Report each year and
guidance from shareholder representative bodies more generally. Shareholders’ views are key inputs when shaping remuneration
policy. When any material changes are proposed to the Remuneration Policy, the Remuneration Committee Chair will inform major
shareholders in advance and will generally offer a meeting to discuss these.
Key areas of discretion in the Remuneration Policy
The Committee operates the Group’s variable incentive plans according to their respective rules and in accordance with HMRC rules
where relevant. To ensure the efficient administration of these plans, the Committee will apply certain operational discretions. These
discretions are implicit in the Policy stated above, but we have listed them for clarity. These include, but are not limited to, the following:
• Selecting the participants in the incentive plans on an annual basis
• Determining the timing of grants of awards and/or payments
• Determining the quantum of awards and/or payments (within the limits set out in the Policy table)
• Reviewing performance against annual bonus and LTIP performance metrics
• Determining the extent of payout or vesting based on the assessment of performance
• Making the appropriate adjustments required in certain circumstances, for instance for changes in capital structure
• Determining “good leaver” status for incentive plan purposes and applying the appropriate treatment
• Undertaking the annual review of weighting of performance measures and setting targets for the incentive plans, where applicable,
from year to year
• Discretion to override formulaic outcomes of the incentive schemes if an event occurs which results in the annual bonus plan
or LTIP performance conditions and/or targets being deemed no longer appropriate (e.g. material acquisition or divestment);
the Committee will have the ability to adjust appropriately the measures and/or targets and alter weightings, provided that
the revised conditions are not materially less challenging than the original conditions
• Discretion to override formulaic vesting outcomes if they are judged by the Committee not to be an accurate reflection of
Company performance
Legacy arrangements
For the avoidance of doubt, in approving the Remuneration Policy, authority is given to the Company to honour any commitments
entered into with current or former Directors before the current legislation on remuneration policies came into force or before an
individual became a Director, such as the payment of outstanding incentive awards, even where it is not consistent with the Policy
prevailing at the time such commitment is fulfilled.
Details of any payments to former Directors will be set out in the Annual Report on Remuneration as they arise.
External directorships for Executive Directors
Executive Directors may accept one external non-executive directorship with the prior agreement of the Board, provided it does
not conflict with the Group’s interests and the time commitment does not impact upon the Executive Director’s ability to perform their
primary duty. The Executive Directors may retain the fee from external directorships. Neither of the Executive Directors currently
undertake any external non-executive directorships.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
137
Governance�Directors’ report
The Directors present
their report
The Directors present their report and the Group and Company
Financial Statements of NCC Group plc (the “Company”) and its
subsidiaries (together the “Group”) for the financial year ended
31 May 2023.
Principal activities
The Company is a public limited company incorporated in
England, registered number 4627044, with its registered office
at XYZ Building, 2 Hardman Boulevard, Spinningfields M3 3AQ.
The principal activity of the Group is the provision of
independent advice and services to customers through the
provision of Software Resilience and Cyber Security services.
The principal activity of the Company is that of a holding company.
Going concern
The Directors have acknowledged guidance published in relation
to going concern assessments. The Group’s business activities,
together with the factors likely to affect its future development,
performance and position, are set out in the Business Review
and Financial Review. The Group’s financial position, cash and
borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going
concern basis which the Directors consider to be appropriate for
the following reasons.
The Directors have prepared cash flow and covenant compliance
forecasts for the 12 month period ending 30 September 2024
which indicate that, taking account of severe but plausible
downsides on the operations of the Group and its financial
resources, the Group and Company will have sufficient funds to
meet their liabilities as they fall due for that period.
The going concern period is required to cover a period of at least
12 months from the date of approval of the Financial Statements
and the Directors still consider this 12 month period to be an
appropriate assessment period due to the Group’s financial
position and trading performance and that its borrowing facilities
do not expire until December 2026. The Directors have
considered whether there are any significant events beyond the
12 month period which would suggest this period should be
longer but have not identified any such conditions or events.
The Group is financed primarily by a £162.5m multi-currency
revolving credit facility maturing in December 2026. Under these
banking arrangements, the Group can also request (seeking bank
approval) an additional accordion facility to increase the total size
of the revolving credit facility by up to £75m. This accordion
facility has not been considered in the Group’s going concern
assessment as it requires bank approval and is therefore
uncommitted as at the date of approval of these consolidated
financial statements.
As of 31 May 2023, net debt (excluding lease liabilities)1 amounted
to £49.6m which comprised cash of £34.1m, a bank overdraft
of £1.8m, a drawn revolving credit facility of £83.4m had been
drawn under these facilities, leaving £79.1m (2022: £28.7m) of
undrawn facilities, excluding the uncommitted accordion facility of
£75.0m. Unamortised arrangement fees of £1.5m have been
offset against the amounts drawn down, resulting in a carrying
value of borrowings at 31 May 2023 of £81.9m. The Group’s
day-to-day working capital requirements are met through existing
cash resources, the revolving credit facility and receipts from its
continuing business activities.
The Group is required to comply with financial covenants for
leverage (net debt to Adjusted EBITDA1) and interest cover
(Adjusted EBITDA1 to interest charge) that are tested bi-annually
on 31 May and 30 November each year. As of 31 May 2023,
leverage1 amounted to 1.4x and net interest cover1 amounted to
6.8 compared to a maximum of 3.0x and a minimum of 3.5x
respectively. The terms and ratios are specifically defined in the
Group’s banking documents (in line with normal commercial
practice) and are materially similar to amounts noted in the these
financial statements with the exceptions being net debt excludes
IFRS 16 lease liabilities and Adjusted EBITDA1. The Group was in
compliance with the terms of all its facilities during the year,
including the financial covenants on 31 May 2023, and based on
forecasts, expects to remain in compliance over the going
concern period. In addition, the Group has not sought or is not
planning to seek any waivers to its existing facilities.
It’s been a challenging year for the Group with a decline in the
rate of revenue growth and overall profitability resulting in a loss
before taxation of £4.3m. The Group’s revenue performance and
profitability suffered from the market dynamics within Cyber
Security1. In particular, the Group experienced buying decision
delays and cancellations in the North American tech sector and
our UK market. These headwinds have further reinforced the
need to accelerate the implementation of our next chapter of the
Group strategy following its communication in February 2023.
This strategy requires a level of additional investment in 2024.
Despite the above, the Group has maintained consistent cash
generation during the year.
Following the year end, the Group has engaged in additional
generating cost efficiencies across Cyber Security1 and
corporate functions which is resulting in the implementation of a
fundamental reorganisation generating further savings
compared to the prior year. As a result of all of the above, the
base case going concern assessment has been prepared on the
basis that market volatility within Cyber Security1 partially
continues with overall profitability remaining similar to 2023.
With this context, the Directors have prepared a number of
severe but plausible scenarios to the base cash going concern
assessment as follows:
a)
No recovery from FY23 Q4 Cyber Security1 trading
performance – £6.4m reduction profit before tax
b) Loss of key customers – £4.2m reduction in profit before tax
c)
Shortfall in forecast cost savings – annualised £3.2m
reduction in profit before tax
138
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Going concern continued
d)
Further inflationary pressures continue, worse and more
prolonged than expected (wages, energy and interest) –
£5.6m reduction in profit before tax
e)
Combination of Scenario a and d – £10.8m reduction in profit
before tax
These scenarios have been modelled individually in order to
assess the Group’s ability to withstand specific challenges. The
Directors do not believe it is plausible for all of the above
downside scenarios to occur concurrently; however, they have
modelled scenarios combining risks (a and d). The impact of
these severe but plausible scenarios has been reviewed against
the Group’s projected cash flow position, available committed
bank facilities and compliance with financial covenants. These
forecasts, including the severe but plausible downsides, show
that the Group is able to operate within its available committed
banking facilities, with no forecasted covenant breaches or
requirement for facility waivers, and that the Group will have
sufficient funds to meet its liabilities as they fall due for that period.
From a Company perspective, the Company places reliance on
other Group trading entities for financial support. The Company
controls these Group entities and therefore has the ability to
direct the financial activities of the Group. Having reviewed the
current trading performance, forecasts, debt servicing
requirements, total facilities and risks, the Directors are
confident that the Company and the Group will have sufficient
funds to continue to meet their liabilities as they fall due for a
period of at least 12 months from the date of approval of these
consolidated Financial Statements, which is determined as the
going concern period. Accordingly, the Directors continue to
adopt the going concern basis of accounting in preparing the
Group’s Financial Statements for the period ended 31 May 2023.
There are no post-Balance Sheet events which the Directors
believe will negatively impact the going concern assessment.
1
See Note 3 for an explanation of Alternative Performance Measures
(APMs) and adjusting items, including a reconciliation to statutory information.
Results and dividends
The Group’s and Company’s audited Financial Statements for the
financial year ended 31 May 2023 are set out on pages 152 to 214.
The Directors propose a final dividend of 3.15p per ordinary
share, which, together with the interim dividend of 1.5p per
ordinary share paid on 17 March 2023, makes a total dividend
of 4.65p for the year.
The final dividend will be paid on 8 December 2023, subject
to approval at the AGM on 30 November 2023, to shareholders
on the register at the close of business on 10 November 2023.
The ex-dividend date is 9 November 2023.
Post-balance sheet events
In line with the Group’s next chapter strategy, during September
2023, the Group issued external marketing material to potentially
dispose of an element of the Europe Cyber Security CGU as
considered non-core to the Group.
Share capital and control
At the AGM held on 2 November 2022, the Directors were
granted authority to allot up to 103,357,500 ordinary shares
representing approximately one-third of the Company’s issued
share capital. In addition, the Directors were granted authority
to allot a further 103,357,500 ordinary shares, again representing
approximately one-third of the Company’s issued share capital,
solely to be used in connection with a pre-emptive rights issue.
As at 31 May 2023, the Company’s issued ordinary share capital
comprised 312,128,892 ordinary shares with a nominal value of
1p each, of which no ordinary shares were held in treasury.
During the year ended 31 May 2023, 2,161,649 shares in the
Company were issued further to the exercise of options pursuant
to the Company’s share option schemes.
The holders of ordinary shares are entitled, among other rights,
to receive the Company’s Annual Reports and Accounts, to attend
and speak at general meetings of the Company, to appoint proxies
and to exercise voting rights.
Details of the movements of the called up share capital of the
Company are set out in Note 27 to the Financial Statements and
the information in this Note is incorporated by reference
and forms part of this Directors’ Report.
All rights and obligations attaching to the Company’s ordinary
shares are set out in the Company’s Articles of Association (the
“Articles”), copies of which can be obtained from the Companies
House website or by writing to the Company Secretary. Unless
otherwise provided in the Articles, the terms of issue of any
shares, any restrictions from time to time imposed by laws or
regulations (for example insider trading laws) or pursuant to the
UK Market Abuse Regulation whereby certain Directors, officers
and colleagues of the Group require the approval of the
Company to deal in ordinary shares of the Company, any
shareholder may transfer any or all of their shares.
The Company is not aware of any agreements between
shareholders that may result in restrictions on the transfer
of securities and/or voting rights.
The Directors may refuse to register a transfer of shares
in certificated form that are not fully paid up or otherwise
in accordance with the Articles.
Authority to purchase own shares
At the AGM held on 2 November 2022, shareholders authorised
the Company to make market purchases of up to 31,007,200
ordinary shares representing approximately 10% of the issued
share capital. This authority was not used during the financial
year ended 31 May 2023. At the 2023 AGM, shareholders will
be asked to give a similar authority.
The Company does not currently hold any ordinary shares
in treasury.
Directors
Biographical details of the Company’s current Directors are set
out on pages 88 and 89 together with the names of Directors
that have held office during the year. Subject to law and the
Company’s Articles of Association, the Directors may exercise
all of the powers of the Company and may delegate their power
and discretion to Committees.
The Company’s Articles of Association give the Directors power
to appoint and replace Directors. Under the terms of reference
of the Nomination Committee, any appointment to the Board of the
Company must be recommended by the Nomination Committee
for approval by the Board. The Articles of Association also
require one-third of the Directors to retire by rotation each year
end and each Director must offer themself for re-election at
least every three years. However, in accordance with previous
years and in accordance with best practice, all Directors will
submit themselves for re-election at the AGM each year. During
the year, no Director had any material interest in any contract of
significance in the Group’s business.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
139
Governance�Directors’ report continued
Directors’ and Officers’ insurance and indemnities
The Company maintains Directors’ and Officers’ liability insurance,
which provides appropriate cover for any legal action brought
against its Directors (including those who served as Directors or
Officers during 2022/23). This cover was in place throughout the
financial year ended 31 May 2023 and up to the date of this
Directors’ Report. The Directors of the Company have also
entered into individual deeds of indemnity with the Company
which constitute as qualifying third party indemnity provisions
for the purposes of section 234 of the Companies Act 2006.
The deeds were in effect during the course of the financial year
ended 31 May 2023 for the benefit of the Directors and, at the
date of this report, are in force for the benefit of the Directors in
relation to certain losses and liabilities which they may incur (or
have incurred) in connection with their duties, powers or office.
Colleagues
The Group uses a number of ways to engage with its colleagues
on matters that impact them and the performance of the Group.
These include briefings by members of the Executive Committee,
regular team meetings, the Group’s intranet site, global
communications and update emails which together provide,
among other information, an awareness of the financial and
economic factors affecting the Company’s performance. Further
information on how the Directors engage with colleagues along
with how colleague interests are taken into account during
decision making can be found within the Corporate Governance
Report on page 84 to 142.
We conduct a colleague engagement survey to ensure all
colleagues are given a voice in the organisation. In 2018, using
insights from our survey and subsequent colleague engagement,
we defined new values for the organisation. Details of these
values are set out in the Our Culture section on page 42.
We offer colleagues the opportunity to purchase ordinary shares
in the Company through participation in either the Company’s
Save As You Earn (SAYE) Scheme or Employee Stock Purchase
Plan (ESPP). Colleagues in the UK also have the opportunity to
purchases shares through a Share Incentive Plan (SIP). All these
schemes help to encourage colleague interest in the
performance of the Group.
Business relationships with suppliers,
customers and others
The Directors have summarised how they have fostered the
Company’s business relationships with suppliers, customers and
others on pages 40 and 41. In addition, on page 93 the Directors
have included the principal decisions taken by the Company
during the financial year.
Equal opportunities
The Group is committed to providing equality of opportunity
to all colleagues without discrimination and applies fair and
equitable employment policies which seek to promote entry into
and progression within the Group. Appointments are determined
solely by application of job criteria, personal ability, behaviour
and competency.
In the opinion of the Directors, all colleague policies are deemed
to be effective and in accordance with their intended aims.
Disabled persons
Disabled persons have equal opportunities when applying
for vacancies, with due regard to their aptitudes and abilities.
Procedures ensure that disabled colleagues are fairly treated
in respect of training and career development. For those colleagues
becoming disabled during the course of their employment, the
Group is supportive so as to provide an opportunity for them
to remain with the Group, wherever reasonably practicable.
Political donations
During the year the Company made no political donations
(2022: £nil).
Sustainability Report
The Company’s Sustainability Report provides an update on the
Group’s policies and activities in respect of its wider
stakeholders, including colleagues; community, environmental,
ethical and health and safety issues; and modern slavery.
Overseas branches
As at 31 May 2023, the Group had no overseas branches.
Research and development
We are committed to using innovative, cost effective and
practical solutions for providing high quality services and
we recognise the importance of ensuring that we focus our
investment on the development of technology. The Group’s
research and development expenditure is predominantly
associated with computer and software systems.
Change of control
In the event of a change of control of the Company, the Group
and each of its lenders shall enter into negotiation for a period
to determine how the Group’s loan facilities may continue and
if after negotiation there is no agreement the lender has the
right to cancel the commitment.
There are no agreements between the Company and its
Directors or colleagues providing for compensation for loss of
office or employment (whether through resignation, purported
redundancy or otherwise) that occurs because of a takeover bid.
Disclosure of information to the auditor
The Directors who held office at the date of approval of this
Directors’ Report confirm that, so far as they are each aware,
there is no relevant audit information of which the Company’s
auditor is unaware; and each Director has taken all the steps that
they ought to have taken as a Director to make themselves aware
of any relevant audit information and to establish that the
Company’s auditor is aware of that information.
Reappointment of auditor
In accordance with section 489 of the Companies Act 2006,
a resolution for the reappointment of KPMG LLP as auditor
of the Company is to be proposed at the forthcoming AGM.
It is our expectation that the Group will carry out its audit
retender process between September and November 2023.
Following the outcome of this process, if KPMG does not retain
the audit, a new auditor would be appointed in December 2023
and hold office until the next AGM in 2024.
140
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Annual General Meeting
The notice of the Company’s AGM to be held at 9.00am
on 30 November 2023 at its head office at XYZ Building, 2 Hardman
Boulevard, Spinningfields, Manchester M3 3AQ, along with details
of the business to be proposed and explanatory notes, will be
available on the Group’s website together with the Annual Report
and Accounts. All shareholders will be notified by post or email, at
their request, when the documents have been made available.
The result of the poll vote will be made available as soon
as possible after the meeting on our website.
Capitalised interest
During the period, no interest was capitalised by the Group
(2022: £nil). The tax benefit on this amount was £nil (2022: £nil).
The Board recognises that the AGM provides an important
opportunity to engage with shareholders. Therefore, the
Company will ensure that shareholders can submit any questions
in writing prior to the AGM as outlined in the Notice of AGM.
Reporting requirements
The following sets out the location of additional information
forming part of the Directors’ Report, which is incorporated
by reference into this report:
Reporting requirement
Location
Board’s assessment of the Group’s internal control systems
Corporate Governance Report on pages 84 to 142 and Audit
Committee Report on page 103
Details of uses of financial instruments and specific policies
for managing financial risk
Note 25 (Financial Instruments) on pages 199 to 203
Directors’ interests
Remuneration Committee report on page 115
Directors’ Responsibilities Statement
Directors’ Responsibilities Statement on page 142
Directors’ remuneration including disclosures required by
Schedule 5 and Schedule 8 of SI2008/410 – Large and
Medium-sized Companies and Groups (Accounts and Reports)
Regulations 2008
Remuneration Committee report on pages 115 to 137
DTR 4.1.8.R – Management Report – the Directors’ Report and
Strategic Report comprise the management report
Directors’ Report on pages 138 to 141 and Strategic Report on
pages 1 to 82
Going concern statement
Directors’ Report on pages 138 and 141 and Going Concern section
within Note 1 on pages 161 and 162
Greenhouse gas emissions and energy consumption
TCFD Report on pages 50 and 51
Likely future developments of the business and Group
Strategic Report on pages 1 to 82
LR 9.8.4 (4) – Long-term incentive schemes
Remuneration Committee Report on pages 115 to 137
LR 9.8.6 (2) – Substantial shareholders
Statement on corporate governance
Shareholder Engagement section of Corporate Governance Report
on page 102
Corporate Governance Report, Audit Committee Report,
Nomination Committee Report and Remuneration Committee
Report on pages 84 to 137. Statement of compliance with the UK
Corporate Governance Code is on page 86
Strategic Report – Companies Act 2006 section 414A–D
Strategic Report on pages 1 to 82
The Strategic Report on pages 1 to 82 and this Directors’ Report on pages 138 to 141 have been approved and authorised for issue by
the Board. They were signed on its behalf by:
Mike Maddison
Chief Executive Officer
28 September 2023
Guy Ellis
Chief Financial Officer
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
141
Governance
�Directors’ responsibilities statement
Statement of Directors’ responsibilities in respect
of the Annual Report and the Financial Statements
The Directors are responsible for preparing the Annual Report
and the Group and Parent Company Financial Statements in
accordance with applicable law and regulations.
Company law requires the Directors to prepare Group and Parent
Company Financial Statements for each financial year. Under that
law they are required to prepare the Group Financial Statements in
accordance with UK-adopted International Accounting Standards
and applicable law and have elected to prepare the Parent
Company Financial Statements on the same basis.
Under company law the Directors must not approve the Financial
Statements unless they are satisfied that they give a true and fair
view of the state of affairs of the Group and Parent Company and
of the Group’s profit or loss for that period. In preparing each of
the Group and Parent Company Financial Statements, the
Directors are required to:
• Select suitable accounting policies and then apply
them consistently
• Make judgements and estimates that are reasonable, relevant
and reliable
• State whether they have been prepared in accordance with
UK-adopted International Accounting Standards
• Assess the Group and Parent Company’s ability to continue
as a going concern, disclosing, as applicable, matters related
to going concern
• Use the going concern basis of accounting unless they either
intend to liquidate the Group or the Parent Company or to
cease operations, or have no realistic alternative but to do so
The Directors are responsible for keeping adequate accounting
records that are sufficient to show and explain the Parent
Company’s transactions and disclose with reasonable accuracy
at any time the financial position of the Parent Company and
enable them to ensure that its Financial Statements comply with
the Companies Act 2006. They are responsible for such internal
control as they determine is necessary to enable the preparation
of Financial Statements that are free from material misstatement,
whether due to fraud or error, and have general responsibility for
taking such steps as are reasonably open to them to safeguard
the assets of the Group and to prevent and detect fraud and
other irregularities.
Under applicable law and regulations, the Directors are also
responsible for preparing a Strategic Report, Directors’ Report,
Directors’ Remuneration Report and Corporate Governance
Statement that comply with that law and those regulations.
The Directors are responsible for the maintenance and integrity
of the corporate and financial information included on the
Company’s website. Legislation in the UK governing the preparation
and dissemination of Financial Statements may differ from
legislation in other jurisdictions.
In accordance with Disclosure Guidance and Transparency
Rule 4.1.14R, the Financial Statements will form part of the annual
financial report prepared using the single electronic reporting
format under the TD ESEF Regulation. The Auditor’s Report on
these Financial Statements provides no assurance over the
ESEF format.
Responsibility statement of the Directors in respect
of the Annual Report
We confirm that to the best of our knowledge:
• The Financial Statements, prepared in accordance with the
applicable set of accounting standards, give a true and fair
view of the assets, liabilities, financial position and profit or
loss of the Company and the undertakings included in the
consolidation taken as a whole.
• The Strategic Report includes a fair review of the development
and performance of the business and the position of the issuer
and the undertakings included in the consolidation taken as
a whole, together with a description of the principal risks
and uncertainties that they face.
We consider the Annual Report and Financial Statements, taken
as a whole, is fair, balanced and understandable and provides
the information necessary for shareholders to assess the Group’s
position and performance, business model and strategy.
For and on behalf of the Board
Mike Maddison
Chief Executive Officer
28 September 2023
Guy Ellis
Chief Financial Officer
28 September 2023
142
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�FINANCIAL STATEMENTS
Financial
statements
In this section
144 Independent auditor’s report
152 Consolidated income statement
152 Consolidated statement of comprehensive (loss)/income
153 Consolidated balance sheet
154 Consolidated cash flow statement
156 Consolidated statement of changes in equity
157 Company balance sheet
158 Company cash flow statement
159 Company statement of changes in equity
160 Notes to the Financial Statements
Additional information
215
Glossary of terms – other terms
217 Other information
218 Financial calendar
i
F
n
a
n
c
a
i
l
s
t
a
t
e
m
e
n
t
s
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
143
�Independent auditor’s report
to the members of NCC Group plc
1 Our opinion is unmodified
We have audited the financial statements of NCC Group plc
(“the Company”) for the year ended 31 May 2023 which comprise
the consolidated income statement, consolidated statement
of comprehensive income/(loss), consolidated balance sheet,
consolidated cash flow statement, consolidated statement of
changes in equity, company balance sheet, company cash flow
statement, company statement of changes in equity, and the
related notes, including the accounting policies in note 1.
In our opinion:
• the financial statements give a true and fair view of the state
of the Group’s and of the parent Company’s affairs as at
31 May 2023 and of the Group’s loss for the year then ended;
• the Group financial statements have been properly prepared
in accordance with the requirements of the UK-adopted
international accounting standards;
• the parent Company financial statements have been properly
prepared in accordance with UK-adopted international
accounting standards and as applied in accordance with
the provisions of the Companies Act 2006; and
• the financial statements have been prepared in accordance
with the requirements of the Companies Act 2006.
Basis for opinion
We conducted our audit in accordance with International
Standards on Auditing (UK) (“ISAs (UK)”) and applicable law.
Our responsibilities are described below. We believe that the
audit evidence we have obtained is a sufficient and appropriate
basis for our opinion. Our audit opinion is consistent with our
report to the audit committee.
We were first appointed as auditor by the shareholders on
1 November 2013. The period of total uninterrupted engagement
is for the ten financial years ended 31 May 2023. We have
fulfilled our ethical responsibilities under, and we remain
independent of the Group in accordance with, UK ethical
requirements including the FRC Ethical Standard as applied to
listed public interest entities. No non-audit services prohibited
by that standard were provided.
Overview
Materiality
Group financial
statements as a whole
£1.0m (2022: £1.4m)
4.6% (2022: 4.5%) of normalised Group
profit/loss before tax
Coverage
85% (2022: 84%) of total profit and
losses that make up Group loss before tax
Key audit matters
Recurring risks
vs 2022
Recoverability of carrying
amounts of the North America
Cyber Security and Europe
Cyber Security cash
generating units
Revenue recognition
Recoverability of Parent
Company’s investments
in subsidiaries
144
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�2 Key audit matters: our assessment of risks of material misstatement
Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the financial
statements and include the most significant assessed risks of material misstatement (whether or not due to fraud) identified by us,
including those which had the greatest effect on: the overall audit strategy; the allocation of resources in the audit; and directing the
efforts of the engagement team. We summarise below the key audit matters, in decreasing order of audit significance, in arriving at
our audit opinion above, together with our key audit procedures to address those matters and, as required for public interest entities,
our results from those procedures. These matters were addressed, and our results are based on procedures undertaken, in the
context of, and solely for the purpose of, our audit of the financial statements as a whole, and in forming our opinion thereon,
and consequently are incidental to that opinion, and we do not provide a separate opinion on these matters.
The risk
Our response
Recoverability of carrying
amounts of the North America
Cyber Security and Europe
Cyber Security cash
generating units (‘CGUs’)
Goodwill – North America
Cyber Security: £31.6 million
(2022: £39.9 million); Europe
Cyber Security: £62.4 million
(2022: £65.2 million).
Refer to page 106 (Audit
Committee Report), page 164
(accounting policy) and page
188 (financial disclosures).
Subjective estimate
Management assess impairment of the
North America Cyber Security and Europe
Cyber Security CGUs with reference to
their recoverable amounts, which have
been determined using a fair value less
costs to sell (“FVLCTS”) basis.
The estimated recoverable amounts for
these CGUs are subjective due to the
inherent uncertainties involved in
determining an appropriate earnings
multiple, and in estimating the maintainable
CGU specific revenue and cost assumptions
which inform the maintainable earnings
figures used in the calculation of FVLCTS.
The impairment calculations for the North
America Cyber Security and the Europe
Cyber Security CGUs are sensitive to
reasonably possible changes to these key
assumptions. As a result of these factors,
and the increased risk of an impairment
in the current year as a result of market
conditions, we identified a significant risk
of both fraud and error in respect of the
recoverability of the carrying amounts
of these CGUs.
The effect of these matters is that, as
part of our risk assessment, we determined
that the FVLCTS which is used in the
impairment assessments of the North
America Cyber Security and the Europe
Cyber Security CGUs has a high degree
of estimation uncertainty, with a potential
range of reasonable outcomes greater than
our materiality for the financial statements
as a whole, and possibly many times
that amount.
The financial statements (note 12)
disclose the impairment charge recognised
in respect of the North America Cyber
Security CGU, and the sensitivities
estimated by the Group for both the
North America Cyber Security and
Europe Cyber Security CGUs.
We performed the tests below rather than seeking to
rely on any of the Group’s controls because the nature
of the balance is such that we would expect to obtain
audit evidence primarily through the detailed
procedures described.
Our procedures included:
• Historical comparison: We assessed the
reasonableness of the revenue and cost assumptions
included in the maintainable earnings calculation with
reference to historical results, revenue trends and the
Group’s historical forecasting accuracy by comparing
actual performance against forecasts.
• Benchmarking assumptions: We challenged the key
inputs to the maintainable earnings figure, including
revenue, costs, earnings multiples and any one-off
adjustments by comparing to externally derived data,
supporting documentation, and considering relevant
industry analysis and analyst forecasts.
• Our sector experience: We assessed the maintainable
earnings projections by reference to our knowledge of
the business and general market conditions, including
considering the potential risk of management bias.
• Our valuation expertise: We evaluated the earnings
multiples, by comparing to external market data and
comparable companies using our own valuation specialists.
• Assessment of experts: We assessed the competence,
capabilities and objectivity of the external experts
engaged by the Group to assist in deriving an
appropriate earnings multiple by performing
independent research on the qualifications and
experience of management’s expert, and evaluating
the engagement terms.
• Valuation comparison: We compared the sum of the
recoverable amounts of all CGUs to the Group’s market
capitalisation to assess the reasonableness of those
recoverable amounts, and critically assessed the
rationale for the difference from that comparison.
• Sensitivity analysis: We performed sensitivity analysis
for the key assumptions, including the revenue and cost
assumptions included in the maintainable earnings figure.
• Assessing transparency: We assessed whether the
Group’s disclosures about the sensitivity of the outcome
of the recoverability assessment to changes in key
assumptions reflected the risks inherent in the
recoverable amount of the CGUs.
Our results
We found the Group’s assessment of the recoverability of
goodwill in respect of the North America Cyber Security
and Europe Cyber Security CGUs, and the impairment
charge in relation to the North America Cyber Security
CGU, to be acceptable. (2022: Europe Cyber Security
and IPM Software Resilience CGUs result: acceptable.)
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
145
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
2 Key audit matters: our assessment of risks of material misstatement continued
The risk
Our response
We performed the tests below rather than seeking to
rely on any of the Group’s controls because the nature
of the balance is such that we would expect to obtain
audit evidence primarily through the detailed
procedures described.
Our procedures included:
Tests of detail:
• We agreed a sample of 2024 revenue transactions
to supporting documentation, including timesheet
information and contracts, to assess whether these
have been recorded in the correct accounting period.
• For a sample of contracts, we assessed the
appropriateness of deferred and accrued income at
the year-end through inspection of contracts, invoices
and timesheet reports.
• Assessing Transparency: we considered the adequacy
of the Group’s disclosures in respect of revenue
recognition policies and the timing of revenue recognition.
Our results
We found the recognition of Global Professional
Services revenue in the cut-off period to be acceptable.
(2022: recognition of Assurance revenue in the cut-off
period result: acceptable).
Revenue recognition
Global Professional Services
revenue – £199.3 million; (2022:
£195.4 million); Contract assets
– accrued income included
within the balance of
£17.2 million; (2022: included
within the balance of
£23.0 million); Contract
liabilities – included within the
balance of deferred income of
£54.9 million; (2022: included
within the balance of
£62.3 million).
Refer to page 105 (Audit
Committee Report), page 166
(accounting policy) and page
182 (financial disclosures).
2023/2024 sales
We identified potential incentives
and pressures on the Directors relating
to investor and market expectations
and the achievement of bonus targets
which increase the risk of fraudulent
revenue recognition.
Results for any given financial reporting
period are expected to be affected by
the revenue recognition policies in place,
particularly for the Group’s Global
Professional Services revenue stream
which represents 74% of total revenues,
and the accurate accrual and deferral of
related amounts at the year-end. There is
a risk that amounts recorded in Global
Professional Services revenue could be
subject to manipulation, particularly
through the inappropriate accrual and
deferral of revenue amounts at the
year end.
There is a specific risk around inclusion
of Global Professional Services revenue
in 2024 rather than 2023. In particular the
risk that revenue relating to the year ended
31 May 2023 is inappropriately recognised
in the following period such that revenue
is not recognised in line with relevant
accounting standards, and accrued
revenue is not complete and deferred
income does not exist at the year end.
This is a particular risk for the Global
Professional Services revenue stream,
where projects are ongoing at the
period-end and additional judgement
is taken in determining completion.
Recoverability of Parent
Company’s investments
in subsidiaries
Investments in
subsidiaries £279.1 million;
(2022: £276.9 million).
Refer to page 165
(accounting policy) and page
209 (financial disclosures).
Low risk, high value
The carrying amount of the Parent
Company’s investments in subsidiaries
represents 88% (2022: 84%) of the
Company’s total assets.
We performed the tests below rather than seeking to
rely on any of the Group’s controls because the nature
of the balance is such that we would expect to obtain
audit evidence primarily through the detailed
procedures described.
Their recoverability is not at high risk
of significant misstatement or subject
to significant judgement. However, due
to their materiality in the context of the
Parent Company financial statements,
this is the area that has the greatest effect
on our overall Parent Company audit.
Our procedures included:
• Tests of detail: Comparing the carrying amount of 100%
of investments with the relevant subsidiary’s draft
balance sheet to identify whether its net assets, being
an approximation of its minimum recoverable amount,
were in excess of the carrying amount.
• Comparing valuations: For the investments where the
carrying amount exceeded the net asset value, we
compared the carrying amount of the investment with
the expected value of the business based on an
aggregate of the recoverable amount of the underlying
subsidiaries, valued on a fair value less cost to sell basis.
• Comparing valuations: We compared the carrying
amount of the Parent Company’s investments to the
Group’s market capitalisation.
Our results
We found the Group’s assessment of the recoverability
of the Parent Company’s investment in subsidiaries to be
acceptable. (2022 result: acceptable).
The valuation of separately identifiable assets recognised as part of the NCC Group Software Resilience (NA) (‘IPM’) acquisition was
a key audit matter in the prior period. However, due to the acquisition completing in the prior period, there is no remaining judgement
or estimation uncertainty relating to this acquisition, and therefore we have not assessed this as one of our most significant risks in
the current period audit.
146
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Normalised Group profit
before tax
£21.7m (2022: £31.9m)
3 Our application of materiality and an overview of
the scope of our audit
Materiality for the Group financial statements as a whole was set
at £1.0 million (2022: £1.4 million), determined with reference to
a benchmark of normalised Group profit/loss before tax of
£21.7m (2022: £31.9m). We normalised profit/loss before tax
(‘PBT’) by adding back adjustments that do not represent the
normal, continuing operations of the Group and additionally in
2023 by averaging over 5 years. In 2023 the items we adjusted
loss before tax for before averaging were reorganisation costs
arising from strategic actions, costs associated with strategic
review of the Software Resilience business and of other core and
non-core assets, goodwill impairment of NCC Group A/S and
North America Cyber Security, IPM software resilience business
deferred income adjustment and profit on disposal of the DDI
business (2022: costs directly relating to the acquisition of the
IPM Software Resilience business) disclosed in note 5. We
selected 5 years to average over to account for the fluctuations in
the business performance and macroeconomic influences
including the global pandemic.
Materiality for the Parent Company financial statements as a
whole was set at £0.4 million (2022: £0.5 million), determined
with reference to a benchmark of Company total assets, of which
it represents 0.1% (2022: 0.3%).
Normalised PBT
Group materiality
Group materiality
£1.0m (2022: £1.4m)
£1.0m
Whole financial
statements materiality
(2022: £1.4m)
£0.65m
Whole financial
statements
performance
materiality
(2022: £0.91m)
£0.7m
Range of materiality
at 9 components
(£0.30m–£0.70m)
(2022: £0.36m to
£0.90m)
£0.05m
Misstatements
reported to the
audit committee
(2022: £0.07m)
In line with our audit methodology, our procedures on individual
account balances and disclosures were performed to a lower
threshold, performance materiality, so as to reduce to an
acceptable level the risk that individually immaterial
misstatements in individual account balances add up to a
material amount across the financial statements as a whole.
Performance materiality was set at 65% (2022: 65%) of
materiality for the financial statements as a whole, which
equates to £0.65 million (2022: £0.93 million) for the Group
and £0.26 million (2022: £0.35 million) for the Parent Company.
We applied this percentage in our determination of performance
materiality based on the level of identified misstatements and
control deficiencies during the prior period.
We agreed to report to the Audit Committee any corrected or
uncorrected identified misstatements exceeding £50,000
(2022: £72,000), in addition to other identified misstatements
that warranted reporting on qualitative grounds.
Of the Group’s 43 (2022: 45) reporting components, we
subjected 9 (2022: 9) to full scope audits for Group purposes.
We conducted reviews of financial information (including
enquiry) at a further 3 (2022: 2) non-significant components as
these components were not individually financially significant
enough to require an audit for Group reporting purposes but a
review was performed to provide further coverage over the
Group’s results.
The components within the scope of our work accounted for the
percentages illustrated opposite.
Group revenue
Total profits and losses
that made up Group loss
before tax
7
5
85%
(2022: 84%)
79
78
6
4
94%
(2022: 90%)
86
88
Group total assets
1
0
96%
(2022: 96%)
96
95
Full scope for group audit purposes 2023
Review procedures 2023
Full scope for group audit purposes 2022
Review procedures 2022
Residual components
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
147
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
3 Our application of materiality and an overview of
the scope of our audit continued
The remaining 6% (2022: 10%) of total Group revenue, 15%
(2022: 16%) of total profits and losses that make up Group
loss before tax and 4% (2022: 4%) of total Group assets is
represented by 31 (2022: 34) reporting components, none of
which individually represented more than 5% (2022: 4%) of any
of total Group revenue, total profits and losses that make up
Group loss before tax or total Group assets. For the residual
components, we performed analysis at an aggregated Group
level to re-examine our assessment that there were no
significant risks of material misstatement within these.
The Group team instructed component auditors as to the
significant areas to be covered, including the relevant risks
detailed above and the information to be reported back.
The Group team approved the component materialities, which
ranged from £0.3 million to £0.7 million (2022: £0.36 million
to £0.9 million), having regard to the mix of size and risk profile
of the Group across the components. The work on 2 of the 9
in scope components (2022: 1 of the 9 components) was
performed by component auditors and the rest, including the
audit of the Parent Company, was performed by the Group team.
The Group team performed procedures on the items excluded
from normalised profit before tax.
The Group team held video and telephone conference meetings
with 2 (2022: 1) component locations in the Netherlands and the
United States (2022: Netherlands) to assess audit risk and
strategy. At these meetings, the findings reported to the Group
team were discussed in more detail, and any further work
required by the Group team was then performed by the
component auditors.
The scope of the audit work performed was fully substantive
as we did not rely upon the Group’s internal control over
financial reporting.
4 The impact of climate change on our audit
In planning our audit, we have considered the potential impact
of risks arising from climate change on the Group’s business and
its financial statements.
The Group has pledged in the Strategic report to be a net-zero
business by 2050 and has also outlined several shorter-term
climate change targets.
As part of our audit we performed a risk assessment, including
making enquiries of management, holding discussions with our
internal climate change professionals to challenge our risk
assessment, reading board meeting minutes and applying our
knowledge of the Group and sector in which it operates to
understand the extent of the potential impact of climate change
risk on the Group’s financial statements.
We concluded that climate risk has no significant effect this year
on the financial statements due to the nature of the Group’s
current business operations. As a result, there was no impact
from climate risk on our key audit matters.
We have read the disclosure of climate related information in
the annual report and considered consistency with the financial
statements and our audit knowledge. We have not been engaged
to provide assurance over the accuracy of the climate risk
disclosures in the annual report.
5 Going concern
The directors have prepared the financial statements on the
going concern basis as they do not intend to liquidate the Group
or the Company or to cease their operations, and as they have
concluded that the Group’s and the Company’s financial position
means that this is realistic. They have also concluded that there
are no material uncertainties that could have cast significant
doubt over their ability to continue as a going concern for at
least a year from the date of approval of the financial statements
(“the going concern period”).
We used our knowledge of the Group, its industry and the
general economic environment to identify the inherent risks to
itsbusiness model and analysed how those risks might affect the
Group’s and Company’s financial resources or ability to continue
operations over the going concern period.
The risks that we considered most likely to adversely affect
theGroup’s and Company’s available financial resources, and
metrics relevant to debt covenants, over this period were:
• The timing and extent of recovery in the North America
Cyber Security market;
• Loss of key customers;
• The inability to sustain performance alongside executed
cost reductions; and
• Adverse impacts from cost inflationary pressures
We also considered less predictable but realistic second order
impacts, such as the erosion of customer confidence which
could result in a rapid reduction of available financial resources.
148
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�5 Going concern continued
We considered whether these risks could plausibly affect the
liquidity or covenant compliance in the going concern period by
assessing the directors’ sensitivities over the level of available
financial resources and covenant thresholds indicated by the
Group’s financial forecasts taking account of severe, but
plausible adverse effects that could arise from these risks,
individually and collectively.
Our procedures also included:
• An evaluation of the availability of cash and the cash
flow forecasts to determine whether the assumptions are
realistic, achievable, and consistent with the external and
internal environment.
• An assessment of loan covenant compliance to consider the
headroom forecast for each financial covenant.
• An evaluation of sensitivities over the level of financial
resources indicated by the Group’s financial forecasts, taking
account of reasonably possible (but not unrealistic) adverse
effects that could arise from the risks identified individually
and collectively.
• An assessment of the adequacy of the going concern
disclosure in note 1 to the financial statements.
Our conclusions based on this work:
• we consider that the directors’ use of the going concern
basis of accounting in the preparation of the financial
statements is appropriate;
• we have not identified, and concur with the directors’
assessment that there is not, a material uncertainty related to
events or conditions that, individually or collectively, may cast
significant doubt on the Group’s or Company’s ability to
continue as a going concern for the going concern period;
• we have nothing material to add or draw attention to in relation
to the directors’ statement in note 1 to the financial statements
on the use of the going concern basis of accounting with no
material uncertainties that may cast significant doubt over the
Group and Company’s use of that basis for the going concern
period, and we found the going concern disclosure in note 1 to
be acceptable; and
• the related statement under the Listing Rules set out on page
140 is materially consistent with the financial statements and
our audit knowledge.
However, as we cannot predict all future events or conditions
and as subsequent events may result in outcomes that are
inconsistent with judgements that were reasonable at the time
they were made, the above conclusions are not a guarantee that
the Group or the Company will continue in operation.
6 Fraud and breaches of laws and regulations –
ability to detect
To identify risks of material misstatement due to fraud (“fraud
risks”) we assessed events or conditions that could indicate an
incentive or pressure to commit fraud or provide an opportunity
to commit fraud. Our risk assessment procedures included:
• Enquiring of directors, the audit committee and internal audit;
and inspection of policy documentation as to the Group’s
high-level policies and procedures to prevent and detect
fraud, including the internal audit function, and the Group’s
channel for “whistleblowing”, as well as whether they have
knowledge of any actual, suspected or alleged fraud.
• Reading Board, audit committee and remuneration
committee minutes.
• Considering remuneration incentive schemes and
performance targets for directors including the EPS target
and adjusted EBITDA target for management remuneration.
• Using analytical procedures to identify any unusual or
unexpected relationships.
We communicated identified fraud risks throughout the audit
team and remained alert to any indications of fraud throughout
the audit. This included communication from the Group audit
team to the component audit team of relevant fraud risks
identified at the Group level and request to the component audit
team to report to the Group audit team any instances of fraud
that could give rise to a material misstatement at Group level.
As required by auditing standards, and taking into account
possible pressures to meet expectation of third parties, we
perform procedures to address the risk of management override
of controls and the risk of fraudulent revenue recognition, in
particular the risk that Global Professional Services revenue is
recorded in the incorrect period and the risk that Group and
component management may be in a position to make incorrect
accounting entries.
On this audit we do not believe there is a fraud risk related to
Software Resilience revenue recognition, and other streams
within the Cyber Security division outside of Global Professional
Services, because there is minimal opportunity for manipulation
since the revenue streams are relatively straightforward and are
typically based on annual agreements which set out the period
over which revenue is to be recognised.
We also identified a fraud risk related to the recoverability of
carrying amounts of the North America Cyber Security and
Europe Cyber Security cash generating units in response to
possible pressure to meet profit targets.
Further detail in respect of Global Professional Services revenue
recognition and the recoverability of carrying amounts of the
North America Cyber Security and Europe Cyber Security cash
generating units is set out in the key audit matter disclosures in
section 2 of this report.
We also performed procedures including:
• Assessing significant accounting estimates for bias;
• Identifying journal entries to test using data analytics tools
based on risk criteria and comparing the identified entries to
supporting documentation. These included those posted to
revenue with unexpected entries, those made to unrelated
cash and borrowing accounts and unexpected entries to
expenses making up operating profit.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
149
Financial statements�Independent auditor’s report continued
to the members of NCC Group plc
6 Fraud and breaches of laws and regulations –
ability to detect continued
Identifying and responding to risks of material misstatement
related to compliance with laws and regulations
We identified areas of laws and regulations that could reasonably
be expected to have a material effect on the financial statements
from our general commercial and sector experience and through
discussion with the directors and other management (as required
by auditing standards), and discussed with the directors and
other management the policies and procedures regarding
compliance with laws and regulations.
As the Group is regulated, our assessment of risks involved
gaining an understanding of the control environment including
the entity’s procedures for complying with regulatory requirements.
We communicated identified laws and regulations throughout
our team and remained alert to any indications of non-
compliance throughout the audit. This included communication
from the Group audit team to component audit teams of relevant
laws and regulations identified at the Group level, and a request
for component auditors to report to the Group audit team any
instances of non-compliance with laws and regulations that
could give rise to a material misstatement at the Group level.
The potential effect of these laws and regulations on the
financial statements varies considerably.
Firstly, the Group is subject to laws and regulations that directly
affect the financial statements including financial reporting
legislation (including related companies legislation), distributable
profits legislation and taxation legislation and we assessed the
extent of compliance with these laws and regulations as part of
our procedures on the related financial statement items.
Secondly, the Group is subject to many other laws and
regulations where the consequences of non-compliance could
have a material effect on amounts or disclosures in the financial
statements, for instance through the imposition of fines or
litigation. We identified the following areas as those most likely
to have such an effect: health and safety, data protection laws,
employment law, and certain aspects of company legislation
recognising the financial and regulated nature of the Group’s
activities and its legal form. Auditing standards limit the required
audit procedures to identify non-compliance with these laws and
regulations to enquiry of the directors and other management
and inspection of regulatory and legal correspondence, if any.
Therefore if a breach of operational regulations is not disclosed
to us or evident from relevant correspondence, an audit will not
detect that breach.
We assessed the legality of the distribution in the period based
on the level of distributable reserves available when the
distributions were approved.
Context of the ability of the audit to detect fraud or breaches
of law or regulation
Owing to the inherent limitations of an audit, there is an
unavoidable risk that we may not have detected some material
misstatements in the financial statements, even though we have
properly planned and performed our audit in accordance with
auditing standards. For example, the further removed non-
compliance with laws and regulations is from the events and
transactions reflected in the financial statements, the less likely
the inherently limited procedures required by auditing standards
would identify it.
In addition, as with any audit, there remained a higher risk of
non-detection of fraud, as these may involve collusion, forgery,
intentional omissions, misrepresentations, or the override of
internal controls. Our audit procedures are designed to detect
material misstatement. We are not responsible for preventing
non-compliance or fraud and cannot be expected to detect
non-compliance with all laws and regulations.
7 We have nothing to report on the other information
in the Annual Report
The directors are responsible for the other information presented
in the Annual Report together with the financial statements. Our
opinion on the financial statements does not cover the other
information and, accordingly, we do not express an audit opinion
or, except as explicitly stated below, any form of assurance
conclusion thereon.
Our responsibility is to read the other information and, in doing
so, consider whether, based on our financial statements audit
work, the information therein is materially misstated or
inconsistent with the financial statements or our audit
knowledge. Based solely on that work we have not identified
material misstatements in the other information.
Strategic report and directors’ report
Based solely on our work on the other information:
• we have not identified material misstatements in the strategic
report and the directors’ report;
• in our opinion the information given in those reports for the
financial year is consistent with the financial statements; and
• in our opinion those reports have been prepared in
accordance with the Companies Act 2006.
Directors’ remuneration report
In our opinion the part of the Directors’ Remuneration Report
to be audited has been properly prepared in accordance with
the Companies Act 2006.
Disclosures of emerging and principal risks and
longer-term viability
We are required to perform procedures to identify whether
there is a material inconsistency between the directors’
disclosures in respect of emerging and principal risks and
the viability statement, and the financial statements and our
audit knowledge.
Based on those procedures, we have nothing material to add or
draw attention to in relation to:
• the directors’ confirmation within the viability statement
page 81 that they have carried out a robust assessment of the
emerging and principal risks facing the Group, including those
that would threaten its business model, future performance,
solvency and liquidity;
• the Principal Risks and Uncertainties disclosures describing
these risks and how emerging risks are identified, and
explaining how they are being managed and mitigated; and
• the directors’ explanation in the viability statement of how they
have assessed the prospects of the Group, over what period
they have done so and why they considered that period to be
appropriate, and their statement as to whether they have a
reasonable expectation that the Group will be able to continue
in operation and meet its liabilities as they fall due over the
period of their assessment, including any related disclosures
drawing attention to any necessary qualifications or assumptions.
150
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�7 We have nothing to report on the other information
in the Annual Report continued
Disclosures of emerging and principal risks and
longer-term viability continued
We are also required to review the viability statement, set out
on page 81 under the Listing Rules. Based on the above
procedures, we have concluded that the above disclosures
are materially consistent with the financial statements and
our audit knowledge.
Our work is limited to assessing these matters in the context of
only the knowledge acquired during our financial statements
audit. As we cannot predict all future events or conditions
and as subsequent events may result in outcomes that are
inconsistent with judgements that were reasonable at the time
they were made, the absence of anything to report on these
statements is not a guarantee as to the Group’s and Company’s
longer-term viability.
Corporate governance disclosures
We are required to perform procedures to identify whether there
is a material inconsistency between the directors’ corporate
governance disclosures and the financial statements and our
audit knowledge.
Based on those procedures, we have concluded that each of the
following is materially consistent with the financial statements
and our audit knowledge:
• the directors’ statement that they consider that the annual
report and financial statements taken as a whole is fair,
balanced and understandable, and provides the information
necessary for shareholders to assess the Group’s position
and performance, business model and strategy;
• the section of the annual report describing the work of the
Audit Committee, including the significant issues that the audit
committee considered in relation to the financial statements,
and how these issues were addressed; and
• the section of the annual report that describes the review of
the effectiveness of the Group’s risk management and internal
control systems.
We are required to review the part of the Governance report
relating to the Group’s compliance with the provisions of the UK
Corporate Governance Code specified by the Listing Rules for
our review. We have nothing to report in this respect.
8 We have nothing to report on the other matters
on which we are required to report by exception
Under the Companies Act 2006, we are required to report
to you if, in our opinion:
• adequate accounting records have not been kept by the
parent Company, or returns adequate for our audit have not
been received from branches not visited by us; or
• the parent Company financial statements and the part of the
Directors’ Remuneration Report to be audited are not in
agreement with the accounting records and returns; or
• certain disclosures of directors’ remuneration specified by law
are not made; or
• we have not received all the information and explanations we
require for our audit.
We have nothing to report in these respects.
9 Respective responsibilities
Directors’ responsibilities
As explained more fully in their statement set out on page 142,
the directors are responsible for: the preparation of the financial
statements including being satisfied that they give a true and fair
view; such internal control as they determine is necessary to
enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error; assessing
the Group and parent Company’s ability to continue as a going
concern, disclosing, as applicable, matters related to going
concern; and using the going concern basis of accounting unless
they either intend to liquidate the Group or the parent Company
or to cease operations, or have no realistic alternative but to
do so.
Auditor’s responsibilities
Our objectives are to obtain reasonable assurance about
whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error, and to
issue our opinion in an auditor’s report. Reasonable assurance
is a high level of assurance, but does not guarantee that an
audit conducted in accordance with ISAs (UK) will always
detect a material misstatement when it exists. Misstatements
can arise from fraud or error and are considered material if,
individually or in aggregate, they could reasonably be expected
to influence the economic decisions of users taken on the basis
of the financial statements.
A fuller description of our responsibilities is provided on the
FRC’s website at www.frc.org.uk/auditorsresponsibilities.
The Company is required to include these financial statements
in an annual financial report prepared under Disclosure Guidance
and Transparency Rule (“DTR”) 4.1.17R and 4.1.18R. This auditor’s
report provides no assurance over whether the annual financial
report has been prepared in accordance with those requirements
10 The purpose of our audit work and to whom we owe
our responsibilities
This report is made solely to the Company’s members, as a body,
in accordance with Chapter 3 of Part 16 of the Companies Act
2006. Our audit work has been undertaken so that we might
state to the Company’s members those matters we are required
to state to them in an auditor’s report and for no other purpose.
To the fullest extent permitted by law, we do not accept or
assume responsibility to anyone other than the Company and
the Company’s members, as a body, for our audit work, for this
report, or for the opinions we have formed.
Frances Simpson (Senior Statutory Auditor)
for and on behalf of KPMG LLP, Statutory Auditor
Chartered Accountants
1 St. Peter’s Square
Manchester
M2 3AE
United Kingdom
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
151
Financial statements�Consolidated income statement
for the year ended 31 May 2023
Revenue
Cost of sales
Gross profit
Administrative expenses
Individually Significant Items
Depreciation and amortisation
Credit gains/(losses) recognised on financial assets
(Impairment)/reversal of impairment of non-current assets
Other administrative expenses
Total administrative expenses
Operating profit
Finance costs
(Loss)/profit before taxation
Taxation
(Loss)/profit for the year attributable to owners of the Company
Earnings per ordinary share
Basic EPS
Diluted EPS
Notes
2023
£m
2022
£m
4
4
4
5
6
6
6
4
8
6
9
11
335.1
314.8
(203.1)
(182.2)
132.0
132.6
(14.7)
(22.6)
1.5
(1.1)
(93.2)
(130.1)
1.9
(6.2)
(4.3)
(0.3)
(4.6)
(0.9)
(19.7)
(0.6)
0.1
(76.8)
(97.9)
34.7
(3.7)
31.0
(8.0)
23.0
(1.5)p
(1.5)p
7.4p
7.4p
2023
£m
(4.6)
2022
£m
23.0
—
2.4
2.4
(0.1)
14.8
14.7
37.7
Consolidated statement of comprehensive (loss)/income
for the year ended 31 May 2023
(Loss)/profit for the year attributable to the owners of the Company
Other comprehensive income/(loss)
Items that may be reclassified subsequently to profit or loss (net of tax)
Cash flow hedges – effective portion of changes in fair value
Foreign exchange translation differences
Total other comprehensive income
Total comprehensive (loss)/income for the year (net of tax) attributable to the owners of the Company
(2.2)
The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.
152
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Consolidated balance sheet
at 31 May 2023
Non‑current assets
Goodwill
Intangible assets
Property, plant and equipment
Right-of-use assets
Investments
Deferred tax asset
Total non‑current assets
Current assets
Inventories
Trade and other receivables
Contingent consideration receivable
Derivative financial instruments
Current tax receivable
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Bank overdraft
Borrowings
Lease liabilities
Current tax payable
Derivative financial instruments
Contingent consideration payable
Provisions
Contract liabilities – deferred revenue
Total current liabilities
Non‑current liabilities
Borrowings
Lease liabilities
Deferred tax liabilities
Provisions
Contract liabilities – deferred revenue
Total non‑current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Merger reserve
Currency translation reserve
Retained earnings
31 May 2023
£m
31 May 2022
£m
Notes
12
12
13
14
15
18
16
17
34
25
24
19
24
24
20
25
35
21
22
24
20
18
21
22
27
27
27
27
27
255.8
110.9
12.5
18.6
0.3
2.9
266.1
118.6
12.9
22.0
0.3
1.4
401.0
421.3
0.8
58.1
3.8
—
3.6
34.1
100.4
501.4
44.7
1.8
—
6.0
4.2
0.6
1.0
1.2
51.6
111.1
81.9
24.0
1.4
1.5
3.3
112.1
223.2
278.2
3.1
224.1
42.3
37.5
(28.8)
0.9
77.7
—
0.2
3.1
73.2
155.1
576.4
48.3
—
18.5
5.4
7.4
—
1.9
2.7
61.7
145.9
107.1
27.2
1.6
0.8
0.6
137.3
283.2
293.2
3.1
224.0
42.3
35.1
(11.3)
Total equity attributable to equity holders of the Parent
278.2
293.2
The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 28 September 2023. They were
signed on its behalf by:
Mike Maddison
Chief Executive Officer
28 September 2023
Guy Ellis
Chief Financial Officer
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
153
Financial statements
�Consolidated cash flow statement
for the year ended 31 May 2023
Cash flows from operating activities
(Loss)/profit for the year
Adjustments for:
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Share-based payments
Cash settled share-based payments
Amortisation of customer contracts and relationships
Amortisation of software and development costs
Impairment of goodwill
Impairment of software costs
Impairment/(reversal of impairment) of right-of-use-assets
Lease financing costs
Other financing costs
Foreign exchange loss/(gain)
Acquisition of business – transaction costs
Disposal of business – transaction costs
ISIs (non-cash impact)
Profit on disposal of right-of-use assets
Profit on disposal of business (DDI)
Research and development UK tax credits
Research and development US tax credits
Income tax expense
(Decrease)/increase in provisions
Cash inflow for the year before changes in working capital
Decrease/(increase) in trade and other receivables
Decrease in inventories
(Decrease)/increase in trade and other payables
Cash generated from operating activities before interest and taxation
Interest element of lease payments
Other interest paid
Taxation paid
Net cash generated from operating activities
Cash flows from investing activities
Acquisition of trade and assets as part of business combinations
Purchase of property, plant and equipment
Software and development expenditure
Sale proceeds of business disposal (DDI)
Net cash used in investing activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Purchase of own shares
Principal element of lease payments
Drawdown of borrowings (net of deferred issue costs)
Issue costs related to borrowings
Repayment of borrowings
Equity dividends paid
Net cash (used in)/generated from financing activities
Net decrease in cash and cash equivalents
Cash and cash equivalents at beginning of period
Effect of foreign currency exchange rate changes
Cash and cash equivalents at end of year
154
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes
2023
£m
2022
£m
(4.6)
23.0
13
14
26
12
12
12
12
14
8
8
6
5
34
5
6
34
21
20
35
27
20
10
24
4.5
5.7
2.2
—
10.0
2.4
12.8
0.6
0.5
1.1
5.1
0.6
—
(0.1)
3.5
(0.7)
(4.7)
(0.5)
(1.4)
1.7
(0.8)
37.9
19.7
0.1
(15.1)
42.6
(1.1)
(4.0)
(5.4)
32.1
(1.0)
(3.9)
(3.4)
2.0
(6.3)
0.1
(0.5)
(6.1)
70.8
(1.5)
(115.6)
(14.5)
(67.3)
(41.5)
73.2
0.6
32.3
3.9
5.4
3.9
(0.5)
8.6
1.8
—
—
(0.1)
1.2
2.5
(0.6)
(7.3)
—
—
—
—
(1.0)
(1.1)
9.1
0.5
49.3
(1.8)
0.2
12.6
60.3
(1.2)
(2.1)
(2.2)
54.8
(153.0)
(5.2)
(3.0)
—
(161.2)
0.8
—
(5.3)
120.7
(0.6)
(39.4)
(14.4)
61.8
(44.6)
116.5
1.3
73.2
�Consolidated cash flow statement continued
for the year ended 31 May 2023
Reconciliation of net change in cash and cash equivalents to movement in net debt 1
Net decrease in cash and cash equivalents
Change in net debt 1 resulting from cash flows (net of deferred issue costs)
Interest incurred on borrowings
Interest paid on borrowings
Release of deferred issue costs
Issue costs related to borrowings (non-cash)
Effect of foreign currency on cash flows
Foreign currency translation differences on borrowings
Change in net cash/(debt) 1 during the year
Net (debt)/cash at start of year excluding lease liabilities 1
Net debt at end of year excluding lease liabilities 1
Lease liabilities
Net debt 1 at end of year
Notes
20
2023
£m
(41.5)
44.8
4.0
(4.0)
(1.0)
1.7
0.6
(1.8)
2.8
(52.4)
(49.6)
(30.0)
2022
£m
(44.6)
(81.3)
2.1
(2.1)
(0.4)
0.6
1.3
(11.3)
(135.7)
83.3
(52.4)
(32.6)
(79.6)
(85.0)
The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
155
Financial statements
�Consolidated statement of changes in equity
for the year ended 31 May 2023
Balance at 1 June 2021
Profit for the year
Other comprehensive expense for the year
Foreign currency translation differences
Total comprehensive (expense)/income
for the year
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Transfer hedging reserve to retained earnings
Share-based payments
Tax on share-based payments
Shares issued
Total contributions by and distributions
to owners
Share
capital
£m
Share
premium
£m
Hedging
reserve
£m
Merger
reserve
£m
Notes
Currency
translation
reserve
£m
Retained
earnings
£m
Total
£m
3.1
—
—
—
223.2
(0.8)
42.3
20.3
(21.9)
266.2
—
—
—
—
(0.1)
—
—
—
—
—
—
14.8
23.0
—
—
23.0
(0.1)
14.8
—
—
(0.1)
—
14.8
23.0
37.7
10
26
9
27
—
—
—
—
—
—
—
—
—
0.8
—
0.9
—
—
—
—
—
—
—
—
—
—
—
—
—
(14.4)
(14.4)
(0.9)
3.2
(0.3)
—
—
3.2
(0.3)
0.8
—
0.8
0.9
—
—
(12.4)
(10.7)
Balance at 31 May 2022
3.1
224.0
Loss for the year
Foreign currency translation differences
Total comprehensive income/(loss) for the year
Transactions with owners recorded directly
in equity
Dividends to equity shareholders
Share-based payments
Tax on share-based payments
Purchase of own shares
Shares issued
Total contributions by and distributions
to owners
10
26
9
27
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
—
0.1
0.1
Balance at 31 May 2023
3.1
224.1
—
—
—
—
—
—
—
—
—
—
—
42.3
35.1
(11.3)
293.2
—
—
—
—
—
—
—
—
—
—
2.4
2.4
—
—
—
—
—
—
(4.6)
—
(4.6)
2.4
(4.6)
(2.2)
(14.5)
(14.5)
2.2
(0.1)
(0.5)
—
2.2
(0.1)
(0.5)
0.1
(12.9)
(12.8)
42.3
37.5
(28.8)
278.2
The accompanying Notes 1 to 37 are an integral part of these consolidated Financial Statements.
156
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Company balance sheet
at 31 May 2023
Company no: 4627044
Non‑current assets
Investments in subsidiary undertakings
Trade and other receivables
Total non‑current assets
Current assets
Cash and cash equivalents
Total current assets
Total assets
Current liabilities
Trade and other payables
Total current liabilities
Total liabilities
Net assets
Equity
Share capital
Share premium
Merger reserve
Retained earnings
Total equity
Notes
2023
£m
2022
£m
33
17
24
19
27
27
27
27
279.1
23.2
276.9
32.9
302.3
309.8
15.0
15.0
20.2
20.2
317.3
330.0
0.2
0.2
0.2
18.2
18.2
18.2
317.1
311.8
3.1
224.1
42.3
47.6
3.1
224.0
42.3
42.4
317.1
311.8
The accompanying Notes 1 to 37 are an integral part of these Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 28 September 2023. They were
signed on its behalf by:
Mike Maddison
Chief Executive Officer
28 September 2023
Guy Ellis
Chief Financial Officer
28 September 2023
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
157
Financial statements
�Company cash flow statement
for the year ended 31 May 2023
Cash flows from operating activities
Profit for the year
Cash inflow for the year before changes in working capital
Decrease in trade and other receivables
(Decrease)/increase in trade and other payables
Net cash generated from operating activities
Cash flows from financing activities
Proceeds from the issue of ordinary share capital
Equity dividends paid
Net cash used in financing activities
Net (decrease)/increase in cash and cash equivalents
Cash and cash equivalents at beginning of year
Cash and cash equivalents at end of year
The accompanying Notes 1 to 37 are an integral part of these Financial Statements.
Notes
28
2023
£m
17.5
17.5
9.7
(18.0)
9.2
2022
£m
20.0
20.0
8.5
4.7
33.2
27
10
0.1
(14.5)
0.8
(14.4)
(14.4)
(13.6)
(5.2)
20.2
15.0
19.6
0.6
20.2
158
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Company statement of changes in equity
for the year ended 31 May 2023
Share
capital
£m
Share
premium
£m
Merger
reserve
£m
Retained
earnings
£m
Notes
Balance at 31 May 2021 and 1 June 2021
3.1
223.2
42.3
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
Balance at 31 May 2022
Profit for the year
Total comprehensive income for the year
Transactions with owners recorded directly in equity
Dividends to equity shareholders
Increase in subsidiary investment for share-based charges
Shares issued
Total contributions by and distributions to owners
—
—
—
—
—
—
3.1
—
—
—
—
—
—
10
27
10
27
Total
£m
301.5
20.0
20.0
32.9
20.0
20.0
(14.4)
(14.4)
3.9
—
3.9
0.8
(10.5)
(9.7)
—
—
—
—
0.8
0.8
—
—
—
—
—
—
224.0
42.3
42.4
311.8
—
—
—
—
0.1
0.1
—
—
—
—
—
—
17.5
17.5
17.5
17.5
(14.5)
(14.5)
2.2
—
2.2
0.1
(12.3)
(12.2)
Balance at 31 May 2023
3.1
224.1
42.3
47.6
317.1
The accompanying Notes 1 to 37 are an integral part of these Financial Statements.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
159
Financial statements
�Notes to the Financial Statements
for the year ended 31 May 2023
1 Accounting policies
Basis of preparation
NCC Group plc (the “Company”) is a public company incorporated in the UK, with its registered office at XYZ Building, 2 Hardman
Boulevard, Manchester M3 3AQ. The Group Financial Statements consolidate those of the Company and its subsidiaries (together
referred to as the “Group”). The principal activity of the Group is the provision of independent advice and services to customers
through the supply of Cyber Security 2 and Software Resilience services. The Parent Company Financial Statements present
information about the Company as a separate entity and not about the Group. These Financial Statements have been approved
for issue by the Board of Directors on 28 September 2023.
These Group and Parent Company Financial Statements have been prepared and approved by the Directors in accordance with
UK-adopted International Accounting Standards (“UK-adopted IFRS”). On publishing the Parent Company Financial Statements
here together with the Group Financial Statements, the Company is also taking advantage of the exemption in s408 of the Companies
Act 2006 not to present its individual Income Statement and related notes that form a part of these approved Financial Statements.
The Financial Statements ended 31 May 2023 now refer to the Cyber Security2 division as the Group’s former Assurance division.
Climate change
The Directors have reviewed the potential impact of climate change and the Task Force on Climate-related Financial Disclosures
(TCFD) on the consolidated Financial Statements. During the year, the Group has carried out a materiality assessment to identify what
social, environmental and governance issues are most material and significant to the NCC Group business and stakeholders to aid our
commitment to achieving net zero by 2050. Our original baseline assessment was impacted by the pandemic and a different business
strategy and therefore we have re-based this assessment. Our overall exposure to physical and transitional climate change is
considered low in the short to medium term due to the nature of the business and cyber resilience industry. The Group continues
to evolve its sustainability agenda with further details on our short, medium, medium to long and long-term goals contained within
the non-financial and sustainability information statement on pages 46 to 52 of the Annual Report.
The Directors have considered climate change in the following areas of the consolidated Financial Statements, noting no material
financial impact in each area:
• Critical accounting judgements and key sources of estimation uncertainty
• Going concern assessment
• Property, plant and equipment – economic life and residual values
• Impairment of assets – the impact of environmental change on growth rates and projected cash flows
• Inventories – realisable value issues
• Provisions – recognition of new liabilities or contingent liabilities arising from climate change and Group physical and transition risks of:
• Greenhouse gas emissions – increased costs associated with more taxes and levies
• Move to net zero – increased costs required to lower emissions
• Margin risk – impact on delivery day rates and associated erosion of profit margin due to increased costs
• Reputational risk – failure to comply with regulations resulting in negative impact on Group
• Supply chain – increased supply costs and delayed deliveries impacting customer contracts/provision of services
• Extreme weather or rising sea levels – reduction in revenue and increased costs
• Fair value measurement – climate change variables being incorporated into market participant valuations
• Financial instruments – expected credit losses and risk of default on Group borrowings (RCF and term loan)
• IFRS 16 ‘Leases’ – changes to property lease portfolio or car lease agreements. During the financial year the Group has moved FY23
from a company car scheme to a salary sacrifice scheme (leased directly by the colleague); this will result over time a reduction in
the motor vehicle right-of-use-asset and corresponding lease liabilities, as the contract lease terms ends.
New and amended accounting standards that have been issued and are effective from 1 January 2023
At the date of authorisation of these Financial Statements, the following new accounting pronouncements have been issued and are
effective from 1 January 2023:
• IFRS 17 ‘Insurance Contracts’ – effective on 1 January 2023 and replaces IFRS 4 ‘Insurance Contracts’
• Amendments to IAS 1 ‘Classification of Liabilities as Current or Non-current’ issued in January 2020 and effective from 1 January 2023.
An exposure draft was issued in November 2021 proposing for this effective date to be delayed to periods starting no earlier than
1 January 2024
• Amendments to IAS 1 and IFRS Practice Statement 2 ‘Disclosure of Accounting Policies’ issued in February 2021 and effective from
1 January 2023
• Amendments to IAS 8 ‘Definition of Accounting Estimates’ issued in February 2021 and effective from 1 January 2023
• Amendments to IAS 12 ‘Deferred Tax Related to Assets and Liabilities arising from a Single Transaction’ issued in May 2021 and
effective from 1 January 2023
• Amendments to IAS 7 and IFRS 7 ‘Supplier Finance Arrangements’ issued in July 2023 and effective from 1 January 2024
• Amendments to IFRS 16 ‘Lease Liability in a Sale and Leaseback’ issued in July 2023 and effective from 1 January 2024
These IFRSs are not expected to have a material impact on the Group’s consolidated financial position or the performance of the Group.
These IFRSs are not expected to have a material impact on the Company’s financial position or the performance of the Company.
2 Formerly Assurance.
160
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�1 Accounting policies continued
The UK Endorsement Board has issued the following new accounting pronouncements to be effective from 1 January 2022 and
applicable from 31 March 2023:
• Reference to the Conceptual Framework (Amendments to IFRS 3)
• Property, Plant and Equipment – Proceeds Before Intended Use (Amendments to IAS 16)
• Onerous Contracts – Cost of Fulfilling a Contract (Amendments to IAS 37)
• Annual improvements make minor amendments to IFRS 1 ‘First-time Adoption of IFRS’, IFRS 9 ‘Financial Instruments’, IAS 41
‘Agriculture’ and IFRS 16 ‘Leases’
The adoption of these pronouncements has had no significant impact on the Group consolidated Financial Statements.
Other new accounting pronouncements
In addition to the above, the following new accounting pronouncements have also been issued which are not yet effective but
the Group is not expecting them to have a significant impact on the Group’s consolidated Financial Statements:
• Amendments to IAS 1 ‘Non-current Liabilities with Covenants’ issued in October 2022 and effective from 1 January 2024
• Amendments to IAS 10 and IAS 28 ‘Sale or Contribution of Assets between an Investor and its Associate or Joint Venture’ issued
in September 2014 and postponed indefinitely
• Amendments to IFRS 16 ‘Lease Liability in a Sale and Leaseback’ issued in September 2022 and effective from 1 January 2024
Basis of measurement
The consolidated Financial Statements have been prepared on the historical cost basis except for the revaluation of certain financial
instruments and investments. In addition, at the date of the acquisitions consideration payable is at fair value.
Functional and presentation currency
The Group and Company Financial Statements are presented in millions of Pounds Sterling (£m) because that is the currency
of the principal economic environment in which the Group operates.
Going concern
The Directors have acknowledged guidance published in relation to going concern assessments. The Group’s business activities,
together with the factors likely to affect its future development, performance and position, are set out in the Business Review and
Financial Review. The Group’s financial position, cash and borrowing facilities are also described within these sections.
The Financial Statements have been prepared on a going concern basis which the Directors consider to be appropriate for
the following reasons.
The Directors have prepared cash flow and covenant compliance forecasts for the 12 month period ending 30 September 2024 which
indicate that, taking account of severe but plausible downsides on the operations of the Group and its financial resources, the Group
and Company will have sufficient funds to meet their liabilities as they fall due for that period.
The going concern period is required to cover a period of at least 12 months from the date of approval of the Financial Statements
and the Directors still consider this 12 month period to be an appropriate assessment period due to the Group’s financial position and
trading performance and that its borrowing facilities do not expire until December 2026. The Directors have considered whether there
are any significant events beyond the 12 month period which would suggest this period should be longer but have not identified any
such conditions or events.
The Group is financed primarily by a £162.5m multi-currency revolving credit facility maturing in December 2026. Under these banking
arrangements, the Group can also request (seeking bank approval) an additional accordion facility to increase the total size of the
revolving credit facility by up to £75m. This accordion facility has not been considered in the Group’s going concern assessment as
it requires bank approval and is therefore uncommitted as at the date of approval of these consolidated financial statements.
As of 31 May 2023, net debt (excluding lease liabilities)1 amounted to £49.6m which comprised cash of £34.1m, a bank overdraft
of £1.8m, a drawn revolving credit facility of £83.4m had been drawn under these facilities, leaving £79.1m (2022: £28.7m) of undrawn
facilities, excluding the uncommitted accordion facility of £75.0m. Unamortised arrangement fees of £1.5m have been offset against
the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2023 of £81.9m. The Group’s day-to-day working capital
requirements are met through existing cash resources, the revolving credit facility and receipts from its continuing business activities.
The Group is required to comply with financial covenants for leverage (net debt to Adjusted EBITDA1) and interest cover (Adjusted
EBITDA1 to interest charge) that are tested bi-annually on 31 May and 30 November each year. As of 31 May 2023, leverage1 amounted
to 1.4x and net interest cover1 amounted to 6.8 compared to a maximum of 3.0x and a minimum of 3.5x respectively. The terms and
ratios are specifically defined in the Group’s banking documents (in line with normal commercial practice) and are materially similar to
amounts noted in the these financial statements with the exceptions being net debt excludes IFRS 16 lease liabilities and Adjusted
EBITDA1. The Group was in compliance with the terms of all its facilities during the year, including the financial covenants on 31 May
2023, and based on forecasts, expects to remain in compliance over the going concern period. In addition, the Group has not sought
or is not planning to seek any waivers to its existing facilities.
It’s been a challenging year for the Group with a decline in the rate of revenue growth and overall profitability resulting in a loss before
taxation of £4.3m. The Group’s revenue performance and profitability suffered from the market dynamics within Cyber Security2. In
particular, the Group experienced buying decision delays and cancellations in the North American tech sector and our UK market.
These headwinds have further reinforced the need to accelerate the implementation of our next chapter of the Group strategy
following its communication in February 2023. This strategy requires a level of additional investment in 2024. Despite the above,
the Group has maintained consistent cash generation during the year.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
161
Financial statements�1 Accounting policies continued
Going concern continued
Following the year end, the Group has engaged in additional generating cost efficiencies across Cyber Security2 and corporate
functions which is resulting in the implementation of a fundamental reorganisation generating further savings compared to the prior
year. As a result of all of the above, the base case going concern assessment has been prepared on the basis that market volatility
within Cyber Security2 partially continues with overall profitability remaining similar to 2023.
With this context, the Directors have prepared a number of severe but plausible scenarios to the base cash going concern
assessment as follows:
a) No recovery from FY23 Q4 Cyber Security2 trading performance – £6.4m reduction profit before tax
b) Loss of key customers – £4.2m reduction in profit before tax
c) Shortfall in forecast cost savings – annualised £3.2m reduction in profit before tax
d)
Further inflationary pressures continue, worse and more prolonged than expected (wages, energy and interest) – £5.6m reduction
in profit before tax
e) Combination of Scenario a and d – £10.8m reduction in profit before tax
These scenarios have been modelled individually in order to assess the Group’s ability to withstand specific challenges. The Directors
do not believe it is plausible for all of the above downside scenarios to occur concurrently; however, they have modelled scenarios
combining risks (a and d). The impact of these severe but plausible scenarios has been reviewed against the Group’s projected cash
flow position, available committed bank facilities and compliance with financial covenants. These forecasts, including the severe but
plausible downsides, show that the Group is able to operate within its available committed banking facilities, with no forecasted
covenant breaches or requirement for facility waivers, and that the Group will have sufficient funds to meet its liabilities as they fall
due for that period.
From a Company perspective, the Company places reliance on other Group trading entities for financial support. The Company
controls these Group entities and therefore has the ability to direct the financial activities of the Group. Having reviewed the current
trading performance, forecasts, debt servicing requirements, total facilities and risks, the Directors are confident that the Company
and the Group will have sufficient funds to continue to meet their liabilities as they fall due for a period of at least 12 months from the
date of approval of these consolidated Financial Statements, which is determined as the going concern period. Accordingly, the
Directors continue to adopt the going concern basis of accounting in preparing the Group’s Financial Statements for the period ended
31 May 2023.
There are no post-Balance Sheet events which the Directors believe will negatively impact the going concern assessment.
1 See Note 3 for an explanation of Alternative Performance Measures (APMs) and adjusting items, including a reconciliation to statutory information.
Business combinations
Business combinations are accounted for by applying the acquisition method at the acquisition date, which is the date on which
control is transferred to the Group. The Group controls an entity when the Group is exposed to, or has rights to, variable returns
from its involvement with the entity and has the ability to affect those returns through its power over the entity.
Acquisitions and disposals
The Group measures goodwill at the acquisition date as:
• The fair value of the consideration transferred; plus
• The recognised amount of any non-controlling interests in the acquiree; plus
• If the business combination is achieved in stages, the fair value of the existing equity interest in the acquiree; less
• The fair value of the identifiable assets acquired, and liabilities assumed.
When the excess is negative, a bargain purchase gain is recognised immediately in profit or loss. The consideration transferred does not
include amounts related to the settlement of pre-existing relationships. Such amounts generally are recognised in the Income Statement.
Costs related to the acquisition, other than those associated with the issue of debt or equity securities, are expensed as incurred.
Any deferred or contingent consideration payable is recognised at fair value at the acquisition date. If the contingent consideration
is classified as equity, it is not remeasured, and settlement is accounted for within equity. Otherwise, subsequent changes to the fair
value of contingent consideration are recognised in the Income Statement. On a transaction-by-transaction basis, the Group elects
to measure non-controlling interests either at their fair value or at their proportionate interest in the recognised amount of the
identifiable net assets of the acquiree at the acquisition date.
The results of subsidiaries acquired or disposed of during the year are included in the Consolidated Income Statement from
the effective date of acquisition or up to the effective date of disposal, as appropriate. In addition, comparatives are also restated
to reclassify disposed businesses or those that meet the criteria of IFRS 5 ‘Non-current Assets Held for Sale and Discontinued
Operations’, as a discontinued operation.
2 Formerly Assurance.
162
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Subsidiaries
Subsidiaries are entities controlled by the Group. The Financial Statements of subsidiaries are included in the consolidated Financial
Statements from the date that control commences until the date that control ceases. Control is achieved where the Company has the
power to govern the financial and operating policies of an investee entity so as to obtain benefits from its activities. Intercompany
transactions and balances between subsidiaries are eliminated on consolidation.
Intangible assets and goodwill
Goodwill represents amounts arising on acquisition of subsidiaries. In respect of business acquisitions that have occurred since
1 June 2004, goodwill represents the difference between the cost of the acquisition and the fair value of the net identifiable assets
acquired including identifiable intangible assets. Identifiable intangibles are those which can be sold separately, or which arise from
legal rights regardless of whether those rights are separable.
In respect of acquisitions prior to 1 June 2004, goodwill is included at its deemed cost, which represents the amount recorded under UK
GAAP at 31 May 2004, which was broadly comparable, save that only separable intangibles were recognised and goodwill was amortised.
Goodwill is stated at cost less any accumulated impairment losses. Goodwill is allocated to cash generating units and is not amortised
but is tested annually for impairment. In respect of equity accounted investees, the carrying amount of goodwill is included in the
carrying amount of the investment in the investee.
Research and development
Expenditure on research activities is recognised in the Income Statement as an expense as incurred. Expenditure on development
activities is capitalised as “development costs” if the product or process is technically and commercially feasible, if the Group has
the technical ability and sufficient resources to complete development, if future economic benefits are probable and if the Group
can measure reliably the expenditure attributable to the intangible asset during its development. Development activities involve
a plan or design for the production of new or substantially improved products or processes.
Software costs
The Group capitalises “software costs” in accordance with the criteria of IAS 38. Software costs comprise third party costs and
internal colleague time costs for internal system developments. Capitalised amounts are initially measured at cost and amortised on
a straight-line basis over the period for which the developed system is expected to be in use as a business platform. Software costs
incurred as part of a service agreement are only capitalised when it can be evidenced that the Group has control over the resources
defined in the arrangement.
The expenditure capitalised includes the cost of materials, direct labour, overhead costs that are directly attributable to preparing
the asset for its intended use and capitalised borrowing costs. Other development expenditure is recognised in the Income Statement
as an expense as incurred. Software costs are stated at cost less accumulated amortisation and less accumulated impairment losses.
When the Group incurs customisation and configuration costs, as part of a service agreement for Software-as-a-Service (SaaS),
Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS), judgement is applied in assessing whether the Group has control
over the resources defined in the arrangement. These costs are treated in accordance with the March 2019 IFRIC update with regard
to the Customer’s Right to Receive Access to the Supplier’s Software Hosted on the Cloud (IAS 38 ‘Intangible Assets’) and the IFRIC
interpretation ratified by the Interpretations Committee in April 2021 with regard to Configuration or Customisation Costs in a Cloud
Computing Arrangement, as follows:
• In specific circumstances, development costs incurred may give rise to an identifiable asset, for example where code/intellectual
property hosted on third party cloud infrastructure is controlled by the Group and the cost of moving the asset to another provider
or bringing on-premise is not prohibitive.
• Amounts paid to the cloud vendor or third party for configuration and customisation that are not distinct from access to the cloud
software are expensed over the contract term.
• In all other instances, configuration and customisation costs will be expensed as the customisation and configuration services
are received, for example a cloud provider’s monthly subscription.
Intangible assets
Expenditure on internally generated goodwill is recognised in the Income Statement as an expense as incurred. Intangible assets
that are acquired by the Group are stated at cost less accumulated amortisation and less accumulated impairment losses.
Amortisation
Amortisation is charged to the Income Statement on a straight-line basis over the estimated useful economic lives of intangible assets
unless such lives are indefinite. Intangible assets with an indefinite useful life and goodwill are systematically tested for impairment at each
Balance Sheet date. Intangible assets are amortised from the date they are available for use. The estimated useful lives are as follows:
Acquired customer contracts and relationships – between three and twenty years
Software
– between three and five years
Capitalised development costs
– between three and five years
Financial instruments
Financial assets and financial liabilities, in respect of financial instruments, are recognised in the Group and Parent Balance Sheet
when the Group or Company becomes a party to the contractual provisions of the instrument.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
163
Financial statements
�1 Accounting policies continued
Classification and measurement of financial assets and liabilities
Classification of financial assets is generally based on the business model in which the financial asset is managed and its contractual
cash flow characteristics. A financial asset is measured at amortised cost if it is held with the objective of collecting the contractual
cash flows and its contractual terms give rise on specified dates to cash flows that are solely payments of principal and interest on
the principal amount outstanding. All other financial assets are measured at fair value through other comprehensive income or the
Income Statement.
Financial assets at amortised cost
Trade and other receivables
Trade receivables and other receivables that have fixed or determinable payments that are not quoted in an active market are
classified as financial assets measured at amortised cost.
Under the IFRS 9 “expected credit loss” model, a credit event (or impairment “trigger”) no longer needs to occur before credit losses
are recognised.
The Group analyses the risk profile of trade receivables based on past experience and an analysis of the receivables’ current financial
position, potential for a default event to occur, adjusted for specific factors, general economic conditions of the industry in which the
receivables operate and assessment of both the current and the forecast direction of conditions at the reporting date. A default event
is considered to occur when information is obtained that indicates that a receivable is unlikely to be paid to the Group.
Credit risk is regularly reviewed by management to ensure the expected credit loss (ECL) model is being appropriately applied.
The Group has performed the calculation of ECL separately for each business unit.
Financial liabilities at amortised cost
Trade payables
Trade payables are other financial liabilities initially measured at fair value and subsequently measured at amortised cost.
Impairment of non-financial assets
The carrying amounts of the Group’s non-financial assets, other than deferred tax assets, are reviewed at each reporting date
to determine whether there is any indication of impairment. If any such indication exists, then the asset’s recoverable amount is
estimated. For goodwill, and intangible assets that have indefinite useful lives or that are not yet available for use, the recoverable
amount is estimated each year at the same time.
The recoverable amount of an asset or cash generating unit is the greater of its value in use (VIU) and its fair value less costs to sell
(FVLCTS). FVLCTS has been used for all CGUs for the year ended 31 May 2023. The FVLCTS valuation has been calculated by
assessing the value of each standalone CGU calculated using an Adjusted EBITDA1 multiple based on estimated sustainable earnings
adjusted for specific items where relevant. VIU has predominantly been used in the year ended 31 May 2022, the estimated future
cash flows are discounted to their present value using a pre-tax discount rate that reflects current market assessments of the time
value of money and the risks specific to the asset.
For the purpose of impairment testing, assets that cannot be tested individually are grouped together into the smallest group of
assets that generates cash inflows from continuing use that are largely independent of the cash inflows of other assets or groups
of assets (the “cash generating unit”). The goodwill acquired in a business combination, for the purpose of impairment testing, is
allocated to cash generating units (CGUs). Subject to an operating segment ceiling test, for the purposes of goodwill impairment
testing, CGUs to which goodwill has been allocated are aggregated so that the level at which impairment is tested reflects the
lowest level at which goodwill is monitored for internal reporting purposes. Goodwill acquired in a business combination is allocated
to groups of CGUs that are expected to benefit from the synergies of the combination.
An impairment loss is recognised if the carrying amount of an asset or its CGU exceeds its estimated recoverable amount. Impairment
losses are recognised in the Income Statement. Impairment losses recognised in respect of CGUs are allocated first to reduce the
carrying amount of any goodwill allocated to the units, and then to reduce the carrying amounts of the other assets in the unit (group
of units) on a pro rata basis. An impairment loss in respect of goodwill is not reversed. In respect of other assets, impairment losses
recognised in prior periods are assessed at each reporting date for any indications that the loss has decreased or no longer exists.
An impairment loss is reversed if there has been a change in the estimates used to determine the recoverable amount. An impairment
loss is reversed only to the extent that the asset’s carrying amount does not exceed the carrying amount that would have been
determined, net of depreciation or amortisation, if no impairment loss had been recognised.
Subsequent expenditure
Subsequent expenditure is capitalised only when it increases the future economic benefits embodied in the specific asset to which
it relates. All other expenditure, including expenditure on internally generated goodwill, is recognised in the Income Statement as an
expense as incurred.
Consideration of climate risk impact
The impact of climate risk on the future cash flows has also been considered for scenarios analysed in line with the climate change
risk assessment. The climate change scenario analyses performed in 2023 – conducted in line with TCFD recommendations –
identified no material financial impact to the current year impairment assessments.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
164
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Related party transactions
A related party is a person or entity that is related to the Group or Company. Related party transactions are the transfer of resources,
services or obligations between parties regardless of whether a price is charged. In these circumstances, the Group or Company will
disclose the nature of the related party relationship as well as information about the transactions and outstanding balances
necessary for an understanding of the potential effect of the relationship on the Financial Statements in accordance with IAS 24
‘Related Party Transactions’.
Details of related party transactions are set out in Note 32 to these Financial Statements.
Property, plant and equipment
Property, plant and equipment assets are carried at cost less accumulated depreciation and any recognised impairment in value.
To the extent that borrowing costs relate to the acquisition, construction or production of a qualifying asset, borrowing costs are
capitalised as part of the cost of that asset. Depreciation is charged to the Income Statement on a straight-line basis over the
estimated useful economic lives of each part of an item of plant and equipment as follows:
Computer equipment
– between three and five years
Plant and equipment
– between three and five years
Furniture
– between three and five years
Fixtures and fittings
– five years
Motor vehicles
– four years
Property, plant and equipment is also tested for impairment whenever there is an indication of potential impairment.
Leases
At inception of a contract, the Group assesses whether a contract is, or contains, a lease. A contract is, or contains, a lease if the
contract conveys the right to control the use of an identified asset for a period of time in exchange for consideration. To assess
whether a contract conveys the right to control the use of an identified asset, the Group assesses whether:
• The contract involves use of the identified asset; this may be specified explicitly or implicitly and should be physically distinct
or represent substantially all of the capacity or a physically distinct asset. If the supplier has a substantive substitution right, then
the asset is not identified
• The Group has the right to obtain substantially all of the economic benefits from use of the asset and throughout the period of
use The Group has the right to direct the use of the asset. The Group has this right when it has the decision-making rights that
are≈most relevant to changing how and for what purpose the asset is used. In rare cases where all the decisions about how and
for≈what purpose the asset is used are predetermined, the Group has the right to direct the use of the asset if either:
• The Group has the right to operate the asset
• The Group designed the asset in a way that predetermines how and for what purpose it will be used
The Group recognises a right-of-use asset and a lease liability at the lease commencement date. The right-of-use asset is initially
measured at cost, which comprises the initial amount of the lease liability adjusted for any lease payments made at or before the
commencement date, and an estimate of costs to dismantle and remove the underlying asset or to restore the underlying asset or
the site on which it is located, less any lease incentives received.
The right-of-use asset is subsequently depreciated using the straight-line method from the commencement date to the earlier
of≈the end of the useful life of the right-of-use asset or the end of lease term. The estimated useful lives of right-of-use assets are
determined on the same basis as those of property, plant and equipment. In addition, the right-of-use asset is periodically reduced
by impairment losses, if any, and adjusted for certain remeasurements of the lease liability.
The lease liability is initially measured at the present value of the lease payments that are not paid at the commencement date, discounted
using the interest rate implicit in the lease or, if that rate cannot be readily determined, the Group’s incremental borrowing rate.
The lease liability is measured at amortised cost using the effective interest method. It is remeasured when there is a change in future
lease payments arising from a change in an index or rate, if there is a change in the Group’s estimate of the amount expected to be
payable, or if the Group changes its assessment of whether it will exercise a purchase, extension or termination option.
When the lease liability is remeasured in this way, a corresponding adjustment is made to the carrying amount of the right-of-use
asset or is recorded in the Income Statement if the carrying amount of the right-of-use asset has been reduced to zero. The Group
has elected not to recognise right-of-use assets and lease liabilities for short-term leases that have a lease term of 12 months or less
and leases of low value assets, including certain IT equipment. The Group recognises the lease payments associated with these
leases as an expense on a straight-line basis over the lease term.
Lease rental costs in respect of short-term leases (less than one year) and low value assets which are exempt from being accounted
for under IFRS 16 are charged to the Income Statement on a straight-line basis over the period of the lease.
Investments
Investments in subsidiaries are carried at cost less impairment. Investments in property and unlisted shares are carried at cost less
impairment, which is based on the fair value at acquisition.
Inventories
Inventories are valued at the lower of cost and new realisable value. Net realisable value is the estimated selling price in the ordinary
course of the business, less applicable variable selling expenses. Items in transit where the Group has control are included in inventories.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
165
Financial statements
�1 Accounting policies continued
Revenue recognition
Summary
The Group provides independent global Cyber Security 2 and Software Resilience services.
The revenue streams in relation to Cyber Security 2 include:
• Global Professional Services (GPS) – global Cyber Security 2 consultancy services
• Global Managed Services (GMS) – operational cyber defence, incident response, scanning, simulation and managed security
operations centres (SOCs) including new Microsoft XDR (Sentinel) proposition
• Product sales – sale of own manufactured and/or resale of third party products
The revenue streams in relation to Software Resilience include:
• Escrow contract services – securely maintain in “escrow” the long-term availability of business critical software and applications
• Verification services – verify source code, and provide a fully managed secure service and result validation
While the detailed recognition is contract specific, and set out in the table on pages 167 to 170, in most cases:
• GPS revenues are recognised on an input method over time
• GMS revenues are bifurcated according to the separate performance obligations (see pages 167 to 169)
• Product sales are recognised when control passes, usually on delivery
• Escrow contract revenues are recognised over time
• Verification services are recognised on the completion of the verification service
Revenue is presented net of VAT and other sales related taxes.
Revenue is measured based on the consideration specified in a contract with a customer. The Group recognises revenue when
it transfers control over a good or service to a customer.
Due to the nature of the Group’s activities, the Group transaction price for the majority of its contracts is entirely variable consideration
as these contracts are on a time and material basis, using set contractual rates per hour/day worked, giving rise to no estimation or
reversal risk at period end. The Group does not have any material obligations in respect of returns, refunds or warranties. The impact
of any financing component within contracts with customers has been assessed and concluded to be immaterial.
On contract inception, the probability of collectability is assessed across the Group and, unless there is a significant change in facts
and circumstances, revenue is recognised. During the year, no instances have been identified where reassessment of the collectability
has had to be reassessed, nor have there been any new contracts with customers for which the collection of consideration has not
been assessed at inception as probable.
2 Formerly Assurance.
166
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Revenue recognition continued
Detailed policies
The following table provides information about the nature and timing of the satisfaction of performance obligations in contracts
with customers by reportable segments, including significant payment terms, and the related revenue recognition policies.
Revenue stream
Nature
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Global
Professional
Services
(GP S)
Global
Managed
Services
(GMS)
GPS is the Group’s core
consulting service
represented by consultants
providing Cyber Security 2
consultancy services
to a customer over time or
to a set deliverable.
Some contracts may contain
multiple services (e.g. Cyber
Security 2 assessment and
certified product evaluation
services). These will be
identified as separate
performance obligations,
and the transaction price
allocated to each of these is
determined by using the fixed
contract rate based upon day
rates, being the relative
standalone selling price basis.
Specifically, the contract
terms range from time and
materials (based upon
consultants’ time and
expenses) discrete
statements of work,
whereby the customer
benefits gradually over the
period over which the work
is performed, unless there is
a set deliverable (for example
a defined security
assessment report).
The Group in certain
situations operates on
agreed customer terms,
which allow the Group to
recover any abortive revenue
from its customer in the
event that a customer
terminates a contract
before the contract or
deliverable is complete.
These services provide
operational cyber defence,
incident response, scanning,
simulation and managed
security operations centres
(SOCs). Services are typically
for an extended delivery
duration, with contract
lengths varying up to
a maximum of five years.
The customer simultaneously
receives the benefits of the
consulting services provided by
the Group over the period over
which the work is performed
and one promise (performance
obligation) is identified. Work
is performed on a daily basis.
Invoices are raised monthly or based
on an agreed invoicing profile with
the customer.
Invoices are usually payable
within 30 days.
No discounts or retrospective
rebates are provided.
Revenue is recognised on an input basis
to measure the satisfaction of performance
obligations over time. This is done according
to the number of days worked in comparison
to the total contracted number of days of the
performance obligation. The work performed
occurs on a daily basis (for example security
assessment of a customer’s security
environment).
It is considered that as the customer benefits
over time based on consultants’ time, the
input method faithfully depicts the Group’s
performance towards complete satisfaction
of the single performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of days.
The customer simultaneously
receives and consumes the benefits
of the consulting services provided
by the Group over the period over
which the work is performed by the
Group and one performance
obligation is identified.
Invoices in relation to the abortive
revenue will be recognised when
aborted. Invoices are usually payable
within 30 days.
Revenue is recognised on an input basis to
measure the satisfaction of performance
obligations over time. This is done according
to the number of days worked in comparison
to the total contracted number of days of the
performance obligation.
Transaction price is determined by fixed
contract rates based upon day rates and
number of consultancy days.
The customer will benefit from
the services over the period
of the contract.
The amount of revenue recognised in relation
to software licence(s) depends on whether
the Group acts as an agent or as a principal.
However, the type of contract
will depend on how the customer
benefits from the software licence(s).
The Group acts as principal when the Group
controls the specified software licence or
service prior to transfer (MSP model).
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
167
Financial statements�1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
Revenue stream
Nature
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Global
Managed
Services
(GMS)
continued
The proposition will also
provide the customer with
software licence(s) to enable
these services to occur.
On this basis, the Group
operates two types
of contracts:
• A Managed Service
Provider (MSP) model
whereby the customer is
supplied with one
complete integrated
service including the
software licence(s)
• A reseller model whereby
the Group sources the
software licence(s) on
behalf of the customer and
provides the Managed
Detection and Response
services
These services will
also include set-up fees.
Set-up fees represent
workshops, design, and
configuration to create
a “connection”
between systems.
Following services going live,
the Group will also provide a
certain level of professional
service consultancy days
based on a day rate (post-go-
live fees).
Where an MSP model is selected by
the customer, the Group recognises
three performance obligations:
• Set-up fees
• Post-go-live fees
• Combined monitoring cyber
and licence service
The MSP model is considered to be
under a principal arrangement
whereby the Group controls the
service prior to transfer.
Where a reseller model is selected by
the customer, the Group recognises
four performance obligations:
• Sourced software licence(s)
• Set-up fees
• Post-go-live fees
• Monitoring cyber service
The reseller model is considered to
be under an agency arrangement
whereby the customer receives the
benefit and control of the licence
on delivery.
Invoices are raised monthly or
based on an agreed invoicing
profile with the customer.
Invoices are usually payable within
30 days.
When the Group acts as a principal the
revenue recorded is the gross amount billed.
The transaction price is determined by a
contract price (cost plus mark-up). The
transaction price for the overall service is
outlined within the customer contract. In
certain scenarios, the contract will outline the
price for each performance obligation, which is
considered to be the standalone selling price of
the services/goods, and the transaction price is
allocated to each performance obligation on
this basis. Where the contract does not
stipulate the price per performance obligation,
management determines the relative
standalone selling price for each performance
obligation based on a market assessment
approach for the services provided in
comparison to market prices, and the contract
transaction price is allocated to
each performance obligation in proportion
to those standalone selling prices.
Under a reseller model, the Group’s
responsibility is to arrange for a third party to
provide a specified software licence(s) to the
customer. In these cases, the Group is acting as
an agent and the Group does not control the
relevant licence(s) before it is transferred to the
customer. In particular, the Group does not have
inventory risk, have access to its source code or
hold the IP rights.
When the Group is acting as an agent, the
revenue is recorded at the net amount retained
(commission) at a point in time as the customer
receives immediate benefit from access to the
licence and the Group does not have any further
obligations in relation to the provision of the
licence. The commission transaction value
represents the mark-up on the licence provided.
The majority of set-up fees relate to the reseller
model. Set-up fees are recognised over time of
the set-up. The set-up activities are completed
by a separate deployment team that typically
spans a period of 1-2 months. The set-up
activities do not customise the licence provided
by the third party but only allows a link between
the client’s infrastructure and the software
to allow monitoring services to be provided by
the Group one the set-up process is completed.
On this basis, the client can benefit from each
of the goods and services either on their own or
together with the other goods and services that
are readily available and the promise to transfer
the goods or service is distinct.
The set-up fees are based on day rates incurred
(defined by an in-house day rate sales pricing
matrix). Accordingly, the charge out rates are
recognised and allocated to these tasks when
performed akin to technical professional day
rate services. These rates are considered to be
the standalone selling prices and are not
discounted or reduced for other services.
168
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
Revenue stream
Nature
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Global
Managed
Services
(GMS)
continued
Product sales
This revenue represents the
sale of own manufactured
and/or resale of third party
products with no connection
to other Group services.
The customer only benefits from the
products on delivery.
Invoices are raised monthly or based
on an agreed invoicing profile with
the customer.
Invoices are usually payable
within 30 days.
Long-term
fixed price
contracts
This revenue represents the
long-term development and/
or manufacture of
specialised software
and hardware solutions.
Delivery of the product is
considered to represent one
performance obligation.
The development and/or
manufacturing work carried out by
the Group is not considered to create
an asset with an alternative use to the
entity. The Group is entitled to
payment as performance of the
contract is completed. On this basis,
revenue is recognised over time.
Invoices are raised based on
achievements of pre-defined
milestones in the contract.
Invoices are usually payable
within 30 days.
Post-go-live fees are recognised on delivery of
consultancy services over time as the customer
obtains incremental benefit from the hours
provided. Revenue is recognised on an input
basis (day rates) to measure the satisfaction
of performance obligations over time.
Transaction price is determined by fixed
contract rates based upon day rates and
number of post-go-live consultancy days.
One performance obligation, being a
combined monitoring cyber and licence
service, is identified in relation to the MSP
model monitoring service. Revenue is
recognised over the contract length as the
software and monitoring process is an overall
service, whereby the Group retains control of
the licence and provides a complete monitoring
service to the customer. If the customer cancels
the contract, the Group will retain control of
the licence.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily and
therefore revenue is recognised on straight-line
basis as the performance obligation is satisfied
over time.
The transaction price is determined by fixed
contract rates for the combined services.
Revenue in relation to the reseller model
monitoring service is recognised over the
contract length on a straight-line basis as the
performance obligation is satisfied over time.
The customer benefits from a 24/7 monitoring
service whereby benefit is obtained daily on
straight-line basis.
Revenue is recognised when control of the
product is transferred to the customer. This
occurs upon delivery under the contractual
terms.
On certain sales of third party products, the
control of the product is considered to pass
from the vendor to the end customer and in
these cases the Group acts as an agent, and
hence only records a commission on sale as
opposed to gross revenue and costs of sale.
Revenue is recognised on an input basis to
measure the satisfaction of the performance
obligation over time. This is done according to
total costs incurred in comparison to the total
expected costs to be incurred to satisfy the
performance obligation. This input measure
is driven by the nature of the activities carried
out in satisfying the performance obligation.
The transaction price is fixed within the terms
of the contractual arrangement.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
169
Financial statements�1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
Revenue stream
Nature
Software Resilience
Timing of satisfaction of performance
obligations and significant payment terms
Revenue recognition policies, including determination
of transaction price and rationale
Escrow
contract
services
These services securely
maintain in “escrow” the
long-term availability of
business critical software
and applications while
protecting the intellectual
property rights (IPR) of
technology partners.
The service will include
set-up time, which is
administrative in nature.
The customer benefits from the
escrow service evenly over a
contract period, usually at least
a year and potentially up to
three years.
The service represents one
performance obligation.
Invoices are raised based on
an agreed invoicing profile with
the customer.
Invoices are usually payable
within 30 days.
Revenue is recognised over time on a straight-
line basis representing the service delivery
agreement. The nature of the agreement gives
rise to the customer having the benefit of
Software Resilience if and when required over
the contract period. Revenue is recognised
on a straight-line basis as the pattern of benefit
to the customer as well as the Group’s efforts to
fulfil the contract are generally even throughout
the period.
The transaction price is determined
by a contract price.
Set-up time is not considered distinct and
a separate performance obligation due to
the administrative nature and therefore is
recognised over the period of the contract.
Verification
services
These services verify source
code based upon an agreed
scope between all parties
and provide a fully managed
secure service and result
validation, typically delivered
over a short period of time
(days).
These include SaaS services
and ICANN services.
The customer benefits from the
verification service on completion
because the source code will only
have been fully verified/validated at
that point.
Revenue is recognised on completion of
the verification services.
Transaction price is determined by fixed
contract rates based upon day rates and
number of verification days.
The service represents one
performance obligation.
Invoices are raised monthly or based
on an agreed invoicing profile with
the customer.
Invoices are usually payable
within 30 days.
Contract costs
Contract costs comprise incremental sales commissions paid to sales agents or external third parties, which can be directly attributed
to an acquired or retained contract. Capitalised commission costs are amortised on a systematic basis that is consistent with the
transfer to the customer of the services when the related revenues are recognised. In all other cases, all internal and external costs
of obtaining the contract are recognised as incurred.
Costs directly incurred in fulfilling a contract with a customer, which comprise labour hours on long-term contracts, are recognised
as an asset to the extent they are recoverable. Such costs are amortised on a systematic basis that is consistent with the transfer
to the customer of the services when the related revenues are recognised.
Accrued income (contract asset)
Accrued income represents the Group’s rights to consideration for work completed but not billed at the reporting date. Remaining
balances are transferred to receivables when the rights become unconditional.
Deferred revenue (contract liability)
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time.
Long-term loss-making contracts
Long-term contracts are reviewed annually to establish if the contract is onerous in nature. In particular, the long-term contract
becomes an onerous contract when the unavoidable costs (i.e. the lower of the cost of fulfilling the contract and any compensation
or penalties arising from failure to fulfil it) exceed the economic benefits expected to be received under the contract. The assessment
of cost to fulfil includes costs that relate directly to the contract and includes direct costs of production, direct costs of supplies/
hardware from external suppliers (materials), direct labour in relation to performance obligations and if appropriate any potential
contractual fine dependent on items (performance obligations) not being delivered/performed. Any assets dedicated to the specific
contract are also tested for potential impairment.
170
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Determination and presentation of operating segments
The Group determines and presents operating segments based on the information that is provided to the Board, which acts as the
Group’s chief operating decision maker (CODM) in order to assess performance and to allocate resources. An operating segment
is a component of the Group that engages in business activities from which it may earn revenues and incur expenses, including
revenues and expenses that relate to transactions with any of the Group’s other components. An operating segment’s results are
reviewed regularly by the CODM to make decisions about resources to be allocated to the segment and to assess its performance.
The Group reports its business in two key segments: the Cyber Security 2 division and the Software Resilience division. The two
reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide a
homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they are
reported to the CODM. Operating segments are aggregated into the two reportable segments based on the types and delivery
methods of services they provide, common management structures, and their relatively homogeneous commercial and strategic
market environments. Both of the Group’s divisions (segments) are run by a senior executive team; those teams make all decisions
on resource allocation, product development, marketing and areas for focus and investment.
Allocation of central costs
Some costs are collected and managed in one location but are actually incurred on behalf of multiple operating segments or reporting
segments. These costs are then allocated to the reporting segments. The allocation is based on logical or activity driven cost
algorithms. The allocation is necessary to give an accurate picture of the consumption of resources by each reporting segment.
Individually Significant Items (ISI)
Individually Significant Items are identified as those items or projects that based on their size and nature and/or incidence are assessed
to warrant separate disclosure to provide supplementary information to support the understanding of the Group’s financial performance.
Where a project spans a reporting period(s) the total project size and nature are considered in totality. ISI’s typically comprise costs/
profits/losses on material acquisitions/disposals/business exits, fundamental reorganisation/restructuring programmes and other
significant one-off events. ISI’s are considered to require separate presentation in the notes to the Financial Statements in order
to fairly present the financial performance of the Group.
During the year ended 31 May 2023, the Group commenced a fundamental reorganisation/restructuring programme that will span future
reporting periods. In particular, it is expected that material costs will be incurred for the years ending 31 May 2024 and 2025 and the
Group will have to exercise judgement in assessing whether the restructuring items should be classified as individual significant items,
this will involve taking into account the nature of the item, cause of occurrence scale of the impact of those items on the reported
performance and after considering the original reorganisation programme principles and plans.
Foreign currencies
Transactions in foreign currencies are recorded using the appropriate monthly exchange rate ruling at the date of the transaction.
Monetary assets and liabilities denominated in foreign currencies are retranslated using the exchange rate ruling at the Balance
Sheet date and the gains or losses on translation are included in the Income Statement.
The assets and liabilities of overseas subsidiaries denominated in foreign currencies are retranslated at the exchange rate ruling at
the Balance Sheet date. The income statements of overseas subsidiary undertakings are translated at the average exchange rates
for the financial year. Gains and losses arising on the retranslation of overseas subsidiary undertakings are taken to the currency
translation reserve. They are released to the Income Statement upon disposal of the subsidiary to which they relate.
Foreign currency differences arising from the translation of qualifying cash flow hedges are recognised in OCI to the extent that
the hedges are effective.
Derivative financial instruments and hedge accounting
The Group holds derivative financial instruments to hedge its foreign currency risk exposures. Derivatives are initially measured at fair
value. Subsequent to initial recognition, derivatives are measured at fair value, and changes therein are generally recognised in profit
or loss. The Group designates certain derivatives as hedging instruments to hedge the variability in cash flows associated with highly
probable forecast transactions arising from changes in foreign exchange rates. At inception of designated hedging relationships, the
Group documents the risk management objective and strategy for undertaking the hedge. The Group also documents the economic
relationship between the hedged item and the hedging instrument, including whether the changes in cash flows of the hedged item
and hedging instrument are expected to offset each other.
Cash flow hedges
When a derivative is designated as a cash flow hedging instrument, the effective portion of changes in the fair value of the derivative
is recognised in OCI and accumulated in the hedging reserve. The effective portion of changes in the fair value of the derivative that
is recognised in OCI is limited to the cumulative change in fair value of the hedged item, determined on a present value basis, from
inception of the hedge. Any ineffective portion of changes in the fair value of the derivative is recognised immediately in profit or loss.
The Group designates only the change in fair value of the spot element of forward exchange contracts as the hedging instrument
in cash flow hedging relationships. The change in fair value of the forward element of forward exchange contracts (forward points)
is separately accounted for as a cost of hedging and recognised in a costs of hedging reserve within equity.
When the hedged forecast transaction subsequently results in the recognition of a non-financial item, the amount accumulated in the
hedging reserve and the cost of hedging reserve is included directly in the initial cost of the non-financial item when it is recognised.
For all other hedged forecast transactions, the amount accumulated in the hedging reserve and the cost of hedging reserve is
reclassified to profit or loss in the same period or periods during which the hedged expected future cash flows affect profit or loss.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
171
Financial statements�1 Accounting policies continued
Cash flow hedges continued
If the hedge no longer meets the criteria for hedge accounting or the hedging instrument is sold, expires, is terminated or is exercised,
then hedge accounting is discontinued prospectively. When hedge accounting for cash flow hedges is discontinued, the amount that
has been accumulated in the hedging reserve remains in equity until, for a hedge of a transaction resulting in the recognition of a
non-financial item, it is included in the non-financial item’s cost on its initial recognition or, for other cash flow hedges, it is reclassified
to profit or loss in the same period or periods as the hedged expected future cash flows affect profit or loss. If the hedged future cash
flows are no longer expected to occur, then the amounts that have been accumulated in the hedging reserve and the cost of hedging
reserve are immediately reclassified to profit or loss.
Colleague benefits – defined contribution pensions
The Group operates a defined contribution pension scheme. The assets of the scheme are kept separate from those of the Group
in an independently administered fund. The amount charged as an expense in the Income Statement represents the contributions
payable to the scheme in respect of the accounting period.
Short-term benefits
Short-term colleague benefit obligations are measured on an undiscounted basis and are expensed as the related service is provided.
A liability is recognised for the amount expected to be paid under short-term cash bonus or profit-sharing plans if the Group has
a present legal or constructive obligation to pay this amount as a result of past service provided by the colleague and the obligation
can be estimated reliably.
Share-based payment transactions
Share-based payments in which the Group receives goods or services as consideration for its own equity instruments are accounted
for as equity settled share-based payment transactions, regardless of how the equity instruments are obtained by the Group.
The grant date fair value of share-based payment awards granted to colleagues is recognised as a colleague expense, with
a corresponding increase in equity, over the period that the colleagues become unconditionally entitled to the awards. The fair value
of the options granted is measured using an option valuation model, taking into account the terms and conditions upon which the
options were granted.
The amount recognised as an expense is adjusted to reflect the actual number of awards for which the related service and non-
market vesting conditions are expected to be met, such that the amount ultimately recognised as an expense is based on the number
of awards that do meet the related service and non-market performance conditions at the vesting date. For share-based payment
awards with non-vesting conditions, the grant date fair value of the share-based payment is measured to reflect such conditions
and there is no true-up for differences between expected and actual outcomes.
Share-based payment transactions in which the Group receives goods or services by incurring a liability to transfer cash or other
assets that is based on the price of the Group’s equity instruments are accounted for as cash settled share-based payments. The fair
value of the amount payable to colleagues is recognised as an expense, with a corresponding increase in liabilities, over the period
in which the colleagues become unconditionally entitled to payment. The liability is remeasured at each Balance Sheet date and at
settlement date. Any changes in the fair value of the liability are recognised as personnel expense within the Income Statement.
Where the Company grants options over its own shares to the colleagues of a subsidiary it recognises in its individual Financial
Statements, an increase in the cost of investment in that subsidiary equivalent to the equity settled share-based payment charge
is recognised in respect of that subsidiary in its consolidated Financial Statements with the corresponding credit being recognised
directly in equity.
Holiday or vacation pay
The Group recognises a liability in the Balance Sheet for any earned but not yet taken holiday entitlement for staff. Earned holiday
is calculated on a straight-line basis over a holiday year, which can vary by business unit. Taken holiday is based on actually taken
holiday. Any movement in the liability between the opening and closing balance in the year is recorded as a colleague cost or
a reduction in colleague costs in the Income Statement in the year.
Borrowings
Borrowings are recognised initially at fair value less attributable transaction costs. Subsequent to initial recognition, borrowings
are stated at amortised cost with any difference between cost and redemption value being recognised in the Income Statement
over the period of the borrowings on an effective interest basis.
Finance costs
Finance costs are recognised within the Income Statement in the year in which they are incurred.
Provisions
Provisions are determined by discounting the expected future cash flows at a pre-tax rate that reflects current market assessments
of the time value of money and the risks specific to the liability. The unwinding of the discount is recognised as finance cost.
172
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�1 Accounting policies continued
Taxation
Taxation on the profit or loss for the year comprises current and deferred taxation. Taxation is recognised in the Income
Statement except to the extent that it relates to items recognised directly in equity, in which case it is recognised in equity.
Current tax is the expected tax payable or receivable on the taxable income or loss for the year, using tax rates enacted or
substantively enacted at the Balance Sheet date, and any adjustment to tax payable in respect of previous years.
Deferred tax is provided on temporary differences between the carrying amounts of assets and liabilities for financial reporting
purposes and the amounts used for taxation purposes. The following temporary differences are not provided for: the initial
recognition of goodwill; the initial recognition of assets or liabilities that affect neither accounting nor taxable profit other than
in a business combination; and differences relating to investments in subsidiaries to the extent that they will probably not reverse
in the foreseeable future. The amount of deferred tax provided is based on the expected manner of realisation or settlement of the
carrying amount of assets and liabilities, using tax rates enacted or substantively enacted at the Balance Sheet date. A deferred tax
asset is recognised only to the extent that it is probable that future taxable profits will be available against which the temporary
difference can be utilised.
UK RDEC tax credits are recognised for the UK tax jurisdiction within administrative expenses and R&D US tax credits within income
tax for the US tax jurisdiction.
Intra-group financial instruments
Where the Company enters into financial guarantee contracts to guarantee the indebtedness of other companies within the Group,
the Company considers these to be insurance arrangements and accounts for them as such. In this respect the Company treats the
guarantee contract as a contingent liability until such time as it becomes probable that the Company will be required to make a
payment under the guarantee.
Cash and cash equivalents
Cash and cash equivalents comprise cash in hand and deposits repayable on demand. Bank overdrafts that are repayable on demand
form part of the Group’s cash management and are included as a component of cash and cash equivalents for the purpose only of the
Statement of Cash Flows.
Treasury shares
NCC Group plc shares held by the Group are deducted from equity as “treasury shares” and are recognised at cost. Consideration
received for the sale of such shares is also recognised in equity, with any difference between the proceeds from sale and the original
cost being taken to reserves. No gain or loss is recognised in the Income Statement on the purchase, sale, issue or cancellation of
equity shares.
2 Critical accounting judgements and key sources of estimation uncertainty
The preparation of Financial Statements requires management to exercise judgement in applying the Group’s accounting policies. Different
judgements would have the potential to change the reported outcome of an accounting transaction or Statement of Financial Position.
It also requires the use of estimates that affect the reported amounts of assets, liabilities, income and expenses. Actual results may differ
from these estimates. Estimates and underlying assumptions are reviewed on an ongoing basis, with changes recognised in the period in
which the estimates are revised and in any future periods affected. The table below shows those areas of critical accounting judgements
and estimates that the Directors consider material and that could reasonably change significantly in the next year.
Accounting area
Impairment of goodwill
Valuation of separately identifiable intangible assets (prior year)
Accounting
judgement?
Accounting
estimate?
No
No
Yes
Yes
2.1 Critical accounting judgements
No critical accounting judgements have been made in applying accounting policies that have the most significant effects
on the amounts recognised in the consolidated Financial Statements.
2.2 Key sources of estimation uncertainty
Information about estimation uncertainties that have a significant risk of resulting in a material adjustment to the carrying values
of assets and liabilities within the next financial year is addressed below.
While every effort is made to ensure that such estimates and assumptions are reasonable, by their nature they are uncertain, and as
such changes in estimates and assumptions may have a material impact. Estimates and assumptions used in the preparation of the
Financial Statements are continually reviewed and revised as necessary at each reporting date.
The Directors have considered the impact of climate change on the following estimation uncertainties. Due to nature of the climate
change impact on the Group, no material impact has been identified.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
173
Financial statements�2 Critical accounting judgements and key sources of estimation uncertainty continued
2.2 Key sources of estimation uncertainty continued
Impairment of goodwill
The Group has significant balances relating to goodwill at 31 May 2023 as a result of acquisitions of businesses in previous years. The
carrying value of goodwill at 31 May 2023 is £255.8m (2022: £266.1m). Goodwill balances are tested annually for impairment. The
Group allocated goodwill to cash-generating units (CGUs) which represent the lowest level of asset groupings that generate
separately identifiable cash inflows that are not dependent on other CGUs.
For the year ended 31 May 2023, tests for impairment are based on the calculation of a fair value less costs to sell (FVLCTS) which
has been used to establish the recoverable amount of the CGU. The FVLCTS valuation has been calculated by assessing the value of
each standalone CGU calculated using an Adjusted EBITDA1 multiple based on estimated sustainable earnings adjusted for specific
items where relevant. Estimated sustainable earnings has been determined taking into account past experience and includes
expectations based on a market participant view of sustainable performance of the business based on market volatility and
uncertainty as at 31 May 2023.
The sustainable earnings figures used in this calculation include key assumptions regarding sustainable revenues and costs for the
business. If the assumptions and estimates used in this valuation prove to be incorrect, the carrying value of goodwill may be overstated.
The two CGUs which are most sensitive to reasonably possible changes in sustainable earnings are US Cyber Security2 and Europe
Cyber Security2. A description of such estimates and reasonably possible sensitivities is provided in note 12.
Valuation of separately identifiable intangible assets (prior year)
In the prior year, as part of the acquisition of the IPM business the Group has acquired an intangible asset relating to the customer
relationships acquired with a fair value of £91.4m. The valuation approach taken is an income approach, specifically the multi-period
excess earnings method (MEEM). As part of this valuation exercise certain key sources of estimation uncertainty were identified in
the prior year that did have a significant risk of resulting in a material adjustment to the carrying amounts of assets and liabilities
in the next current year. A description of such estimates and reasonably possible sensitivities is provided in Note 35.
3 Alternative Performance Measures (APMs) and adjusting items
The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined
terms under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not
intended to be a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the
current year results and comparative periods where provided.
This presentation is also consistent with the way that financial performance is measured by management and reported to the Board,
and the basis of financial measures for senior management’s compensation schemes, and provides supplementary information that
assists the user in understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure
that the Annual Report and Accounts gives a fair, balanced and understandable view of the Group’s performance, cash flows and
financial position. IAS 1 ‘Presentation of Financial Statements’ requires the separate presentation of items that are material in nature
or scale in order to allow the user of the accounts to understand underlying business performance.
We believe these APMs provide readers with important additional information on our business and this information is relevant for use
by investors, securities analysts and other interested parties as supplemental measures of future potential performance. However, since
statutory measures can differ significantly from the APMs and may be assessed differently by the reader we encourage you to consider
these figures together with statutory reporting measures noted. Specifically, we would note that APMs may not be comparable across
different companies and that certain profit related APMs may exclude recurring business transactions (e.g. acquisition related costs
and certain share-based payment charges) that impact financial performance and cash flows.
As the Group manages internally its performance at an Adjusted operating profit level (before Individually Significant Items, amortisation
of acquired intangibles and share-based payments), which management believes represents the underlying trading of the business.
This information is still disclosed as an APM within this Annual Report. This APM is reconciled to statutory operating profit, together with
the consequently Adjusted basic EPS (before amortisation of acquisition intangibles, share-based payments and Individually Significant
Items and tax effect thereon) to statutory basic EPS.
The Group has the following APMs/non-statutory measures:
APM
Closest equivalent
IFRS measure
Adjustments to reconcile
to IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Income Statement measures:
Constant
currency revenue
growth rates
Revenue growth
rates at actual
rates of currency
exchange
3
Retranslation of
comparative numbers at
current year exchange
rates to provide
constant currency
The Group also reports certain geographic
regions on a constant currency basis to reflect
the underlying performance taking into account
constant foreign exchange rates year on year.
This involves translating comparative numbers
to current year rates for comparability to enable
a growth factor to be calculated.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
174
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�3 Alternative Performance Measures (APMs) and adjusting items continued
APM
Closest equivalent
IFRS measure
Adjustments to reconcile
to IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Income Statement measures: continued
Adjusted
operating profit
Operating profit
or loss
3
Operating profit or loss
before amortisation of
acquired intangibles,
share-based payments
and Individually
Significant Items
Operating profit
or loss
Adjusted earnings
before interest, tax,
depreciation and
amortisation
(“Adjusted EBITDA”)
Adjusted basic EPS Statutory basic
EPS
Operating profit or loss,
before adjusting items,
depreciation and
amortisation, finance
costs and taxation
Statutory basic EPS
before amortisation
of acquired intangibles,
share-based payments,
Individually Significant
Items and the tax
effect thereon
Balance Sheet measures:
Net debt excluding
lease liabilities
Total borrowings
(excluding lease
liabilities) offset
by cash and cash
equivalents
3
11
3
Represents operating profit before amortisation of
acquired intangibles, share-based payments and
Individually Significant Items.
This measure is to allow the user to understand
the Group’s underlying financial performance as
measured by management, reported to the Board
and used as a financial measure in senior
management’s compensation schemes.
The Directors consider amortisation of acquired
intangibles is a non-cash accounting charge
inherently linked to losses associated with
historical acquisitions of businesses.
The Directors consider share-based payments to
be an adjusting item on the basis that fair values
are volatile due to movements in share price,
which may not be reflective of the underlying
performance of the Group.
Individually Significant Items are items that are
considered unusual by nature or scale and are
of such significance that separate disclosure is
relevant to understanding the Group’s financial
performance and therefore requires separate
presentation in the Financial Statements in order
to fairly present the financial performance of
the Group.
Represents operating profit before adjusting items,
depreciation and amortisation to assist in the
understanding of the Group’s performance.
Adjusted EBITDA is disclosed as this is a measure
widely used by various stakeholders and used by
the Group to measure the cash conversion ratio.
Represents basic EPS before amortisation of
acquired intangibles, share-based payments
and Individually Significant Items.
This measure is to allow the user to understand
the Group’s underlying financial performance as
measured by management, reported to the Board
and used as a financial measure in senior
management’s compensation schemes.
See further details above in relation to
amortisation of acquired intangibles and share-
based payments.
Represents total borrowings (excluding lease
liabilities) offset by cash and cash equivalents.
It is a useful measure of the progress in generating
cash, strengthening of the Group Balance Sheet
position, overall net indebtedness and gearing on
a like-for-like basis.
Net cash/(debt), when compared to available
borrowing facilities, also gives an indication of
available financial resources to fund potential
future business investment decisions and/or
potential acquisitions.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
175
Financial statements
�3 Alternative Performance Measures (APMs) and adjusting items continued
APM
Closest equivalent
IFRS measure
Adjustments to reconcile
to IFRS measure
Note reference
for reconciliation
Definition, purpose and considerations
made by the Directors
Balance Sheet measures: continued
Net debt
Total borrowings
(including lease
liabilities) offset
by cash and cash
equivalents
Cash flow measure:
Cash conversion
ratio
Ratio % of net
cash flow from
operating
activities before
interest and tax
divided by
operating profit
Ratio % of net cash
flow from operating
activities before
interest and tax divided
by EBITDA
3
3
Represents total borrowings (including lease
liabilities) offset by cash and cash equivalents.
It is a useful measure of the progress in generating
cash, strengthening of the Group Balance Sheet
position, overall net indebtedness and gearing
including lease liabilities.
Net cash/(debt), when compared to available
borrowing facilities, also gives an indication of
available financial resources to fund potential
future business investment decisions and/or
potential acquisitions.
The cash conversion ratio is a measure of how
effectively operating profit is converted into cash
and effectively highlights both non-cash
accounting items within operating profit and
also movements in working capital.
It is calculated as net cash flow from operating
activities before interest and taxation (as disclosed
on the face of the Cash Flow Statement) divided by
EBITDA for continuing activities.
The cash conversion ratio is a measure widely used
by various stakeholders and hence is disclosed to
show the quality of cash generation and also to allow
comparison to other similar companies.
The above APMs are consistent with those reported for the year ended 31 May 2022, except for the removal of the Group revenue and
Software Resilience revenue excluding IPM acquisition, which have been removed now that the Group has comparable data following
the acquisition in June 2021.
Adjusted EBITDA and Adjusted operating profit
The calculation of Adjusted EBITDA and Adjusted operating profit from continuing operations is set out below:
Operating profit
Depreciation of property, plant and equipment
Depreciation of right-of-use assets
Amortisation of customer contracts and relationships (acquired intangibles)
Amortisation of software and development costs
Individually Significant Items (Note 5)
Share-based payments charge (Note 26)
Adjusted EBITDA
Depreciation and amortisation (excluding amortisation charged on acquired intangibles)
2023
£m
1.9
4.5
5.7
10.0
2.4
14.7
2.2
41.4
(12.6)
2022
£m
34.7
3.9
5.4
8.6
1.8
0.9
3.9
59.2
(11.1)
Adjusted operating profit
28.8
48.1
176
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�3 Alternative Performance Measures (APMs) and adjusting items continued
Net debt excluding lease liabilities and net debt
The calculation of net debt excluding lease liabilities and net debt is set out below:
Cash and cash equivalents (Note 24)
Bank overdraft (Note 24)
Borrowings (Note 24)
Net debt excluding lease liabilities
Lease liabilities
Net debt
Cash conversion ratio
The calculation of the cash conversion ratio is set out below:
Cash generated from operating activities before interest and taxation (A)
Adjusted EBITDA (B)
Cash conversion ratio (%) (A)/(B)
2023
£m
34.1
(1.8)
2022
£m
73.2
—
(81.9)
(125.6)
(49.6)
(30.0)
(52.4)
(32.6)
(79.6)
(85.0)
2023
£m
42.6
41.4
2022
£m
60.3
59.2
102.9%
101.9%
Constant currency revenue
The following tables show how constant currency revenue growth has been calculated and reconciled to statutory actual rate growth.
Group
Revenue:
Total revenue
Revenue
2023
£m
Revenue
2022
£m
%
change at
actual rates
Revenue
2023
£m
Constant
currency
revenue
2022
£m
%
change at
constant
currency
335.1
314.8
6.4%
335.1
330.3
1.5%
Unaudited proforma total revenue
Following the acquisition of IPM in the prior period, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m
respectively. Management was required to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the
level of deferred revenue acquired of £12.1m. This had resulted in a downward adjustment to the book value of IPM’s deferred revenues
reflecting the fair value of service still to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher for
the 12 months ended 31 May 2022.
On this basis, management has set out below unaudited proforma information to show the consequential impact on the Group results
for the year ended 31 May 2023. Unaudited proforma total revenue is not a statutory measure.
Total revenue
Software Resilience revenue adjustment
Unaudited proforma total revenue
Revenue
2023
£m
Revenue
2022 *
£m
%
change at
actual rates
Revenue
2023
£m
Constant
currency
revenue
2022 *
£m
%
change at
constant
currency
335.1
—
314.8
4.4
335.1
319.2
6.4%
n/a
5.0%
335.1
—
330.3
4.8
335.1
335.1
1.5%
n/a
—
* 2022 revenue is not a statutory measure and includes the Software Resilience revenue adjustment.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
177
Financial statements
�3 Alternative Performance Measures (APMs) and adjusting items continued
Constant currency revenue continued
Cyber Security 2
Cyber Security 2 revenue analysis – by originating country:
UK and APAC
North America
Europe
Revenue
2023
£m
Revenue
2022
£m
%
change at
actual rates
Revenue
2023
£m
118.4
99.3
53.1
114.6
94.1
49.8
3.3%
5.5%
6.6%
118.4
99.3
53.1
Constant
currency
revenue
2022
£m
115.0
104.4
51.1
%
change at
constant
currency
3.0%
(4.9%)
3.9%
Total Cyber Security 2 revenue
270.8
258.5
4.8%
270.8
270.5
0.1%
UK and APAC
North America
Europe
Revenue
H1 2023
£m
Revenue
H1 2022
£m
%
change at
actual rates
Revenue
H1 2023
£m
61.6
59.2
24.2
54.6
44.0
24.6
12.8%
34.5%
(1.6%)
61.6
59.2
24.2
Constant
currency
revenue
H1 2022
£m
55.0
51.0
24.9
%
change at
constant
currency
12.0%
16.1%
(2.8%)
Total Cyber Security 2 revenue
145.0
123.2
17.7%
145.0
130.9
10.8%
UK and APAC
North America
Europe
Revenue
H2 2023
£m
Revenue
H2 2022
£m
%
change at
actual rates
Revenue
H2 2023
£m
56.8
40.1
28.9
60.0
50.1
25.2
(5.3%)
(20.0%)
14.7%
56.8
40.1
28.9
Constant
currency
revenue
H2 2022
£m
60.0
53.4
26.2
%
change at
constant
currency
(5.3%)
(24.9%)
10.3%
Total Cyber Security 2 revenue
125.8
135.3
(7.0%)
125.8
139.6
(9.9%)
Cyber Security 1 revenue analysed by type of service/product line:
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
Revenue
2023
£m
199.3
67.8
3.7
Restated *
Revenue
2022
£m
195.4
58.6
4.5
%
change at
actual rates
Revenue
2023
£m
Restated *
Constant
currency
revenue
2022
£m
2.0%
15.7%
(17.8%)
199.3
205.6
67.8
3.7
60.3
4.6
%
change at
constant
currency
(3.1%)
12.4%
(19.6%)
Total Cyber Security 2 revenue
270.8
258.5
4.8%
270.8
270.5
0.1%
* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £6.4m has been represented within GPS
rather than product sales.
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
Revenue
H1 2023
£m
Revenue
H1 2022
£m
%
change at
actual rates
Revenue
H1 2023
£m
111.1
32.2
1.7
93.6
28.4
1.2
18.7%
13.4%
41.7%
111.1
32.2
1.7
Constant
currency
revenue
H1 2022
£m
100.6
29.1
1.2
%
change at
constant
currency
10.4%
10.7%
41.7%
Total Cyber Security 2 revenue
145.0
123.2
17.7%
145.0
130.9
10.8%
2 Formerly Assurance.
178
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�3 Alternative Performance Measures (APMs) and adjusting items continued
Constant currency revenue continued
Cyber Security2 continued
Global Professional Services (GPS)
Global Managed Services (GMS)
Product sales (own and third party)
Revenue
H2 2023
£m
Revenue
H2 2022
£m
%
change at
actual rates
Revenue
H2 2023
£m
Constant
currency
revenue
H2 2022
£m
%
change at
constant
currency
88.2
35.6
2.0
101.8
30.2
3.3
(13.4%)
17.9%
(39.4%)
88.2
35.6
2.0
105.0
(16.0%)
31.2
3.4
14.1%
(41.2%)
Total Cyber Security2 revenue
125.8
135.3
(7.0%)
125.8
139.6
(9.9%)
Software Resilience
Software Resilience revenue analysis – by originating country:
UK
North America
Europe
Total Software Resilience revenue
UK
North America
Europe
Total Software Resilience revenue
UK
North America
Europe
Total Software Resilience revenue
Software Resilience revenues analysed by service line:
Revenue
2023
£m
Revenue
2022
£m
%
change at
actual rates
Revenue
2023
£m
25.8
34.5
4.0
64.3
25.4
26.8
4.1
56.3
1.6%
28.7%
(2.4%)
14.2%
25.8
34.5
4.0
64.3
Revenue
H1 2023
£m
Revenue
H1 2022
£m
%
change at
actual rates
Revenue
H1 2023
£m
12.3
17.3
2.0
31.6
12.6
12.3
2.0
(2.4%)
40.7%
—
26.9
17.5%
12.3
17.3
2.0
31.6
Revenue
H2 2023
£m
Revenue
H2 2022
£m
%
change at
actual rates
Revenue
H2 2023
£m
13.5
17.2
2.0
32.7
12.8
14.5
2.1
5.5%
18.6%
(4.8%)
29.4
11.2%
13.5
17.2
2.0
32.7
Revenue
2023
£m
Revenue
2022
£m
%
change at
actual rates
Revenue
2023
£m
Constant
currency
revenue
2022
£m
25.4
30.2
4.2
%
change at
constant
currency
1.6%
14.2%
(4.8%)
59.8
7.5%
Constant
currency
revenue
H1 2022
£m
12.7
14.7
2.0
%
change at
constant
currency
(3.1%)
17.7%
—
29.4
7.5%
Constant
currency
revenue
H2 2022
£m
12.7
15.5
2.2
%
change at
constant
currency
6.3%
11.0%
(9.1%)
30.4
7.6%
Constant
currency
revenue
2022
£m
%
change at
constant
currency
Software Resilience contracts
Verification services
Total Software Resilience revenue
42.8
21.5
64.3
38.1
18.2
12.3%
18.1%
56.3
14.2%
42.8
21.5
64.3
40.4
19.4
5.9%
10.8%
59.8
7.5%
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
179
Financial statements
�3 Alternative Performance Measures (APMs) and adjusting items continued
Constant currency revenue continued
Software Resilience continued
Software Resilience contracts
Verification services
Total Software Resilience revenue
Software Resilience contracts
Verification services
Total Software Resilience revenue
Revenue
H1 2023
£m
Revenue
H1 2022
£m
%
change at
actual rates
Revenue
H1 2023
£m
Constant
currency
revenue
H1 2022
£m
%
change at
constant
currency
21.3
10.3
31.6
18.7
8.2
13.9%
25.6%
26.9
17.5%
21.3
10.3
31.6
20.6
8.8
3.4%
17.0%
29.4
7.5%
Revenue
H2 2023
£m
Revenue
H2 2022
£m
%
change at
actual rates
Revenue
H2 2023
£m
21.5
11.2
32.7
19.4
10.0
10.8%
12.0%
29.4
11.2%
21.5
11.2
32.7
Constant
currency
revenue
H2 2022
£m
19.8
10.6
30.4
%
change at
constant
currency
8.6%
5.7%
7.6%
Software Resilience unaudited proforma total revenue
Following the acquisition of IPM in the prior period, goodwill and intangible assets were recognised amounting to £68.6m and £92.6m
respectively. Management was required to recognise all assets and liabilities at fair value, giving rise to a fair value adjustment on the
level of deferred revenue acquired of £12.1m. This had resulted in a downward adjustment to the book value of IPM’s deferred revenues
reflecting the fair value of service still to be delivered. If the fair value adjustment had not applied, revenue would be £4.4m higher
for the 12 months ended 31 May 2022.
On this basis, management has set out below unaudited proforma information to show the consequential impact on the Group results
for the year ended 31 May 2023. Software Resilience unaudited proforma total revenue is not a statutory measure.
Software Resilience contracts
Verification services
Software Resilience unaudited proforma total revenue
Revenue
2023
£m
Revenue
2022 1
£m
%
change at
actual rates
Revenue
2023
£m
Constant
currency
revenue
2022 1
£m
%
change at
constant
currency
42.8
21.5
64.3
42.3
18.4
60.7
1.2%
16.8%
5.9%
42.8
21.5
64.3
45.0
19.6
(4.9%)
9.7%
64.6
(0.5%)
1 2022 revenue is not a statutory measure and includes the Software Resilience revenue adjustment.
180
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�4 Segmental information
The Group is organised into the following two (2022: two) reportable segments: Cyber Security 2 and Software Resilience.
The two reporting segments provide distinct types of service. Within each of the reporting segments the operating segments provide
a homogeneous group of services. The operating segments are grouped into the reporting segments on the basis of how they
are reported to the Chief Operating Decision Maker (CODM) for the purposes of IFRS 8 ‘Operating Segments’, which is considered
to be the Board of Directors of NCC Group plc.
Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they provide,
common management structures, and their relatively homogeneous commercial and strategic market environments. Performance is
measured based on reporting segment profit, which comprises Adjusted operating profit1 and adjusting items are not allocated to business
segments. Interest and tax are also not allocated to business segments and there are no intra-segment sales.
Segmental analysis 2023
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Finance costs
Loss before taxation
Taxation
Loss for the year
Segmental analysis 2022
Revenue
Cost of sales
Gross profit
Gross margin %
General administrative expenses allocated
Adjusted EBITDA 1
Depreciation and amortisation
Adjusted operating profit 1
Individually Significant Items (Note 5)
Amortisation of acquired intangibles
Share-based payments
Operating profit
Finance costs
Profit/(loss) before taxation
Taxation
Profit for the year
(5.2)
(90.6)
Cyber
Security 2
£m
Software
Resilience
£m
Central and
head office
£m
270.8
(184.7)
86.1
31.8%
(70.7)
15.4
(8.5)
6.9
(12.3)
(1.2)
(1.6)
64.3
(18.4)
45.9
71.4%
(14.7)
31.2
(0.6)
30.6
(2.4)
(5.8)
(0.1)
(8.2)
22.3
(12.2)
Cyber
Security 2
£m
Software
Resilience
£m
Central and
head office
£m
258.5
(166.2)
92.3
35.7%
(53.2)
39.1
(7.2)
56.3
(16.0)
40.3
71.6%
(17.5)
22.8
(0.8)
31.9
22.0
—
(0.9)
(2.1)
(0.9)
(4.8)
(0.3)
28.9
16.0
(10.2)
—
—
—
(5.2)
(3.5)
(8.7)
—
(3.0)
(0.5)
—
—
—
—
(2.7)
(3.1)
(5.8)
—
(2.9)
(1.5)
Group
£m
335.1
(203.1)
132.0
39.4%
41.4
(12.6)
28.8
(14.7)
(10.0)
(2.2)
1.9
(6.2)
(4.3)
(0.3)
(4.6)
Group
£m
314.8
(182.2)
132.6
42.1%
59.2
(11.1)
48.1
(0.9)
(8.6)
(3.9)
34.7
(3.7)
31.0
(8.0)
23.0
(2.7)
(73.4)
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
181
Financial statements
�4 Segmental information continued
Segmental analysis 2023
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Segmental analysis 2022
Additions to non-current assets
Reportable segment assets
Reportable segment liabilities
Cyber
Security 2
£m
7.0
123.7
(131.4)
Cyber
Security 2
£m
9.0
128.7
(102.0)
Software
Resilience
£m
Central and
head office
£m
0.3
180.5
(21.0)
4.3
197.2
(70.8)
Software
Resilience
£m
Central and
head office
£m
161.5
236.9
4.7
210.8
Group
£m
11.6
501.4
(223.2)
Group
£m
175.2
576.4
(36.5)
(144.7)
(283.2)
The Central and head office cost centre is not considered to be a separate operating segment nor part of any other operating segment
as it does not generate any revenues. Included within Central and head office are assets and liabilities not specifically allocated to the
reporting segments and include investments, head office tangible and intangible assets, deferred tax assets and liabilities, right-of-use
assets and associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions. Central and head office
assets and liabilities are disclosed to allow a reconciliation back to the Group’s assets and liabilities.
The net book value of non-current assets (excluding deferred tax assets) is analysed geographically as follows:
UK
APAC
North America
Europe
Total non‑current assets
2023
£m
164.6
2.4
222.6
8.5
2022
(restated) *
£m
171.4
2.8
234.4
11.3
398.1
419.9
* Restated to reflect non-current assets (excluding deferred tax assets) previously stated at £417.4m (which included deferred tax assets) and represented
to present APAC non-current assets of £2.8m separately from the UK segment. UK and APAC previously presented £175.6m non-current assets, this is now
presented as APAC £2.8m and the UK restated to £171.4m. North America previously presented £230.5m non-current assets, this has now been restated to
£234.4m to reconcile with the closing balance sheet.
Revenue is disaggregated by primary geographical market, by category and by timing of revenue recognition as follows:
Revenue by originating country
UK
APAC
North America
Europe
Total revenue
Revenue by category
Services
Products
Total revenue
Cyber
Security 2
£m
Software
Resilience
£m
2023
Total
£m
Cyber
Security 2
£m
Software
Resilience
£m
2022
Total
£m
106.6
11.8
99.3
53.1
25.8
—
34.5
4.0
132.4
11.8
133.8
57.1
103.9
10.7
94.1
49.8
270.8
64.3
335.1
258.5
25.4
—
26.8
4.1
56.3
Cyber
Security 2
£m
Software
Resilience
£m
2023
Total
£m
Restated
Cyber
Security *2
£m
Software
Resilience
£m
129.3
10.7
120.9
53.9
314.8
2022
Total
£m
267.1
3.7
64.3
—
331.4
254.0
3.7
4.5
56.3
—
310.3
4.5
270.8
64.3
335.1
258.5
56.3
314.8
* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £6.4m has been restated within services
rather than product sales.
2 Formerly Assurance.
182
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�4 Segmental information continued
Cyber
Security 2
£m
Software
Resilience
£m
2023
Total
£m
Restated
Cyber
Security 2, *
£m
Software
Resilience
£m
2022
Total
£m
Timing of revenue recognition
Services and products transferred over time
Services and products transferred at a point in time
252.9
17.9
42.8
21.5
295.7
39.4
242.4
16.1
37.6
18.7
280.0
34.8
Total revenue
270.8
64.3
335.1
258.5
56.3
314.8
* Restated to present revenue by category to be consistent with amounts reported to management. Revenue of £192.8m has restated within services and
products transferred over time rather than within services and products transferred at a point in time in the Cyber Security1 division consistent with the
accounting policy applied.
There are no customer contracts in either 2023 or 2022 which account for more than 10% of segment revenue.
5 Individually Significant Items (ISI)
The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently
unusual in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately
identified and excluded from adjusted results (as explained in Note 3).
North America Cyber Security2 goodwill impairment
Fundamental re-organisation costs
Costs associated with strategic review of Software Resilience business
NCC Group A/S goodwill impairment
IPM Software Resilience business deferred income adjustment
Profit on disposal of DDI business
Costs directly attributable to the acquisition of IPM Software Resilience business
Total ISIs
Reference
a
b
c
d
e
f
g
2023
£m
9.8
4.2
3.0
3.0
(0.6)
(4.7)
—
14.7
2022
£m
—
—
—
—
—
—
0.9
0.9
£2.7m of costs associated with the strategic review of the Software Resilience business and £0.8m of fundamental re-organisation costs
(total £3.5m) have been accrued for at the year ended 31 May 2023, of which £0.3m are recognised as a redundancy provision. The
remaining £3.7m of these costs have been paid as cash during the year ended 31 May 2023 (2022: £nil costs accrued and £0.9m paid as
cash).
(a) North America Cyber Security2 goodwill impairment
Following the annual impairment review of Goodwill, an impairment has been recognised amounting to £9.8m. For further details,
please see note 12. Such costs meet the Group’s policy for ISIs as this is a significant one-off event.
(b) Fundamental re-organisation costs
In order to implement the next chapter of the Group’s strategy to enhance future growth, certain strategic actions are required
including reshaping the Group global delivery and operational model. This reshaping is considered a fundamental reorganisation and
restructuring programme (meeting the Group’s policy for ISIs) that will span reporting periods and the total project size and nature are
considered in totality. The programme commencement was accelerated following the Group experiencing specific market conditions
that validated the rationale of the next chapter of the Group’s strategy. The programme has three phases as follows:
• Phase 1 (March–April 2023) – initial reduction in global delivery and operational headcount; c.7% reduction of the Group’s
global headcount
• Phase 2 (June–September 2023) – a further reduction in global delivery, operational and corporate functions headcount prior
to opening our off-shore operations and delivery centre in Manila
• Phase 3 (October 2023–May 2025) – finalisation of the Group’s operating model
Phases 2–3 are being implemented by the Group with the assistance of a third party to ensure the Group complete the fundamental
reorganisation efficiently.
Costs of £4.2m (2022: £nil) and cash outflow of £3.4m (2022: £nil) have been incurred in relation to the implementation of this
re-organisation and are made up of severance costs, associated taxes and professional fees for advisory and legal services. It is
expected that costs will be incurred for the years ending 31 May 2024 and 2025 and the Group will have to exercise judgement in
assessing whether the restructuring items should be classified as ISI, this will involve taking into account the nature of the item, cause
of occurrence and scale of the impact of those items on the reported performance, resultant benefits and after considering the
original reorganisation programme principles and plans.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
183
Financial statements
�5 Individually Significant Items (ISI) continued
(c) Costs associated with strategic review of Software Resilience business
During February 2023, the Group announced its ongoing strategic review of the Software Resilience business and of other core
and non-core assets. During the year ended 31 May 2023, professional fees totalling £3.0m (2022: £nil) mainly in respect of
advisory services have been incurred. Such costs meet the Group’s policy for ISIs as they have been incurred as part of the wider
re-structuring/re-organisation activities that are ongoing within the Group. The Group has now stopped the strategic review of the
Software Resilience business, which will be revisited by the Board when considered appropriate.
(d) NCC Group A/S goodwill impairment
On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part
of the Europe Cyber Security 1 CGU. Following that re-organisation, the cash inflows associated with the Danish business are separately
identifiable and therefore the carrying value of the CGU assets has been assessed separately for impairment at 31 May 2023. The
charge of £3.0m (2022: £nil) represents the impairment of goodwill associated with the Danish business following completion of that
review. Such profits meet the Group’s policy for ISIs as this is a significant one-off event.
(e) IPM Software Resilience business deferred income adjustment
This represents an adjustment to the opening deferred income balance in respect of the IPM acquisition in June 2021. During FY23,
opening deferred income balances on verification tests totalling £0.6m have been identified for which the work has not been
performed and the statute of limitations has now expired. As the period of hindsight for adjusting goodwill has now expired
management has released these amounts to the income statement. Given the nature of this release which would typically have been
adjusted to goodwill it is considered to meet the definition of an individually significant item and has been classified as such.
(f) Profit on disposal of DDI business
On 31 December 2022, the Group disposed of its DDI business for cash consideration of £5.8m. The profit of £4.7m (2022: £nil) is
directly attributable to the disposal of the DDI business. Please see Note 34 for further details. Such profits meet the Group’s policy
for ISIs as the proceeds represent a material profit on disposal.
(g) Costs directly attributable to the acquisition of the IPM Software Resilience business
These costs are directly attributable to the material acquisition of the IPM Software Resilience business during the year ended
31 May 2022 and are therefore considered to meet the Group’s policy for ISIs. The nature of the costs includes legal, accountancy,
due diligence and other advisory services. The total costs amount to £8.5m, of which £nil has been charged to the Income Statement
in the year ended 31 May 2023 (2022: £0.9m, 2021: £7.6m). Of the total costs of £8.5m incurred, the Group saw a cash outflow of £nil
in the year ended 31 May 2023 (2022: £7.3m, 2021: £1.2m). The difference between the cash outflow and the costs charged to the
Income Statement relates to £6.4m of costs relating to services performed in the year ended 31 May 2021 but for which the cash
outflow did not occur until the year ended 31 May 2022 in line with supplier payment terms.
6 Expenses and auditor’s remuneration
Loss/(profit) before taxation is stated after charging/(crediting):
Amounts receivable by auditor and its associates in respect of:
Audit of these Financial Statements
Audit of Financial Statements of subsidiaries pursuant to legislation
Total audit 2
Amortisation of development costs (Note 12)
Amortisation of software costs (Note 12)
Amortisation of acquired intangibles (Note 12)
Depreciation of property, plant and equipment (Note 13)
Depreciation of right-of-use assets (Note 14)
Impairment charge/(reversal) of right-of-use-assets
Impairment of software costs
Individually Significant Items (ISIs) (Note 5)
Credit losses recognised on financial assets (Note 17)
Cost of inventories recognised as an expense
Foreign exchange losses/(gains)
Lease rental costs charged:
– Hire of property, plant and equipment 3
Research and development UK tax credits
Profit on disposal of right-of-use assets
1 Formerly Assurance.
2023
£m
2022
£m
1.1
0.2
1.3
1.2
1.2
10.0
4.5
5.7
0.5
0.6
14.7
(1.5)
0.6
0.6
—
(0.5)
(0.7)
1.0
0.2
1.2
0.9
0.9
8.6
3.9
5.4
(0.1)
—
0.9
0.6
1.0
(0.6)
0.1
(1.0)
—
2 The only non-audit service provided by the auditor was for the interim review at 30 November 2021, for which the fee was £80,000. No interim review was
performed in the year ended 31 May 2023.
3 The charge to the Income Statement in respect of lease rental costs relates entirely to short-term leases for which the Group has taken the exemption
allowed from applying the principles of IFRS 16.
184
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�7 Staff numbers and costs
Directors’ emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of
2023 were £2.3m (2022: £2.2m). Employer contributions to pensions for Executive Directors for qualifying periods were £nil (2022: £nil).
The Company provided pension payments in lieu of pension contributions for three (2022: two) Executive Directors during the year
ended 31 May 2023 amounting to £32,000 (2022: £44,000). The aggregate net value of share awards granted to the Directors in the
period was £1.9m (2022: £1.4m). The net value has been calculated by reference to the closing mid-market price of the Company’s
shares on the day before the date of grant. During the year, 98,598 (2022: 237,448) share options were exercised by Directors and
their gain on exercise of share options was £13,463 (2022: £20,895).
The average monthly number of persons employed by the Group during the year, including Executive Directors, is analysed
by category as follows:
Operational
Administration
Total
The aggregate payroll costs of these persons were as follows:
Wages and salaries
Share-based payments (Note 26)
Social security costs
Other pension costs (Note 31)
Total payroll costs
8 Finance costs
Interest payable on bank loans and overdrafts
Unamortised underwriting fees associated with old revolving credit facility
Interest expense on lease liabilities
Finance costs
The above finance costs relate entirely to liabilities not at fair value through profit or loss.
Number of colleagues
2023
2022
1,955
478
1,848
417
2,433
2,265
2023
£m
2022
£m
208.1
180.7
2.2
20.3
6.3
3.9
17.3
5.1
236.9
207.0
2023
£m
2022
£m
4.5
0.6
1.1
6.2
2.5
—
1.2
3.7
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
185
Financial statements
�9 Taxation
Recognised in the Income Statement
Current tax expense
Current year
Adjustment to tax expense in respect of prior periods
Impact of prior year US R&D tax credits
Foreign tax
Total current tax
Deferred tax expense
Origination and reversal of temporary differences
Movement in tax rate
Derecognition of deductible timing differences
Impact of prior year US R&D tax credits
Adjustment to tax expense in respect of prior periods
Total deferred tax
Total tax expense
Reconciliation of effective tax rate
(Loss)/profit before taxation
Current tax using the UK effective corporation tax rate of 20% (2022: 19%)
Effects of:
Items not deductible/(assessable) for tax purposes
Adjustment to tax charge in respect of prior periods
Impact of prior year US R&D tax credits
Impact of current year US R&D tax credits
Differences between overseas tax rates
Movements in temporary differences not recognised
Movement in tax rate
Total tax expense
2023
£m
2022
£m
0.1
(2.8)
(1.0)
5.9
2.2
(3.0)
(0.2)
—
(0.4)
1.7
(1.9)
0.3
2023
£m
(4.3)
(0.9)
2.6
(1.1)
(1.4)
(0.3)
1.0
0.6
(0.2)
0.3
2.2
0.2
(1.1)
6.5
7.8
(0.4)
(0.1)
0.8
—
(0.1)
0.2
8.0
2022
£m
31.0
5.9
0.5
0.1
(1.1)
(0.2)
1.7
1.2
(0.1)
8.0
Current and deferred tax recognised directly in equity was a debit of £0.1m (2022: debit £0.3m), which relates to tax on share
based payments.
A combined prior year adjustment of £(1.1)m (current tax: £(2.8)m; deferred tax: £1.7m) largely reflects an adjustment to the tax
treatment of certain revenue and costs associated with the acquisition of the IPM business in FY22.
The UK government introduced legislation in the Finance Bill 2021 to increase the main rate of UK corporation tax from 19% to 25%
with effect from 1 April 2023. The legislation was substantively enacted on 24 May 2021 and therefore UK deferred tax balances
as at 31 May 2021, 31 May 2022 and 31 May 2023 are generally measured at a rate of 25%.
Tax uncertainties
The tax expense reported for the current year and prior year is affected by certain positions taken by management where there
may be uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to the current and
previous periods. Uncertainty relates to the interpretation of US legislation applicable to periods where the statute of limitations has
not expired. For the periods ended 31 May 2017 to 31 May 2023, the aggregate net current tax benefit taken to the Income Statement
relating to US R&D tax credits is £5.6m (2022: £4.0m). As at 31 May 2023, the gross deferred tax asset relating to US R&D tax credits
is £1.4m (2022: £0.5m) although due to uncertainty a partial provision of £0.8m (2022: £0.3m) has been made against this asset.
The gross cumulative amount of US R&D tax credits amounts to £10.4m (2022: £9.3m) and the net cumulative amount is £6.2m
(2022: £5.1m). The cumulative provision of £4.2m comprises a deferred tax element (£0.8m) relating to tax credits as yet unutilised
against US tax and a current tax element (£3.4m) relating to utilised tax credits. The latter provision will unwind as the statute of
limitation windows expire for claims made in respective periods. The provision relating to utilised tax credits of £3.4m is expected
to unwind as follows: FY24: £1.2m, FY25: £1.0m, FY26: £0.4m and FY27: £0.8m.
186
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�10 Dividends
Dividends paid and recognised in the year
Dividends per share paid and recognised in the year
Dividends per share proposed but not recognised in the year
2023
£m
14.5
4.65p
3.15p
2022
£m
14.4
4.65p
3.15p
The proposed final dividend for the year ended 31 May 2023 of 3.15p per ordinary share (approximately £9.8m) was recommended
by the Board on 11 September 2023 and will be paid on 8 December 2023, to shareholders on the register at the close of business
on 10 November 2023. The ex-dividend date is 9 November 2023. The dividend will be recommended to shareholders at the AGM on
30 November 2023. The dividend has not been included as a liability as at 31 May 2023. The payment of this dividend will not
have any tax consequences for the Group.
Dividend policy
Dividends are the way the Company makes distributions from the Company’s distributable reserves to shareholders. The Board
decides the level of the dividend with each half-year reporting period (i.e. 30 November and 31 May). If an interim or final dividend
is declared, the Company pays the dividend approximately eight weeks after the results announcement. A dividend is paid for each
share, so the amount you receive depends on the number of shares you own.
The Company currently continues to pay a dividend equal to that paid in the prior years as the Board is conscious of the need
to invest in initiatives to support longer-term growth and service the debt profile following the recent acquisition.
11 Earnings per ordinary share
Earnings per ordinary share are shown on a statutory and an adjusted basis to assist in the understanding of the performance of the Group.
Statutory earnings (A)
Weighted average number of shares in issue
Less: weighted average holdings by Group ESOT
Basic weighted average number of shares in issue (C)
Dilutive effect of share options
Diluted weighted average shares in issue (D)
2023
£m
2022
£m
(4.6)
23.0
Number
of shares
m
Number
of shares
m
311.1
(0.7)
309.5
—
310.4
309.5
0.8
1.4
311.2
310.9
For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the
period during which the options are outstanding.
Earnings per ordinary share
Basic (A/C)
Diluted (A/D)
2023
Pence
2022
Pence
(1.5)
(1.5)
7.4
7.4
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
187
Financial statements
�11 Earnings per ordinary share continued
Adjusted basic EPS 1 is reconciled as follows:
Statutory earnings (A)
Amortisation of acquired intangibles
Share-based payments
Individually Significant Items (see Note 5)
Tax effect of above items
Adjusted earnings (B)
Adjusted earnings per ordinary share
Basic (B/C)
Diluted (B/D)
12 Goodwill and intangible assets
Cost:
At 1 June 2021
Additions
On acquisition
Effects of movements in exchange rates
At 31 May 2022
Additions
Disposals (see Note 34)
Effects of movements in exchange rates
2023
£m
(4.6)
10.0
2.2
14.7
(3.4)
2022
£m
23.0
8.6
3.9
0.9
(2.9)
18.9
33.5
2023
Pence
2022
Pence
6.1
6.1
10.8
10.8
Total
£m
338.2
2.9
163.6
25.8
Goodwill
£m
Software
£m
Development
costs
£m
Customer
contracts and
relationships
£m
Intangibles
sub-total
£m
238.9
—
69.7
13.5
322.1
—
(1.0)
3.5
14.5
1.6
2.5
0.1
18.7
2.5
—
—
11.7
1.3
—
(0.1)
73.1
—
91.4
12.3
99.3
2.9
93.9
12.3
12.9
176.8
208.4
530.5
0.9
—
—
—
—
2.4
3.4
—
2.4
3.4
(1.0)
5.9
At 31 May 2023
324.6
21.2
13.8
179.2
214.2
538.8
Accumulated amortisation and impairment:
At 1 June 2021
Charge for year
Effects of movements in exchange rates
At 31 May 2022
Charge for year
Impairment
Effects of movements in exchange rates
At 31 May 2023
Net book value:
At 31 May 2022
At 31 May 2023
(56.0)
—
—
(11.8)
(0.9)
—
(56.0)
(12.7)
—
(12.8)
—
(1.2)
(0.6)
—
(9.0)
(0.9)
0.1
(9.8)
(1.2)
—
(0.1)
(57.5)
(8.6)
(1.2)
(78.3)
(10.4)
(1.1)
(134.3)
(10.4)
(1.1)
(67.3)
(89.8)
(145.8)
(10.0)
—
(0.4)
(12.4)
(0.6)
(0.5)
(12.4)
(13.4)
(0.5)
(68.8)
(14.5)
(11.1)
(77.7)
(103.3)
(172.1)
266.1
255.8
6.0
6.7
3.1
2.7
109.5
118.6
384.7
101.5
110.9
366.7
Development costs are capitalised in accordance with IAS 38 development criteria. For this reason, these are not regarded as
realised losses.
The impairment of software of £0.6m relates to a specific asset under development which was no longer deemed to be economically
viable and therefore development was ceased.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
188
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�12 Goodwill and intangible assets continued
Cash generating units (CGUs)
Goodwill and intangible assets are allocated to CGUs in order to be assessed for potential impairment. CGUs are defined by accounting
standards as the lowest level of asset groupings that generate separately identifiable cash inflows that are not dependent on other CGUs.
On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part
of the Europe Cyber Security 2 CGU. Following that re-organisation, the cash inflows associated with the Danish business are separately
identifiable and therefore the carrying value of the CGU assets have been assessed separately for impairment at 31 May 2023.
The IPM business was acquired on 1 June 2021, since this date the IPM business has been integrated into the wider North America
Software Resilience CGU such that the cash inflows relating to this business are no longer separately identifiable.
The CGUs and the allocation of goodwill to those CGUs are shown below:
Cash generating units
UK Software Resilience
North America Software Resilience
IPM Software Resilience
Europe Software Resilience
Total Software Resilience
UK and APAC Cyber Security 2
North America Cyber Security 2
Europe Cyber Security 2
NCC Group A/S
Total Cyber Security 2
Total Group
Goodwill
2023
£m
Goodwill
2022
£m
22.9
87.2
—
7.4
22.9
8.5
76.9
7.3
117.5
115.6
44.3
31.6
62.4
—
45.4
39.9
65.2
—
138.3
150.5
255.8
266.1
Impairment review
Goodwill is tested for impairment annually at the level of the CGU to which it is allocated.
For the year ended 31 May 2022, the recoverable amount of all CGUs concerned was measured on a value in use basis (VIU), with the
exception of the Europe Cyber Security2 CGU and the IPM Software Resilience CGU, which were measured on a fair value less costs
to sell (FVLCTS) basis. For the year ended 31 May 2023, the recoverable amount of all CGUs was measured on a fair value less costs
to sell basis.
Capitalised development and software costs are included in the CGU asset bases when performing the impairment review.
Capitalised development projects and software intangible assets are also considered, on an asset-by-asset basis, for impairment
where there are indicators of impairment.
The Directors have considered the impact of climate change on this review, with no material impact identified.
Fair value less costs to sell
For the year ended 31 May 2023, the recoverable amount of all CGUs has been determined on a fair value less costs to sell basis for
the purposes of the impairment review.
The valuation under FVLCTS is expected to exceed the valuation under VIU because uncommitted restructurings and resulting
operating efficiencies are not considered within in a VIU valuation in line with the requirements of IAS 36.
The FVLCTS valuation has been calculated by assessing the value of each standalone CGU calculated using an Adjusted EBITDA1
multiple based on estimated sustainable earnings adjusted for specific items where relevant. Estimated sustainable earnings has
been determined taking into account past experience and includes expectations based on a market participant view of sustainable
performance of the business based on market volatility and uncertainty as at 31 May 2023. The sustainable earnings input is a level 3
measurement; level 3 measurements are inputs which are normally unobservable to market participants.
The Group incurs certain overhead costs in respect of support services provided centrally to the CGUs. Such support services
include Finance, Human Resources, Legal, Information Technology and additional central management support in respect of
stewardship and governance. In calculating sustainable earnings these overhead costs have been allocated to the CGUs based on the
extent to which each CGU has benefitted from the services provided. Commonly this is driven by time spent by the relevant central
department in supporting the CGU, informed by headcount or where possible specific cost allocations have been made. During the
year, this allocation has been refined to ensure the allocation is representative of the business operating model.
The Adjusted EBITDA1 multiple used in the calculations is based on an independent third-party assessment of the implied enterprise
value of each CGU based on a population of comparable companies as at 31 May 2023. The estimated cost to sell was based on other
recent transactions that the Group has undertaken.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
189
Financial statements�12 Goodwill and intangible assets continued
Fair value less costs to sell continued
Impairment
During March 2023, the Group gave a trading update that market volatility had materially increased significantly impacting on Cyber
Security2 revenue and profitability, particularly in the North American technology sector. The key factors were:
• buying decision delays and cancellations exacerbated by North America tech sector client layoffs.
• turmoil in the Banking sector following the failure of Silicon Valley Bank further knocking market confidence leading to reduced
appetite to spend on technology projects across sectors.
• Interest rate increases in the US creating further inflationary challenges for clients.
The board has assessed the recoverable amount of the North America Cyber Security2 CGU based on its FVLCTS at 31 May 2023 as
described above. Based on that assessment, the carrying amount of this CGU exceeded its recoverable amount and therefore an
impairment loss of £9.8m has been recognised reducing the value of goodwill allocated to this CGU to £31.6m. This amount has been
recognised as an Individually Significant Item (see Note 5). The impairment charge recognised has resulted in a reduction in the
carrying value of goodwill only.
On 1 June 2022, the Group made the decision to re-organise its Danish business (NCC Group A/S) which had previously been a part
of the Europe Cyber Security2 CGU. Following this re-organisation, management has estimated the recoverable amount of the NCC
Group A/S CGU based on its FVLCTS at 31 May 2023 as described above. Based on that estimate an impairment loss of £3.0m has
been recognised reducing the value of Goodwill allocated to this CGU to £nil. This amount has been recognised as an individually
significant item (see Note 5). The impairment charge recognised has resulted in a reduction in the carrying value of goodwill only.
The Board has assessed the recoverable amount of the Europe Cyber Security2 CGU based on its FVLCTS at 31 May 2023 as
described above. Based on that assessment the Board is satisfied that the recoverable amount exceeds the carrying value of assets
allocated to that CGU. However, there are reasonably possible changes to certain key inputs that could give rise to an impairment.
Please see sensitivity analysis below.
Sensitivity analysis
The key inputs used in the FVLCTS calculation are the Adjusted EBITDA1 used and the multiple applied to that sustainable earnings.
Specifically, the key assumptions to the Adjusted EBITDA1 are considered to be the expected revenue and costs that have been used
to calculate sustainable earnings.
The table below shows the sensitivity of headroom to reasonably possible changes in the key assumptions, after the £9.8m
impairment in the North America Cyber Security2 CGU during FY23.
CGU
North America Cyber Security2,4
Europe Cyber Security2
Sensitivities: impact on
carrying value
Decrease
in revenue
of 10% 3
£m
Increase
in all costs
of 5%
£m
Headroom
£m
—
13.4
(21.7)
(9.9)
(26.5)
(14.3)
If revenue included in sustainable earnings for North America Cyber Security1 increased by 5%, while holding the gross margin
percentage at a fixed rate then there would be no impairment associated with this CGU.
With respect to the NCC Group A/S CGU, there is no reasonably possible scenario that would support a carrying value of goodwill
greater than £nil.
No other reasonably possibly changes in key inputs including the multiple could give rise to an impairment or further material
impairment to any CGUs.
In the prior year, for the Europe Cyber Security1 CGU and the IPM Software Resilience CGU there were no reasonably possible change
in key inputs that could give rise to an impairment to any CGUs.
Value in use (for the year ended 31 May 2022 only)
VIU represents the present value of the future cash flows that are expected to be generated by the CGU to which the goodwill
is allocated.
VIU calculations are an area of management estimation. These calculations require the use of estimates (inputs), specifically: pre-tax
cash flow projections; long-term growth rates; and a pre-tax discount rate. Further detail in relation to these assumptions used in the
Group’s goodwill annual impairment review is as follows:
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
3 While holding gross margin percentage at a fixed rate.
4 Sensitivities shown for North America Cyber Security are in addition to the £9.8m impairment recognised in the year ended 31 May 2023.
190
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�12 Goodwill and intangible assets continued
Pre-tax cash flow projections
Pre-tax cash flow projections are based on the Group’s budget for the forthcoming financial year and longer-term three year strategic plans
to 2025. The budget and three year strategic plan are compiled by the business unit management teams using a detailed, bottom-up
process with respect to revenue, margin and overheads, taking into account factors specific to that business unit as well as wider economic
factors such as industry growth expectations and the impact of Covid-19 or the Ukraine conflict.
The Group’s revenue forecasts are developed using the most reliable data available, such as the size of the existing contract base and
details of confirmed orders, as well as assumptions over key operational inputs to underpin the forecast for each revenue stream. The
combined effect of these individual assumptions on the overall growth rate assumed for each area of the business is then compared
to management’s experience of growth and the industry’s expected growth rate.
For cost forecasts, the majority of which are people related, headcount changes are forecast for delivery and sales staff in order that
there are sufficient resources to support the forecasted required revenue delivery capacity as well as to deliver against sales targets,
while also factoring in payroll inflation expectations. Overhead costs are also forecast using a bottom-up process.
Forecasts go through a detailed review process and are subject to challenge at each stage of review, including by the Executive
Committee. Ultimately the forecasts are approved by the Board.
Assumptions have then been applied for expected revenue, margin growth, overheads and Adjusted EBITDA ¹ for the subsequent
two years from the end of 2023. Adjusted EBITDA ¹ is considered a proxy for operating cash flow before changes in working capital.
Pre-tax cash flow projections also include assumptions on working capital and capital expenditure requirements for each CGU.
These assumptions are based on management’s experience of growth and knowledge of the industry sectors, markets and the
Group’s internal opportunities for growth and margin enhancement. The projections beyond five years into perpetuity use an
estimated long-term growth rate. Management has taken into account the impact of Covid-19 in formulating the above assumptions,
and the underlying uncertainty of Covid-19 has been reflected in the assumptions underpinning the cash flow forecasts for each CGU
rather than the pre-tax discount rates used in the impairment test.
Forecast working capital and capital expenditure included within the pre-tax cash flow projections are based on management’s
expectations of future expenditure required to support the Group and current run rate requirements.
The revenue % growth for the Cyber Security2 CGU is considered by management to be appropriate for the specific industry in which
the CGU operates. Management has considered available external market data in determining the revenue growth rates over the five
year forecast period.
Long-term growth rates
To forecast growth beyond the detailed cash flows into perpetuity, a long-term average growth rate ranging between 1.5% and 2.5%
for the year ended 31 May 2022 was used based on the specific geography of the CGU, as shown in the table below. This range
represents management’s best estimate of a long-term annual growth rate aligned to an assessment of long-term GDP growth rates.
A higher sector-specific growth rate would be a valid alternative estimate. A different set of assumptions may be more appropriate in
future years dependent on changes in the macro-economic environment. These rates are not greater than the published International
Monetary Fund average growth rates in gross domestic product for the next five year period in each relevant territory in which the
CGUs operate.
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Cyber Security2
North America Cyber Security2
Growth rate
(%)
2023
Growth rate
(%)
2022
n/a
n/a
n/a
n/a
n/a
2.2
2.5
1.5
2.2
2.5
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
191
Financial statements
�12 Goodwill and intangible assets continued
Pre-tax discount rates
Discount rates can change relatively quickly for reasons both inside and outside of management’s control. Those outside
management’s direct control or influence include changes in the Group’s Beta, changes in risk free rates of return and changes
in Equity Risk Premia.
The discount rates are determined using a capital asset pricing model and reflect current market interest rates, relevant equity and
size risk premiums and the risks specific to the CGU concerned. On this basis, specific discount rates are used for each CGU in the
VIU calculation, and the rates reflect management’s assessment on the level of relative risk in each respective CGU. The table below
summarises the pre-tax discount rates used for each CGU:
UK Software Resilience
North America Software Resilience
Europe Software Resilience
UK and APAC Cyber Security2
North America Cyber Security2
Pre-tax
discount rate
(%)
2023
Pre-tax
discount rate
(%)
2022
n/a
n/a
n/a
n/a
n/a
13.5
14.4
12.5
13.5
14.4
Sensitivity analysis (for the year ended 31 May 2022 only)
Sensitivity analysis has been performed in respect of certain VIU scenarios where management considers a reasonably possible
change in key assumptions could occur. The outcome of applying sensitivity analysis in respect of the above inputs indicated that
there is no reasonably possible scenario in which the carrying value of goodwill would be considered impaired.
13 Property, plant and equipment
Computer
equipment
£m
Fixtures,
fittings and
equipment
£m
Motor
vehicles
£m
20.8
3.7
0.1
24.6
2.7
—
0.2
17.3
1.5
0.3
19.1
1.2
—
0.1
27.5
20.4
0.1
—
—
0.1
—
(0.1)
—
—
Total
£m
38.2
5.2
0.4
43.8
3.9
(0.1)
0.3
47.9
(17.5)
(2.7)
—
(9.1)
(1.2)
(0.3)
(0.1)
(26.7)
—
—
(3.9)
(0.3)
(20.2)
(10.6)
(0.1)
(30.9)
(2.7)
—
(0.1)
(1.8)
—
—
(23.0)
(12.4)
4.4
4.5
8.5
8.0
—
0.1
—
—
—
—
(4.5)
0.1
(0.1)
(35.4)
12.9
12.5
Cost
At 1 June 2021
Additions
Movement in foreign exchange rates
At 31 May 2022
Additions
Disposals
Movement in foreign exchange rates
At 31 May 2023
Depreciation
At 1 June 2021
Charge for year
Movement in foreign exchange rates
At 31 May 2022
Charge for year
On disposals
Movement in foreign exchange rates
At 31 May 2023
Net book value
At 31 May 2022
At 31 May 2023
2 Formerly Assurance.
192
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�14 Right-of-use assets
Cost:
At 1 June 2021
Additions
At 31 May 2022
Additions
Disposals
Impairment
At 31 May 2023
Depreciation:
At 1 June 2021
Charge for year
Reversal of impairment
At 31 May 2022
Charge for year
Disposals
At 31 May 2023
Net book value:
At 31 May 2022
At 31 May 2023
Land and
buildings
£m
Motor
vehicles
£m
33.8
1.9
35.7
2.9
(1.8)
(0.5)
36.3
(10.8)
(4.2)
0.1
(14.9)
(4.4)
0.3
3.0
1.6
4.6
1.4
—
—
6.0
(2.2)
(1.2)
0.0
(3.4)
(1.3)
—
Total
£m
36.8
3.5
40.3
4.3
(1.8)
(0.5)
42.3
(13.0)
(5.4)
0.1
(18.3)
(5.7)
0.3
(19.0)
(4.7)
(23.7)
20.8
17.3
1.2
1.3
22.0
18.6
The Directors have considered the impact of climate change on right-of-use assets with no material impact identified.
15 Investments
Interest in unlisted shares
Group
2023
£m
Group
2022
£m
0.3
0.3
The investment in unlisted shares relates to a 3.35% ordinary shareholding in an unlisted company acquired as part of the Accumuli
acquisition. The investment’s carrying value at acquisition date was considered appropriate to use as the fair value. The Directors
consider there has been no change in the year.
An assessment of the investment did not identify any indications of impairment and, accordingly, no indicator-based impairment
testing has been undertaken. The Group receives annual dividends from the investment; the trading performance and the net assets
reported are strong and profitable.
16 Inventory
Goods for resale
Group
2023
£m
Group
2022
£m
0.8
0.9
The Group holds stock of certain critical components for key customers in relation to our own product sales (as opposed to third
party products). The carrying value of inventory is expected to be recovered or settled within one year. There have been no write-downs
of inventory in the year (2022: £nil). The Directors have considered the impact of climate change on inventory, with no material
impact identified.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
193
Financial statements
�17 Trade and other receivables
Current
Trade receivables
Prepayments
Contract costs (see Note 23)
Other receivables
Contract assets – accrued income (see Note 23)
Non‑current
Amounts owed by Group undertakings
Total
Disclosed as follows:
Current assets
Non-current assets
Group
2023
£m
26.7
10.5
1.7
2.0
17.2
—
58.1
58.1
—
58.1
Group
2022
£m
Company
2023
£m
Company
2022
£m
40.6
11.8
1.1
1.2
23.0
—
77.7
77.7
—
77.7
—
—
—
—
—
23.2
23.2
—
23.2
23.2
—
—
—
—
—
32.9
32.9
—
32.9
32.9
The carrying value of trade and other receivables classified at amortised cost approximates fair value. No credit losses have been
recognised in respect of amounts owed by Group undertakings (Parent Company only) in the year (2022: £nil).
Amounts owed by Group undertakings in the Parent Company Balance Sheet have been disclosed as repayable after more than one year.
Although these are repayable on demand, the disclosure as non-current is based on management’s expectation of the timing of repayment.
The ageing of trade receivables, other receivables and contract assets at the end of the reporting period was:
Group
Trade receivables:
Not past due
Past due 0–30 days
Past due 31–90 days
Past due more than 90 days
Other receivables:
Not past due
Contract assets:
Not past due
Total
Expected
credit losses
2023
£m
Gross
2023
£m
Net
2023
£m
Gross
2022
£m
Expected
credit losses
2022
£m
15.6
6.8
4.1
2.2
(0.1)
15.5
28.0
—
—
(1.9)
6.8
4.1
0.3
7.7
4.6
3.8
(0.1)
—
(0.1)
(3.3)
Net
2022
£m
27.9
7.7
4.5
0.5
28.7
(2.0)
26.7
44.1
(3.5)
40.6
2.0
—
2.0
1.2
—
1.2
17.4
48.1
(0.2)
(2.2)
17.2
23.2
(0.2)
23.0
45.9
68.5
(3.7)
64.8
The Company had no trade receivables (2022: £nil). The standard period for credit sales varies from 30 days to 60 days.
The Group assesses the creditworthiness of all trade debts on an ongoing basis providing for expected credit losses in line with IFRS 9.
The Group has considered credit risk rating grades; these are based on the ageing categories above. New customers are subject
to stringent credit checks.
The movement in the expected credit losses of trade and other receivables and contract assets is as follows:
Balance at 1 June
On acquisition (Note 35)
Released/(charged) to the Income Statement
Balance at 31 May
194
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Group
2023
£m
(3.7)
—
1.5
(2.2)
Group
2022
£m
(1.9)
(1.4)
(0.4)
(3.7)
Notes to the Financial Statements continuedat 31 May 2023
�18 Deferred tax assets and liabilities (Group)
Deferred tax assets and liabilities on the Consolidated Statement of Financial Position are offset in accordance with IAS 12.
A summary of this, offset with significant jurisdictions, is shown below:
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/(liabilities)
Intangible assets
Share-based payments
Tax losses
Deferred tax asset/(liability)
Analysed as follows:
Non‑current assets
Non‑current liabilities
Asset/(liability)
Plant and equipment
Short-term temporary differences
IFRS 16 assets/(liabilities)
Intangible assets
Share-based payments
Deferred tax (liability)/asset
Analysed as follows:
Non‑current assets
Non‑current liabilities
Movement in deferred tax during the year:
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
Plant and equipment
Short-term temporary differences
IFRS 16 assets/liabilities
Intangible assets
Share-based payments
Tax losses
Total
UK
£m
0.2
0.2
0.3
(1.4)
0.3
1.7
1.3
1.3
—
UK
£m
0.3
0.2
0.3
(1.8)
0.9
(0.1)
—
(0.1)
2023
US
£m
Netherlands
£m
Denmark
£m
(0.3)
8.9
0.2
(7.6)
0.2
0.2
1.6
1.6
—
0.3
—
—
(1.7)
—
—
(1.4)
—
(1.4)
—
—
—
—
—
—
—
—
—
2022
US
£m
Netherlands
£m
Denmark
£m
(0.4)
6.2
0.2
(5.2)
0.6
1.4
1.4
—
0.3
—
—
(1.8)
—
(1.5)
—
(1.5)
—
—
—
—
—
—
—
—
1 June
2022
£m
Recognised
in income
statement
£m
Exchange
differences
£m
Recognised
in equity
£m
Acquisition
£m
0.2
6.4
0.5
(8.8)
1.5
—
(0.2)
—
2.7
—
(1.8)
(0.9)
1.9
1.9
—
—
—
(0.1)
—
—
(0.1)
—
—
—
—
(0.1)
—
(0.1)
—
—
—
—
—
—
—
Total
£m
0.2
9.1
0.5
(10.7)
0.5
1.9
1.5
2.9
(1.4)
Total
£m
0.2
6.4
0.5
(8.8)
1.5
(0.2)
1.4
(1.6)
31 May
2023
£m
0.2
9.1
0.5
(10.7)
0.5
1.9
1.5
1 June
2021
£m
Recognised
in income
statement
£m
Exchange
differences
£m
Recognised
in equity
£m
Acquisition
£m
31 May
2022
£m
0.9
4.8
0.5
(7.5)
1.6
0.5
0.8
(0.5)
0.9
—
(0.3)
0.2
(0.5)
(0.2)
(0.2)
0.7
—
(0.3)
0.1
—
0.3
—
—
—
—
(0.4)
—
(0.4)
—
—
—
(0.7)
—
—
(0.7)
0.2
6.4
0.5
(8.8)
1.5
—
(0.2)
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
195
Financial statements
�18 Deferred tax assets and liabilities (Group) continued
In the year ended 31 May 2023, the Group has recognised a deferred tax asset in relation to tax losses of £1.9m as management
considers it probable that future taxable profits will be available against which tax losses may be offset. In 2022, the Group recognised
no deferred tax asset in relation to tax losses. The Group has not recognised a potential deferred tax asset on £14.8m (2022: £35.7m) of
tax losses carried forward in the United Kingdom (£7.5m), Denmark (£4.1m), Australia (£2.5m) and United States (£0.7m) due to current
uncertainties over their future recoverability (and in the case of United Kingdom/United States because of specific legislative
restrictions). A deferred tax asset of £1.4m (2022: £0.5m) in respect of R&D tax claims submitted in the United States has been partially
provided against due to uncertainty with regard to recoverability; an amount of £0.8m has been provided (2022: £0.3m). No deferred tax
liability is recognised on temporary differences of £0.6m (2022: £0.4m) relating to the unremitted earnings of overseas subsidiaries as
the Group is able to control the timing of the reversal of these temporary differences and it is probable that they will not reverse in the
foreseeable future.
19 Trade and other payables
Trade payables
Non-trade payables
Accruals
Amounts owed to Group companies
Total
Group
2023
£m
6.3
8.6
29.8
—
Group
2022
£m
8.7
11.4
28.2
—
44.7
48.3
Company
2023
£m
Company
2022
£m
—
—
—
0.2
0.2
—
—
—
18.2
18.2
The carrying value of trade and other payables classified as financial liabilities measured at amortised cost approximates fair value.
20 Lease liabilities
At 1 June 2021
Additions
Lease payments
Interest expense
At 1 June 2022
Additions
Disposals
Lease payments
Interest expense
At 31 May 2023
Analysed as follows:
Current
Non-current
The maturity of lease liabilities is as follows:
Less than one year
Two to five years
More than five years
Total lease liabilities
196
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Land and
buildings
£m
Motor
vehicles
£m
31.6
1.9
(5.4)
1.0
29.1
2.2
(0.2)
(5.8)
1.0
2.8
1.6
(1.1)
0.2
3.5
1.4
—
(1.3)
0.1
Total
£m
34.4
3.5
(6.5)
1.2
32.6
3.6
(0.2)
(7.1)
1.1
26.3
3.7
30.0
2023
£m
6.0
24.0
2023
£m
6.0
16.7
7.3
2022
£m
5.4
27.2
2022
£m
5.4
16.5
10.7
30.0
32.6
Notes to the Financial Statements continuedat 31 May 2023
�20 Lease liabilities continued
The total cash outflow for leases in the year was £7.1m (2022: £6.5m), which consists of £6.0m (2022: £5.3m) principal element of lease
payments disclosed above, £1.1m (2022: £1.2m) interest element of leases payments and £nil (2022: £0.1m) lease payments charged to
the Income Statement in respect of short-term leases. The Group has used its incremental borrowing rate of 5.8% (2022: 3.3%) as the
discount rate for the calculation of the lease liabilities. Some leases contain break clauses or extension options to provide operational
flexibility. Potential future undiscounted lease payments not included in the reasonably certain lease term, and hence not included in
lease liabilities, total £4.9m (2022: £5.0m).
21 Provisions
Balance as at 31 May 2021 and 1 June 2021
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2022 and 1 June 2022
Provisions created in the year
Provisions utilised during the year
Balance as at 31 May 2023
Analysed as follows (2023):
Current
Non-current
Analysed as follows (2022):
Current
Non-current
Loss-making
contracts
£m
Onerous
property
costs
£m
Redundancy
provision
£m
Other
provisions
£m
1.1
1.9
(1.2)
1.8
—
(0.8)
1.0
0.6
0.4
1.5
0.3
1.7
—
(0.7)
1.0
0.7
(0.3)
1.4
0.3
1.1
0.5
0.5
—
—
—
—
0.3
—
0.3
0.3
—
—
—
0.2
0.6
(0.1)
0.7
—
(0.7)
—
—
—
0.7
—
Total
£m
3.0
2.5
(2.0)
3.5
1.0
(1.8)
2.7
1.2
1.5
2.7
0.8
The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply
contracts that are now expected to be fully completed in the 2024 calendar year mainly due to supply chain sourcing. It was expected
in the prior year that these contracts would have been completed in 2023. During the year, revenue has been recognised in relation
to these long-term contracts of £0.8m (2022: £2.3m).
The onerous property costs provision relates to unused floors in the Manchester head office building. The provision of £1.4m
(2022: £1.0m) at 31 May 2023 includes £0.9m (2022: £0.4m) of non-rent costs relating to the onerous properties including service
charges and insurance and also the estimated costs of disposing or terminating these leases, which includes rent incentives and
letting fees. The provision at 31 May 2023 also includes estimated dilapidations liabilities of £0.5m (2022: £0.6m) relating to the Group’s
leased premises. Both of these provisions are expected to unwind over the period of the relevant leases (2023 –2034). The impact of
discounting the cash flows is £0.3m (2022: £0.2m).
The redundancy provision represents accrued severance costs relating to the implementation of the re-organisation as detailed in Note 5.
Other provisions of £nil (2022: £0.7m) include reorganisation and CEO transition costs to which the Group was committed at 31 May 2022
and were settled within the year ended 31 May 2023.
22 Contract liabilities – deferred revenue
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred
revenue is analysed as follows and is considered a contract liability:
Analysed as follows:
Current
Non-current
Group
2023
£m
Group
2022
£m
51.6
3.3
54.9
61.7
0.6
62.3
Revenue recognised in the year ended 31 May 2023 that was included in the contract liability at 1 June 2022 amounted to £62.4m
(2022: £43.6m). The non-current element is expected to unwind in the year ended 31 May 2025. The Group has taken advantage
of the IFRS 15 practical expedient not to disclose when revenue will unwind for all contracts less than 12 months in length.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
197
Financial statements
�23 Contract balances
The following table provides information about receivables, contract assets and contract liabilities from contracts with customers.
Receivables, which are included in trade and other receivables
Contract assets – accrued income
Contract costs – costs to obtain
Contract liabilities – deferred income
Group
2023
£m
26.7
17.2
1.7
Group
2022
£m
40.6
23.0
1.1
(54.9)
(62.3)
Notes
17
17
17
22
Receivables represent invoiced services usually payable within 30 days whereby performance obligations have been satisfied.
Accrued income of £17.2m (of which £17.0m (2022: £20.3m) represents Cyber Security2 accrued income) is the Group’s rights to
consideration for work completed but not billed at the reporting date. The contract assets accrued in the prior year of £23.0m were
fully recognised as trade receivables during the year ended 31 May 2023 and therefore the balance as at 31 May 2023 were fully
accrued during the period are transferred to receivables when the rights become unconditional. Credit losses of £0.2m (2022: £0.2m)
have been recognised in respect of contract assets.
The contract assets were not impacted by any impairment charge. The contract assets are transferred to receivables when the rights
become unconditional. This usually occurs when the Group issues an invoice to the customer. Invoices usually become payable within
30 days. The contract costs to obtain of £1.7m (2022: £1.1m) represent incremental sales commissions to obtain specific contracts
and are amortised over the length of the contract.
The contract costs to fulfil represent recoverable costs relating to future performance obligations and economic benefits to the
customer in relation to an onerous contracts.
Contract liabilities primarily relate to advanced consideration received from customers, for which revenue is recognised over time in
line with the respective performance obligation. No information is provided about remaining performance obligations at 31 May 2023
or at 31 May 2022 that have an original expected duration of one year or less, as allowed by IFRS 15.
24 Cash and cash equivalents and borrowings
Cash and cash equivalents
Cash and cash equivalents comprise:
Cash and cash equivalents
Bank overdraft
Total cash at bank and in hand
Borrowings are analysed as follows:
Current liabilities:
Bank term loan
Non‑current liabilities:
Revolving credit facility
Bank term loan
Total borrowings
The maturity profile is as follows:
Less than one year
Two to five years
Total borrowings
2 Formerly Assurance.
198
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Group
2023
£m
34.1
(1.8)
32.3
Group
2022
£m
Company
2023
£m
Company
2022
£m
73.2
—
73.2
15.0
—
15.0
20.2
—
20.2
Maturity
Group
2023
£m
Group
2022
£m
Company
2023
£m
Company
2022
£m
2024
—
18.5
2026
2024
81.9
—
70.5
36.6
81.9
125.6
—
—
—
—
—
—
—
—
Group
2023
£m
—
81.9
Group
2022
£m
18.5
107.1
81.9
125.6
Company
2023
£m
Company
2022
£m
—
—
—
—
—
—
Notes to the Financial Statements continuedat 31 May 2023
�24 Cash and cash equivalents and borrowings continued
Cash and cash equivalents continued
The RCF is drawn in short to medium-term tranches of debt that are repayable within 12 months of draw down. These tranches of
debt can be rolled over provided certain conditions are met, including compliance with all loan terms. The Group considers that it is
highly unlikely it would not be in compliance and therefore be unable to exercise its right to roll over the debt. The Directors therefore
believe that the Group has the ability and the intent to roll over the drawn RCF amounts when due and consequently has presented
the RCF as a non-current liability.
On 12 May 2021, the Group entered into a new Term Loan Facility Agreement. The facility made available under the Facility Agreement
(the “Term Facility”) was a $70m amortising term loan facility, to fund the acquisition of the IPM Software Resilience business. The rate of
interest on each loan under the Term Facility is the percentage rate per annum, which is equal to the aggregate of a compounded rate
based on the secured overnight financing rate (SOFR) administered by the Federal Reserve Bank of New York and the margin (based on
a leverage ratchet varying from 1.40% to 2.65% per annum). The Term Facility was due to be repaid in annual instalments of $23.3m on
each of 10 June 2022 and 10 June 2023, with a final instalment of $23.4m payable on 10 June 2024. The Term Facility Agreement also
contained financial covenants relating to leverage and interest cover and provisions relating to guarantor coverage consistent with the RCF.
In December 2022, the Group entered into a new four year £162.5m multi-currency revolving credit facility replacing our existing
£100m multi-currency revolving credit facility and the remaining $46.7m of the original $70m term loan that was maturing in June
2024. Key terms of the new facility are:
• £162.5m multi-currency revolving credit facility maturing in December 2026
• Additional £75m uncommitted accordion option
• Increase to leverage covenant from 2.5x to 3.0x with an additional acquisition spike to 3.5x for the first 12 months of any acquisition
• Weighted average interest rate of the facility is lower and payable on a ratchet mechanism, with a margin payable above SONIA
and SOFR in the range of 1.00% to 2.25% depending on the level of the Group’s leverage. The weighted average interest rate
is 5.92% as at 31 May 2023
• The new facility is considered an extinguishment of the previous RCF and Term Loan Facility Agreement and therefore remaining
arrangement fees of £0.6m have been charged to the Income Statement during the year ended 31 May 2023. New arrangement
fees of £1.7m will be amortised over the new four year term to December 2026. Arrangement fees of £0.4m (2022: £0.4m) have been
charged to the Income Statement in the year ended 31 May 2023.
• Certain subsidiaries of the Group act as guarantors to the new facility to provide coverage based on aggregate EBITDA1 and gross assets.
As at 31 May 2023, the Group had committed bank facilities of £162.5m (2022: £155.1m), of which £83.4m (2022: £126.4m) had
been drawn under these facilities, leaving £79.1m (2022: £28.7m) of undrawn facilities. Unamortised arrangement fees of £1.5m
(2022: £0.8m) have been offset against the amounts drawn down, resulting in a carrying value of borrowings at 31 May 2023 of
£81.9m (2022: £125.6m). The fair value of borrowings is not materially different to its amortised cost.
25 Financial instruments
Loans and borrowings
Non‑current
Variable rate:
Revolving credit facility
Bank term loan
Current
Variable rate:
Bank term loan
Total loans and borrowings (excluding lease liabilities)
Cash
Bank overdraft
Net (debt)/cash (excluding lease liabilities)1
Non‑current
Lease liabilities
Current
Lease liabilities
Net (debt)/cash1
Group
2023
£m
Group
2022
£m
Company
2023
£m
Company
2022
£m
(81.9)
—
(70.5)
(36.6)
(81.9)
(107.1)
—
(18.5)
(81.9)
(125.6)
—
—
—
—
—
34.1
(1.8)
73.2
—
15.0
—
(49.6)
(52.4)
15.0
(24.0)
(27.2)
(6.0)
(5.4)
—
—
—
—
—
—
—
20.2
—
20.2
—
—
(79.6)
(85.0)
15.0
20.2
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
199
Financial statements
�25 Financial instruments continued
Reconciliation of movements in liabilities to cash flows arising from financing activities
Group
Revolving credit facility/bank term loan:
Drawdown on facility
Repayment of facility
Transaction costs
Interest costs (non-cash)
Interest paid on borrowings
Release of deferred arrangement fees
Foreign exchange movement
Movement in borrowings
IFRS 16 lease liability:
New leases entered into
Disposals
Principal element of lease payments
Interest element of lease payments
Interest cost (non-cash)
Movement in lease liabilities
2023
£m
2022
£m
70.8
(115.6)
(1.7)
4.0
(4.0)
1.0
1.8
120.7
(39.4)
(0.6)
2.1
(2.1)
0.4
11.3
(43.7)
92.4
3.6
(0.2)
(6.0)
(1.1)
1.1
(2.6)
3.5
—
(5.3)
(1.2)
1.2
(1.8)
Financial risk management
The Group has exposure to the following risks from its use of financial instruments:
• Credit risk
• Liquidity risk
• Currency risk
• Interest rate risk
The Board has overall responsibility for establishing appropriate management of exposure to risk. The Audit Committee oversees
how management identifies and addresses risks to the Group.
Capital management
The Board’s policy is to maintain a strong capital base so as to maintain investor, creditor and market confidence and to sustain future
development of the business.
The Group monitors capital on the basis of the gearing ratio. This ratio is calculated as net (debt)/cash1 divided by total capital. Net
(debt)/cash1 is calculated as total borrowings as shown in the Consolidated Balance Sheet, less cash and cash equivalents. Total
capital is calculated as equity, as shown in the Consolidated Balance Sheet, plus net debt1. As at 31 May 2023 the Group’s gearing
ratio was 15.1% (2022: 15.5%).
Financial instruments policy
All instruments utilised by the Company and Group are for financing purposes. The financial management and treasury activities
of the Group are controlled centrally for all operations with local finance teams responsible for day-to-day banking activities.
Fair value of financial instruments
As at 31 May 2023, the Group and Company had no other financial instruments other than those disclosed below. In addition, no embedded
derivatives have been identified. There have been no transfers between levels in the year.
The following table presents the Group’s financial assets and liabilities that are measured at fair value by level of fair value hierarchy:
• Quoted prices (unadjusted) in active markets for identical assets or liabilities (level 1)
• Inputs other than quoted prices included within level 1 that are observable for the asset or liability, either directly (that is, as prices)
or indirectly (that is, derived from prices) (level 2)
• Inputs for the asset or liability that are not based on observable market data (unobservable inputs) (level 3)
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
200
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�25 Financial instruments continued
Fair value of financial instruments continued
Borrowings are held at amortised cost, which is considered to equate to fair value. All other assets and liabilities are held at either fair
value or their carrying value, which approximates to fair value.
Financial liabilities/(assets) at fair value through profit or loss
Total financial instruments
2023
2022
Level 1
£m
Level 2
£m
Level 3
£m
Level 1
£m
Level 2
£m
Level 3
£m
—
—
0.6
0.6
—
—
—
—
(0.2)
(0.2)
—
—
Credit risk
Credit risk is the risk of financial loss to the Group if a customer or counterparty to a financial instrument fails to meet its contractual
obligations and arises principally from the Group’s receivables from customers. The Group’s exposure to credit risk is influenced
mainly by the individual characteristics of each customer.
Exposure to credit risk
The carrying value of financial assets represents the maximum credit exposure. The maximum exposure to credit risk at the reporting
date was:
Trade receivables
Other receivables
Accrued income
Contingent consideration receivable
Cash and cash equivalents
Total
Group
2023
£m
26.7
2.0
17.2
3.8
34.1
Group
2022
£m
Company
2023
£m
Company
2022
£m
40.6
1.2
23.0
—
73.2
—
—
—
—
15.0
15.0
—
—
—
—
20.2
20.2
83.8
138.0
The maximum exposure to credit risk for trade receivables and other receivables at the reporting date by geographic region was:
Trade receivables by geographical segment
UK
APAC
North America
Europe
Total
* Represented to present APAC trade receivables of £1.0m separately from the UK segment.
The maximum exposure to credit risk at the reporting date by business segment was:
Trade receivables by business segment
Cyber Security2
Software Resilience
Central & head office
Total
Group
2023
£m
14.6
1.2
6.3
6.6
28.7
Group
2023
£m
25.1
1.8
1.8
28.7
Group
2022 *
£m
Company
2023
£m
Company
2022
£m
14.2
1.0
14.3
12.4
41.9
—
—
—
—
—
—
—
—
Group
2022
£m
Company
2023
£m
Company
2022
£m
35.4
6.5
—
41.9
—
—
—
—
—
—
—
—
The trade receivables of the Group typically comprise many amounts due from a large number of customers and represent a spread
of industry sectors. The largest amount due from a single customer at the reporting date represented 3.1% (2022: 4.4%) of total Group
receivables. All of the Group’s cash is held with financial institutions of high credit rating.
The provisions in respect of trade receivables are used to record expected credit losses. The Group has dedicated credit control
teams, which regularly review customer debt balances to assess the risk of recovery.
2 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
201
Financial statements
�25 Financial instruments continued
Liquidity risk
Liquidity risk is the risk that the Group will not be able to meet its financial obligations as they fall due. The Group manages and
minimises liquidity risk by using global cash management solutions and actively monitoring both actual and projected cash outflows to
ensure that it will have sufficient liquidity to meet its liabilities when due and have headroom to provide against unforeseen obligations.
The Ukraine conflict is not considered to have a direct material impact on liquidity risk in the short term due to the Group having limited
direct exposure in the affected region. Longer term, the Group has assessed its liquidity forecast as part of the viability assessment
and its ability to continue trading as a going concern. For further detail on the Group’s assessment of liquidity risk refer to the Viability
Statement on page 81.
The following are the contractual maturities of financial liabilities, including interest payments, of the Group:
At 31 May 2023
Borrowings
Bank overdraft
Contingent consideration payable
Lease liabilities
Trade and other payables
At 31 May 2022
Borrowings (restated)*
Contingent consideration payable
Lease liabilities
Trade and other payables
Carrying
amount
£m
Contractual
cash flows
£m
(81.9)
(98.0)
(1.8)
(1.0)
(30.0)
(44.7)
(1.8)
(1.0)
(33.6)
(44.7)
(125.6)
(132.0)
(1.9)
(32.6)
(48.3)
(1.9)
(36.4)
(48.3)
<1 year
£m
(4.9)
(1.8)
(1.0)
(6.9)
(44.7)
(21.3)
(0.9)
(6.5)
(48.3)
1–2
years
£m
2+
years
£m
(4.9)
(88.2)
—
—
(6.1)
—
(21.3)
(1.0)
(5.5)
—
—
—
(12.6)
—
(89.4)
—
(13.4)
—
5+
years
£m
—
—
—
(8.0)
—
—
—
(11.0)
—
* Restated to correct the borrowings contractual cash flows resulting in an increase to those cash flows of £21.3m split between < 1 year increase of £1.6m,
1-2 years increase of £1.6m and 2+ years increase by £18.1m.
The contractual cash flows for borrowings disclosed above relate to the Group’s RCF facility for the year ended 31 May 2023,
which expires in December 2026, and in the prior year includes the Term Loan Facility Agreement that was due to expire in June 2024.
The contractual cash flows include an estimate of the interest payable based on the assumption that the borrowings remain drawn
based upon 31 May 2023 levels, except that the term loan which existed at 31 May 2022, is repayable over its term. Interest is
calculated based on SONIA/SOFR plus a margin based on the current leverage ratio.
Currency risk
The Group is exposed to currency risk on sales, purchases, cash and borrowings that are denominated in a currency other than the
respective functional and presentational currency of the Group. The Group’s management reviews the size and probable timing of
settlement of all financial assets and liabilities denominated in foreign currencies. The Group’s exposure to currency risk is as follows:
Sterling
£m
11.0
2.0
5.5
17.0
(1.8)
(18.6)
(19.6)
(31.8)
2023
USD
£m
7.1
—
6.7
9.4
—
(63.3)
(6.7)
(1.6)
EUR
£m
7.0
—
3.9
5.0
—
—
(2.0)
(9.2)
Other
£m
Total
£m
Sterling
£m
1.6
—
1.1
2.7
—
—
(1.7)
(2.1)
26.7
2.0
17.2
34.1
(1.8)
(81.9)
(30.0)
(44.7)
12.9
0.5
6.5
26.4
—
(26.2)
(21.4)
(28.1)
2022
USD
£m
15.9
0.6
11.5
42.4
—
(99.4)
(7.3)
(8.9)
EUR
£m
11.7
—
4.3
2.4
—
—
(2.0)
(9.0)
Other
£m
0.1
0.1
0.7
2.0
—
—
(1.9)
(2.3)
Total
£m
40.6
1.2
23.0
73.2
—
(125.6)
(32.6)
(48.3)
Trade receivables
Other receivables
Contract assets
Cash and cash equivalents
Bank overdraft
Borrowings
Lease liabilities
Trade and other payables
Total
(36.3)
4.7
(48.4)
1.6
(78.4)
(29.4)
7.4
(45.2)
(1.3)
(68.5)
A change in exchange rate of 10% would have an impact of £20.3m (2022: £19.0m) on revenue, £3.9m (2022: £4.2m) on operating
profit, £64.2m (2022: £43.6m) on net assets and £6.3m (2022: £9.9m) on borrowings.
The Group’s risk management policy is to hedge foreign currency exposure in respect of significant material transactions that may
arise from time to time. No such hedges were in place at 31 May 2022 or at 31 May 2023. The Group uses forward exchange contracts
to hedge its currency risk, which are short term in nature to match the maturity of the hedged item. These contracts are generally
designated as cash flow hedges.
202
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�25 Financial instruments continued
Currency risk continued
The Group designates the spot element of forward foreign exchange contracts to hedge its currency risk and applies a hedge ratio
of 1:1. The forward elements of forward exchange contracts are excluded from the designation of the hedging instrument and are
separately accounted for as a cost of hedging, which is recognised in equity in a cost of hedging reserve. The Group’s policy is for
the critical terms of the forward exchange contracts to align with the hedged item.
The Group determines the existence of an economic relationship between the hedging instrument and hedged item based on the currency,
amount and timing of their respective cash flows. Given the short-term nature of these hedges there is limited risk of ineffectiveness.
Interest rate risk
The Group and Company finance their operations through a combination of retained profits and bank borrowings. The Group borrows
and invests surplus cash at floating rates of interest based upon bank base rate. The cash and cash equivalents of the Group and
Company at the end of the financial year were as follows:
Group
Sterling denominated financial assets
Euro denominated financial assets
US Dollar denominated financial assets
Other denominated financial assets
Total
The financial assets and liabilities of the Company at the end of the financial year were as follows:
Company
Financial assets
Sterling denominated financial assets
Amounts owed by Group undertakings
Total
Financial liabilities
Amounts owed to Group undertakings
Total
2023
£m
17.0
5.0
9.4
2.7
34.1
2022
£m
26.4
2.4
42.4
2.0
73.2
2023
£m
2022
£m
15.0
23.2
38.2
0.2
0.2
20.2
32.9
53.1
18.2
18.2
A change of 100 basis points in interest rates would result in a difference in annual pre-tax profit of £0.9m (2022: £1.3m).
The financial liabilities of the Group (trade and other payables, borrowings and lease liabilities) and their maturity profile are as follows:
2023
2022
Sterling
£m
EUR
£m
USD
£m
Other
£m
Total
£m
Sterling
£m
Less than one year
Two to five years
More than five years
(36.6)
(28.1)
(7.2)
(10.3)
(3.0)
(0.9)
(68.4)
—
(0.1)
(2.6)
(1.2)
—
(52.5)
(98.6)
(7.3)
(30.7)
(35.8)
(9.9)
EUR
£m
(9.9)
(1.1)
—
USD
£m
Other
£m
Total
£m
(28.9)
(85.2)
(0.8)
(2.7)
(1.5)
—
(72.2)
(123.6)
(10.7)
Total
(71.9)
(11.2)
(71.5)
(3.8)
(158.4)
(76.4)
(11.0)
(114.9)
(4.2)
(206.5)
Climate change
The Directors have considered the impact of climate change on fair value measurement and financial instruments, with no material
impact identified.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
203
Financial statements
�26 Share-based payments
The Company has a number of share option schemes under which options to subscribe for the Company’s shares have been granted
to Directors and colleagues, details of which are illustrated in the tables below. Expected term of options represents the period over
which the fair value calculations are based. The share-based payment charge for the year was £2.2m (2022: £3.9m) of which £2.2m
(2022: £3.4m) related to equity settled payments and £nil (2022: £0.5m) to cash settled payments. The share-based payments
charge decreased during the year due to a number of schemes no longer being expected to meet performance criteria required
to give rise to options being granted.
Company Share Option (CSOP) scheme – equity settled
Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than
10% per annum. Options granted in September 2019 do not have any performance criteria.
Date of grant
August 2018
September 2019
Expected term
of options
Exercisable
between
Exercise
price
2023
Number
outstanding
7 years
August 2021–August 2028
£2.20
5,586
7 years
September 2022–September 2029
£1.79
279,312
Sharesave schemes – equity settled
The Company operates sharesave schemes, which are available to all colleagues based in the UK, Netherlands, Denmark, Spain and
Australia, and full-time Executive Directors of the Group and its subsidiaries who have worked for a qualifying period.
Date of grant
March 2019
March 2020
March 2020
May 2021
May 2021
May 2022
May 2022
May 2023
May 2023
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
3 years
May 2022–October 2022
May 2023–October 2023
May 2023–October 2023
May 2024–October 2024
May 2024–October 2024
May 2025–October 2025
May 2025–October 2025
June 2026–November 2026
June 2026–November 2026
Exercise
price
2023
Number
outstanding
£0.99
£1.84
£1.84
£2.15
£2.15
£1.52
£1.52
7
339,158
202,877
128,744
251,147
314,632
755,013
£1.26 1,253,012
£1.26
268,214
Colleague stock purchase plan – equity settled
The Company operates a stock purchase plan, which is available to all US-based colleagues who have worked for a qualifying period.
All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at year end.
Date of grant
May 2022
May 2023
Expected term
of options
Exercisable
in
1 year
1 year
May 2023
May 2024
Exercise
price
2023
Number
outstanding
£1.58
£1.26
—
604,321
Incentive Stock Option (ISO) scheme – equity settled
Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the
three years following their grant is greater than 10% per annum.
Date of grant
August 2018
September 2019
Expected term
of options
Exercisable
between
Exercise
price
2023
Number
outstanding
7 years
7 years
August 2021–August 2028
September 2022–September 2029
£2.22
£1.82
—
49,446
204
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�26 Share-based payments continued
Long Term Investment Plan (LTIP) schemes – equity settled
Options granted on or after November 2017 to May 2021 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio 1 expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion 1 is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Options granted in November 2021 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 22.5% or more over a three year period. If growth is equal
to an average of 9% (threshold), then 15% of the award will vest. If, however, growth is less than 9% per annum, none of the award
element will vest. Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio 1 expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion 1 is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Options granted on or after October 2022 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 18% or more over a three year period. If growth is equal to
an average of 6% (threshold), then 15% of the award will vest. If, however, growth is less than 6% per annum, none of the award
element will vest. Between these two points, vesting is determined on a straight-line basis.
• 20% will vest based on achieving a cash conversion ratio 1 expressed as a percentage over the measurement period of greater than
80% per annum on average. If cash conversion 1 is greater than or equal to 90% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 80% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
• 20% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 15% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Date of grant
September 2019
March 2020
May 2021
November 2021
October 2022
November 2022
Expected term
of options
Exercisable
between
3 years
3 years
3 years
3 years
3 years
3 years
June 2022–August 2023
June 2022–August 2024
June 2023–August 2025
June 2024–August 2026
October 2025–October 2026
November 2025–November 2026
Exercise
price
2023
Number
outstanding
£nil
£nil
£nil
209,760
—
516,791
£nil
1,101,449
£nil 1,297,672
£nil
113,521
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
205
Financial statements�26 Share-based payments continued
Restricted State Unit (RSU) schemes – equity settled
Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:
• 60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
• 30% will vest based on achieving a cash conversion ratio¹ expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion¹ is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
• 10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
The options are to be settled in equity.
Date of grant
May 2021
Expected term
of options
Exercisable
between
Exercise
price
2023
Number
outstanding
3 years
June 2023–August 2023
£0.01
138,554
Restricted Share Plan (RSP) – equity settled
The vesting condition for the award of RSPs relates to colleagues remaining with the Group for a certain period of time, namely two
years to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.
Date of grant
May 2021
Expected term
of options
Exercisable
between
2/3 years
50% exercisable August 2022 to August 2031,
50% exercisable August 2023 to August 2031
November 2021
2/3 years
50% exercisable October 2023 to August 2032,
50% exercisable October 2024 to August 2032
Exercise
price
2023
Number
outstanding
£nil (£0.01 in the US
and Canada)
£nil (£0.01 in the US
and Canada)
536,839
1,317,181
October 2022
2/3 years
November 2022
2/3 years
50% exercisable October 2024 to October 2032,
50% exercisable October 2025 to October 2032
£nil (£0.01 in the US
and Canada)
1,139,412
50% exercisable November 2024 to November 2032,
50% exercisable November 2025 to November 2032
£nil (£0.01 in the US
and Canada)
30,272
Deferred share scheme – equity settled
Date of grant
October 2021
Expected term
of options
Exercisable
between
Exercise
price
2023
Number
outstanding
2 years
October 2023–October 2031
£nil
91,616
Phantom schemes – cash settled
Phantom schemes are used to allow the grant of LTIPs to members of the Executive Committee based in certain overseas locations at
a time when the Group’s option scheme rules were not structured to allow overseas grants. Options granted on or after September 2019
do not have any performance criteria.
Date of grant
September 2019
July 2021
November 2021
Expected term
of options
Exercisable
between
3 years
3 years
3 years
September 2022–September 2023
August 2022–July 2031
October 2023–November 2031
Exercise
price
2023
Number
outstanding
£nil
£nil
£nil
22,345
15,500
15,500
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
206
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�26 Share-based payments continued
Measurement of fair values
The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date
of grant. The fair value is spread over the period during which the colleague becomes unconditionally entitled to the award, adjusted
to reflect actual and expected levels of vesting.
The assumptions used in the models are illustrated in the tables below:
September 2019–November 2022
37.2%–55.5%
3 years
0.21%–2.00%
Scheme
Grant date
CSOP scheme
August 2018–September 2019
Sharesave scheme
March 2019–May 2023
ESPP scheme
May 2022–May 2023
Special Award (CEO)
September 2022
ISO scheme
LTIP scheme
RSU scheme
RSP scheme
September 2019
May 2021
May 2021–November 2022
Deferred shares
October 2021
Expected
volatility
Option
expected term
Risk free
interest rate
48.0%–52.8%
39.7%–55.7%
53.8%–55.7%
7 years
0.35%–2.00%
3 years
0.13%–2.20%
1 year
1.15%–2.20%
n/a
77.0%
2 years
7 years
n/a
0.38%
42.3%
n/a
56.0%
3 years
10 years
2 years
3 years
0.32%
n/a
0.35%
1.81–1.96%
Phantom schemes
September 2019–November 2021
52.8%–55.5%
Scheme
Grant date
CSOP scheme
August 2018–September 2019
Sharesave scheme
March 2019–May 2023
ESPP scheme
May 2022–May 2023
Special Award (CEO)
September 2022
ISO scheme
LTIP scheme
RSU scheme
RSP scheme
September 2019
May 2021
May 2021–November 2022
September 2019–November 2022
£1.61–£2.87
Deferred shares
October 2021
Phantom schemes
September 2019–November 2021
£1.84–£2.87
Fair value at
measurement date
Weighted average
fair value at
measurement date
Exercise
price
Weighted average
exercise value at
measurement date
£0.55–£0.63
£0.39–£0.86
£0.30–£0.55
£2.30
£0.54
£2.87
£1.93–£2.85
£2.47
£0.55
£0.59
£0.30
£2.30
£0.54
£2.19
£2.87
£2.28
£2.47
£2.44
£1.79–£2.20
£0.99–£2.15
£1.26–£1.58
£2.30
£1.82
£nil
£0.01
£nil
£nil
£nil
£1.80
£1.52
£1.26
£2.30
£1.82
£nil
£0.01
£nil
£nil
£nil
The expected volatility has been based on an evaluation of the historical volatility of the Company’s share price, particularly over
the historical period commensurate with the expected term. The expected term of the instruments has been based on historical
experience and general option holder behaviour. For the options granted in the year ended 31 May 2023, dividend yield assumed
at the time of option grant is 1.75% (2022: 1.75%).
Reconciliation of outstanding share options
The options outstanding at 31 May 2023 have an exercise price in the range of £nil to £2.15 (2022: £nil to £2.15) and a weighted
average contractual life of three years (2022: three years).
The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share
awards during the year:
Outstanding at 1 June
Granted during the year
Exercised during the year
Forfeited in the year
Outstanding at 31 May
Exercisable at end of year
2023
Number
’000
11,431
5,114
(1,488)
(3,837)
2023
WAEP
£0.68
£0.55
£0.10
£0.96
2022
Number
’000
9,494
5,605
(1,028)
(2,640)
2022
WAEP
£0.79
£0.75
£0.89
£1.39
11,220
£0.61
11,431
£0.68
1,598
£1.00
119
£1.00
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
207
Financial statements
�26 Share-based payments continued
Reconciliation of outstanding share options continued
Scheme
CSOP schemes
Sharesave/SAYE schemes
ESPP schemes
Special Award
ISO schemes
LTIP schemes
RSU schemes
RSP scheme
Deferred shares
Phantom schemes
Number of
instruments
as at
1 June 2022
Instruments
granted
during
the year
Options
exercised in
the year
Number of
instruments
as at
31 May 2023
Forfeitures
in the year
324,001
5,586
(11,172)
(33,517)
284,898
3,714,713 1,593,682
(111,399) (1,684,192) 3,512,804
506,218
604,321
— (506,218)
604,321
— 222,222
60,434
—
—
—
— 222,222
(10,988)
49,446
3,203,721
1,411,193
(528,618)
(847,103) 3,239,193
748,711
— (362,003)
(248,154)
138,554
2,734,411
1,233,252
(448,542)
(495,417) 3,023,704
110,553
—
(18,937)
—
91,616
27,931
43,673
(7,086)
(11,173)
53,345
11,430,693
5,113,929 (1,487,757) (3,836,762) 11,220,103
The liability for the cash settled share-based payments at 31 May 2023 was £nil (2022: £0.5m).
27 Called up share capital and reserves
Allotted, called up and fully paid
Ordinary shares of 1p each at the beginning of the year
Ordinary shares of 1p each issued in the year
2023
Number
of shares
2022
Number
of shares
309,967,243 308,956,045
2,161,649
1,011,198
Ordinary shares of 1p each at the end of the year
312,128,892 309,967,243
2023
£m
3.1
—
3.1
2022
£m
3.1
—
3.1
During the year, 2,161,649 (2022: 1,011,198) new ordinary shares of 1p were issued as a result of the exercise of share options.
The proceeds of £0.1m (2022: £0.8m) were credited to the share premium account.
As at 31 May 2023, 868,800 shares were held in treasury (2022: nil).
Share premium
The share premium account records the difference between the nominal amount of shares issued and the fair value of the
consideration received. The share premium account may be used for certain purposes specified by UK law, including to write
off expenses incurred on any issue of shares and to pay fully paid bonus shares. The share premium account is not distributable
but may be reduced by special resolution of the Company’s ordinary shareholders and with court approval.
Hedging reserve
The hedging reserve comprises the effective portion of the cumulative net change in the fair value of hedging instruments used
in cash flow hedges pending subsequent recognition in profit or loss or directly included in the initial cost or other carrying amount
of a non-financial asset or non-financial liability. The reserve is £nil at 31 May 2023 as the hedging instrument has now expired.
Merger reserve
The merger reserve arose in 2015 from the acquisition of Accumuli plc through a share-for-share exchange in part consideration
for the business.
Currency translation reserve
The results of overseas operations are translated at the average foreign exchange rates for the year, and their balance sheets are translated
at the rates prevailing at the Balance Sheet date. Exchange differences arising on the translation of opening net assets and results of
overseas operations are recognised in the currency translation reserve. All other exchange differences are included in the Income Statement.
Retained earnings
Retained earnings for the Group are made up of accumulated reserves.
For the Company, retained earnings are made up of accumulated reserves and are considered distributable reserves.
208
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023
�28 Profit attributable to members of the Parent Company
The profit for the year dealt with in the accounts of the Parent Company was £17.5m (2022: £20.0m).
29 Other financial commitments
Non-cancellable lease rental costs are payable as follows:
Within one year or less
2023
2022
Land and
buildings
£m
Other
£m
Land and
buildings
£m
—
—
—
Other
£m
0.1
The lease commitments disclosed above represent short-term (less than one year) leases only, for which the Group has taken
the exemption from accounting for under IFRS 16.
30 Contingencies
There are no contingent liabilities not provided for at the end of the financial year (2022: £nil). Similarly, there are no contingent assets
(2022: £nil).
31 Pension scheme
The Group operates a defined contribution pension scheme that is open to all eligible colleagues. The pension cost charge for
the year represents contributions payable by the Group to the fund and amounted to £6.3m (2022: £5.1m).
For the Company, the pension cost charge for the year represents contributions payable by the Company to the fund and amounted
to £nil (2022: £nil).
32 Related party transactions
Management has defined that related party transactions are that with key management personnel members only.
Key management personnel have been assessed to be the Group’s Board of Directors. During the year ended 31 May 2023 there
were nine (2022: seven) key management personnel. The compensation paid or payable to key management for employee services
is shown below:
Salary costs (including bonus)
Social security costs
Pension costs
Share-based payments
Total
* Represented to present social security costs separate from salary costs.
There were no other related party transactions identified during the year.
33 Investments in subsidiary undertakings
Company
At 1 June 2021
Increase in subsidiary investment for share-based charges
Investment in subsidiary undertakings
At 31 May 2022
Increase in subsidiary investment for share-based charges
At 31 May 2023
Group
2023
£m
1.8
0.3
—
0.2
2.3
Group
2022 *
£m
Company
2023
£m
Company
2022
£m
1.5
0.3
—
0.4
2.2
—
—
—
—
—
—
—
—
Shares in Group
undertakings
£m
151.8
3.9
121.2
276.9
2.2
279.1
On 26 May 2022, the Company acquired 121,205,727 ordinary shares of £0.01 in NCC Group Holdings Limited for a consideration
of £121,205,727 and was settled through an intercompany loan.
The increase in subsidiary investment for share-based charges represents IFRS 2 ‘Share-based Payments’ charges in respect
of subsidiaries which will not be recharged.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
209
Financial statements
�33 Investments in subsidiary undertakings continued
Fixed asset investments are recognised at cost.
The undertakings in which the Company has a 100% interest at 31 May 2023 are as follows:
Subsidiary undertakings
Country of incorporation Principal activity
Registered office
NCC Group Holdings Limited
England and Wales
Holding company
XYZ Building, 2 Hardman
Boulevard, Spinningfields,
Manchester M3 3AQ (XYZ 1)
NCC Group (Solutions) Limited
NCC Group Corporate Limited
NCC Group Finance Limited
England and Wales
Holding company
XYZ 1
England and Wales
Corporate cost centre XYZ 1
England and Wales
Financing company
The National Computing Centre Limited
England and Wales
Dormant
NCC Group Software Resilience Limited
England and Wales
Holding company
NCC Group Software Resilience (UK) Limited
England and Wales
Holding company
NCC Services Limited
NCC Group Escrow Limited
England and Wales
Software Resilience
England and Wales
Dormant
NCC Group Software Resilience (Europe) BV
Netherlands
Holding company
NCC Group GmbH
Germany
Software Resilience
NCC Group Deutschland GmbH
Germany
Cyber Security 4
NCC Group Escrow Europe BV
Netherlands
Software Resilience
NCC Group Escrow Europe (Switzerland) AG
Switzerland
Software Resilience
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
Barbara Strozzilaan 101, 1083HN
Amsterdam, Netherlands
c/o Deloitte Legal
Rechtsanwaltsgesellschaft mbH,
Rosenheimer Platz 6, 81669,
Munich, Bavaria, Germany
Leopoldstrasse Business Centre
GmbH, Konrad-Zuse-Platz 8,
81829, Munich, Germany
Barbara Strozzilaan 101, 1083HN
Amsterdam, Netherlands
Ibelweg 18A, 6300 Zug,
Switzerland
NCC Group Software Resilience (MEA-APAC) Limited England and Wales
Holding company
XYZ 1
NCC Group FZ-LLC
United Arab Emirates Software Resilience
Dquarters, Building 16, unit EO30,
DIC5, Dubai Internet City, Dubai,
United Arab Emirates
NCC Group Cyber Security Limited
England and Wales
Holding company
NCC Group Cyber Security (UK) Limited
England and Wales
Holding company
NCC Group Security Services Limited
England and Wales
Cyber Security 4
NCC Group Audit Limited
ArmstrongAdams Limited
England and Wales
Cyber Security 4
England and Wales
Cyber Security 4
NCC Group Signify Solutions Limited
England and Wales
Cyber Security 4
NCC Group Accumuli Security Limited
England and Wales
Cyber Security 4
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
XYZ 1
NCC Group Cyber Security (Europe) BV
NCC Group A/S
Netherlands
Denmark
Holding company
Fox-IT 3
Cyber Security 4
NCC Group Cyber Portuguesa, Unipessoal, LDA
Portugal
Cyber Security 4
NCC Group Security Services Espana SLU
Spain
Cyber Security 4
Cyber Security Sweden AB
Sweden
Cyber Security 4
Fox-IT Holding B.V.
Netherlands
Holding company
Fox-IT Group B.V.
Fox-IT B.V.
Fox-IT Operations B.V.
Fox Crypto B.V.
Netherlands
Netherlands
Netherlands
Netherlands
Holding company
Cyber Security 4
Dormant
Cyber Security 4
NCC Group Cyber Security (APAC) Limited
England and Wales
Holding company
Fox-IT 3
Fox-IT 3
Fox-IT 3
Fox-IT 3
XYZ 1
210
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Lautruphøj 1, 2750 Ballerup,
Denmark
Av. António Augusto de Aguiar
nº 19 – 4º, 1050-012 Lisboa,
Portugal
Plaza Manuel Gómez Moreno,
número 2, Edificio Alfredo Mahou,
planta 19ª, letra B, 28020,
Madrid, Spain
c/o Advokatfirman Delphi,
P.O. Box 1432, 111 84 Stockholm
Olof Palmestraat 6, 2616 LM Delft,
Netherlands (Fox-IT 3)
Notes to the Financial Statements continuedat 31 May 2023�33 Investments in subsidiary undertakings continued
Subsidiary undertakings
Country of incorporation Principal activity
Registered office
NCC Group Pte Limited
Singapore
Cyber Security 4
NCC Group Pty Limited
Australia
Cyber Security 4
NCC Group Japan KK
Japan
Cyber Security 4
Unit #10-09 PLUS Building,
20 Cecil Street, Singapore
(049705)
Suite 23.01, Level 23,
45 Clarence Street, Sydney,
NSW 2000
Level 18, Yesibu Garden Place
Tower, 4-20-3 Ebisu Shibuya-Ku,
Tokyo
650 California Street, Suite 2950,
San Francisco, CA 94108, USA
(North America HQ 2)
NCC Group (Americas) Inc.
NCC Group, LLC
NCC Group Cyber Security (Americas), LLC
NCC Group Security Services, Inc.
NCC Group Secure Registrar, Inc.
NCC Group Domain Services, Inc.
USA
USA
USA
USA
USA
USA
Holding company
Software Resilience
and central/head office
costs
North America HQ 2
Holding company
North America HQ 2
Cyber Security 4
North America HQ 2
Domain services
North America HQ 2
Domain services
North America HQ 2
NCC Group Security Services Corporation
Canada
Cyber Security 4
Suite 2700, The Stack,
1133 Melville St,
Vancouver, BC V6E 4E5
Payment Software Company, Inc.
USA
Cyber Security 4
North America HQ 2
Payment Software Company Limited
England and Wales
Cyber Security 4
XYZ 1
NCC Group Software Resilience (Americas), LLC
NCC Group Escrow Associates, LLC
NCC Group Software Resilience (NA), LLC
USA
USA
USA
Holding company
North America HQ 2
Software Resilience
North America HQ 2
Software Resilience
North America HQ 2
Fox-IT Belgium B.V.
Belgium
Cyber Security 4
Silversquare, Antwerp Tower,
Frankrijklei 5, 2000 Antwerp,
Belgium
The undertakings in which the Company holds less than a 100% interest at the year end are as follows:
Undertaking
Deposit AB
% interest
Country of incorporation
Principal activity
24%
Sweden
Software Resilience
The Directors consider the above ownership structure to give rise to no significant influence over the undertaking. There is no Board
representation, and the Group has no power to participate in the operating and financial policy decisions of the undertaking.
Accordingly, the undertaking of Deposit AB has not been consolidated.
1 2 Hardman Boulevard, Spinningfields, Manchester M3 3AQ.
2 650 California Street, Suite 2950, San Francisco, CA 94108, USA.
3 Olof Palmestraat 6, 2616 LM Delft, Netherlands.
4 Formerly Assurance.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
211
Financial statements�34 Disposals
On 31 December 2022, the Group completed the planned disposal of its DDI business for consideration of £5.8m. Of this amount, £3.8m,
is contingent on the novation of certain customer contracts. The assets and liabilities included as part of the disposal were as follows:
Attributable goodwill
Trade and other receivables
Trade and other payables
Net assets disposed of
Consideration
Transaction costs
Gain on disposal
Satisfied by:
Cash and cash equivalents
Contingent consideration
Consideration
2023
£m
(1.0)
(1.2)
1.2
(1.0)
5.8
(0.1)
4.7
2.0
3.8
5.8
35 Acquisitions
Prior period acquisition of IPM business
On 1 June 2021, shareholder approval was passed for the acquisition of the IPM business of Iron Mountain, comprising substantially
all of the assets of Iron Mountain Intellectual Property Management, Inc. together with certain other assets of affiliates of Iron Mountain
exclusively related to the IPM business. The primary reasons for the business combination are to:
• Scale-up the Group’s core business to create a global business and platform for further growth
• Generate revenue synergies through allowing the enlarged division to offer NCC Group broader suite of established verification
services as well as the newer Escrow-as-a-Service (EaaS) cloud offering to the IPM business’s existing customer base
• Present an exciting new opportunity to sell NCC Group Cyber Security 2 services into the IPM business’s broad and blue-chip
customer base in the medium term
• Be accretive to earnings per share from completion, even without factoring in revenue synergies
• Result in greater strategic strength for the future
Management considers shareholder approval of the transaction determines a change in control and therefore the date of shareholder
approval is considered to be the acquisition date for the transaction. Shareholder approval was granted on 1 June 2021 and the IPM
Software Resilience business has been consolidated into the Group results from that date (see Note 3). Transfer of consideration for
the acquisition was made on 7 June 2021, which is commonly referenced within these Financial Statements as being the date of
practical completion of the transaction.
Details of assets acquired that are subject to fair value adjustments are noted below. The acquisition for an original total consideration
of $220.0m was subsequently adjusted during the year ended 31 May 2022 to $216.1m (£152.0m) to reflect a normalised working capital
adjustment of $2.7m and a final positive net working capital adjustment of $1.2m. The acquisition was funded through an equity net placing
of £70.2m ($98.4m) on 17 May 2021 combined with a new three year $70m term loan and the remaining $47.7m funded via existing cash
balances and our revolving credit facility. The term loan was entered into on 12 May 2021 but not drawn down until 2 June 2021.
The fair value of assets and liabilities acquired can be summarised as follows:
Identifiable intangible assets: (Note 12):
Customer relationships
Computer software
Right-of-use assets
Trade and other receivables
Trade and other payables
Deferred income
Lease liabilities
Deferred tax liability
Total identifiable assets acquired, and liabilities assumed
Goodwill
Total consideration
Satisfied by:
Cash
2 Formerly Assurance.
212
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Fair value
£m
91.4
1.2
0.2
3.8
(0.2)
(12.1)
(0.2)
(0.7)
83.4
68.6
152.0
152.0
Notes to the Financial Statements continuedat 31 May 2023
�35 Acquisitions continued
Prior period acquisition of IPM business continued
No cash was acquired as part of the acquisition.
Total costs directly attributable to the acquisition of the IPM business totalling £8.5m have been expensed to Individually Significant
Items during the year ended 31 May 2021 (£7.6m) and the year ended 31 May 2022 (£0.9m). Issue costs of £2.4m were incurred as part
of the equity placing and have been debited to the share premium account in the year ended 31 May 2021.
The fair value of the financial assets includes trade receivables with a fair value of £3.8m and a gross contractual value of £5.2m.
The goodwill of £68.6m arising from the acquisition consists of the know-how and expertise of the employees transferred to NCC Group
plc as part of the acquisition, the future economic benefit arising from the aligning of customers’ existing products with the Group’s
products, and it’s fit with existing operations. Goodwill is expected to be deductible for income tax purposes.
There is a contingent consideration arrangement that requires amounts to be repaid to NCC Group plc in the event that certain
customers terminate their contractual agreements as a result of the change in ownership. The fair value of the contingent consideration
potentially due to NCC Group plc is considered to be £nil by management. This fair value was estimated based on comparing the
expected number of customers likely to terminate their contractual arrangements as a result of the change in ownership to the threshold
for repayment to NCC Group plc. On 31 May 2023, no further information has become available that suggests the fair value of this
contingent consideration will be greater than £nil.
During the year ended 31 May 2022, a final working capital adjustment had been agreed with the vendor resulting in an amount of
£0.8m being returned to the Group and giving rise to a decrease in the fair value of consideration of £0.8m to £152.0m. This adjustment
leads to a decrease in goodwill of £0.8m. Additionally, management has identified new information in respect of the opening provision for
expected credit losses and has subsequently decreased the fair value of acquired trade and other receivables by £0.8m to £3.8m.
This adjustment leads to an increase in goodwill of £0.8m. On this basis, goodwill of £68.6m remains unchanged from that reported
for the period ended 30 November 2021.
The IPM business contributed £20.2m of the Group’s revenue, £15.6m to the Group’s gross profit and £8.6m operating profit for the
period between the date of acquisition (1 June 2021) and 31 May 2022.
Measurement of fair values
Assets acquired
Computer software
As there is no active market for such bespoke intangible assets a cost approach has been taken to
value computer software acquired based on the cost to recreate the assets. The fair value is based on
the estimated time required by appropriately skilled individuals to recreate such assets.
Customer relationships
The valuation approach taken is the income approach, specifically the multi-period excess earnings
method (MEEM). The fundamental principle underlying the MEEM is isolating the net earnings
attributable to the asset being measured. There are three key steps in calculating the MEEM:
1. Projecting financial information including cash flows, revenue, expenses, etc. for the IPM
business acquired.
2. Subtracting the cash flows attributable to all other assets through a contributory asset charge (CAC).
The CAC is a form of economic rent for the use of all other assets in generating total cash flows that
is composed of the required rate of return on all other assets and an amount necessary to replace
the fair value of certain contributory intangible assets.
3. Calculating the cash flows attributable to the intangible asset subject to valuation and discounting
them to present value. Cash flows are forecast through to FY28 and taken into perpetuity beyond
this date. Cash flow forecasts include a level of growth in revenue in addition to specific growth
synergies expected from the aligning of IPM customers’ existing products with the Group’s products
and IPM’s fit with existing operations. Cash flow forecasts include a level of customer attrition based
on historical experience of IPM customer termination rates.
Both the amount and the duration of the cash flows are considered from a market participant’s perspective.
Lease liabilities
The Group measured the acquired lease liabilities using the present value of the remaining lease
payments at the date of acquisition.
Right‑of‑use assets
The right-of-use assets were measured at an amount equal to the lease liabilities. No significant
judgements have been identified as part of this assessment.
Deferred income
The fair value of the deferred revenue liability has been calculated using a top-down approach.
This approach relies on market indicators of expected revenue for any obligation yet to be delivered
with appropriate adjustments. This approach starts with the amount that an entity would receive in
a transaction, less the cost of the selling effort (which has already been performed) including a profit
margin on that selling effort.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
213
Financial statements�35 Acquisitions continued
Measurement of fair values continued
The valuation of purchase price accounting is a key source of estimation uncertainty, in which there are several key assumptions
where, if a reasonably possible change in assumption is made, this could result in a material adjustment.
A description of the key assumptions and possible sensitivities are provided below:
Description of key assumption
Reasonably possible scenario
Impact
The valuation of the customer relationships
intangible asset of £91.4m assumes a
discount rate of 10.7% driven by the internal
rate of return implied by the consideration
paid for the acquired business.
It is considered reasonably possible
that this discount rate could be 1%
higher or lower depending on the
expected performance of the
business post-acquisition.
The valuation of the customer relationships
intangible asset of £91.4m includes an
estimate of a level of growth of the revenue
generated from that customer base, post-
acquisition. The forecasts used assume that
revenue (excluding synergies) will increase
incrementally to a maximum of a 3.7% annual
increase in FY25 before returning to levels
more consistent with the US long-term
inflationary growth rate in FY26 and beyond.
It is considered reasonably
possible that this growth rate
does not exceed an inflationary
US long-term inflationary growth
rate of 2%.
The impact of increasing the discount rate by 1%
would be to reduce the value of the customer
relationship intangible asset by £6.0m with a
corresponding increase in the value of goodwill
arising on acquisition. The amortisation on acquired
intangibles charged to the Income Statement for the
year ended 31 May 2022 would reduce by £0.6m.
The impact of decreasing the discount rate by 1%
would be to increase the value of the customer
relationship intangible asset by £6.8m with a
corresponding decrease in the value of goodwill
arising on acquisition. The amortisation on acquired
intangibles charged to the Income Statement for the
year ended 31 May 2022 would increase by £0.6m.
The impact of this scenario is to reduce the value
of the customer relationship intangible asset by
£3.1m with a corresponding increase in the value
of goodwill arising on acquisition. The amortisation
on acquired intangibles charged to the Income
Statement for the year ended 31 May 2022 would
reduce by £0.4m.
Prior period acquisition of Adelard business
On 20 April 2022, shareholder approval was passed for the acquisition of substantially all of the assets of Adelard LLP for £3m. This gave
rise to goodwill of £1.1m, intangible assets of £1.3m, right of use assets of £0.2m, trade receivables and other receivables of £0.9m and
current liabilities of £0.5m.
Consideration payable of £3.0m is represented by £1.0m cash paid on completion and a further contingent consideration (dependent
on novation of contracts and FY23 revenue performance) of £1.9m (discounted). At 31 May 2023, a further £1.0m cash consideration
had been paid following the successful novation of certain sales contracts.
Adelard is a Cyber Security2 expert in high value critical systems for national and industrial infrastructure and its services
are complementary to the Group.
36 Post balance sheet events
In line with the Group’s next chapter strategy, during September 2023, the Group issued external marketing material to potentially
dispose of an element of the Europe Cyber Security2 CGU as it is considered non-core to the Group.
37 Audit exemption
The subsidiary undertakings listed below are exempt from the Companies Act 2006 requirements relating to the audit of their
individual accounts by virtue of Section 479A of the Act as this company has guaranteed the subsidiary company under Section 479C
of the Act.
Company name
Payment Software Company Limited
NCC Group Cyber Security Limited
NCC Group Cyber Security (UK) Limited
NCC Group Cyber Security (APAC) Limited
NCC Group Audit Limited
NCC Group Signify Solutions Limited
NCC Group Finance Limited
Principal activity
10059024
13287219
13294277
13294684
04323323
03915262
13350193
The Directors acknowledge their responsibility for complying with the requirements of the Companies Act 2006 with respect to
accounting records and preparation of accounts.
2 Formerly Assurance.
214
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
Notes to the Financial Statements continuedat 31 May 2023�ADDITIONAL INFORMATION
Glossary of terms – other terms
Other terms
Code
Adjusted
Adjusted earnings
Definition and usage
Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how
companies should be governed, applicable to UK-listed companies including NCC Group plc.
Any result described as adjusted excludes the impact of Individually Significant Items, and any
tax on any of these items.
Adjusted earnings are defined as statutory earnings before amortisation of acquisition
intangibles, Individually Significant Items and the share-based payments charge, net of the
tax effect of these items.
Adjusted operating profit margin1
Calculated as Adjusted operating profit divided by revenue from continuing activities.
AGM
Annual General Meeting of shareholders of the Company held each year to consider ordinary
and special business as provided in the Notice of AGM.
Alternative Performance Measure
(APM)
An Alternative Performance Measure (which is denoted in each case or use thereof
by a footnote) is a non-GAAP performance metric used by management either internally
or externally to present management’s view of the underlying business performance.
They are not superior to GAAP-based measures and are simply an alternative way of looking
at performance. See Note 3 for further information.
Board
The Board of Directors of the Company (for more information see pages 88 and 89).
Cash conversion ratio1
Calculated as cash generated from operating activities before interest and taxation divided by
Adjusted EBITDA1, expressed as a percentage.
CDO
CEO
CFO
CISO
Cyber Defence Operations.
Chief Executive Officer.
Chief Financial Officer.
Chief Information Security Officer.
Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual
Company, or to NCC Group plc and its subsidiaries collectively.
CPO
CTO
Chief People Officer.
Chief Technology Officer.
Directors, Executive Directors and
Non-Executive Directors
The Directors/Executive Directors and Non-Executive Directors of the Company whose names
are set out on pages 88 to 90 of this report.
EBIT
Earnings before interest and tax.
EBIT margin %
EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue.
EBITDA
Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit
before Individually Significant Items and adding back depreciation and amortisation charged.
EBITDA margin %
EBITDA divided by revenue.
EPS
FCA
Earnings per share. Profit for the year attributable to equity shareholders of the Parent
allocated to each ordinary share.
Financial Conduct Authority.
Financial year
For NCC Group this is an accounting year ending on 31 May.
FRC
Financial Reporting Council.
Free cash flow
Net cash from operating activities less net capital expenditure and acquisition costs.
FRS
FVLCTS
A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC).
Fair value less costs to sell.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
215
Additional information �Glossary of terms – other terms continued
Other terms
Gross profit
Definition and usage
Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads
that are supporting the business as a whole as opposed to a specific revenue item.
Gross margin %/GM %
Calculated as gross profit divided by revenue from continuing activities.
HMRC
IAS or IFRS
Individually Significant Items
KPMG
LTIP
MD
MDR
Net debt1
His Majesty’s Revenue & Customs, the tax collecting authority of the UK.
An International Accounting Standard or International Financial Reporting Standard, as issued
by the International Accounting Standards Board (IASB). IFRS is also used as the term to
describe international generally accepted accounting principles as a whole.
Items that the Directors consider to be material in nature, scale or frequency of occurrence
that need to be excluded when calculating some non-statutory performance measures in
order to allow users of the Financial Statements to gain a full understanding of the underlying
business performance. See Note 5 for further information.
The Company’s external auditor, KPMG LLP.
Long Term Incentive Plan established to align the interests of senior and executive
management with those of shareholders. The plan is formally known as the NCC Group Long
Term Incentive Plan 2013 (approved by shareholders in 2013).
Managing Director.
Managed Detection and Response.
Total borrowings offset by cash and cash equivalents.
Ordinary shares
Voting shares entitling the holder to part ownership of a company.
SAYE/Sharesave
Save As You Earn, being a tax efficient scheme to encourage colleague share ownership.
Software Resilience
Software Resilience represents our escrow resilience services.
Subsidiary
A company or other entity that is controlled by NCC Group.
TSC
TSR
Technical Security Consulting.
Total shareholder return, which is share price growth plus dividends reinvested (where
applicable) over a specified period of time, divided by the share price at the start of the period.
1
Revenue growth at constant currency, Adjusted EBITDA, Adjusted operating profit, Adjusted EPS, cash conversion, net debt and net debt excluding lease
liabilities are APMs and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
216
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�Other information
Directors
Chris Stone
– Non-Executive Chair
Mike Maddison
– Chief Executive Officer
Guy Ellis
– Chief Financial Officer
Chris Batterham – Independent Non-Executive Director
Julie Chakraverty – Senior Independent Non-Executive Director
Jennifer Duvalier – Independent Non-Executive Director
Mike Ettling
– Independent Non-Executive Director
Lynn Fordham
– Independent Non-Executive Director
Company Secretary
Jonathan Williams
Registered Group and Company head office
XYZ Building
2 Hardman Boulevard
Spinningfields
Manchester
M3 3AQ
Registered number
4627044
Registered in England and Wales
Joint brokers and corporate finance advisers
Jefferies International Limited
100 Bishopsgate
London
EC2N 4JL
Peel Hunt LLP
Moor House
120 London Wall
London
EC2Y 5ET
Auditor
KPMG LLP
1 St Peter’s Square
Manchester
M2 3AE
Solicitors
DLA Piper UK LLP
1 St Peter’s Square
Manchester
M2 3DE
Registrar
Equiniti
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
Bankers
HSBC UK Bank plc
2nd Floor
4 Hardman Square
Spinningfields
Manchester
M3 3EB
National Westminster Bank plc
1 Hardman Boulevard
Manchester
M3 3AQ
ING Bank N.V. London Branch
8–10 Moorgate
London
EC2R 6DA
Fifth Third Bank
National Association
38 Fountain Square Plaza
Cincinnati
OH 45263
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
217
Additional information �Financial calendar
Ex-dividend date
Record date
AGM
Dividend payment date
2024 half year end
2024 interim statement
2024 year end
9 November 2023
10 November 2023
30 November 2023
8 December 2023
30 November 2023
1 February 2024
31 May 2024
2024 year end trading pre-close statement
June 2024
2024 preliminary year end statement
September 2024
These dates are provisional and may be subject to change.
218
NCC Group plc — Annual report and accounts for the year ended 31 May 2023
�NCC Group plc’s commitment to environmental issues is reflected in this
Annual Report, which has been printed on Magno Satin, an FSC® certified
material.
This document was printed by Geoff Neal using its environmental print
technology, which minimises the impact of printing on the environment,
with 99% of dry waste diverted from landfill. Both the printer and the
paper mill are registered to ISO 14001.
��