NCC Group plc Annual report and accounts for the period ended 30 September 2024
Annual report and accounts
for the period ended 30 September 2024
Focusing on
client needs
We have made great progress over the past 18 months, transforming
the business by focusing on client needs while building the Group’s
resilience. Our more focused Cyber Security business returned to
growth in the second half to May 2024, with improved sources of
recurring revenue with Managed Services performing well, and our
Escode business building a track record of growth. We are pleased
to see this strategic progress coming through in improved gross
margin and Adjusted EBITDA – a key priority for the Group.
We continue to focus on our client-centric strategy and
notwithstanding macroeconomic factors outside of our control,
weexpect to grow in the current financial year and remain confident
in delivering our medium-term financial goals. An ever-increasing
threat landscape, rapidly evolving technology such as AI, digital
adoption and a rise in regulation across the world creates multiple
growth drivers for both our Escode and Cyber businesses, and we
continue to enhance our capabilities and
improve our routes to market to ensure we
are the go-to choice for organisations and
governments as they build and enhance
their cyber resilience.”
Mike Maddison
Chief Executive Officer
In this report
NCC Group is a people-powered, tech-enabled global
Cyber Security and software escrow business. We harness
our collective insight, intelligence and innovation to power
end-to-end cyber services that protect our clients from
cyber threat.
Strategic report
1 Highlights for the period ended
30 September 2024
2 At a glance
4 Chair’s statement
6 CEO’s review
8 Our business model
10 Market outlook
12 Our strategy at a glance
14 Stakeholder engagement
16 Sustainability
29 Risk management
39 Viability statement
40 Financial review
Governance
52 Chair’s introduction to governance
55 Governance framework
56 Board of Directors
58 Board composition and division
of responsibilities
66 Shareholder engagement
67 Audit Committee report
74 Nomination Committee report
77 Cyber Security Committee report
79 Remuneration Committee report
101 Directors’ report
105 Directors’ responsibilities statement
Financial statements
106 Independent auditors’ report
112 Consolidated income statement
112 Consolidated statement
of comprehensive income
113 Consolidated balance sheet
114 Consolidated cash flow statement
115 Consolidated statement of changes
in equity
116 Company balance sheet
117 Company statement of changes
in equity
118 Notes to the Financial Statements
Additional information
174 Glossary of terms – other terms
176 Other information
IBC Financial calendar
Intelligence
Insight
Innovation
It’s in our DNA
It’s what makes us different. A part of who we are
that underpins everything we do.
View our latest results: nccgroupplc.com
Highlights for the period ended 30 September 2024
1 Revenue at constant currency, Adjusted EBITDA, Net (debt)/cash excluding lease liabilities, Adjusted operating profit and Adjusted EPS are APMs and not IFRS
measures. See Note 3 for an explanation of APMs and adjusting items. Further information is also contained within the Financial Review on pages 40 to 51.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APMs, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of amortisation of acquisition
intangibles and share-based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
3 (Loss)/profitbeforetaxationisafteranimpairmentof£31.9minrelationtotheNorthAmericaCybersecuritybusinessduetoitshistoricalperformance.
Headlines
Revenue
(£m)
£429.5m
Net (debt)/cash excluding lease liabilities
1
(£m)
£(45.3)m
Adjusted operating profit (restated)
2
(£m)
£22.3m
Adjusted EPS (restated)
2
(p)
3.4p
Basic EPS
(p)
(10.4)p
270.5
22
22 22 22
22 22
20.5 2.5
9.6 2.3
263.7
21
21 21 21
21 21
(27.5) (10.4)
20
20 20 20
20 20
24
24 24 24
24 24
429.5
(49.6)
(52.4)
16.6 2.8
(1.5)
23
23 23 23
23 23
314.8
335.1
83.3 30.0
35.6
7.0
7.7
14.8
31.0 7.4
3.6
(Loss)/profit before taxation
3
(£m)
£(27.5 )m
IFRS measures
Alternative Performance Measures
•
Strategic execution is transforming the business, with improved
grossmarginsandAdjustedEBITDA
1,2
margins
•
Groupgrossmarginimproved+2.0%ptsto41.4%in12months
to31May2024and+6.5%ptsto42.2%infour-monthperiodto
30 September 2024
•
CyberSecuritygrossmarginimproved+2.4%ptsto34.2%
inthe12monthsto31May2024and9.5%ptsto35.5%in
the four-month period to 30 September 2024 compared to
the 4-month period to 30 September 2023 driven by
continued efficiencies
•
Escodegrossmargindeclined1.6%ptsto69.8%inthe
12monthsto31May2024and3.1%ptsto68.4%inthe
four-month period to 30 September 2024 due to investment
in the sales team for future growth
•
GroupAdjustedEBITDA
1,2
marginimproved+1.3%ptsto13.0%
inthe12monthsto31May2024and+7.1%ptsto9.0%inthe
four-month period to 30 September 2024
•
Unaudited proforma 12 months trading to 30 September 2024
(including non-core disposals) shows similar improvements in
CyberSecuritygrossmarginsandGroupAdjustedEBITDA
1,2
•
Cyber Security gross margin in H2 September 2024
improved+9.2%ptsto37.5%
•
GroupAdjustedEBITDA
1,2
marginimproved+5.5%ptsto
15.1%(£49.7m)
•
CyberSecurityreturnedtoconstantcurrency
1
revenue growth
of+6.0%inthe6monthsended31May2024(actualrates
+4.7%)againstthecomparablepriorperiod(sixmonthsto
31May2023).CyberSecurityrevenueatconstantcurrency
1
declinedforthe12monthsended31May2024by2.2%(actual
rates(4.5%)).Thefour-monthperiodto30September2024
experiencedrevenuegrowthof+7.6%atconstantcurrency
1
(actualrates+6.0%)
•
Escode has now delivered sustained revenue growth through
seven quarters and the four-month period to September 2024
•
The Group has a strong pipeline of opportunities, and
management is pleased with the foundations put in place through
strategic actions taken in the period. In line with the wider market,
the Group has recently seen a lengthening of sales cycles, in
particular across the Cyber business, compared to H2 to May
2024 and also the four-month period to September 2024. In spite
of this, management expects to deliver profitable growth across
both businesses in the current financial year to 30 September
2025, with flat to low single digit revenue growth and modest
Group Adjusted EBITDA gains (after adjustment for the non-core
disposals and share-based payments) and remains confident in
delivering the Group’s medium-term financial goals
(4.2)
(4.3)
(45.3) 22.3 3.4
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 1
Strategic report
At a glance
We protect the development, supply and use of
business critical IP, technology and software
applications ensuring:
•
Buyers are safeguarded from supplier failure, software
vulnerabilities and unforeseen technology disruption
•
Clients have confidence in the business continuity
and risk mitigation of on-premise and/or cloud
software solutions
•
Security of long-term availability of business critical
software data and applications
•
Verification of the software held in escrow can
be replicated from the original source should it ever
be needed
NCC Group is made up of two distinct businesses – Cyber Security and our software
escrow business, Escode – both working with the world’s leading companies and
governments, operating across multiple sectors, geographies and technologies.
We demystify cyber and ensure clients:
•
Understand the cyber threats and vulnerabilities
across their technology environments, supply chains,
processes and products
•
Maintain their licence to do business, having achieved
their governance, compliance and accreditation
objectives in a changing regulatory environment
•
Materially improve their resilience against ever-
increasing cyber threats by implementing remediation
plans and solutions
•
Reduce risk and achieve greater resilience for
less investment
•
Can improve their cyber defence operations and
increase their confidence in detecting and responding
to cyber events
What we do
Cyber Security Escode
The trend of technological change within increasingly complex, connected ecosystems means cyber threats continue to evolve and
grow at pace, as does the risk of disruption posed by failure in the supply chain.
We bring decades of experience and expertise to help our clients be proactive in resilience and counteract threats, manage disruption
as usual and comply and prepare for the ever-expanding regulations relevant to their business.
We are driven by a collective purpose – working together to help create a more secure digital future.
For more information visit our Cyber Security website:
nccgroup.com
For more information visit our Escode website:
escode.com
NCC Group plc —Annualreportandaccountsfortheperiodended30September20242
Group revenues
UK and Asia Pacific
£209.8m
(2023: £144.2m)
North America
£136.2m
(2023: £133.8m)
Europe
£83.5m
(2023: £57.1m)
We operate as one global business, with in-country delivery tailored to local needs and
cultures, as well as a global delivery team to respond quickly to our clients’ challenges.
We have a significant market presence in the UK, Europe and North America, and a growing footprint in Asia Pacific, with
offices in Australia and Singapore, and our new office in Manila, the Philippines.
Our offices
Key:
Where we operate
Cyber Security revenue
£342.1m
(2023: £270.8m)
•
TechnicalAssuranceServices(TAS):£141.4m(2023:£142.9m)
•
ConsultingandImplementation(C&I):£55.2m(2023:£44.7m)
•
ManagedServices(MS):£91.8m(2023:£50.1m)
•
DigitalForensicsandIncidentResponse(DFIR):£20.6m(2023:£13.5m)
•
Other services: £33.1m(2023:£19.6m)
Escode revenue
£87.4m
(2023: £64.3m)
•
Escrow contracts: £57.2m(2023:£42.8m)
•
Verification services: £30.2m(2023:£21.5m)
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 3
Strategic report
Chair’s statement
Delivering value
Introduction
As Chair of NCC Group it is with pride that I report a solid period
of transformational performance both strategically and in
operational efficiency. The Board has focused on supporting
the NCC Group management team to rebuild confidence and
deliver sustainable shareholder value. Improvements in gross
margin (41.6%) are driven by increased utilisation through
rigorous resource allocation and planning, and overall
a more commercial approach to the business.
While moving from an international group of businesses to
a global business takes time, it is pleasing to see over the past
18 months, making progress to deliver even greater returns
and create an end-to-end value adding Cyber Security service
for clients.
Strategic progress
The decision to create two distinct businesses and dispose
of non-core assets has helped make NCC Group a simpler
business to understand, but also improved how we report
our results.
During the period we launched the newly branded software
escrow business as Escode, focusing on positioning this as
a standalone business within the Group – highlighting the
pioneering history of the service by NCC Group. This was
brought to life at NCC Group’s first ever Capital Markets event
in April at the London Stock Exchange in London. The Escode
management team shone a light for the first time on what
it does, how it does it and why the future is bright. With seven
quarters of growth and growth in our four month stub period,
and with further planned growth, it’s clear this business
is definitely back on track.
This event paved the way for a similar deeper dive into the
Managed Services business, a strategic growth opportunity
for the Group’s cyber offering. The hybrid event, hosted at
the London Stock Exchange, enabled over 60 investors and
analysts to interact with the management team and understand
the drivers of growth as well as the proposition for clients.
Of course, a highlight for the Group was the successful and
formal launch of our newest operations based in Manila, the
Philippines. The flawless execution of the plan, the calibre of
talent and the support of our clients and local partners have
given this the very best of starts. We’re seeing real growth at
this early stage and it’s quickly been embraced as part of the
wider Group.
We saw the disposal of the Fox Crypto business for a total
consideration of c.£66m to CR Group Nordic AB, which is now
expected in FY25 due to standard regulatory approvals and
the Fox DetACT business to DataExpert BV for a total gross
consideration of c. £8m, which completed on 30 April 2024.
These disposals enable the Fox business to focus on its core
Cyber Security services in Europe as part of the broader global
delivery operating model.
Further details on our strategy and business model are provided on
pages 12 and 13 and pages 8 and 9 respectively
Talent and culture
Last year was tough for everyone and, on behalf the Board,
I want to give my thanks to colleagues across the Group for
their passion and dedication and the significant role they’ve
played in driving our business forward. Client feedback and the
contracts that our teams are securing continue to demonstrate
the value of NCC Group’s technical expertise in both software
resilience and Cyber Security.
Internally we’ve seen engagement scores increase steadily
and the investments we are able to make now will continue
our drive to become the employer of choice.
Further details on our people are provided on page 18
Commitment to ESG
Sustainability is important to our clients, who trust us to help
secure their digital assets; it’s important to our colleagues,
who are critical to the value we bring to our clients; and it’s
important to our shareholders, who entrust their investments
to NCC Group. That is why we embed sustainability into how
we work – from our business strategy to our people policies
to our governance.
This period has seen an increased focus on both environmental
and social value. We’re preparing to map the Group’s transition
to net zero and contributing to the broader community social
value opportunities in addition to investing in the Group’s
people proposition.
4 NCC Group plc —Annualreportandaccountsfortheperiodended30September2024
Board and governance matters
It is the role of the Board to uphold the principles of the UK
Corporate Governance Code and how we do this is laid out on
pages52to66.IamresponsiblefortheleadershipofourBoard
and am pleased with the contribution we make, providing the
right level of challenge to the Executive Directors and broader
management team, and counsel where required.
Chris Batterham, one of our Independent Non-Executive Directors,
stepped down from the Board on 30 November 2023, after eight
and a half years’ service. On behalf of the Board, I would like to
thank Chris for his commitment and work over this time.
The Board made a number of key decisions this period in line with
corporate reporting best practice and the re-focusing of the Group.
After considering Financial Reporting Council best practice
guidance around the disclosure of adjusting items and APMs,
the Group reduced the number of adjusted measures and items.
The Group now only has one adjusted item, Individually
Significant Items. Previous adjusted items of amortisation of
acquisition intangibles and share-based payments are no longer
disclosed as adjusted items.
See Appendix 2 to the financial statements
To drive greater efficiency in our corporate reporting and audit
process, the Board changed the year end of the Group from
31 May to 30 September. As a result, the Group announced
H2 2024 results and the 12 months’ trading to 31 May 2024
on1August2024.Inaddition,the16months’tradingto
30 September was announced on 10 December 2024. To
support our continuing work to build good analyst relations,
a pro forma was issued to analysts to aid their modelling.
Earlier this year, alongside the Chair of the Group’s Remuneration
Committee and Non-Executive Director, Jennifer Duvalier, we
engaged eight of our top investors in proposals for our 2025
Remuneration Policy. The previous Policy was approved at the 2021
AGM with a three year life. Since that time, we have seen significant
change among our executive team, including the appointment of
Mike Maddison and Guy Ellis as CEO and CFO respectively, who
are leading the forward drive of the Group. In this context, the
Remuneration Committee felt it was important to test whether our
Policy on executive reward was fit for purpose in the medium to
longterm.Youcanreadmoreaboutthisonpages79to100.
Further details on our Board composition are provided on pages 58 to 65
Dividend
Totaldividendsof£14.5mwerepaidintheperiod(2023:£14.5m).
The Board is proposing a final dividend of 1.5p per ordinary share.
This is equivalent to the interim dividend previously paid albeit
for the final four month period ending 30 September 2024.
The final dividend of 1.5p per ordinary share, which, together
with the interim dividends of 3.15p and 1.5p per ordinary share
paid on 4 October 2024 and 15 March 2024 respectively, makes
atotaldividendof6.15pfortheperiodended30September2024.
The final dividend will be paid on 4 April 2025, subject to approval
attheAGMon28January2025,toshareholdersontheregisterat
the close of business on 21 February 2025. The ex-dividend date
is 20 February 2025.
Summary
Overall the Board is pleased with continuing progress and the
investments being made to build a sustainable future for this
business. The resilience of the management team and colleagues
is admirable and working together we are fully focused on
continuing to build shareholder value.
The strategy continues to serve us well, we are the world leader
in software escrow and we are well on our way to becoming the
leading independent Cyber Security provider globally. We do
not rest on our laurels; we continue to step forward, seeking
opportunities to realise efficiencies to improve the client
proposition and experience, and work towards being the
leading employer in our industry.
Finally, I would like to personally thank all of our clients who have
trusted us with such important work on their behalf, and also
thank all of our colleagues who have chosen to build their careers
with NCC Group. We do not take any of these relationships for
granted, and we are grateful for their continuing trust.
Chris Stone
Non-Executive Chair
10 December 2024
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 5
Strategic report
CEO’s review
Focusing on client needs
whilebuilding the
Group’sresilience
Market economics
Reflecting on our overall growth in the past financial period
we continue to focus on our client-centric strategy and
notwithstanding macroeconomic factors outside of our control,
we remain confident in delivering our medium-term financial
goals. As a proof point of the early part of our transformation
activities, our efforts to move from a group of disparate
international businesses delivering locally to clients into a global
operating model have driven efficiencies and importantly
sustainable gross margin improvement.
The successful implementation of our office in Manila and our
ability to attract and onboard fantastic talent there, has enabled
us to expand our global capability and offer more options to our
clients, and as a result, we are winning work we wouldn’t have
been able to bid on previously.
All of this is critical to create a more resilient business
particularly given the lengthening of sales cycles we are
currently experiencing, in line with the wider market.
Other market factors impacting revenue growth include:
•
Clients are looking for higher levels of assurance during their
procurement processes, which have greater scrutiny and
oversight from within organisations. Equally, certain clients
still require volume assurance activities, testing infrastructure
and applications at the appropriate price points.
•
As we move the balance of our business to higher value,
longer term contracts such as those in Managed Services,
there is typically a longer buying cycle than a standalone
service such as testing, which is more transactional in nature.
•
While spending has not stopped, we are seeing security
leaders compete for budget with other spending priorities in
their organisations and cyber security is not immune from the
cost pressures experienced by other departments. Equally
when business projects are suspended the security
component is impacted so the economic cycle remains
important in terms of demand drivers.
In the UK, for example, with a general election and then the
narrative relating to the new government’s budget, we have
seen a relative cooling in buying activity, and a resulting pause
in spend . In North America, Technology sector spending has
not returned to the levels seen during or immediately after the
Covid-19 pandemic, however while we are making progress into
other verticals which are at a lower spending scale than the
tech sector.
I’d like to start my review of the past 18 months with a tribute
to NCC Group’s colleagues around the world. The depth of
technical expertise in this business continues to be truly
inspiring and I know it’s valued by our clients too. As we
continue to go through, significant change, against a backdrop
of an ever evolving macro political and economic environment,
and the focus and determination to succeed of all our
colleagues is really at the heart of our progress.
I’m pleased our strategy to transform the business to make it
simpler and more agile is beginning to pay off. We are laser
focused on our clients, helping to create a more secure digital
future through the work we do across our cyber and software
escrow businesses. Our clients trust NCC Group with their
critical digital assets, and it’s something we will never be
complacent about.
As a result of greater commerciality within the organisation
and our increasingly global ways of operating, we achieved
the goals we set out in the financial framework at the start of
the period, delivering greater value at improved price points for
our clients. We delivered £10m of annualised savings, improved
our net debt position by divesting non-core assets in our Dutch
cyber business (with completion expected early in the new
calendar year) and finished the 16-month financial year with
a strong balance sheet – paving the way for future inorganic
growth investment when the right opportunity presents itself.
6 NCC Group plc —Annualreportandaccountsfortheperiodended30September2024
Market dynamics
In the past five years we have seen people continually look to
technology to detect and respond to cyber threats, with an
increasingly competitive market of providers for managed
services. In talking to clients, it’s becoming increasingly apparent
that tech or AI-only fatigue is setting in, and what they want is a
proven solution and access to experts – this we believe is an
opportunity for NCC Group as we go forward into 2025.
As revealed in our Digital Dawn report, governments around the
world are shifting responsibility for Cyber Security away from
end users onto the providers of the technology, infrastructure
and services that we all rely on. In particular, the US National
Cybersecurity Strategy has given rise to the commitment from
183companies,includingtechgiantsMicrosoft,AWSandCisco,
to build stronger security into their software from the start of
development (secure-by-design).
In the UK, the government has announced a new Code of Practice
for software vendors and an AI Cyber Security Code of Practice
(in consultation), developed in conjunction with industry experts
like NCC Group, that will help to ensure secure-by-design
principles are embedded in software and AI from the outset.
Lookingahead,theEU’sCyberResilienceAct(CRA)ispoised
for adoption. The CRA will be more ambitious than the recent
UK Product Security and Telecommunications Infrastructure
Regime(PSTI),introducingCyberSecurityrequirementsfora
substantial portion of hardware and software sold within the EU.
This includes risk assessments, vulnerability handling processes
and incident reporting.
Countries in the EU are also implementing the Network and
InformationSecurityDirective(NIS2)intonationallaws,which
will require more critical infrastructure sectors to comply with
strengthened cyber security and incident reporting
requirements. In addition, the US and Australia are taking similar
approaches, underscoring the international commitment to
safeguarding consumers from modern cyber risks.
What is key from all these developments is that whether you are
manufacturing or producing technology, including emerging
technologies such as AI, or owning and operating an increasing
spectrum of critical infrastructure, governments have
strengthened the cyber security requirements companies need
to adhere to, making it crucial to review and update security
programmes to future-proof investments.
Securing the digital future through our clients
In terms of how this plays out against our cyber proposition,
while Technical Assurance demand changes with less demand
for volume assurance, this is being replaced by requirements for
specialist skills such as Regulatory Testing or AI assurance as
well as growth in our other capabilities that we’ve strategically
invested in to create a full cycle offering for clients. The stand-out
is Managed Services, which we detailed at our Capital Markets
eventinJune2024,withIdentityandAccessManagement(IDAM)
and Operational Technology demand increasing. IDAM underpins
digital transformation and early signals are positive – with the rail
sector being a particularly strong sector for these services.
We continue to work with TikTok as their independent third-party
security provider of ongoing managed security services for
TikTok’s security gateways, performing real-time monitoring to
identify and respond to anomalous activity and helping to ensure
the continuous integrity of its security controls operations. This
again demonstrates how the Group can provide end-to-end
capabilities across the whole of the cyber lifecycle.
We’ve also expanded our routes to market through our partner
and alliance ecosystem, including SAFE Security, Cycognito and
Microsoft, as well as securing a global partnership with global
enterprise software company Splunk. This led to us being
awarded the 2024 Splunk Global Services Market Partner of the
Year award as well as the EMEA 2024 Regional Services Partner
of the Year award for exceptional performance and commitment
to the Splunk partnership.
Our software escrow business, which we rebranded to Escode
earlier this period, is less impacted by the market economics
affecting cyber. Contract sizes have always been much smaller,
although we have focused on addressing the lack of historical
pricing management, and while there is improvement in revenue
as a result of this, the growth is also driven through increased
verification services.
As outlined at the Escode Capital Markets event in April 2024,
our Escode investment case is clear and as a leading global
player in software escrow, the business is well positioned for
growth. The growth levers include adding further value to our
customer proposition, expanding into additional verticals (for
examplecriticalinfrastructure)andgeographies(Australia),
increasing awareness and education, working with regulators
to influence regulation globally and continuing to build out our
product offering.
Business performance
Ourstatutoryresultscomparea16-monthperiodtoa12-month
period following our change in year end and further details of
this performance can be found within the Financial Review.
If I turn to our recent trajectory and our unaudited four-month and
12-month periods to 30 September 2024, these show encouraging
results and demonstrate Escode revenue momentum and a return
to Cyber Security revenue growth. We have improved our Cyber
gross margins while experiencing a reduction in Escode gross
margins due to investment in the sales team for future growth.
All of this has translated to improved Group Adjusted EBITDA
margins, with the 12 months to 30 September 2024 obtaining
midteengroupmargin(+15.1%)inlinewithourmedium-term
ambitionssetout18monthsago.
Further details on our business performance are provided on pages 40
to 51
Moving into the next phase of our transformation
We are clear on what we need to do in each of our divisions as
we continue to simplify our business enabling us to deliver
profitable growth and sustainable gross margin improvement.
Outlook
The Group has a strong pipeline of opportunities, and
management is pleased with the foundations put in place through
strategic actions taken in the period. In line with the wider
market, the Group has recently seen a lengthening of sales
cycles, in particular across the Cyber business, compared to H2
to May 2024 and also the four-month period to September 2024.
In spite of this, management expects to deliver profitable growth
across both businesses in the current financial year to 30
September 2025, with flat to low single digit revenue growth and
modest Group Adjusted EBITDA gains (after adjustment for the
non-core disposals and share-based payments) and remains
confident in delivering the Group’s medium-term financial goals.
Mike Maddison
Chief Executive Officer
10 December 2024
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 7
Strategic report
Our business model
We draw on our expertise, capabilities and global footprint to develop solutions tailored
to sectors most at risk to meet current and future cyber and software resilience challenges.
We reset our strategy in February 2023 and continue to transform and evolve, focused on
and driven by our clients’ needs.
Read more on market outlook on pages 10 and 11
Sustainable growth strategy
In a fast-moving and complex environment,
our strategy puts clients’ needs first, with a
roadmap of investments designed to develop
future capabilities and a global delivery model
to provide clients with the best solution.
People powered, tech enabled
We are a diverse global community of talented
and creative individuals, working together and
united by the same goal – to make the digital
world safer and more secure.
Culture of innovation
Withourrootsstretchingbacktothe1990s
we have a track record of being at the cutting
edge of innovation. NCC Group was created
in1999whentheNationalComputingCentre
sold its commercial divisions to its existing
management; from there we continued to
grow through acquisitions. And while history
is important, so is the future, with innovation,
insights and intelligence the core elements
of our DNA.
Stronger partner relationships
We are active members of the global cyber
community, working in collaboration and in
partnership with key industry players. Many
successful global partnerships have delivered
integrated, seamless solutions to clients.
Market-leading reputation
We understand our clients’ challenges and
the risks to their businesses. We continually
enhance our global delivery model to bring our
insights, intelligence and innovation together
to help clients understand and improve their
cyber resilience posture.
Read more on our strategy on pages 12 and 13
Transforming for global growth
Inputs
We are a global Cyber Security company
trusted by the world’s leading companies and
governments to help create a more secure
digital future.
We provide clients with a clear understanding of cyber threats and
vulnerabilities. We help them maintain their licence to operate, by
achieving governance, compliance and accreditation objectives.
By implementing remediation plans and solutions, we enhance their
resilience against cyber threats. We offer the option to outsource
cyber defence operations, as well as complementing existing
resources, to reduce risk, achieve greater resilience and give
confidence in detecting and responding to cyber threats.
For more information visit our
Cyber Security website: nccgroup.com
Cyber Security
Two distinct businesses
ALL TYPES OF
PENETRATION TESTING
INCLUDE RESPONSES
TO RANSOMWARE
CONSULTANCY
SERVICES ACROSS ALL
INDUSTRIAL VERTICALS
INSIGHT INNOVATIONINTELLIGENCE
COVER ALL VARIATIONS OF
OUTSOURCED SECURITY
OPERATIONS SERVICES
M
A
N
A
G
E
D
S
E
R
V
I
C
E
S
D
I
G
I
T
A
L
F
O
R
E
N
S
I
C
S
A
N
D
I
N
C
I
D
E
N
T
R
E
S
P
O
N
S
E
I
M
P
L
E
M
E
N
T
A
T
I
O
N
C
O
N
S
U
L
T
I
N
G
A
N
D
T
E
C
H
N
I
C
A
L
A
S
S
U
R
A
N
C
E
CYBER
SECURITY
8 NCC Group plc —Annualreportandaccountsfortheperiodended30September2024
Colleagues
Our colleagues are at the forefront of our
industry, developing and delivering solutions
that protect clients and society from the
growing threat of cyber-crime. We are people
led and technology enabled, and our people
strategy is focused on creating a culture where
everyone can be successful, from our inclusive
culture to our personal and professional
development programmes and our focus
on enhancing the colleague experience.
Read more on our sustainability strategy:
nccgroupplc.com/sustainability
Clients
Our Cyber Security and software escrow
solutions enable clients to confidently innovate
and embrace new technologies, and build
responsible, sustainable and resilient
organisations that thrive and succeed.
Our network
We engage proactively to ensure our insights
and vision deliver the best societal outcomes
in support of our purpose to create a more
secure digital future for all. We work within a
cyber ecosystem, bringing partners together
in support of our clients as well as with
policymakers and regulators to help shape
future cyber policy.
Shareholders
We have a dedicated Investor Relations
programme providing shareholders and
financial analysts with regular updates on
our performance. Engagement activities
include results presentations, roadshows
with the CEO and CFO, Capital Markets events,
site visits and RNS and email updates.
Read more on stakeholder engagement
on pages 14 and 15
Value creation
Specialist solutions that protect business critical
IP, technology and software applications.
Our proposition safeguards buyers from various risks, provides
robust business continuity, secures long-term availability of
essential business software, and offers assurance and guidance
for application management. And with our Escrow-as-a-Service
proposition, we facilitate a secure transition to the cloud, enabling
clients to adopt cutting-edge technology with confidence.
For more information visit our
Escode website: escode.com
Escode
Two distinct businesses
INSIGHT INNOVATIONINTELLIGENCE
ESTABLISH LEGAL RIGHT AND ENABLE
SOURCE CODE TO BE ACCESSED IN
EVENT OF AN APPROVED RELEASE
KNOWLEDGE TRANSFER TO
ENSURE ALL INFORMATION
RELATED TO THE ORIGINAL BUILD
IS SHARED – FROM TOOLING TO
PRODUCTION ENVIRONMENT
BUILD AND DEPLOY AGAINST A
RANGE OF SCENARIOS TO TEST
THAT THE SOFTWARE CODE HELD IN
ESCROW CAN BE REPLICATED IN THE
EVENT OF AN APPROVED RELEASE
S
O
F
T
W
A
R
E
E
S
C
R
O
W
V
E
R
I
F
I
C
A
T
I
O
N
S
E
R
V
I
C
E
S
ESCODE
Strategic report
9NCC Group plc —Annualreportandaccountsfortheperiodended30September2024
Operating in a dynamic market
Our new normal of near-constant digital disruption and ever-escalating cyber threats has
become the defining marker of organisations’ operating environment in the 21st century. It is
also the driving force for governments globally taking a firm stance when it comes to more
interventionist cyber rules and regulations.
Indeed, as we found when we commissioned transatlantic
pollstersJ.L.Partnerstoaggregateandanalysedataonpublic
views regarding online safety, Cyber Security and governments’
role in governing technology:
•
Citizens around the world are intensely concerned about
cyber threats
•
Citizens globally agree that their governments have a role
to play in making them feel secure in today’s digitally
interconnected world, and delivering the expected levels
of cyber resilience in the critical services and infrastructure
they rely on
Market outlook
NCC Group’s Digital Dawn report summarised the findings of
interviews with policymakers around the world, and provided
recommendations for governments on how to meet their citizens’
desire for safety and security. We found that while lawmakers
still struggle to keep pace with the speed of technological
evolution, they are up for the challenge to provide the trust and
confidence that need to underpin prosperous economies and
cohesive societies in the digital age.
View our Digital Dawn report: nccgroup.com/uk/newsroom/ncc-group-
urges-governments-to-get-on-the-front-foot-in-new-cyber-security-
policy-report
As governments are responding to their people’s demands, we
are looking ahead to an era of government action in cyberspace.
This will continue to shape the markets we, our clients and our
partners operate in and, more broadly, the world we, and our
colleagues, friends and families live in.
While individual regulatory requirements will, of course, matter
to organisations in securing their licence to operate, we believe
that this era of government action goes beyond specific Acts
of Parliament, executive orders, regulations or directives.
We believe that it is important to make sense of the complexity
of multiple, and sometimes overlapping, regulations to identify
common themes and overarching trends that set the rules of
the road for years and decades to come.
As we demonstrate in our bi-annual Global Cyber Policy Radar,
we believe that regulatory insights and political horizon scanning
should inform sustainable cyber investments and future-proof
strategic Cyber Security programmes and decisions.
View our Global Cyber Policy Radar: nccgroup.com/uk/global-cyber-
policy-radar
NCC Group plc —Annualreportandaccountsfortheperiodended30September202410
We are fortunate that our unique DNA of insight, intelligence
and innovation, our valued contributions to cyber policy debate,
and our position at the heart of the global cyber ecosystem allow
us to look to the big developments on the horizon:
1. Tightening cyber rules, continued cyber rulemaking and a
growing patchwork of rule makers beyond governments
Cyber rules for critical infrastructure, and its critical suppliers,
continue to be tightened and expanded.
Whether it’s the European NIS2 Directive, the UK’s forthcoming
Cyber Security and Resilience Bill, the US CIRCIA, Australia’s
SOCI Act or Singapore’s updated Cybersecurity Act, laws are
being updated to:
•
Strengthen security requirements, include additional
obligations for owners and operators of critical infrastructure,
and step up enforcement action
•
Bring into scope new sectors of the economy
•
Introduce enhanced incident reporting mandates, with a view
to improving authorities’ real-time understanding of threats
and resilience
Following the multiple elections around the world in 2024,
cyber rulemaking is set to continue, too, with a particular focus
on future safety, security and privacy rules for emerging
technologies like artificial intelligence.
While governments are increasingly seeking to harmonise
cyber rules across sectors and across borders, remaining
fragmentation and barriers to implementation do mean that
regulated organisations will have to continue to navigate
complex regulatory regimes for some time to come.
This landscape is further complicated by the increased number
of bodies with the authority to set cyber rules. It is no longer
just lawmakers and regulators, but government procurement
departments, political leaders and the courts that are using
their soft power to encourage and incentivise better Cyber
Security behaviours. Whether it’s voluntary codes of practice,
public pledge documents, or Supreme Court rulings and legal
challenges, organisations will have to look across the
landscape to get the full picture of the rules of the road.
2. Changing responsibilities for Cyber Security
There is emerging global consensus about the future shape
of the “whole of society” approach to Cyber Security. Most
governments agree that responsibility should be placed on
those most capable of taking action to prevent bad outcomes,
not on end users.
The US National Cybersecurity Strategy marked a step change
in the rhetoric from the federal government, signalling that
“the most capable and best-positioned actors in cyberspace
must be better stewards of the digital ecosystem”. Similar
statements have been made by governments around the world,
with many using regulatory levers to embed secure-by-design
and secure-by-default practices into the services and products
citizens and organisations rely on to participate in a digital
society. This also includes the introduction of new voluntary
and mandatory measures, such as the EU’s Cyber Resilience Act,
that is set to enhance hardware and software security standards,
covering connected devices, ICT products and generative
AI systems.
3. Increasing executive accountability for cyber risk
Governments are taking action to ensure that company boards
and senior leadership are ultimately held accountable for their
organisation’s digital resilience. The EU’s flagship cyber laws –
NIS2andDORA–bothplacespecificobligationsonorganisations’
senior leadership to oversee risk management programmes.
Leadershipcanbeheldpersonallyliable,withconsequences
for non-compliance including temporary suspension from senior
management roles. Meanwhile, the US Security Exchange
Commission’s(SEC)requirementsforpubliccompaniesto
disclose their board’s Cyber Security expertise and oversight
of cyber risks are now in full effect.
With responsibility for cyber risk firmly placed on senior leaders,
it is critical that organisations’ C-suites and boards have the
information they need to make, justify and defend decisions
about their organisation’s cyber strategy.
4. Safeguarding future cyber capabilities at home and abroad
NCC Group’s Digital Dawn report concluded that “much needed
cross-border collaboration amongst allied nations to tackle
cyber threats is ramping up”. At the same time, governments are
taking steps to balance sovereignty, security and economic
considerations when considering their own nations’ Cyber
Security capabilities.
Recognising that they, in isolation, cannot tackle the world’s
cyber threats, we have seen an uptick in governments seeking
partnerships and taking joint action with private sector partners.
With trust fundamental to the global whole of society approach
to cyber, and the cyber industry an increasingly critical pillar of
a digital future, efforts are being made to certify and accredit
cyber firms to give governments measurable assurance that they
can be trusted. Undertakings such as the EU’s Cyber Reserve of
cyber incident responders may mean that organisations will have
to demonstrate to government that they can be trusted – but
could also benefit from governments creating a pool of trusted
providers for them to choose from.
Governments are also cracking down on the use of offensive
cyber tools. This includes initiatives like the global Pall Mall
Process, which aims to tackle the irresponsible use of
commercial cyber intrusion capabilities. Policymakers have
emphasised their intent to safeguard the legitimate use of these
kind of capabilities, but poorly crafted rules may affect CISOs’
ability to access these tools, impeding their ability to implement
their security programmes effectively. It’s therefore critical that
industry engages in the making of these rules from the outset.
The era of government action in cyberspace is obvious to see.
This will have significant implications for our markets and
societies, and their underpinning cyber resilience. Driven by
our purpose to create a more secure digital future, NCC Group
engages with governments around the world, enabling us to
understand, navigate and shape the emerging rules of the road.
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 11
Strategic report
Progress towards
ourstrategic priorities
Our strategy at a glance
Strategic priority Progress in FY24 Future outlook Link to risks:
Read more on our risks on pages 29 to 38
Our clients
Deeper client engagement on the most
pressing Cyber Security and software
escrow needs
•
LaunchedmarketstructureinNorthAmericacybertoenablesharper
focus on key sectors
•
Activated a price uplift on Escode contracts (new business and
renewals) and verifications
•
Began to scale Escode in North America and Australia
•
Continue to reduce concentration in US Tech through a focus on Financial
Services and Insurance, Industrials, Healthcare and the Public Sector globally
•
Continue to grow Escode in North America and Australia, as well as
Critical Infrastructure
•
Embed a new approach to sales in Escode that enables greater alignment
in sales and operations
A
Strategy
B
Cyber and information security
D
People and partners
E
Market and competition
F
Brand and reputation
G
Quality and delivery
H
Legal, regulatory compliance and governance
Our capabilities
Offering broader service portfolio
addressing the full Cyber Security lifecycle
•
In Managed Services we launched our unified cyber platform to
elevate our MXDR proposition and offer a differentiated service
that’s tech-flexible, and can scale and grow with clients and their
technology or business changes
•
Established two new Consulting and Implementation practices
in Digital Identity and Operational Technology
•
Established a range of cyber partnerships and alliances with
specific propositions
•
Continue to drive growth in MS
•
Further develop the growth of two new Consulting and Implementation
practices: Digital Identity and Operational Technology
•
LeverageourglobalmodeltoimproveprofitabilitywithinourTechnical
AssuranceServicesbusiness(inparticularNA)
A
Strategy
B
Cyber and information security
C
Innovation and product development
D
People and partners
E
Market and competition
F
Brand and reputation
G
Quality and delivery
H
Legal, regulatory compliance and governance
Global delivery
Transitioning from an international
to a fully global business
•
Implementedandlaunchedglobalschedulingtool–KantataintheUK,
North America and the Philippines
•
Our new Manila office continues to grow in line with expectations
with colleagues operational in delivery and enabling functions
•
Embed new ways of working to drive efficiencies and better management
information(MI)
A
Strategy
B
Cyber and information security
D
People and partners
G
Quality and delivery
Brands
Creating distinct and relevant
brands for our Cyber Security
and Escode businesses
•
Launchedadistinctnewbrandforoursoftwareescrowbusiness
–Escode
•
Developed our industry analyst programme driving improvements
in coverage for both the Cyber Security and Escode businesses
•
Focused and targeted activity at key industry events for
both businesses
•
Grow thought leadership, research activity and industry engagement in cyber
•
Continue to increase the profile and impact of analyst endorsements
A
Strategy
C
Innovation and product development
E
Market and competition
F
Brand and reputation
G
Quality and delivery
FY24 financial framework measures
Sustainable revenue growth Improved gross margin Efficient cost base Balance sheet resilience
•
Returned Cyber Security to growth in H2
•
Accelerated growth of recurring revenue
in Managed Services
•
Maintained momentum of quarterly growth
in Escode
•
Improved utilisation %
•
Globalised technical resource footprint
•
Delivered c.£5m of efficiencies in Cyber Security
in FY24 (annualised c.£10m from FY25)
•
Annualised Escode efficiencies delivered
in FY23
•
Strong cash conversion
•
Reduced debt
•
Maintained dividend
NCC Group plc —Annualreportandaccountsfortheperiodended30September202412
Strategic priority Progress in FY24 Future outlook Link to risks:
Read more on our risks on pages 29 to 38
Our clients
Deeper client engagement on the most
pressing Cyber Security and software
escrow needs
•
LaunchedmarketstructureinNorthAmericacybertoenablesharper
focus on key sectors
•
Activated a price uplift on Escode contracts (new business and
renewals) and verifications
•
Began to scale Escode in North America and Australia
•
Continue to reduce concentration in US Tech through a focus on Financial
Services and Insurance, Industrials, Healthcare and the Public Sector globally
•
Continue to grow Escode in North America and Australia, as well as
Critical Infrastructure
•
Embed a new approach to sales in Escode that enables greater alignment
in sales and operations
A
Strategy
B
Cyber and information security
D
People and partners
E
Market and competition
F
Brand and reputation
G
Quality and delivery
H
Legal, regulatory compliance and governance
Our capabilities
Offering broader service portfolio
addressing the full Cyber Security lifecycle
•
In Managed Services we launched our unified cyber platform to
elevate our MXDR proposition and offer a differentiated service
that’s tech-flexible, and can scale and grow with clients and their
technology or business changes
•
Established two new Consulting and Implementation practices
in Digital Identity and Operational Technology
•
Established a range of cyber partnerships and alliances with
specific propositions
•
Continue to drive growth in MS
•
Further develop the growth of two new Consulting and Implementation
practices: Digital Identity and Operational Technology
•
LeverageourglobalmodeltoimproveprofitabilitywithinourTechnical
AssuranceServicesbusiness(inparticularNA)
A
Strategy
B
Cyber and information security
C
Innovation and product development
D
People and partners
E
Market and competition
F
Brand and reputation
G
Quality and delivery
H
Legal, regulatory compliance and governance
Global delivery
Transitioning from an international
to a fully global business
•
Implementedandlaunchedglobalschedulingtool–KantataintheUK,
North America and the Philippines
•
Our new Manila office continues to grow in line with expectations
with colleagues operational in delivery and enabling functions
•
Embed new ways of working to drive efficiencies and better management
information(MI)
A
Strategy
B
Cyber and information security
D
People and partners
G
Quality and delivery
Brands
Creating distinct and relevant
brands for our Cyber Security
and Escode businesses
•
Launchedadistinctnewbrandforoursoftwareescrowbusiness
–Escode
•
Developed our industry analyst programme driving improvements
in coverage for both the Cyber Security and Escode businesses
•
Focused and targeted activity at key industry events for
both businesses
•
Grow thought leadership, research activity and industry engagement in cyber
•
Continue to increase the profile and impact of analyst endorsements
A
Strategy
C
Innovation and product development
E
Market and competition
F
Brand and reputation
G
Quality and delivery
FY24 financial framework measures
Sustainable revenue growth Improved gross margin Efficient cost base Balance sheet resilience
•
Returned Cyber Security to growth in H2
•
Accelerated growth of recurring revenue
in Managed Services
•
Maintained momentum of quarterly growth
in Escode
•
Improved utilisation %
•
Globalised technical resource footprint
•
Delivered c.£5m of efficiencies in Cyber Security
in FY24 (annualised c.£10m from FY25)
•
Annualised Escode efficiencies delivered
in FY23
•
Strong cash conversion
•
Reduced debt
•
Maintained dividend
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 13
Strategic report
Stakeholder engagement
Link to strategy:
Our clients Our capabilities Global delivery
Differentiated brands
Colleagues
The opportunity
•
Know they are contributing to our success
•
Feel confident they have the skills to do their job or are
supported to learn on the job
•
Know what is expected of them through a structured
and fair performance management process
•
Have the opportunity to grow their career through our
learning and development offering
•
Spend quality time with their line manager and feel listened to
How we listen and engage
•
Regular virtual and in-person meetings at different levels
in the organisation with line managers and Executives
•
Internal news and collaboration channels to connect
colleagues to what is happening and also enable them
to easily share approved content
•
Electedcolleagueforumsandaworkscouncil(Europe)
where appropriate
•
Quarterly engagement pulse and Non-Executive Director
ledengagementsessionswithcolleagues(seepage62)
Highlights in 2023/24
•
New communication platform launched to provide a tailored
electronic communication experience for colleagues,
simplifying and making it easy for colleagues to engage
•
Harmonised moments that matter policies across our global
operations, enhancing support for colleagues in areas such
as paternity and maternity leave, adoption leave, child loss,
and celebrating life events such as marriage
•
Launchofourfirstinclusionsurvey,tounderstandwhat
matters to colleagues most, alongside our bi-annual Glint
engagement survey to inform our people strategy
We are a people-powered, tech-enabled business and our colleagues around the world each play an important role in helping
to make the digital world safer and more secure.
Clients
The opportunity
•
Using our research and intelligence expertise to understand
the threat and how that affects our customers’ operations
in their sector
•
Using our insights to develop “right-fit” solutions, which
improve and enhance our customers’ current and future
cyber resilience
•
The ability to work collaboratively with our clients, and their
partners and broader supply chains
•
Horizon scanning regulations and legislation, and
contributing to government consultations based on
understanding future market needs
How we listen and engage
•
Active account management
•
Client satisfaction surveys and complaints procedure in place
•
Industry collaboration with investment in sector-based approach
to understand and mitigate risks of current and future technologies
Highlights in 2023/24
•
New Escode brand launch including a new website and a renewed
sales structure, making it easy for clients to do business with us
•
LaunchofthenewunifiedcyberplatformforourManaged
Services proposition, enabling us to create an elevated MXDR
proposition to market that enables us to offer a differentiated
service that’s tech-flexible, and can scale and grows with
clients, improving service delivery to existing clients as a result
•
Global delivery model enabling us to offer clients a more
competitive pricing model and faster service delivery
Rooted in our sector knowledge, we develop solutions tailored to the unique needs of our clients. Bringing our in-depth
understanding of the threat and regulatory landscape, we assist our clients in addressing their complex Cyber Security challenges.
Investing in stakeholder
engagement
We believe we have a responsibility to listen to our stakeholders, considering all their needs,
and using insights and learnings to improve how we make important decisions. Our Code
of Ethics guides us, informing us and helping us to build enduring and trusted relationships.
Listeninginsightsareusedtoinformdecisionmakingateveryleveloftheorganisation.
NCC Group plc —Annualreportandaccountsfortheperiodended30September202414
Shareholders
Network
The opportunity
•
Financial performance
•
Dividend
•
Responsible long-term sustainable strategy
•
Sound corporate governance and stewardship
How we listen and engage
•
Strategic and financial updates issued via RNS Reach
and RNS respectively
•
Regular meetings with Investor Relations, management
and Board members
•
Investor roadshows after the full and half-year results
•
Open-door policy with investors
•
AGM
Highlights in 2023/24
•
HostedCapitalMarketsevents–Escodebusinessand
ManagedServices,liveandonlinefromtheLondonStock
Exchange with replay via our website too
•
Changed our reporting of cyber to align with the cyber
operations, improving transparency on how our business
is performing
•
LaunchedourFY24financialframeworktodemonstrate
performance of the strategy
•
Onboardedanewjointbroker–Investec–inApril2024,to
support the growth strategy and NCC Group’s transformation
The opportunity
•
Building on our technology heritage and our role as trusted
advisors to governments and regulators we provide independent,
technical expertise to improve cyber resilience policies
•
By understanding and shaping new and emerging regulations
and policy proposals we can develop the right solutions to
prepare for our clients’ future needs and requirements
How we listen and engage
•
Building alliances with global think tanks and foundations,
trade associations and campaign groups to pool resources,
amplify our messages and maximise impact
•
Strategic relationships with national technical authorities,
and support for government initiatives across all our regions
through direct engagement
•
Representation on senior government advisory panels
Highlights in 2023/24
•
Published Digital Dawn, interviewing policymakers around
the world and providing recommendations for governments
on how to take cyber resilience to the next level to meet their
citizens’ desire for safety and security in the global 2024
election year
•
Ensured lawmakers heard from our experts in considering
Cyber Security rules for artificial intelligence and critical
infrastructure, with our Chief Scientist and Chief Technology
Officer both providing expert testimony to parliamentary
hearings
•
Signed the global Pall Mall Declaration to tackle the
proliferation of commercial cyber intrusion capabilities while
protecting their legitimate use – in line with our mission to
improve legal protections for security researchers
We are committed to engaging with our shareholders, creating an opportunity to understand our business, the market, how we
are responding and the opportunity to secure growth.
Our expertise plays a pivotal role in shaping evidence-based policy decisions. By adopting a proactive engagement approach,
we harness our insights to contribute meaningfully towards a more secure digital society and differentiate ourselves in the market.
Suppliers
The opportunity
•
Long-termtrustedpartnershipsfacilitatingsustainable
overhead cost reduction and cost of sale margin improvement
•
Fit for purpose contracts and payment terms, ensuring a safe
and responsible supply chain with suppliers delivering to
acceptable service levels and protecting NCC Group from
any long-term commercial inflation
How we listen and engage
•
Regular meetings are held with key suppliers to help them
understand our strategy and future forecasting of service
•
Due diligence completed at the beginning of our relationship
with suppliers and structured onboarding process
Highlights in 2023/24
•
Secured and mobilised new office in the Philippines
•
Development of our real estate strategy to provide fit for
purpose, quality and productive environments
•
Development and launch of a new global supplier onboarding
and due diligence process to gain better visibility and control
of third party risks
•
Launchofanewtravelsuppliertoimprovecolleagueexperience
and safety, reduce costs and enhance Scope 3 reporting
We engage with many different suppliers across our global business and value the role our supply chain plays in supporting
responsible business operations. Our procurement operations have been endorsed in line with industry best practice and we
proactively work with a consolidated supply chain network to drive innovation, deliver commercial value, mitigate risk and
improve operational benefit.
NCC Group plc—Annualreportandaccountsfortheperiodended30September2024 15
Strategic report
A resilient future
Sustainability
We strive for a resilient future through sustainable business practices, and take responsibility
for identifying and managing the impact we have on people and the planet.
2024 highlights
•
Launched our new and harmonised global family friendly
policies, offering enhanced leave programmes from day one
of a colleague’s experience within NCC Group
•
Reduced our office footprint by 40% and extended Scope 3
emissions to include spend-based purchased goods and
services and employee commuting
•
Global re-certification against ISO 9001:2015 and ISO 27001:2013
standards, and successful transition to the new ISO 27001:2022
Information Security Standard ahead of October 2025 deadline
Why sustainability matters
Sustainability is about doing the right thing in the right way, and this is
reflected in our Code of Ethics and embedded into our everyday ways
of working. It’s important to our clients, who trust us to help secure
their digital assets; it’s important to our colleagues, who are critical to
the value we bring to our clients; and it’s important to our shareholders,
who entrust their investments to NCC Group, relying on us to deliver
returns to their shareholders. It also matters to our political
stakeholders who turn to us for trusted and independent advice and
insights that improve cyber rules and regulations around the world.
We live in a rapidly evolving digital world, where the concept of
sustainability extends to how we operate in totality. Not only are
we supporting our clients to meet their governance requirements
through our Cyber Security and escrow solutions, we are also
helping to advance technologies that are at the forefront of fighting
climate change, as well as other UN Sustainable Development Goals.
This means systems, networks and infrastructures need to be resilient,
secure and long lasting. Cyber security and sustainability are inherently
intertwined, which means cyber threats pose a significant risk not only
to individual businesses but to our very way of life too. The decisions
we make today have far-reaching implications for the future.
Securing our future
As our lives become more digitally interconnected, the risk
landscape broadens. From smart homes to smart cities, from
online banking to telehealth services, from power grids to water
supplies – they all rely on complex digital infrastructures. If these
systems are compromised, the repercussions can be
devastating. Hence, securing these infrastructures is an
essential part of ensuring a sustainable future.
Our ability to protect against cyber threats, through the work we
do for our clients, plays a pivotal role in guaranteeing that our
world remains functional, reliable and consistent for generations
to come. Indeed, we believe strongly that we can’t build a
resilient economy without resilient cyberspace, and we can’t
have a resilient cyberspace without 21st century laws and an
infrastructure to tackle cyber threats, which is why we share our
expertise with policymakers to improve cyber rules and
regulations meaningfully.
Our sustainability framework
While the primary focus of our industry has always been about
security, we recognise our operations have a broader
environmental and societal impact. Our sustainability framework
has two core tenets focused on people and the planet, underpinned
by being a responsible employer and supply chain partner.
This framework is the foundation to start making tangible progress
in addressing material topics for our stakeholders. We believe that
this is a journey, not a race. Therefore we resist declarations of
being carbon neutral or net zero, and rather we place sustainability
at the heart of our strategy – not just securing the digital world, but
securing the future for ourselves and for generations to come.
We invite our stakeholders to join us, working together to build a
future that is not only secure but also sustainable.
Optimise talent
Responsible
business priorities
Strong governance and
ethical standards
Leading cyber resilience and
data protection standards
Stakeholder collaboration
Responsible employer and
supply chain partner
Enhance
colleague
experience
Build an
inclusive
culture
Develop
sustainable
solutions
Decarbonise
energy use
Support the net
zero transition
P
e
o
p
l
e
l
e
d
,
t
e
c
h
n
o
l
o
g
y
e
n
a
b
l
e
d
A
c
t
i
o
n
o
n
c
l
i
m
a
t
e
People led, technology enabled
We can only lead with our purpose through our greatest
asset, the exceptional people we employ. They are at
the forefront of our industry, developing solutions that
protect our clients and society from the growing threat
of cyber crime.
Action on climate
Taking urgent action to combat climate change and its
impacts supports our purpose. Decarbonising our
business and embedding climate considerations into
our commercial offering are crucial elements in our
support for the net zero transition.
Responsible business
Our desire to improve the world we live in is
encapsulated in our purpose. Embedding responsible
business into our everyday activities is central to
achieving this aim.
Our sustainability strategy
16 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
View our sustainability report: nccgroupplc.com
Non-financial and sustainability
information statement
The following table provides readers with an index of where to further find relevant
non‑financial information within this Annual Report and Accounts, in line with the
Financial Reporting Directive requirements contained in sections 414CA and 414CB
of the Companies Act. Where relevant, additional information is signposted to further
support the requirements.
The Group considers that it complies with the disclosure requirements under section
414CB(2A) of the Companies Act 2006 and has included climate-related financial
disclosures that are partially consistent with the TCFD recommendations.
Reporting topic
Policies and standards
which govern our approach
Annual Report and Accounts
section reference Page Website resources
Climate-related
disclosures
•
Environmental policy
•
Sustainability Report
•
TCFD Report
•
Risk Management
•
Stakeholder Engagement
21
29
14
•
Sustainability
Strategy Report
•
Planet Mark certification
•
Streamlined Energy
Carbon Report
Colleagues
•
Whistleblowing policy
•
Code of Ethics
•
Disciplinary and grievance policy
•
Sustainability Report
•
Stakeholder engagement
•
Remuneration Committee Report
•
Culture
14
79
18
•
Sustainability
Strategy Report
Social and
community matters
•
Modern slavery statement
•
Code of Ethics
•
Supply chain Code of Conduct
•
Giving back policy
•
Matched funding policy
•
Sustainability Report
•
Stakeholder Engagement 66
•
Sustainability
Strategy Report
Respect for
human rights
•
Modern slavery statement
•
Data privacy policy
•
Global equal opportunities and
diversity policy
•
Sustainability Report
•
Stakeholder Engagement
•
Culture
66
76
•
Sustainability
Strategy Report
Anti-bribery
and corruption
•
Anti-bribery and corruption policy
•
Gifts and entertainment policy
•
Sustainability Report
•
Audit Committee Report 68
•
Sustainability
Strategy Report
For information on our business model please see pages 8 and 9
For full details of the Group’s principal risks see pages 29 to 38
17
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
Our people
At NCC Group we embrace difference and are connected by our purpose to make the digital
world safer and more secure. Across our global operations we form a phenomenal network,
working together, collaborating and innovating to support our clients.
We are guided by our Code of Ethics and our values, which define our behaviours – treating
everyone and everything with respect. This is the foundation of our culture and we strive to
create an environment where everyone is welcome, feels safe and can be successful.
Our progress in 2024
•
Launched our new and harmonised global family friendly
policies, offering enhanced leave programmes from day one
of a colleague’s experience with NCC Group
•
Undertook our first inclusion survey in collaboration with
colleague resource groups with a 49% response rate, helping
to shape our future agenda
•
Trained managers on the importance of colleague wellbeing,
and removing any potential stigma associated with mental
illness
A global team
We have 2,203 (as at 30 September 2024) colleagues across
the world supporting our clients, made of three core groups –
technical experts, sales, and professional services such as
Finance, Legal and HR, for example. Circa 94% of colleagues
are permanent and the remainder are individuals on short-term
contracts to provide support on projects.
People powered, technology enabled
We aim to create an environment where all colleagues feel
psychologically, emotionally and physically safe to be authentic,
representative of the diversity of the world they live in, to share
their personal experiences and to have equal opportunity to
achieve. This brings to life our values – working together, being
brilliantly creative, embracing difference and taking
responsibility – all of which are essential elements in driving
forward our technological advancements and maintaining a
competitive edge in the market.
Our approach to inclusion and diversity
We recognise and take responsibility for the role we can play in
improving diversity across the whole of the technology sector.
Inclusion and diversity principles are embedded into our hiring
and talent management process, partnering with external
organisations to ensure we are accessible to a more diverse
candidate base. Unconscious bias training is part of our standard
training offer and our core colleague resource groups (gender,
LGBTQIA+, neurodiversity, accessibility, race and ethnicity) play
an important role providing input to ways of working, engaging
and educating colleagues and creating a voice for
underrepresented communities across our global business.
This period we undertook our first inclusion survey in
collaboration with the colleague resource groups, to get input
from colleagues on what matters – helping to shape our future
agenda. We had a 49% response rate and the colleague resource
groups will work with HR to prioritise and take forward actions.
As of 30 September 2024, the Board of Directors comprised
four males and three females. The wider Group employed 588
females, 1,569 males, and 61 individuals whose gender was not
disclosed. For the purposes of this disclosure, the Group defines
its senior management as the Executive Committee, which
consisted of three males and four females as of 30 September
2024. These figures for the Executive Committee include
colleagues who also serve as statutory directors of subsidiary
companies, where relevant.
Talent development
We have a track record of being at the cutting edge of
innovation, and this along with insight and intelligence are core
elements of our DNA. This gives us our position in the market
that is hard to match and achieved through our investment in the
critical skills to deliver for our clients.
We promote a culture of learning at NCC Group. Depending on
the role, this will typically be a combination of on the job learning
through line management support and skills-based mentoring,
self-learning and formal training. Colleagues have personal
development plans, which enable them to gain certifications
related to their current role, support their career advancement
and enhance their personal development skills, too.
In the UK, we seek to take advantage of the Modern Apprenticeship
Levy offering colleagues the opportunity to further develop their
skills. The percentage of colleagues in this past financial year
studying/have studied who are eligible for levy funding is 2.7%. To
ensure levy funds are not lost, we have partnered with the Co-Op
Levy Share to donate our excess apprenticeship levy funds. Read
more about this in our Sustainability Report.
We are due to launch our new Learning Experience Platform in
January 2025. This will provide an enhanced learning experience
for colleagues as well as support our management development
programme through formal personal development plans. It will
also enable us to measure and report on the training investment
we make across our global teams.
18 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Leadership development
Sponsored by the CEO, we launched our new leadership
development programme, with 65 senior leaders across the
global business having undertaken the two day workshop, with
additional coaching support sessions. The aim is to create a
common language for leadership at NCC Group, and this builds
on our existing Managing Essentials courses for managers.
Enhancing the colleague experience through health
and wellbeing
Our globally HR-led programme ensures colleagues have access
to support at all points in their career. To help us further develop
our people proposition, we have designed three pillars to focus
activities aligned with colleague feedback and global
best practice:
Over the next financial year we will start to transition our
activities to sit under each of these pillars but some early work
has seen us launch new policies, and harmonise benefits that
support our colleagues at key life stages.
Our ambition is to be a leading family friendly employer and offer
enhanced leave programmes from day one of a colleague’s
experience with NCC Group. This suite of ‘moments that matter’
policies include marriage/civil ceremonies, pregnancy loss, fertility
treatment, maternity and paternity leave, menopause, moving
home, pet care and cancer-related milestones and treatment.
We are focused on preventive health and early diagnostics and
a sample of activities this past period includes:
•
Training to understand what burnout is and how to avoid it,
specifically aimed at individuals working in high-pressured
environments like Cyber Security
•
Male mental health – understanding specific challenges to
asking for help and taking steps to look after your own health
and wellbeing
•
Launching our MenoPause & Connect Community supported
by a new Global Menopause Policy, line manager training and
support tools for colleagues
Managers in the UK and APAC region joined training with our
Employee Assistance Programme (EAP) provider on mental
health, with the aim of stressing the importance of colleague
wellbeing, and removing stigma associated with mental illness.
This period we’ve provided disaster support to colleagues and
their families globally – supporting colleagues in Manila, the US
and Spain following extreme weather-related events. Support is
tailored to the needs of colleagues helping them to get back on
their feet, but also our approach to flexibility in working ensures
they focus on their personal safety and wellbeing as a priority
and know they are supported by their colleagues.
To find out more about our people proposition, please see pages 18 and 19
of our Sustainability Strategy
Engagement
Over 500 colleagues were nominated in our annual NCC Diamonds
programme – a peer to peer recognition scheme, which promotes
our core values. Winners are selected at a regional and a global level
and awarded an experience of their choice.
We have a number of mechanisms to measure colleague
engagement (see page 14), which includes our engagement
survey using the Glint platform. On average 1,456 colleagues
responded to the three surveys run, with an improved
engagement score of 13 points from 2023.
Actions from the survey are driven locally, with recommendations
at a global level led by the Executive Committee, and fed into
relevant decision-making processes.
In addition to the survey, Senior Non-Executive Director Julie
Chakraverty hosts monthly colleague sessions to ensure the
Board is listening to the voice of colleagues and decision making
takes into account their interests. In the FY24 period, over 80
colleagues met with Julie, who reported feedback to the Board
each month.
Speaking up
We have created a global speak up framework, which outlines
channels and resources available to colleagues for raising
concerns or sharing feedback – both positive and negative. It
also provides guidance on who to engage with on different types
of feedback, and to ensure confidentiality where appropriate.
This ensures colleagues are encouraged to speak up, safe from
fear of reprisals, and with the reassurance that any concerns will
be listened to and acted on appropriately.
To find out more about our support of colleagues please see our
sustainability strategy on page 16
Health Family Flexibility
19
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
Action on climate
We have a responsibility to reduce our carbon emissions as a business by understanding
all applicable Scope 1, Scope 2 and Scope 3 emissions, and taking credible steps towards
reducing them in line with the international Paris Agreement’s objective to achieve net
zero emissions before 2050.
Our progress in 2024
•
Reduced our office footprint by 40%
•
Appointment of new travel provider to improve reporting on
emissions, seek lower carbon options, and improve health,
safety and wellbeing of colleagues
•
Extended Scope 3 emissions reporting to include purchased
goods and services, and employee commuting
In addition to our support of the net zero transition (read more on
our sustainability strategy at nccgroupplc.com/sustainability),
our action on climate has three pillars, starting with our own
operations and extending to the support we give to clients
operating in the energy transition sector and the contribution we
make to their endeavours:
•
Supporting the net zero transition
•
Decarbonising energy use
•
Developing sustainable solutions
The biggest impact occurs in our business travel, both for client
and non-client related travel, and our leased office spaces and
is the focus for our reporting.
Decarbonising energy use
Our total annual Scope 1 and 2 emissions associated with our
business operations were 1,686.8 tCO
2
e for our full year 2024*,
a 41% increase compared to the full year 2023. See page 26
for further detail.
We continue to review our leased office space requirements,
considering client and colleague needs. Considerations are
given to collaboration, health and safety, personal wellbeing and
the impact emissions have on the environment. This includes
taking into consideration commuting for colleagues and the
accessibility of public transport networks.
In FY24 we closed ten offices. While some will still require rent
to be paid due to lease requirements, they are now closed from
an emissions reporting perspective.
Our square footage of leased buildings in operation is now
c.50,000 square feet, a 40% reduction of active office space.
The benefits of GHG emission reductions will flow through in the
next reporting period, although this is not guaranteed as new
office spaces might be required depending on business needs.
We review office usage monthly as part of the executive team
operations review, which, alongside colleague feedback and
engagement, and consideration of client needs, informs the real
estate strategy.
On travel, to improve the reporting of both client and non-client
related travel, we have appointed a new supplier. This provides
us with global tracking and improves how we respond to any
social or climate-related issues that colleagues may face.
We introduced a new travel policy during FY24, which improved
management oversight of non-client related travel. The focus
was on improving the health, safety and wellbeing of colleagues,
while continuing to consider our impact on the local communities
in which we are located and our broader commitment to
reducing GHG emissions.
Domestic flights within the UK and European countries are by
exception only, with rail travel the preferred option. As a result,
any train journey more than three hours in duration in total is
travelled by first class to ensure the health, safety and wellbeing
of colleagues.
* Due to the change in year end, our emissions reporting has been
calculated for the period 1 October 2023 to 30 October 2024, with the
comparator of FY23 set for the same period. As our data collection
improves, we acknowledge like-for-like comparisons on prior year is not
reflective of the work being done to reduce the impact of our operations
on climate change.
20 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
In alignment with the UK Listing Rules – which mandates
climate-related disclosure for all UK listed companies – we have
produced a comprehensive TCFD Report. Our report covers the
four pillars recommended by TCFD: governance, strategy, risk
management and metrics/targets, and the 11 disclosures
recommended by TCFD except as noted below.
To ensure consistency across our report, we adhered to section
C of the TCFD Annex, titled “Guidance for All Sectors”.
As a result the following are documented as partially consistent,
with further detail available within this report:
•
Strategy B and C – these disclosures have not been fully met
because our priority this period has been to manage a change
in year end financial reporting and we did not have the
bandwidth to do financial implications of climate scenarios
in our financial planning. Our aim is to begin, this in FY25 as
part of developing our net zero journey and set credible
science-based targets.
•
Metrics and targets B – for FY24 we are reporting full Scope 3
emissions for our business, incorporating for the first time
employee commuting and purchased goods and services.
There are caveats on this as some of our business travel is a
challenge to report against due to limitations of the expense
system we had in place. We have invested in a new system
to improve not only reporting but also the health, safety
and wellbeing of our colleagues. With this improved data
collection, we aim to be consistent in our FY25 report.
Our assessment indicates a low risk of exposure to physical
and transitional climate changes, thanks to our business model.
However, we acknowledge the high importance of mitigating
greenhouse gas emissions, which emerged as a priority from
stakeholder feedback as part of our ‘ongoing assessment’ of
double materiality in accordance with ESRS.
In FY24 Planet Mark, a leading sustainability certification
organisation, calculated and verified our GHG emissions. We
have appointed a new partner – Positive Planet – for FY25 as
we prepare to map our net zero journey and set credible
science-based targets.
We recognise the considerable opportunities presented by
the growing climate-focused market. Our collaborations with
clients in industries such as electric vehicles, renewable energy,
operational technology and other climate-friendly technologies
underscore our readiness to seize these opportunities for
sustainable growth.
Task Force on Climate-related
Financial Disclosures (TCFD)
TCFD reporting helps organisations like ours disclose climate‑related financial risks
and opportunities in a structured way.
Governance
TCFD recommended disclosure Consistency NCC Group disclosure Focus area for FY25
Governance
A. Describe the Board’s
oversight of climate-
related risks and
opportunities
Consistent
•
The Board’s Head of the Audit Committee
is the lead Non-Executive Director
responsible for sustainability. Monthly
updates are provided via the CFO report
to the Board as well as directly from regular
(at least twice per period) discussions
with the Director of Investor Relations and
Sustainability with the full Board, including
an update on progress against the Group’s
goals and targets where appropriate
•
The Board takes overall accountability for
the management of climate-related risks
and opportunities and considers them as
part of its overall risk review processes
•
Meet at least quarterly with the
nominated NED responsible for
sustainability to reflect, discuss and
ensure actions are being taken
•
Continue to develop NCC Group’s
net zero journey and broader
sustainability strategy with oversight
and input from the Board
B. Describe the
management’s role in
assessing and managing
climate-related risks
and opportunities
Consistent
•
The Director of Investor Relations and
Sustainability reports to the Chief Financial
Officer, providing advice and updates to
the Executive Committee on climate-
related issues as and when relevant
•
An Executive Risk Management (ERM)
Committee, established in 2021, which
meets quarterly addresses climate risk as
part of that process where appropriate
•
Assess the volume of client requests
for different reporting platforms and
ensure the cost of participation is
incorporated into the cost of sale
•
Develop a carbon literacy education
programme for colleagues relevant to
their role, to help drive our commitment
to net zero before 2050
•
Continue to embed climate action
into key business decisions
•
Understand the steps we need to take
to progress the commitment to net zero,
and set an annual review of targets
aligned with internal and external factors
21
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
TCFD continued
Governance continued
Lynn Fordham, the lead Non-Executive Director for Sustainability,
was appointed by the NCC Group Board Chair. In addition to her
position as the Head of the Audit Committee, Lynn’s role is to
oversee the Company’s sustainability strategy, ensure its
integration with the overall business strategy and provide regular
sustainability updates to the Board.
While there is no specific Board committee for environmental
issues, an Executive Risk Management (ERM) Committee chaired
by the Director of Global Governance addresses these issues.
The ERM meets bi-monthly and is attended by our CEO and CFO.
It discusses, among other risks, sustainability and environmental
challenges where relevant, which are then reported to the Board.
The results from our ongoing double-materiality assessment
continues to inform our sustainability framework and guide our
priority areas for the next two years. We have undertaken a gap
analysis on this against CSRD reporting requirements too, which
impact our European business operations, and to ensure we can
bid competitively for work we will begin reporting voluntarily
against the current known standards in FY25.
As NCC Group’s business strategy evolves, the sustainability
framework will be integrated into our strategic planning. An
engagement programme is being developed to ensure that our
internal stakeholders, including the Board, are informed and
engaged on not just climate change but all priority sustainability
topics. This programme will feature training sessions, workshops
and continued awareness-building initiatives. It will be developed
as part of our journey to net zero commitments.
The Board is committed to communicating its dedication to
addressing climate change. This is demonstrated through our
annual Sustainability Report and reinforced through other
appropriate internal and external communication channels
throughout the financial year.
Strategy
TCFD recommended disclosure Consistency NCC Group disclosure Focus area for FY25
Strategy
A. Describe the climate-
related risks and
opportunities the
organisation has identified
over the short, medium
and long term
Consistent
•
See tables on pages 23 and 24 describing risks
and opportunities, which were selected based
on the location of our existing business and
known climate change risks affecting the
broader region we operate in
•
Monitor actions arising from
the risk register
B. Describe the impact of
climate-related risks and
opportunities on the
organisation’s business
strategy and financial
planning
Partially
consistent
•
Climate-related taxes, or fines for non-
compliance, could impact the business if we fail
to take action
•
Our ability to raise capital to invest in growth
may be restricted if we fail to make progress on
climate-related action, if this is a requirement of
any future sustainable lending requirements
•
Assess financial implications
of climate scenarios in our
financial planning
C. Describe the resilience
of the organisation’s
strategy, taking into
consideration different
climate-related scenarios,
including a 2°C or
lower scenario
Partially
consistent
•
We have conducted an initial quantitative
analysis against two scenarios of 1.5°C and 4°C
•
Develop the initial scenario
analysis and integrate,
aligned to NCC Group’s
strategy development, into
future financial and strategic
planning activities as our net
zero journey matures
Our focus is not limited to risk mitigation but extends to exploring opportunities where we can make a positive impact. This includes
improving the energy efficiency of our operations, collaborating with our landlords and requesting renewable energy sources, and
identifying ways our technology solutions can contribute to our clients’ sustainability efforts. As we continue our climate change
journey, we are committed to regularly reporting our progress against these objectives, showing transparency in our endeavours,
and constantly seeking ways to better our efforts.
22 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Climate-related risks
Our comprehensive risk management framework (summarised in
the Risk Management section of the Annual Report on pages 29
to 38) is instrumental in identifying and assessing climate-related
risks. We categorise these risks into:
•
Short term (less than one year) – based on short-term
regulatory or policy changes impacting climate-related risks
and opportunities as well as existing forecasting processes
considered by management which are reviewed and evaluated
on an annual basis
•
Medium term (one to five years) – based on regulatory
changes that may affect climate-related risks and
opportunities
•
Long term (more than five years) – based on the likely timeline
of international agreements and commitments, technological
trends and changes to policy or carbon pricing and their
impact on our operations, client services and supply chain
For instance, short-term risks might include immediate
regulatory changes or extreme weather events, while long-term
risks could be major shifts in our industry driven by the transition
to a low carbon economy. Each identified risk is paired with
corresponding mitigation measures, such as implementing
energy-efficient technologies or diversifying our supply chain,
aimed to reduce our vulnerability.
It’s critical that we remain flexible in our approach but focused
on taking responsibility for the emissions we generate and seek
to reduce what we can control.
While these risks apply to the Group as a whole, we do recognise
that certain locations face unique challenges. For example, our
operations in coastal areas are more susceptible to rising sea
levels and increased frequency of extreme weather events.
For a more detailed understanding of the climate-related risks
and opportunities we face, please refer to the table below.
It provides a snapshot of the specific challenges we’re
addressing and the strategic responses we have undertaken.
Risk Risk impact
Short/medium/
long term
Regions
impacted Mitigating activities
Physical risks
Extreme weather
(acute)
Causing business disruption and
loss of service delivery if colleagues
or clients are impacted adversely,
which would in turn potentially
impact revenue.
Short to medium
term
All but
particularly
Europe (Delft
and
Amsterdam)
•
Business interruption cover
•
Business Continuity Plans
•
Remote working in place
•
Dutch flood defences in place
Sea level rises
(chronic)
Increased likelihood of flooding in
Delft and Amsterdam offices causing
increased insurance premiums to
mitigate against business
interruption and material loss.
Long term Europe
– Delft and
Amsterdam
offices
Transition risks
Increase in taxes
and levies for
greenhouse gas
emissions
Increased costs to implement control
and monitor/measurement processes
as well as actual cost of taxes
and levies.
Medium term Depends on
local
legislation
•
Planet Mark helps us understand our
data, which enables us to take direct
action to reduce our GHG emissions
Move to net zero Increased costs required to
lower emissions.
Long term Global
•
Remote delivery of client services
where possible
•
Company car scheme only for
electric and hybrid vehicles (UK)
•
Annual calculation of Scope 1 and 2
emissions and an active reduction
plan in place aligned to new Planet
Mark guidance
•
Rigorous and transparent budget
setting will identify increasing costs
associated with carbon emissions
reduction
Margin risk Impact on results due to extra costs
incurred to lower emissions.
Medium term Global
•
Accounting policies regularly reviewed
•
Rigorous and transparent budget
setting will identify increasing costs
associated with carbon emissions
reduction
23
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
Continuous improvement to reduce NCC Group’s impact
on the environment
Resource efficiency: By embracing more efficient modes of
transport, promoting recycling, encouraging hybrid working
models and operating within efficient buildings, we can lessen
our environmental footprint, improve colleague satisfaction and
reduce operational costs. For instance, removing unnecessary
travel not only reduces our carbon emissions but also empowers
colleagues with more control over their work-life balance,
contributing to improved morale and productivity (anticipated
medium to long-term benefits).
Energy source: Our transition to lower emission energy sources,
underpinned by the introduction of an electric/hybrid car scheme
for all UK colleagues, demonstrates our commitment to sustainable
practices. By giving colleagues access to green car options, we
are mitigating our exposure to future fossil fuel price fluctuations
and regulations. It also addresses our colleagues’ material
concerns, fostering a culture of environmental responsibility and
enhancing overall job satisfaction (medium to long-term impact).
Market: As industries evolve in response to climate change,
we’re strategically positioned to leverage these transformations.
For example, by partnering with companies transitioning to
alternative energy sources or working on projects involving smart
meters, electric vehicles, IoT technology for waste reduction
and cloud data centres, we anticipate strengthening our market
position and enhancing our reputation as a sustainable and
innovative enterprise (short to medium-term outlook).
Resilience: Our sustainable business model increases our
resilience to climate-related risks, demonstrating our commitment
to being a responsible and ethical supply chain partner. This
commitment to sustainability not only aligns us with an increasingly
eco-aware market but also empowers us to lead in the space,
fostering a culture of innovation and responsible business
practices (short to long-term perspective).
Scenario analysis
To understand the risks and opportunities our business faces
considering climate change, we have conducted a quantitative
scenario analysis using two distinct scenarios: a “<2°C” scenario
(“Scenario 1”), where global warming is limited to less than 2°C
with net zero achieved by 2050, and a “4°C” scenario (“Scenario 2”),
where the goal of net zero by 2050 is not reached. A summary of
the scenarios selected is provided below.
These scenarios are chosen to reflect the diverse spectrum of
possibilities that could unfold due to different levels of global
effort to curb climate change. In the context of these scenarios,
“transition risks” refer to the challenges associated with the shift
towards a lower carbon economy, while “physical risks” denote
the potential damage caused by climate change itself.
In terms of the risks selected, these were based on physical
locations and the nature of our business in key locations of North
America, the UK, Europe and Asia Pacific. We are in the process
of flowing this into our financial planning and will continue to do
so as we mature our climate action planning and reporting.
Under Scenario 1, we anticipate higher transition risks due to
rapid shifts in regulatory and market conditions, but the physical
risks would be significantly reduced due to the effective global
action on climate change. Conversely, Scenario 2 predicts lower
transition risks but considerably higher physical risks due to the
lack of substantial progress towards climate goals.
We’ve further broken down these risks by timeline, classifying
them as short term (less than one year), medium term (one to
five years) and long term (more than five years). The table on
page 25 offers a comprehensive overview of NCC Group’s
potential exposure to both transition and physical risks under
each scenario.
While our current analysis is qualitative, we are working towards
quantifying these risks and opportunities as we progress towards
our net zero targets and continually improve our data collection
across Scope 1, 2 and 3 emissions. At this point, we don’t foresee
a significant impact on our Financial Statement disclosures based
on our materiality assessment results (see page 26 of the Annual
Report) and known near to mid-term regulatory developments.
However, we will continuously monitor both transition and physical
risks, adjusting our mitigation strategy as necessary.
Risk Risk impact
Short/medium/
long term
Regions
impacted Mitigating activities
Transition risks continued
Reputation risk Increased stakeholder concern and
changing client behaviours.
Medium term Global
•
Ongoing dialogue with investors
•
Benchmarking and independent
reviews undertaken through a
double-materiality assessment
•
ESG information publicly available
Supply chain risk Substitution of existing products and
services with lower emission options.
Medium to long
term
Global
•
Building in climate change reporting
and activity into supplier onboarding
•
Business Continuity Plans
•
Continuing to review our estate
provision and taking steps to move
out of leases where there is no client
or business benefit to being there
•
Implementation of new estates policy,
which incorporates environment
considerations alongside health,
safety and security of colleagues
TCFD continued
Climate-related risks continued
24 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk type Risk Risk impact Scenario
Short-term risk
(<1 year 2024)
Medium-term risk
(1–5 years 2025 to 2030)
Long-term risk
(>5 years >2030)
Physical
risk
Rising sea
levels
Risk to NCC Group offices
located in high risk areas, as
well as colleagues’ homes and
clients’ business premises
resulting in business disruption
1 Low Low High
2 Low High High
Transition
risk
Increase in
taxes and
levies
Disruption and increased
costs to ensure compliance
with new legislation
1 Low Medium High
2 Low Low Low
Margin risk Impact on results due
to extra costs incurred to
lower emissions
1 Low Medium High
2 Low Low Low
Reputation risk Increased stakeholder
concern and changing
client behaviours
1 Low Medium High
2 Low High High
Supply chain risk Substitution of existing
products and services with
lower emission options
1 Low Medium High
2 Low Low High
Financial planning
We recognise the potential implications of climate-related risks
and opportunities on our financial planning. We anticipate shifts
in our future business model and strategy in response to
evolving market conditions due to climate change. We foresee
potential changes in client preferences towards more sustainable
products and services, along with possible disruptions in our
supply chain due to extreme weather events. These factors are
thoroughly considered in our business strategy development.
Our business strategy has been designed to be resilient to future
economic and climate-related scenarios. And by running regular
scenarios we can test that resilience and ensure it’s considered
in future business strategy development, enabling us to adapt
accordingly, without disrupting or negatively impacting current
operations.
The scenarios are based on industry insights, which were used
in the expert input into our materiality assessment. We will look
to assess the potential financial implications of various climate
scenarios and factor these into our revenue forecasts, expenditure
plans and asset valuations from FY25 onwards. This will include
a detailed analysis of potential climate-related liabilities and their
impact on our financial stability.
Our future aspiration is to incorporate climate considerations to
influence future investment decisions by the Group, always
reducing our carbon footprint, and gradually divesting areas that
carry high climate-related risks. For now though, we are actively
working to improve our operational efficiency and addressing
things we can directly influence to reduce our impact on the
environment and realise cost savings.
For example, our new travel policy, launched during FY24,
encourages the use of rail travel, by offering first class travel for
all journeys over three hours. This improves health and wellbeing
for colleagues and reduces driving related risks for long journeys.
Domestic flights in Europe and the UK are by exception only
where it makes sense from a welfare and commercial perspective.
The known benefit of this is hard to determine because we don’t
yet have the travel tool that enables us to do that analysis – but
the processes and policy are in place and in the next reporting
period we will have that benchmark data. Further analysis will
then need to be done to assess this increased financial cost
versus the reduced emissions and incorporate that into the
financial planning process, for example.
In summary, our organisation is committed to integrating climate
considerations into our financial planning process. We will
continue to refine our approach as we gain more data and
insights into the evolving climate scenarios.
25
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
TCFD continued
Risk management
TCFD recommended disclosure Consistency NCC Group disclosure Focus area for FY25
Risk management
A. Describe the organisation’s processes
for identifying and assessing climate-
related risks
Consistent
•
Climate-related risks are managed
through our Enterprise Risk Management
framework
•
Monitor actions arising
from the risk register
B. Describe the organisation’s processes
for managing climate-related risks
Partially
consistent
•
Climate-related risks are documented,
mitigating actions are considered, a risk
rating is assigned and associated actions
are documented and followed up
•
Monitor actions arising
from the risk register
C. Describe how processes for
identifying, assessing and managing
climate-related risks are integrated
into the organisation’s overall
risk management
Partially
consistent
•
Climate-related risks are managed
through our Enterprise Risk Management
framework
•
Monitor actions arising
from the risk register
As part of our robust materiality assessment, we conducted
in-depth, topic-based and industry research to identify our most
material sustainability issues.
Through a detailed materiality matrix, we also identified
opportunities to enhance our sustainability performance by
focusing on reducing GHG emissions, monitoring product design
and lifecycle management, and mitigating biodiversity loss. Our
approach is to address these opportunities through targeted
initiatives in cleantech, increasing sustainability awareness and
capability, and climate adaptation.
Addressing these issues will involve closer collaboration with our
supply chain, particularly our global landlords and our top suppliers.
A key initiative in this regard is our Data Centre Management
Strategy, aimed at reducing our energy consumption.
Climate-related risks are managed through our NCC Group
Enterprise Risk Management (ERM) framework. This framework,
which is detailed in the Risk Management section of the Annual
Report on page 30, uses a sophisticated risk model to assess
and score each risk based on likelihood and impact. Risks
are re-evaluated consistently to ensure we’re responsive to
evolving circumstances.
Our risk management approach combines “top-down strategic”
and “bottom-up operational” perspectives, fostering collaboration
and promoting efficient risk identification. With respect to
climate-related risks, we have outlined our strategies and targets
for GHG emissions reduction and biodiversity preservation.
These climate-related risks are integrated into our Principal Risks
section (pages 29 to 38). The Executive Risk Management
Committee plays an active role in the ongoing review of these
risks, and their mitigations, controls and associated actions.
This Committee meets on a regular basis and follows a stringent
process for identifying, assessing, responding to and escalating
serious concerns related to these risks.
We firmly believe that this integrated and transparent approach
will ensure effective risk management aligned with the principles
of TCFD, while driving our strategic objectives for sustainability.
How we manage risks
Obtain
assurance
Implement
internal
control
Adapt
ERM
Perform
scenario
analysis
Integrate
into
reporting
Use
existing
tools
Solicit
investor
feedback
Assess
financial
impacts
Collaborate
across the
business
Secure
leadership
buy-in
Establish
Committee
oversight
A
u
d
i
t
C
o
m
m
i
t
t
e
e
R
i
s
k
C
o
m
m
i
t
t
e
e
26 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Metrics and targets
The metrics and targets have changed as a result of new best practice advised by our partner, Planet Mark. Reduction initiatives and
measurement are for Scope 1 and 2 only, not Scope 3.
Setting metrics and targets is very challenging when reporting scope is continuing to change. Previously reduction initiatives were
across all three scopes, however our current partner, Planet Mark has changed that guidance to be Scope 1 and 2 only. This on top of
a year end change, the addition of full Scope 3 reporting relevant to our business operations and significant changes in our footprint
as we continue to grow the business has made any previous reduction targets impossible to measure.
We made a decision to appoint a new partner – Positive Planet and taking the opportunity to reset a baseline now we have full Scope
1, 2 and 3 reporting in place. Working with Positive Planet, we have begun mapping our net zero journey, and will set credible
science-based targets, from which to measure our performance against in future.
NCC Group’s sustainability strategy 2024 is complementary to this TCFD Report.
TCFD recommended disclosure Consistency NCC Group disclosure Focus area for FY25
Metrics and targets
A. Disclose the metrics used by
the organisation to assess
climate-related risks and
opportunities in line with its strategy
and risk management process
Partially
consistent
•
Reporting of Scope 1, Scope 2 and
Scope 3 greenhouse gas emissions
for FY24 compared to prior years
•
Scope 1 and 2 emissions increased by
41%, against the new reporting period
and acknowledges improvements in
data quality
•
Map our net zero
journey and set credible
science-based targets
B. Disclose Scope 1, Scope 2 and, if
appropriate, Scope 3 greenhouse gas
emissions and the related risks
Partially
consistent
•
Publication of Scope 1 and 2 GHG
emissions for FY24 vs FY23 adjusted
for the new reporting period
•
Full Scope 3 emissions relevant to our
business operations
•
Using insights from new
travel tool, continue to
improve disclosures of
business related travel
C. Describe the targets used by the
organisation to manage climate-
related risks and opportunities and
performance against target
Consistent
•
5% year-on-year overall reduction of
Scope 1 and Scope 2 GHG emissions
•
Map our net zero
journey and set credible
science-based targets
27
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Sustainability continued
Streamlined Energy and Carbon
Reporting (SECR).
The period under review in the current period is from 1 October 2023 to 30 September 2024.
Total GHG tCO
2
e
Source 2023 2024
tCO
2
e change
from
previous
year
% change
from
previous
year
Scope 1
Gas 124.7 344.4 219.7 176%
Company vehicles
Diesel 3.0 0.8 (2.2) (73%)
Petrol 12.3 11.3 (1.0) (8%)
Hybrid — — — —
Fleet fuel – petrol 43.0 — (43.0) (100%)
58.3 12.1 (46.2) (79%)
Total Scope 1 183.0 356.5 173.5 95%
Scope 2
Electricity 979.0 1,280.5 301.5 31%
Heat and steam 19.8 40.9 21.1 107%
Company vehicles – electric 13.7 8.9 (4.8) (35%)
Total Scope 2 1,012.5 1,330.3 317.8 31%
Total Scope 1 and 2 1,195.6 1,686.8 491.2 41%
Scope 3
Data centre electricity — 71.7 71.7 —
Business travel 134.7 1,257.5 852.7 633%
Commuting — 225.4 225.4 —
Transmission and distribution losses 52.9 82.3 29.4 56%
Heat and steam transmission and distribution losses — 2.8 2.8 —
Fleet transmission and distribution losses 0.3 0.8 0.5 163%
Purchased goods and services — 5,713.7 5,713.7 —
Total Scope 3 187.9 7,354. 2 7,166.3 3,814%
Total Scope 1, 2 and 3 1,383.4 9,041.0 7,657.6 554%
Underlying energy use
The table below shows the proportion of energy use that occurs in the UK and non-UK countries alongside the total carbon
emissions, including the global emissions for purchased goods and services. In FY24, 29% of the Group’s energy consumption and
20% of carbon emissions arose from the UK. Purchased goods and services are reported for the first time in FY24 and account for
61% of the Group’s carbon emissions.
FY24 energy use FY24 carbon emissions
Area kWh
% of global
energy use
Total emissions
(tCO
2
e) % of global emissions
UK 1,834,242.1 29% 1,672.5 18%
Non-UK 4,492,678.7 71% 1,654.8 18%
Global purchased goods and services — — 5,713.7 63%
Total 6,326,920.9 100% 9,041.0 100%
Intensity metric
Total per £m turnover – location based
Amount
Turnover
(£m)
Total emissions
(tCO
2
e)
Intensity per turnover
(tCO
2
e)
1 June 2022 – 31 May 2023 5,126,288.0 335.0 1,383.4 4.1
1 October 2023 – 30 September 2024 6,326,920.9 329.2 9,041.0 27.5
Comparison 23.4% (1.7%) 553.5% 565.0%
28 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk management
Risk is an inherent part of doing business, and risk management is a fundamental aspect of
good corporate governance. A successful risk management process balances risk and reward
and is underpinned by sound judgement regarding the impact and likelihood of risks. The Board
holds overall responsibility for ensuring that NCC Group has an effective risk management
framework that aligns with our business objectives.
The Board has established an Enterprise Risk Management
Policy, which has established protocols, including:
•
Roles and responsibilities for the risk management framework
•
A risk scoring framework
•
A definition of risk appetite
The integrated approach to risk management diagram on page 30
summarises the Group’s overall approach to risk management.
NCC Group’s approach to risk management
NCC Group adopts both a “top-down” and “bottom-up” approach
to risk, to manage risk exposure across the Group to enable the
effective pursuit of strategic objectives. The approach is
summarised in the diagram on page 30.
The approach is one of collaboration, which supports our
comprehensive approach to risk identification, from the “top
down” and “bottom up”. The Group believes that this is the most
efficient and effective way to identify its business risks.
Top down
The Board, Audit Committee and Cyber Security Committee
review risks on an ongoing basis and are supported by the
Executive Committee and subject matter specialists (including
Escode, Cyber Security, information security, data protection
and health and safety). The Board considers the Group’s
strategic objectives and any barriers to their achievement.
Bottom up
The Board and senior leadership team engage with colleagues at
every level of the Group in recognition of the importance of their
expertise, contribution and views.
Risk management model
The Board has overall responsibility for ensuring that NCC Group
adopts an effective risk management model, which is aligned to
our objectives and promotes good risk management practice.
We have therefore adopted the model described in this section
and summarised in the diagram above.
The Board, Audit Committee, Cyber Security Committee and
executive team review risks on an ongoing basis throughout
the period. The appropriateness and relevance of the risks
are monitored by the Global Governance team to ensure they
continue to be updated, meet the needs of the Group and remain
Risk
management
model
Assess
adequacy and
effectiveness
of existing
controls
Identify
risks
Identify
inherent risks
and likelihood
of impact
Monitor
delivery of
action plans/
risk universe
Assign
Director-
level
sponsorship
Evaluate
mitigated risks
and likelihood
of impact
Develop
action plans
(treat, transfer,
tolerate,
terminate)
I
d
e
n
t
i
f
y
M
o
n
i
t
o
r
A
s
s
e
s
s
A
d
d
r
e
s
s
C
o
r
p
o
r
a
t
e
g
o
v
e
r
n
a
n
c
e
C
o
r
p
o
r
a
t
e
g
o
v
e
r
n
a
n
c
e
in line with good risk management practice. In addition, there is
a robust process in place for monitoring and reporting the
implementation of agreed actions.
We are satisfied that the Risk Management Policy, framework
and model currently in place are sufficient to manage risk across
the Group.
The key areas of identifying, assessing, addressing and
monitoring risks are explained in more detail below:
Identify
Risks exist within all areas of our business, and it is important for
us to identify and understand the degree to which their impact
and likelihood of occurrence will affect the delivery of our key
objectives. This is achieved through day-to-day working
practices and incorporates risks in both the internal and external
environment. Examples of identification include horizon scanning
for emerging risks such as increasing energy costs, takeover
risks, legislative and market changes and geopolitical risks.
29
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
30
Managing risk from the top down
Managing risk from the bottom up
Top down
Strategic risk management
Bottom up
Operational risk management
•
Establishing guidance on the Group’s
approach to risk management and
establishing the parameters for risk
appetite and associated decision making
•
Identification, review and management
of identified Group strategic risks and
associated actions
•
Ongoing consideration of:
– IT and cyber-centric risk
– Environmental risk
Board
Audit Committee
Cyber Security
Committee
•
Periodically assessing the effectiveness
of the embedded Group risk
management process
•
Challenging the content of the strategic
risk register to support a comprehensive
and balanced assessment of risk
•
Reporting on the principal risks and
uncertainties of the Group
•
Implementing and embedding the Group’s
Risk Management Policy and approach
•
Directing the delivery of the Group’s
identified actions associated with
managing/mitigating risk
•
Identification of key risk indicators,
monitoring and taking timely action
where appropriate
Executive Board
Leadership team
•
Responsible for reviewing the operational
risks across the business units and Group
•
Challenging the appropriateness and
adequacy of proposed action plans to
mitigate risk
•
Giving due consideration to the
aggregation of risk across the Group
•
Provisioning suitable cross-functional/
business unit resource to effectively
manage risk where appropriate
•
Instrumental in developing the risk
management framework adopted by
the Board
•
Conduit between the Board and the
business units – providing training and
support where appropriate
•
Developing and executing a risk-based
Internal Audit Plan to assess the
management of risks
Global Governance
function
•
Ongoing monitoring and reporting to the
Board in relation to the progress being
made by the business units in implementing
agreed action plans to mitigate
strategic risk
•
Close cross-functional relationships with
the Global Technical Services (GTS)
security operations team to facilitate the
identification, management, monitoring and
reporting of data security risks
•
Execution of the delivery of the Group’s
identified actions associated with
managing risk
•
Timely reporting on the implementation
and progress of agreed action plans
•
Provision of key risk indicator updates
Business units
•
Identification and reporting of strategic risk
to the Board
•
Provision of reports and data relating
to significant emerging risks to the Group
(internal and external)
•
Implementation of risk management
approach which promotes the ongoing
identification, evaluation, prioritisation,
mitigation and monitoring of
operational risk
Effective pursuit of strategic objectives
Risk management continued
Risk management model continued
Identify continued
All identified risks are initially assessed for their “inherent” risk
(risk with no controls in place), using a scoring mechanism that
accounts for the likelihood of an event occurring and the impact
that it may have on the Group. The scoring mechanism adopted
takes account of high impact, low likelihood events and these
risks are managed in a timely manner.
In addition to ongoing risk identification, an annual exercise is
undertaken to review the Group’s strategic risk universe by the
Board. This exercise is reliant on the “top-down”, “bottom-up”
approach discussed earlier.
30 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Assess
Post-identification of the Group’s inherent risk exposure,
a comprehensive assessment of the effectiveness of current
mitigating controls is undertaken. This exercise takes account of
the design of the current control environment and the application
of these controls prior to assessing the Group’s current exposure
to risk – the mitigated risk score. The Board uses a number of
sources of information to support the scoring of risk and these
include, but are not limited to:
•
Management updates
•
Action tracking and reporting
•
Control environment policies and procedures
•
Independent audit activity
•
Project monitoring reports
Address
Having identified and assessed the risks faced by the Group, the
risks are scored according to likelihood of occurring and impact
to the business should they occur.
An assessment of whether additional actions are required to
reduce our risk exposure is undertaken, with actions falling into
one of four categories:
•
Treat – develop an action plan (applying responsibility,
deadlines and prioritisation) that may include the
implementation of additional controls, or increase the
requirement for additional assurance over the adequacy
and effectiveness of the existing controls
•
Transfer – use a third party specialist to undertake the activity,
thus mitigating the risk
•
Tolerate – determine the risk is within appetite
•
Terminate – exit the activity
The output from the evaluation of strategic risks has resulted in
milestone plans owned by senior business leaders or has been
used in the development of the Group’s transformation programme.
Monitor
Ongoing monitoring of risks and related actions is key to the
implementation of our risk management model and, therefore,
NCC Group is committed to making enterprise-wide risk
management part of business as usual. Examples of ongoing
monitoring of business risks include, but are not limited to:
•
Annual review of the external audit strategy and plan by the
Audit Committee and Chief Financial Officer to ensure
inclusion of key financial risks
•
Review of the annual Internal Audit Plan to validate that it
incorporates key areas of business risk
•
A review of internal audit reports issued during the period,
including a summary of progress against previously raised
management actions at each Audit Committee meeting
•
Annual review of the strategic risk register by the Enterprise
Risk Management Steering Group and Board to ensure that it
includes risks arising in the period
Internal control
While risk management identifies threats to the Group achieving
its strategic objectives, internal controls are designed to provide
assurance that these objectives are being achieved, such as the
effectiveness and efficiency of operations and delivery, accurate
and reliable financial reporting, and compliance with applicable
laws and regulation.
NCC Group has established a robust internal control framework,
which is made up of a number of components:
Control environment
The control environment has primarily been established taking
account of the Group’s values (working together, being brilliantly
creative, embracing difference and taking responsibility), and
its Code of Ethics, which sets the foundations for the expected
behaviours, values and competencies for all colleagues across
the Group. The Board, Executive Committee and extended
leadership team lead by example and strive to maintain
effective control environments, while also maintaining
integrity and transparency.
Risk assessments
Risk assessments are conducted at both a strategic and operational
level of the Group and support the Group in understanding the
risks that it faces and the controls in place to mitigate them.
Importantly, they provide a mechanism to identify operational
improvements and are vital in our transformational programmes.
Policies and procedures
Established policies communicate expected behaviours and
are supported by procedures and guidelines that define required
processes and controls. This, in turn, helps the business to adopt
efficient and effective control environments.
Information and communications
Access to accurate and timely data is essential for supporting
our colleagues in making informed decisions and effectively
managing and controlling their areas of responsibility.
Activity monitoring
The minimum financial controls framework was established in
FY20. Further enhancement of the framework is being designed
and implemented to align with the UK Corporate Governance
Reform and upcoming Directors’ attestation of internal controls.
In preparation for new legislative requirements relating to failure
to prevent fraud, key anti-fraud controls have been identified and
this is supported by red flag reporting and ongoing trend analysis
to enhance the existing control environment to ensure compliance
with the Economic Crime and Transparency Act (2023).
Financial accounting and reporting follow generally accepted
accounting practices.
Group review and approval procedures exist in relation to major
areas of risk and require Executive Committee/Board approval,
including mergers and acquisitions, major contracts, capital
expenditure, litigation, treasury management and taxation
policies. The approval procedures are captured within a revised
global Delegation of Authority (DoA) matrix which is
disseminated across the Group.
Compliance with all legislation, current and new, is closely monitored.
Risk and control reporting structure
NCC Group has embedded the “three lines of defence”
to provide a robust internal controls structure that will support
the Board, Audit Committee, Cyber Committee, Executive
Committee and extended leadership team with accurate and
reliable information in relation to the systems of internal control.
Three lines of defence:
•
First line – Group policies and procedures
•
Second line – information security, data protection, health
and safety, and legal
•
Third line – risk and assurance, incorporating internal audit,
standards and support, assessing compliance with standards
and external audit, both financial and operational, providing
independent challenge and assessment
31
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk management continued
A. Strategy
1. Inability to execute the Group’s strategy
VR
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
Ineffective execution of
the Group’s strategy
Risk owner
Mike Maddison,
CEO
Risk impact
Ineffective execution of a strategy could
have a material negative impact on the
Group’s financial performance and value.
It would potentially weaken the Group
compared to its competitors and risk
the Group’s established position in
the marketplace.
Risk impact and movement
Key controls and mitigating factors
New strategy launched in February 2023 and
in process of being implemented with full
Board support.
New leadership team in place, including new
Head of Strategy.
Strategy accelerated (delivery centre in Manila
successfully launched in September 2023) and
simplifying the business via the disposal of
non-core offerings such as our DetACT and
European Crypto business.
2. Poor adoption of change management mechanisms
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
Poor and/or ineffective
change management
mechanisms
Risk owner
Mike Maddison,
CEO
Risk impact
Implementation of projects that then cost more
to deliver, take longer to deliver and result in
fewer benefits being realised (or all three).
Poor delivery of change could ultimately impair
business performance.
As the Group adapts and executes its strategy,
there are a number of complex projects and
initiatives that not only need to be delivered
but also require understanding and support
from all colleagues.
Risk impact and movement
Key controls and mitigating factors
The Group has a Head of Strategy who will
manage the implementation alongside key
stakeholders. This includes regular reviews of
strategic projects.
Experienced executive leadership team in place
to drive the new strategy.
Development of business cases underpinned by
robust financial and legal due diligence which
clearly articulate project objectives including
delivery metrics which are monitored.
3. Over-reliance on market sector, product/service or client
VR
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
N/A
Risk owner
Mike Maddison,
CEO
Risk impact
Loss of key customers or over-reliance
on market sector can result in a reduction
in revenue and consequential impact on
profitability and cash generation.
Risk impact and movement
Key controls and mitigating factors
The new strategy looks to help mitigate this risk
and ensure we don’t have any future overexposure
to a market sector or client.
Viability risk considers this as part of the
scenarios modelled.
Increased globalisation underpinned by global sales
and delivery strategies to reduce concentration
on specific clients, markets and regions.
Market and competitive intelligence reporting.
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
Extraordinary risk during the period
Principal risks and uncertainties
During the period, the Board has completed a robust assessment of
the Company’s emerging and principal risks. This has included the
Board reassessing and rescoring the principal risks, with changes
to the risks noted below. The Group continues to operate in a
particularly dynamic and evolving marketplace. The current risk
register has been developed to reflect these factors and includes
risks that could threaten the Group’s business model, future
performance, solvency, or liquidity. Detailed descriptions of the
current principal risks and uncertainties faced by the Group, along
with their potential impact and the mitigating processes and
controls, are set out below.
The strategic risks are based on the four pillars of our strategy: our
clients, our capabilities, global delivery and differentiated brands.
32 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
A. Strategy continued
4. Technology changes render services obsolete/technology disruption impacts pace of change
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
N/A – new risk
Risk owner
Siân John,
CTO
Risk impact
Failure to stay updated with technological
changes can erode competitive advantage,
leading to a decline in market share
and revenue.
Risk impact and movement
NR
Key controls and mitigating factors
Market intelligence and competitive
intelligence reporting.
Strategic partnerships with technology
partners, regulatory bodies and industry
experts to ensure alignment with emerging
trends and technology changes.
5. Unable to meet the service and resource needs of our clients VR
Link to strategy: Our capabilities Global delivery
Previous risk name
N/A – moved from Market
and Competition theme
Risk owner
Kevin Brown,
COO
Risk impact
Loss of clients will result in a loss of revenue
and reputational damage.
Risk impact and movement
Key controls and mitigating factors
New strategy includes capabilities as a key pillar
and the business has been restructured to mitigate
this risk.
Launch of delivery centre in Manila in September
2023 to reduce our cost base to further meet the
needs of our clients.
B. Cyber and information security
6. Cyber attack
VR
Link to strategy: Our capabilities Global delivery Differentiated brands
Previous risk name
N/A
Risk owner
Rebecca Fox,
CIO
Risk impact
Data breach leading to fines from regulators
and reputational damage.
Lack of availability in systems.
Inability to operate services resulting in loss
of customer trust, resulting in loss of revenue
and negative impact on share price.
Impact on national security due to our work
with government clients.
Risk impact and movement
Key controls and mitigating factors
The Board operates a Cyber Security Committee
chaired by a NED.
All colleagues globally are required to undertake
annual and ongoing security training to alert them
to potential methods of security breach and to their
responsibilities in safeguarding information and
reporting potential issues.
Security testing is regularly carried out on the Group’s
infrastructure and there are extensive response plans,
which are tested.
Comprehensive plans are in place and being
delivered associated with discharging our data
protection obligations.
Deployed an Information Security Management
System (ISO 27001). All key locations are certified.
33
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk management continued
B. Cyber and information security continued
7. Significant business systems failure
VR
Link to strategy: Our capabilities Global delivery Differentiated brands
Previous risk name
N/A
Risk owner
Rebecca Fox,
CIO
Risk impact
Inability to transact, operate and deliver
services resulting in loss of customer trust,
resulting in loss of revenue and negative
impact on share price.
Risk impact and movement
Key controls and mitigating factors
Deployed an Information Security Management
System (ISO 27001). All key locations are certified.
IT strategy of continued cloud migration which has
greater resilience and availability.
Business Continuity Plans, including Crisis
Management, in place and tested regularly.
Change management process in place within IT
which assists a reduction in incidents caused by
human error.
Backups in place and single points of failure
identified and mitigated in the event of prolonged
loss of systems.
Regular vulnerability assessments (perimeter
scanning) and penetration testing undertaken.
Introduction of global systems.
8. Loss of client/colleague data
Link to strategy: Our capabilities Differentiated brands
Previous risk name
N/A
Risk owner
Guy Ellis,
CFO
Risk impact
Data breach leading to fines from regulators
and reputational damage.
Risk impact and movement
Key controls and mitigating factors
Deployed an Information Security Management
System (ISO 27001). All key locations are certified.
Regular compliance training, including data protection,
provided to all colleagues at least annually.
Information classification and handling and data
privacy policies in place.
9. Insufficient quality, integrity and availability of management information
VR
Link to strategy: Our clients Our capabilities Global delivery
Previous risk name
N/A
Risk owner
Guy Ellis,
CFO
Risk impact
Suboptimal business decision making and
performance as key financial performance
data is not available or trusted.
Risk impact and movement
Key controls and mitigating factors
We are ISO 9001 accredited across key locations.
Standardised business process control standards
are in place and subject to regular review by the
global standards and support team.
Increased focus on implementing global systems
to support global strategy.
C. Innovation and product development
10. Intellectual property theft or exposure
Link to strategy: Differentiated brands
Previous risk name
N/A
Risk owner
Siân John,
CTO
Risk impact
Reputational damage from losing client data
and industrial espionage, resulting in loss of
revenue and loss of competitive advantage
from threat of malicious actors.
Risk impact and movement
Key controls and mitigating factors
Security and technical controls in place through our
Information Security Management System (ISO 27001).
Principal risks and uncertainties continued
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
34 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
C. Innovation and product development continued
11. Ineffectual product/service management
Link to strategy: Global delivery
Previous risk name
N/A
Risk owner
Siân John,
CTO
Risk impact
Loss of revenue from uncompetitive solutions
and failure to compete effectively.
Failure to align to the business strategy resulting
in lack of client trust leading to a loss of clients.
Failure to maintain competitive advantage.
Ineffectual marketing strategy.
Risk impact and movement
Key controls and mitigating factors
Suitably qualified and experienced
product managers.
Quality review process.
Customer feedback and escalation process.
Marketing strategy in place focused on
product development.
12. Lack of Innovation
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
N/A – new risk
Risk owner
Siân John,
CTO
Risk impact
Loss of competitive advantage resulting
in declining market share.
Failure to deliver the Group strategy.
Increased cost base eroding margins.
Risk impact and movement
NR
Key controls and mitigating factors
Research and development budgets and
culture which proactively embraces new trends
and technologies.
Cross-functional collaboration via working groups
to promote innovation.
Customer engagement and feedback to enhance
the portfolio of product and services.
D. People
13. Insufficient workforce resilience
Link to strategy: Our capabilities
Previous risk name
N/A
Risk owner
Michelle Porteus,
CPO
Risk impact
Inability to deliver to clients resulting in loss
of revenue.
Loss of colleague morale and risk of “burnout”.
Risk impact and movement
Key controls and mitigating factors
Workforce resourcing managed by
Chief People Officer.
Full review of workforce requirements
undertaken as part of strategic review.
14. Inability to retain/recruit colleagues to meet the resource needs of the business
VR
Link to strategy: Our capabilities
Previous risk name
Attracting and retaining
appropriate colleague
capacity and capability
Risk owner
Michelle Porteus,
CPO
Risk impact
Loss of key colleagues or significant colleague
turnover could result in a lack of necessary
expertise or continuity to execute the
Group’s strategy.
Inability to attract and retain sufficient
high calibre colleagues could become a barrier
to the continued success and growth of
NCC Group.
Risk impact and movement
Key controls and mitigating factors
Colleagues are offered an industry aligned
salary and benefits package, which can include
participation in share schemes, a salary sacrifice
car scheme and retail discount offerings.
Improved communications with our colleagues
managed by the new Chief Marketing Officer.
New global delivery and operations centre
opened in Manila in September 2023.
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
35
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Risk management continued
Principal risks and uncertainties continued
E. Market and competition
15. Failure to capture on partnership ecosystem
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
Reliance on relationships
with third parties
Risk owner
Mike Maddison,
CEO
Risk impact
Loss of margin.
Reputational damage if third parties
don’t deliver.
Risk impact and movement
Key controls and mitigating factors
Contracts in place with third parties.
Ongoing review of service and delivery from
third parties.
16. Geopolitical risk
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
International trade
Risk owner
Kevin Brown,
COO
Risk impact
Failure to comply with changing global regulations
may cause disruption to our business.
Risk impact and movement
Key controls and mitigating factors
The new strategy is focused on globalisation
and thus the resource structure is being designed
to promote global delivery.
17. Lack of market strength versus competitors
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
N/A – new risk
Risk owner
Kevin Brown,
COO
Risk impact
Declining market share.
Less influence in shaping industry trends
and changes.
Brand perception issues.
Reduction in workforce morale and increased
challenges in relation to talent acquisition
and retention.
Risk impact and movement
NR
Key controls and mitigating factors
Market intelligence and competitive
intelligence reporting.
Launch of Kantata globally in FY24 to
enable global scheduling and assessment
of profitability.
F. Brand and reputation
18. Lack of visibility in the marketplace
Link to strategy: Our clients Our capabilities Global delivery Differentiated brands
Previous risk name
N/A – moved from Market
and Competition theme
Risk owner
Mike Maddison,
CEO
Risk impact
Loss of clients will result in a loss of revenue.
Risk impact and movement
Key controls and mitigating factors
Escode rebranded in FY24 and plans for cyber
in line with the Group strategy.
Continue to publish expert advice and
content publicly.
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
36 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
F. Brand and reputation continued
19. Adverse publicity in news and social media
Link to strategy: Differentiated brands
Previous risk name
N/A
Risk owner
Angela Brown,
CMO
Risk impact
Reputational damage leading to loss of existing
and potential clients resulting in loss of revenue.
Risk impact and movement
Key controls and mitigating factors
Policies and procedures in place which follow
good practice and ethics.
Research quality review process managed
by a panel of experts.
20. Undertaking work with disreputable clients or in sanctioned/undesirable jurisdictions
Link to strategy: Our clients Global delivery
Previous risk name
N/A
Risk owner
Angela Brown,
CMO
Risk impact
Reputational damage.
Potential fines.
Risk impact and movement
Key controls and mitigating factors
Country risk assessment process in place for
new business.
Higher risk countries have a risk assessment
completed and approved appropriately.
G. Quality and delivery
21. Service delivery does not achieve established quality standards
VR
Link to strategy: Our clients Our capabilities
Previous risk name
N/A
Risk owner
Kevin Brown,
COO
Risk impact
Clients don’t renew, have their SLA breached
or cancel mid-service leading to loss of revenue.
Negligence in delivery leading to legal action
or loss of revenue and reputational damage.
Risk impact and movement
Key controls and mitigating factors
Quality assurance processes in place.
Standard methodologies and procedures followed.
Customer feedback and complaints process.
Ongoing internal training programmes.
22. Loss of internationally recognised quality and security standards
VR
Link to strategy: Our capabilities Global delivery Differentiated brands
Previous risk name
N/A
Risk owner
Kevin Brown,
COO
Risk impact
Failure to retain a core standard, e.g. 9001,
27001 or PCI, with a consequential loss of key
customer accounts or ability to operate.
Risk impact and movement
Key controls and mitigating factors
We operate a comprehensive programme to ensure
the retention of our core standards.
Policies and procedures in place and audited
against the design and application.
External assessors conduct audits at least
annually confirming the retention of our quality
and security standards.
We have extended our ISO standards to more
locations during FY24.
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
37
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Principal risks and uncertainties continued
Risk management continued
H. Legal, regulatory compliance and governance
23. Criminal and civil corporate legal action resulting in fines and incarceration
VR
Link to strategy: Our clients Global delivery Differentiated brands
Previous risk name
Criminal and civil legal
action resulting in fines
and incarceration
Risk owner
Guy Ellis,
CFO
Risk impact
Reputational damage from legal action being
taken and financial impact of the fines and the
impact it may have on key customer accounts.
Risk impact and movement
Key controls and mitigating factors
Legal team reviews customer contracts.
Annual compliance training undertaken including
ethics, economic crime, health and safety,
information security and data protection.
24. Inability to identify and adopt emerging regulations in a timely manner
Link to strategy: Our clients Global delivery Differentiated brands
Previous risk name
N/A
Risk owner
Guy Ellis,
CFO
Risk impact
Non-compliance with regulations resulting in
fines from regulators and reputational damage
leading to loss of key customer accounts and
shareholder investment.
Risk impact and movement
Key controls and mitigating factors
TCFD reporting in third period and working on CSRD
for our Fox-IT business.
Horizon scanning for new regulations.
In addition to identifying the Group strategic risks, we continuously review and monitor emerging risks through horizon scanning;
publications; assessing regulatory changes and how they may impact the Group; and ensuring adequate oversight over significant projects.
Emerging risks
Risk area Risk Risk description Mitigating controls
People and
partners
Pandemic Already experienced with Covid-19
(remains on the risk register).
Colleagues can deliver client
services remotely.
Market and
competition
Blackouts Potential energy supply shortages as
a result of supply issues created by the
Russian invasion of Ukraine.
Emergency backup generators in place
and tested.
Property rationalisation exercise advanced
during the period.
Increasing
energy costs
Energy costs have increased significantly
since the Russian invasion of Ukraine.
Factored into budget.
Financial Inflation and interest rate fluctuations
leading to wider economic uncertainty.
Less spending in public sector by UK
government could lead to reductions
in funding.
New strategy implemented and Kantata
implementation has provided improved
visibility of profitability.
Quality and
delivery
Project
management/
project commercial
Significant number of large
scale projects which need to be
adequately managed.
New Head of Strategy responsible for
project management.
Development of business cases which clearly
articulate project objectives including delivery
metrics which are monitored.
Risk movement: Increased Decreased Unchanged
Viability risk:
VR
New risk:
NR
Risk impact: High Medium Low
38 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Viability statement
In line with Provision 31 of the 2018 UK Corporate Governance Code,
this Viability Statement outlines the Directors’ assessment of the
Group’s ability to continue in operation and meet its liabilities as they
fall due over the designated assessment period, drawing attention
to any qualifications or assumptions, as necessary. This evaluation
considers our current financial position, outlook, and principal risks
and uncertainties, as well as the critical judgements and estimates
underpinning the Financial Statements. The Directors’ assessment
is grounded in the Group’s business model and strategic plan, which
are reviewed and approved annually by the Board with a focus on a
sustainable growth strategy derived from two distinct businesses,
increasing shareholder value, and enhancing our service offering.
For further details, please see the Strategic Report on pages 8 and 9.
The Group’s strategic priorities, detailed on pages 12 and 13 of the
Strategic Report, provide a foundation for this outlook. Additionally,
the effective management of principal risks and uncertainties, as
outlined on pages 29 to 38, underscores those factors that could
theoretically pose a threat to the Group’s operational or financial
resilience, particularly those carrying the viability risk (VR) designation.
The assessment period
The Directors have assessed the viability of the Group over a three
year period ending in September 2027. This timeframe aligns with
the Group’s strategic planning horizon and reflects a practical
planning period, considering the pace of industry change and
evolving customer demands.
Assessment of viability
The viability of the Group has been assessed based on its current
financial position, available bank facilities, and the Board-approved
FY25 budget and three year strategic plan. The Group’s base case
budget for FY25 incorporates recent growth trends across
geographical regions and operating segments, as well as relevant
growth opportunities driven by existing offerings. This assessment also
accounts for current macro-economic conditions where applicable.
Additionally, the Directors have modelled the impact of severe,
yet plausible scenarios associated with the Group’s principal risks,
which could have the most significant potential impact on viability
over the three year period, as outlined in the table below. These
sensitivities have been assessed against the Group’s projected
cash flow position, available bank facilities, and compliance with
financial covenants throughout the viability period. The Directors
note that the Group’s revolving credit facility (RCF), which currently
provides liquidity headroom, is due to expire in December 2026.
The viability model assumes that the RCF will be refinanced within
the assessment period, and this assumption has been incorporated
into the severe yet plausible downside scenarios. Under these
scenarios, the Group has assessed and concluded that sufficient
headroom exists to support its operations and meet its liabilities as
they fall due. Further details on the Group’s financing arrangements
and expiry dates can be found in Note 1 of the Financial Statements.
The applied sensitivities demonstrate sufficient levels of headroom,
indicating that no mitigating actions are necessary under the severe
but plausible scenarios modelled by management. Nevertheless,
should additional headroom be needed, available measures within
the Directors’ control include reducing planned capital expenditure,
adjusting headcount, freezing pay and recruitment, and
suspending dividend payments to shareholders.
Conclusions
Based on the severe but plausible scenarios modelled, including the
assumption that the Group’s revolving credit facility (RCF) will be
successfully refinanced within the three year assessment period,
the Directors have a reasonable expectation that the Company will
be able to continue in operation and meet its liabilities as they fall
due over the three year period of assessment. The Directors have
considered this assumption as part of their viability assessment and
believe it to be reasonable based on the Group’s financial position.
Viability risk Risk as applied to viability assessment Specifics of scenario modelled Potential impact
Inability to execute the
Group’s strategy
Ineffective execution of a strategy could have a material negative
impact on the Group’s financial performance and value.
It would potentially weaken the Group compared to its competitors
and risk the Group’s established position in the marketplace.
In order to consider the impact of
the risks identified, management
has modelled the following scenario:
A reduction in the future
performance regarding Cyber
Security trading performance,
specifically within the North
American Technical Assurance
Services (TAS).
This scenario models an annualised
reduction of £5.3m in revenue
and £2.5m in profitability over
the three year viability period.
The impact of these
sensitivities has been
assessed against the
Group’s projected cash flow,
available bank facilities and
compliance with financial
covenants over the three
year viability period. The
scenarios applied indicate
sufficient headroom
throughout this period,
confirming that no mitigating
actions are necessary.
Inability to retain/recruit
colleagues to meet the
resource needs of the
business
Loss of key colleagues or significant colleague turnover could result in a
lack of necessary expertise or continuity to execute the Group’s strategy.
Inability to attract and retain sufficient high calibre colleagues could
become a barrier to the continued success and growth of NCC Group.
Insufficient quality,
integrity and availability of
management information
Suboptimal business decision making, and performance as key
financial performance data is not available or trusted.
These suboptimal decisions could prevent the Group from achieving
its strategic goals.
Over-reliance on market
sector, product/service
or client
Loss of key customers or over-reliance on market sector can result
in a reduction in revenue and consequential impact on profitability
and cash generation.
In order to consider the impact of
the risks identified, management
has modelled the following scenario:
A loss in key customers resulting
in an annualised reduction of
£24.8m in revenue and £14.2m
in profitability over the three year
viability period.
The impact of this
sensitivity has been
assessed against the
Group’s projected cash flow,
available bank facilities and
compliance with financial
covenants over the three
year viability period. The
scenarios applied indicate
sufficient headroom
throughout this period,
confirming that
no mitigating actions
are necessary.
Unable to meet the
service and resource
needs of our clients
Loss of clients will result in a loss of revenue and
reputational damage.
Cyber attack Data breach leading to fines from regulators and reputational damage.
Lack of availability in systems.
Inability to operate services resulting in loss of customer trust,
resulting in loss of revenue and negative impact on share price.
Impact on national security due to our work with government clients.
Each of the above could result in a loss of customers and revenue.
Significant business
systems failure
Inability to transact, operate and deliver services resulting in loss of
customer trust, resulting in loss of revenue and negative impact on
share price.
Service delivery does
not achieve established
quality standards
Clients don’t renew, have their SLA breached or cancel mid-service
leading to loss of revenue.
Negligence in delivery leading to legal action or loss of revenue
and reputational damage, resulting in a loss in customers.
Loss of internationally
recognised quality and
security standards
The risk of the Group failing to retain a core standard, e.g. 9001,
27001 or PCI, with a consequential loss of key customer accounts
or ability to operate.
Criminal and civil corporate
legal action resulting in
fines and incarceration
Reputational damage from legal action being taken and
financial impact of the fines and the impact it may have on key
customer accounts.
39
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Financial review
Delivering on our
financialframework
Highlights – financial framework
Reviewing our financial framework for the 16-month period
to 30 September 2024 set out at the start of the period,
it is encouraging to see that we continue to deliver.
The key points to note are as follows:
Sustainable revenue growth
• Returning Cyber Security to growth in second half of the
unaudited period ended 31 May 2024 and in the unaudited
four-month period ending 30 September 2024 – second half
of the 12 months ended 31 May 2024 revenue was ahead
of the comparative period on constant currency
1
by 6.0%
(at actual rates 4.7%). Momentum continued during the
four‑month stub period, giving rise to constant currency
growth of 7.6% (at actual rates 6.0%).
• Accelerating growth in our recurring Managed Services –
revenue momentum continued during the 12-month period
ended 31 May 2024 and the four-month stub period, giving
rise to constant current
1
growth in the four‑month stub period
of 45.0% (at actual rates 43.3%).
• Maintaining momentum of growth in Escode – sustained
growth through the past seven quarters and four‑month
period leading to +2.9% constant currency growth (+0.5%
actual rates).
Improved gross margin
• Improved utilisation – Technical Assurance Services (TAS)
and, Consulting and Implementation (C&I) average utilisation
for all locations improved to c.66% for the four-month period
ending 30 September 2024 contributing to Cyber Security
gross margin improvement of 9.5% in the four-month stub
period following low performance in H2 of the year ended
31 May 2023 of c.58%. Utilisation for the 12-month period
to 31 May 2024 amounted to c.68%.
• Globalised technical resource footprint – from a global
delivery perspective the Group continues to invest in its
Manila office.
Efficient cost base
• Delivering efficiencies – Cyber Security gross margin
improved from 31.8% for the year ended 31 May 2023 to
34.5% for the 16-month period ended 30 September 2024.
Overheads have also been effectively managed after
considering inflationary pressures.
• Annualising Escode efficiencies delivered in FY23 –
our work carried out in FY23 enabled us to invest in our sales
and support team to lay the foundations for further revenue
growth, with the benefits beginning to come to fruition.
Balance sheet resilience
• Strong cash conversion
1
– strong historic cash conversion,
with the 12 months to 30 September 2024 amounting
to 96.6%.
• Reducing net debt
1
– net debt effectively managed to £45.3m,
reduction of £4.3m. Following the non-core disposal
announcement on 1 August 2024 of our European Crypto
business for initial net proceeds of c.€74m (c.£66m), net debt
will be cleared early in the new calendar year following
standard regulatory approvals, this will facilitate organic and
inorganic growth in the Group’s Cyber Security business.
• Maintaining dividend – 12 month dividend maintained at
3.15p and final dividend for the four-month period proposed
of 1.5p which is in line with the historic six-month interim
period dividends previously paid.
1 Revenue at constant currency is an unaudited Alternative Performance Measures (APM) and not an IFRS measures. See unaudited
appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
NCC Group plc — Annual report and accounts for the period ended 30 September 202440
Overview of financial performance
Change in year end
The following table summarises the Group’s overall audited performance the Group for the 16-month period ended 30 September
2024 following our unaudited results for the 12 months to 31 May 2024 announced on the 1 August 2024.
Following the change in financial year end, contained within Appendix 1 to the consolidated financial statements are unaudited
12-month pro forma results for the period ending 30 September 2024 compared to the previous unaudited 12-month period ending
30 September 2023 to aid comparability of the new year end performance and importantly the current trajectory of the Group.
16-month period ended 30 September 2024 Year ended 31 May 2023
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Revenue 342.1 87.4 — 429.5 270.8 64.3 — 335.1
Cost of sales (224.1) (26.7) — (250.8) (184.7) (18.4) — (203.1)
Gross profit 118.0 60.7 — 178.7 86.1 45.9 — 132.0
Gross margin % 34.5% 69.5% — 41.6% 31.8% 71.4% — 39.4%
Administrative expenses (97.3) (24.1) (3.4) (124.8) (70.7) (14.7) (5.2) (90.6)
Share-based payments (0.1) (0.2) (2.0) (2.3) (1.6) (0.1) (0.5) (2.2)
Adjusted EBITDA
1,2
20.6 36.4 (5.4) 51.6 13.8 31.1 (5.7) 39.2
Depreciation and amortisation (10.9) (0.6) (5.3) (16.8) (8.5) (0.6) (3.5) (12.6)
Amortisation of acquired
intangibles (1.4) (7.1) (4.0) (12.5) (1.2) (5.8) (3.0) (10.0)
Adjusted operating profit
1,2
8.3 28.7 (14.7) 22.3 4.1 24.7 (12.2) 16.6
Individually Significant Items (41.4) (0.1) — (41.5) (12.3) (2.4) — (14.7)
Operating (loss)/profit (33.1) 28.6 (14.7) (19.2) (8.2) 22.3 (12.2) 1.9
Operating margin % (9.7%) 32.7% n/a (4.5%) (3.0%) 34.7% n/a 0.6%
Finance costs (8.3) (6.2)
Loss before taxation (27.5) (4.3)
Taxation (5.0) (0.3)
Loss after taxation (32.5) (4.6)
EPS
Basic EPS (10.4p) (1.5p)
Adjusted basic EPS
1,2
3.4p 2.8p
1 Adjusted EBITDA, Adjusted Operating profit and Adjusted basic EPS are Alternative Performance Measures (APMs) and not IFRS measures. See unaudited
appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APM’s, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of Amortisation of acquisition
intangibles and share based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
41
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Overview of financial performance continued
16-month period ended 30 September 2024 (audited)
On the basis we are comparing a 16-month period to a 12-month
period. Revenue increased by 31.3% on a constant currency basis
(Actual rates 28.2%), with Cyber Security Revenue increasing 29.3%
on a constant currency basis (Actual rates: 26.3%) and Escode
growing by 39.8% on a constant currency basis (Actual rates: 35.9%).
Encouragingly, when you directly compare our gross margins,
we have improved since the second half of the year ended
31 May 2023 with gross margin percentage increasing to 41.6%
(2023: 39.4%). The 2.2% pts gross margin (%) increase is due to
improved utilisation and operational efficiencies within Cyber
Security, alongside a change in the service mix whereby managed
services are becoming a greater proportion of overall revenue at
a higher margin. This is offset by a decline in Escode gross margin
due to continued investment in the sales team for future growth.
Administrative expenses increased from £90.6m to £124.8m
following the management of inflationary pressures with a
decrease in non-client travel and training offset by strategic
investments (including investment in our Manila office) and
foreign exchange.
A loss before taxation of £27.5m for the period was recognised
after incurring £41.5m of Individual Significant Items (including
the North America Cyber Security impairment, fundamental
re-organisation costs and the profit on disposal of non-core
operations), this gave rise to a basic and diluted EPS of (10.4p)
(2023: basic and diluted (1.5p)). Adjusted basic EPS
1
amounted
to 3.4p (2023 restated
2
: 2.8p).
Net debt excluding lease liabilities
1
amount to £45.3m (2023:
£49.6m). Our Balance Sheet remains strong following our
refinancing in December 2022. Our facilities include a four-year
£162.5m multi-currency revolving credit facility and additional
£75m uncommitted accordion option.
The Board is proposing a final four-month dividend of 1.5p per
ordinary share (2023: 3.15p). This is equivalent to the interim
dividend previously paid albeit for the final 4-month period
ending 30 September 2024 rather than six-months.
4-month pro forma results for the period ending 30 September 2024 (Unaudited)
The following table summarises the pro forma results of the period ending 30 September 2024
4-month period ended 30 September 2024 4-month period ended 30 September 2023
Unaudited
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Revenue 83.6 21.5 — 105.1 78.9 21.4 — 100.3
Cost of sales (53.9) (6.8) — (60.7) (58.4) (6.1) — (64.5)
Gross profit 29.7 14.7 — 44.4 20.5 15.3 — 35.8
Gross margin % 35.5% 68.4% — 42.2% 26.0% 71.5% — 35.7%
Administrative expenses (26.9) (6.6) (0.7) (34.2) (26.0) (7.2) (0.2) (33.4)
Share-based payments 0.2 — (0.9) (0.7) — (0.1) (0.4) (0.5)
Adjusted EBITDA
1,2
3.0 8.1 (1.6) 9.5 (5.5) 8.0 (0.6) 1.9
Depreciation and amortisation (2.4) (0.2) (1.6) (4.2) (2.3) (0.1) (1.6) (4.0)
Amortisation of acquired
intangibles (0.4) (1.6) (1.0) (3.0) (0.3) (1.8) (1.0) (3.1)
Adjusted operating profit
1,2
0.2 6.3 (4.2) 2.3 (8.1) 6.1 (3.2) (5.2)
Individually Significant Items — — — — (2.5) — — (2.5)
Operating profit/(loss) 0.2 6.3 (4.2) 2.3 (10.6) 6.1 (3.2) (7.7)
Operating margin % 0.2% 29.3% n/a 2.2% (13.4%) 28.5% n/a (7.7%)
Finance costs (2.1) (1.9)
Profit/(loss) before taxation 0.2 (9.6)
Revenue increased by 6.6% on a constant currency basis (Actual
rates 4.8%), with Cyber Security Revenue increasing 7.6% on a
constant currency basis (Actual rates: 6.0%) and Escode growing
by 2.9% on a constant currency basis (Actual rates: 0.5%).
As you look at our revenue trajectory in Cyber Security for the final
four months of the period compared to the similar prior period to
30 September 2023, we have experienced continued growth in our
UK Managed Service performance whilst our North America rate of
decline has eased to 5.7% on a constant currency basis (actual rates
(8.4%)). Technical Assurance Services has declined by 3.6% on a
constant currency basis
1
(Actual rates: 5.5%) with the recovery in
demand still less consistent than expected against a backdrop of
the current macro uncertainty within North America and UK.
Gross profit increased by 24.0% to £44.4m with gross margin
percentage increasing to 42.2% (2023: 35.7%). The overall 6.5%
pts gross margin increase is due to improved utilisation and
operational efficiencies within Cyber Security, alongside a
change in the service mix whereby managed services are
becoming a greater proportion of overall revenue at a higher
margin. This is offset by a decline in Escode gross margin due
to continued investment in the sales team for future growth.
Adjusted EBITDA has improved by £7.6m when compared to
the similar prior period driven by Cyber Security gross margin
improvements noted above which have been slightly offset by
7.5% increase in administrative expenses (excluding share-based
payments) driven by investment and inflationary pressures.
Financial review continued
1 Adjusted EBITDA, Adjusted operating profit and Adjusted basic EPS are Alternative Performance Measures (APMs) and not IFRS measures. See unaudited
appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APM’s, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of Amortisation of acquisition
intangibles and share based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
42 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
12-month pro forma results for the period ending 30 September 2024 (Unaudited)
The following table summarises the pro forma results for the 12-month period ending 30 September 2024:
12-month period ended 30 September 2024 12-month period ended 30 September 2023
Unaudited
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Cyber
Security
£m
Escode
£m
Central
and
head office
£m
Group
£m
Revenue 263.2 66.0 — 329.2 258.4 65.4 — 323.8
Cost of sales (165.7) (20.6) — (186.3) (179.6) (18.4) — (198.0)
Gross profit 97.5 45.4 — 142.9 78.8 47.0 — 125.8
Gross margin % 37.0% 68.8% — 43.4% 30.5% 71.9% — 38.9%
Administrative expenses (71.3) (16.9) (3.2) (91.4) (69.6) (16.6) (6.4) (92.6)
Share-based payments (0.1) (0.1) (1.6) (1.8) (1.2) (0.1) (0.7) (2.0)
Adjusted EBITDA
1,2
26.1 28.4 (4.8) 49.7 8.0 30.3 (7.1) 31.2
Depreciation and amortisation (8.6) (0.5) (3.7) (12.8) (8.4) (0.5) (3.6) (12.5)
Amortisation of acquired
intangibles (1.1) (5.3) (3.0) (9.4) (1.1) (5.6) (2.9) (9.6)
Adjusted operating profit
1,2
16.4 22.6 (11.5) 27.5 (1.5) 24.2 (13.6) 9.1
Individually Significant Items (38.9) (0.1) — (39.0) (15.6) (2.4) — (18.0)
Operating (loss)/profit (22.5) 22.5 (11.5) (11.5) (17.1) 21.8 (13.6) (8.9)
Operating margin % (8.5%) 34.1% n/a (3.5%) (6.6%) 33.3% n/a (2.7%)
Finance costs (6.3) (6.9)
Loss before taxation (17.8) (15.8)
Taxation (7.3) 0.4
Loss after taxation (25.1) (15.4)
EPS
Basic EPS (8.1p) (5.0p)
Adjusted basic EPS
1,2
5.2p 0.6p
Revenue increased by 3.5% on a constant currency basis (Actual
rates +1.7%), with Cyber Security Revenue increasing 3.7% on a
constant currency basis (Actual rates: 1.9%) and Escode growing
by 2.8% on a constant currency basis (Actual rates: 0.9%).
Turning to Cyber Security revenue trajectory during this 12-month
pro forma period, UK & APAC grew by +15.1% at constant currency
(Actual rates: +14.6%) driven by the TikTok contract, North America
declined by 18.1% (Actual rates (21.0%)) whereas Europe grew by
11.8% (Actual rates: +9.6%). We have experienced continued growth
in our UK Managed Service performance whilst North America’s rate
of decline has eased to (3.7%) on a constant currency basis (Actual
rates (6.1%)) in the second half of this proforma period. Technical
Assurance Services declined by (0.2%) on a constant currency
basis
1
(Actual rates: (1.3%)) in the second half of this proforma
period, with the recovery in demand still less consistent than
expected against a backdrop of the current macro conditions
within North America and UK.
Gross profit increased by 13.6% to £142.9m with gross margin
percentage increasing to 43.4% (Sept 2023: 38.9%). The overall 4.5%
pts gross margin (%) increase is due to improved utilisation and
operational efficiencies within Cyber Security, alongside a change in
the service mix whereby Managed Services is becoming a greater
proportion of overall revenue at a higher margin. Cyber Security gross
margin now equates to 37.0% compared to 30.5% as at 30 September
2023. This is offset by a decline in Escode gross margin by 3.1% pts
due to continued investment in the sales team for future growth.
Adjusted Operating profit
1,2
has improved by £18.4m when compared
to the similar 12-month proforma prior period driven by gross margin
improvements noted above and well controlled overheads.
For the 12-month period ending 30 September 2024, our cash
conversion
1
was 96.6% (May 2023 restated
2
: 108.7%).
Further analysis on our performance for the 12-month period
ending 30 September 2024 can be found within the unaudited
Appendix 1 of the financial statements.
Alternative Performance Measures (APMs)
Throughout this Financial Review, certain APMs are presented.
The APMs used by the Group are not defined terms under IFRS and
therefore may not be comparable with similarly titled measures
reported by other companies. They are not intended to be a substitute
for, or superior to, IFRS measures. This presentation is also consistent
with the way that financial performance is measured by management
and reported to the Board, and the basis of financial measures for
senior management’s compensation scheme and provides
supplementary information that assists the user in understanding
the financial performance, position and trends of the Group.
We believe these APMs provide readers with important additional
information on our business and this information is relevant for use by
investors, securities analysts and other interested parties as
supplemental measures of future potential performance. However,
since statutory measures can differ significantly from the APMs and
may be assessed differently by the reader, we encourage you to
consider these figures together with statutory reporting measures
noted. Specifically, we would note that APMs may not be comparable
across different companies and that certain profit related APMs may
exclude recurring business transactions (e.g. acquisition related
costs) that impact financial performance and cash flows.
After reconsidering FRC best practice guidance around the
disclosure of adjusting items and APM’s, the Group has reduced the
number of adjusted measures and items within the period. The Group
now only has one adjusted item ‘Individually Significant Items’.
Previous adjusted items of amortisation of acquisition intangibles and
share based payments are no longer disclosed as an adjusted item.
Accordingly, comparative numbers have been restated.
43
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Overview of financial performance continued
Alternative Performance Measures (APMs) continued
The following tables reconciles how these changes have affected the historic measures of Adjusted EBITDA, Adjusted Operating
profit, Adjusted profit for the period, Adjusted basic EPS and cash conversion, which includes Adjusted EBITDA:
Adjusted measure
16-month
period ended
30 September
2024
Year ended
31 May 2023
(restated)
2
Adjusted EBITDA – previously (£m) 53.9 41.4
Share-based payments (£m) (2.3) (2.2)
Adjusted EBITDA – revised (£m) 51.6 39.2
Adjusted operating profit – previously (£m) 37.1 28.8
Share-based payments (£m) (2.3) (2.2)
Amortisation of acquired intangibles (£m) (12.5) (10.0)
Adjusted operating profit – revised (£m) 22.3 16.6
Adjusted profit for the period – previously (£m) 21.3 18.9
Share-based payments (£m) (2.3) (2.2)
Amortisation of acquired intangibles (£m) (12.5) (10.0)
Tax effect of above items (£m) 4.1 2.1
Adjusted profit for the period – revised (£m) 10.6 8.8
Adjusted basic EPS – previously (pence) 6.8 6.1
Effect of share-based payments (pence) (0.7) (0.7)
Effect amortisation of acquired intangibles (pence) (4.0) (3.3)
Tax effect of above items (pence) 1.3 0.7
Adjusted basic EPS – revised (pence) 3.4 2.8
Cash conversion – previously (%) 71.2% 102.9%
Effect of share-based payments (%) 3.2% 5.8%
Cash conversion – revised (%) 74.4% 108.7%
The Group now has the following APMs/non-statutory measures:
•
Adjusted EBITDA (reconciled below)
•
Adjusted Operating profit (reconciled below)
•
Adjusted basic EPS (pence) (reconciled below)
•
Adjusted profit for the period (reconciled below)
•
Net debt excluding lease liabilities (reconciled below)
•
Net debt (reconciled below)
•
Cash conversion which includes Adjusted EBITDA (reconciled below)
•
Constant currency revenue (reconciled below)
Apart from the changes noted above, the above APM’s are
consistent with those reported for the year ended 31 May 2023.
The Group also reports certain geographic regions and service
capabilities on a constant currency basis to reflect the
underlying performance considering constant foreign exchange
rates period on period. This involves translating comparative
numbers at current period rates for comparability to enable a
growth factor to be calculated. As these measures are not
statutory revenue numbers, management considers these to be
APMs; see unaudited appendix 1 for further details.
Adjusted EBITDA
1
and Adjusted operating profit
1
Following the changes noted above to the number of adjusting items, the revised calculation of Adjusted EBITDA
1
is set out below:
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
(restated)
2
£m
Operating (loss)/profit (19.2) 1.9
Depreciation and amortisation 16.8 12.6
Amortisation of acquired intangibles (Note 8) 12.5 10.0
Individually Significant Items (Note 4) 41.5 14.7
Adjusted EBITDA
1
51.6 39.2
Depreciation and amortisation and amortisation of acquired intangibles (29.3) (22.6)
Adjusted operating profit – revised
1,2
22.3 16.6
Financial review continued
1 Adjusted EBITDA, Adjusted operating profit and Adjusted basic EPS are Alternative Performance Measures (APMs) and not IFRS measures. See unaudited
appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APM’s, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of Amortisation of acquisition
intangibles and share based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
44 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Previously these adjusted measures would have been calculated as follows:
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
(restated)
2
£m
Operating (loss)/profit (19.2) 1.9
Depreciation and amortisation 16.8 12.6
Amortisation of acquired intangibles 12.5 10.0
Individually Significant Items (Note 4) 41.5 14.7
Share-based payments 2.3 2.2
Adjusted EBITDA – previously
1,2
53.9 41.4
Depreciation and amortisation (excluding amortisation of acquired intangibles) (16.8) (12.6)
Adjusted operating profit – previously
1,2
37.1 28.8
1 See above for an explanation of Alternative Performance Measures (APMs) and adjusting items. See unaudited appendix 2 for an explanation of APMs and
adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APMs, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of amortisation of acquisition
intangibles and share-based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review and above for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
Revenue summary
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
16-month
period ended
30 September
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Cyber Security revenue 342.1 270.8 26.3% 342.1 264.5 29.3%
Escode 87.4 64.3 35.9% 87.4 62.5 39.8%
Total revenue 429.5 335.1 28.2% 429.5 327.0 31.3%
12-month
period ended
31 May 2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
12-month
period ended
31 May 2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Cyber Security revenue 258.5 270.8 (4.5%) 258.5 264.5 (2.3%)
Escode 65.9 64.3 2.5% 65.9 62.5 5.4%
Total revenue 324.4 335.1 (3.2%) 324.4 327.0 (0.8%)
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2023
£m
% change at
actual rates
4-month
period ended
30 September
2024
£m
Constant
currency
1
4-month
period ended
30 September
2023
£m
% change at
constant
currency
1
Cyber Security revenue 83.6 78.9 6.0% 83.6 77.7 7.6%
Escode 21.5 21.4 0.5% 21.5 20.9 2.9%
Total revenue 105.1 100.3 4.8% 105.1 98.6 6.6%
1 Revenue at constant currency is an unaudited Alternative Performance Measures (APMs) and not IFRS measures. See unaudited appendix 2 for an
explanation of APMs and adjusting items, including a reconciliation to statutory information.
45
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Divisional performance
The following sections summarises the Group’s divisional performance for the 16-month period ended 30 September 2024 following our
unaudited results for the 12-month period to 31 May 2024 announced on the 1 August 2024. This section also includes the unaudited
results for the remaining four months to 30 September 2024 compared to the previous unaudited four-month period ending
30 September 2023 to aid comparability and importantly the current trajectory of the Group.
Cyber Security
The Cyber Security division accounts for 79.7% of Group revenue (2023: 80.8%) and 66.0% of Group gross profit (2023: 65.2%).
Cyber Security revenue analysis – by originating region:
Audited
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
16-month
period ended
30 September
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
UK and APAC 173.3 118.4 46.4% 173.3 117.8 47.1%
North America 90.7 99.3 (8.7%) 90.7 94.2 (3.7%)
Europe 78.1 53.1 47.1% 78.1 52.5 48.8%
Total Cyber Security revenue 342.1 270.8 26.3% 342.1 264.5 29.3%
Unaudited
12-month
period ended
31 May 2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
12-month
period ended
31 May 2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
UK and APAC 129.8 118.4 9.6% 129.8 117.8 10.2%
North America 69.0 99.3 (30.5%) 69.0 94.2 (26.8%)
Europe 59.7 53.1 12.4% 59.7 52.5 13.7%
Total Cyber Security revenue 258.5 270.8 (4.5%) 258.5 264.5 (2.3%)
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2023
£m
% change at
actual rates
4-month
period ended
30 September
2024
£m
Constant
currency
1
4-month
period ended
30 September
2023
£m
% change at
constant
currency
1
UK and APAC 43.5 37.7 15.4% 43.5 37.6 15.7%
North America 21.7 23.7 (8.4%) 21.7 23.0 (5.7%)
Europe 18.4 17.5 5.1% 18.4 17.1 7.6%
Total Cyber Security revenue 83.6 78.9 6.0% 83.6 77.7 7.6%
1 Revenue at constant currency is an unaudited Alternative Performance Measures (APMs) and not IFRS measures. See unaudited appendix 2 for an
explanation of APMs and adjusting items, including a reconciliation to statutory information.
Cyber Security revenue analysis – by type of service and capability:
Audited
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
16-month
period ended
30 September
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Technical Assurance Services (TAS) 141.4 142.9 (1.0%) 141.4 138.7 1.9%
Consulting and Implementation (C&I) 55.2 44.7 23.5% 55.2 44.0 25.5%
Managed Services (MS) 91.8 50.1 83.2% 91.8 49.5 85.5%
Digital Forensics and Incident Response (DFIR) 20.6 13.5 52.6% 20.6 13.5 52.6%
Other services 33.1 19.6 68.9% 33.1 18.8 76.1%
Total Cyber Security revenue 342.1 270.8 26.3% 342.1 264.5 29.3%
Unaudited
12-month
period ended
31 May 2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
12-month
period ended
31 May 2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Technical Assurance Services (TAS) 107.0 142.9 (25.1%) 107.0 138.7 (22.9%)
Consulting and Implementation (C&I) 42.8 44.7 (4.3%) 42.8 44.0 (2.7%)
Managed Services (MS) 67.3 50.1 34.3% 67.3 49.5 36.0%
Digital Forensics and Incident Response (DFIR) 16.4 13.5 21.5% 16.4 13.5 21.5%
Other services 25.0 19.6 27.6% 25.0 18.8 33.0%
Total Cyber Security revenue 258.5 270.8 (4.5%) 258.5 264.5 (2.3%)
Financial review continued
46 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2023
£m
% change at
actual rates
4-month
period ended
30 September
2024
£m
Constant
currency
1
4-month
period ended
30 September
2023
£m
% change at
constant
currency
1
Technical Assurance Services (TAS) 34.4 36.4 (5.5%) 34.4 35.7 (3.6%)
Consulting and Implementation (C&I) 12.4 13.1 (5.3%) 12.4 13.0 (4.6%)
Managed Services (MS) 24.5 17.1 43.3% 24.5 16.9 45.0%
Digital Forensics and Incident Response (DFIR) 4.2 5.5 (23.6%) 4.2 5.5 (23.6%)
Other services 8.1 6.8 19.1% 8.1 6.6 22.7%
Total Cyber Security revenue 83.6 78.9 6.0% 83.6 77.7 7.6%
Cyber Security revenue increased by +29.3% on a constant currency basis
1
and at +26.3% at actual rates when comparing the
16-month period to the year ended 31 May 2023. UK & APAC increased due to Managed Services, and North America decline has
slowed since the decline in the unaudited 12 months period to 31 May 2024, while Technical Assurance Services declined with the
recovery in demand still less consistent than expected within the UK and North America. In relation to the unaudited four-month
period to 30 September 2024, C&I declined across all regions and the DFIR decline arose from the UK.
Managed Services revenue for the 16-month period 30 September 2024, now represents 26.8% of total Cyber Security revenue as
compared to the year ended 31 May 2023 of 18.5%, demonstrating the change in service mix to more annual recurring revenues. Looking
at other KPIs, our TAS and C&I average utilisation has improved to 66% in the second six-month period to 30 September 2024 (from 57%
in the second six-month period to 30 September 2023), while we have 178 clients with sales orders >£250k, of which 73% take multiple
capabilities. The number of recurring clients over £250k amounts to 133 in the second six-month period to 30 September 2024.
Cyber Security gross profit is analysed as follows:
Audited
16-month
period ended
30 September
2024
£m
16-month
period ended
30 September
2024
% margin
Year ended
31 May 2023
£m
Year ended
31 May 2023
% margin
% pts
change
UK and APAC 72.5 41.8% 40.3 34.0% 7.8% pts
North America 18.4 20.3% 26.1 26.3% (6.0% pts)
Europe 27.1 34.7% 19.7 37.1% (2.4% pts)
Cyber Security gross profit and % margin 118.0 34.5% 86.1 31.8% 2.7% pts
Gross margins increased overall by +2.7% pts, driven by UK managed services within UK & APAC, this was offset by North America.
In Europe, the margin decreased by 2.4% pts due to the recognition of historic one-off project cost compensation of £1.5m in H1 of
the year ended 31 May 2023. Excluding this item, the margin would have remained flat.
Unaudited
12-month
period ended
31 May
2024
£m
12-month
period ended
31 May
2024
% margin
Year ended
31 May 2023
£m
Year ended
31 May 2023
% margin
% pts
change
UK and APAC 55.4 42.7% 40.3 34.0% 8.7% pts
North America 14.2 20.6% 26.1 26.3% (5.7% pts)
Europe 18.7 31.3% 19.7 37.1% (5.8% pts)
Cyber Security gross profit and % margin 88.3 34.2% 86.1 31.8% 2.4% pts
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2024
% margin
4-month
period ended
30 September
2023
£m
4-month
period ended
30 September
2023
% margin
% pts
change
UK and APAC 17.1 39.3% 11.2 29.7% 9.6% pts
North America 4.2 19.4% 3.6 15.2% 4.2% pts
Europe 8.4 45.7% 5.7 32.6% 13.1% pts
Cyber Security gross profit and % margin 29.7 35.5% 20.5 26.0% 9.5% pts
1 Revenue at constant currency is an unaudited Alternative Performance Measures (APM) and not an IFRS measures. See unaudited appendix 2 for an
explanation of APMs and adjusting items, including a reconciliation to statutory information.
47
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Divisional performance continued
Escode
The Escode division accounts for 20.3% of Group revenues (2023: 19.2%) and 34.0% of Group gross profit (2023: 34.8%).
Escode revenue analysis – by originating region:
Audited
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
16-month
period ended
30 September
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
UK 36.5 25.8 41.5% 36.5 25.7 42.0%
North America 45.5 34.5 31.9% 45.5 32.8 38.7%
Europe 5.4 4.0 35.0% 5.4 4.0 35.0%
Total Escode revenue 87.4 64.3 35.9% 87.4 62.5 39.8%
Unaudited
12-month
period to
31 May
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
12-month
period to
31 May
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
UK 27.3 25.8 5.8% 27.3 25.7 6.2%
North America 34.4 34.5 (0.3%) 34.4 32.8 4.9%
Europe 4.2 4.0 5.0% 4.2 4.0 5.0%
Total Escode revenue 65.9 64.3 2.5% 65.9 62.5 5.4%
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2023
£m
% change at
actual rates
4-month
period ended
30 September
2024
£m
Constant
currency
1
4-month
period ended
30 September
2023
£m
% change at
constant
currency
1
UK 9.2 8.5 8.2% 9.2 8.5 8.2%
North America 11.1 11.5 (3.5%) 11.1 11.1 0.0%
Europe 1.2 1.4 (14.3%) 1.2 1.3 (7.7%)
Total Escode revenue 21.5 21.4 0.5% 21.5 20.9 2.9%
Escode revenues analysed by service line:
Audited
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
16-month
period ended
30 September
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Escrow contracts 57.2 42.8 33.6% 57.2 41.5 37.8%
Verification services 30.2 21.5 40.5% 30.2 21.0 43.8%
Total Escode revenue 87.4 64.3 35.9% 87.4 62.5 39.8%
Unaudited
12-month
period to
31 May
2024
£m
Year ended
31 May 2023
£m
% change at
actual rates
12-month
period to
31 May
2024
£m
Constant
currency
1
Year ended
31 May 2023
£m
% change at
constant
currency
1
Escrow contracts 43.3 42.8 1.2% 43.3 41.5 4.3%
Verification services 22.6 21.5 5.1% 22.6 21.0 7.6%
Total Escode revenue 65.9 64.3 2.5% 65.9 62.5 5.4%
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2023
£m
% change at
actual rates
4-month
period ended
30 September
2024
£m
Constant
currency
1
4-month
period ended
30 September
2023
£m
% change at
constant
currency
1
Escrow contracts 13.9 14.9 (6.7%) 13.9 14.5 (4.1%)
Verification services 7.6 6.5 16.9% 7.6 6.4 18.8%
Total Escode revenue 21.5 21.4 0.5% 21.5 20.9 2.9%
Financial review continued
1 Revenue at constant currency is an unaudited Alternative Performance Measures (APMs) and not IFRS measures. See unaudited appendix 2 for an
explanation of APMs and adjusting items, including a reconciliation to statutory information.
48 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Gross margin is analysed as follows:
Audited
16-month
period ended
30 September
2024
£m
16-month
period ended
30 September
2024
% margin
Year ended
31 May 2023
£m
Year ended
31 May 2023
% margin
% pts
change
UK 24.8 67.9% 18.2 70.5% (2.6% pts)
North America 32.6 71.6% 25.0 72.5% (0.9% pts)
Europe 3.3 61.1% 2.7 67.5% (6.4% pts)
Escode gross profit and % margin 60.7 69.5% 45.9 71.4% (1.9% pts)
Unaudited
12-month
period to
31 May
2024
£m
12-month
period to
31 May
2024
% margin
Year ended
31 May 2023
£m
Year ended
31 May 2023
% margin
% pts
change
UK 18.6 68.1% 18.2 70.5% (2.4% pts)
North America 24.8 72.1% 25.0 72.5% (0.4% pts)
Europe 2.6 61.9% 2.7 67.5% (5.6% pts)
Escode gross profit and % margin 46.0 69.8% 45.9 71.4% (1.6% pts)
Unaudited
4-month
period ended
30 September
2024
£m
4-month
period ended
30 September
2024
% margin
4-month
period ended
30 September
2023
£m
4-month
period ended
30 September
2023
% margin
% pts
change
UK 6.2 67.4% 5.8 68.2% (0.8% pts)
North America 7.8 70.3% 8.5 73.9% (3.6% pts)
Europe 0.7 58.3% 1.0 71.4% (13.1% pts)
Escode gross profit and % margin 14.7 68.4% 15.3 71.5% (3.1% pts)
Individually Significant Items
During the period, the Group has incurred £41.5m in individually
Significant Items (ISIs) (2023: £14.7m) as follows:
16-month
period ended
30 September
2024
£m
Year ended
31 May 2023
£m
North America Cyber Security
goodwill impairment 31.9 9.8
Fundamental reorganisation costs 9.4 4.2
Transaction costs associated with
disposal of Fox Crypto 1.6 —
Costs associated with strategic
review of Escode business 0.1 3.0
NCC Group A/S goodwill impairment — 3.0
IPM Escode business deferred
income adjustment — (0.6)
Profit on disposal of non-core
operations (1.5) (4.7)
Total ISIs 41.5 14.7
Individually Significant Items incurred during the period of £41.5m
are represented mainly by an impairment in Goodwill of £31.9m
(2023: £9.8m) for the North America Cyber security business due
to its historical performance, as the recovery in demand is less
consistent than expected, and £9.4m (2023: £4.2m) in relation to
fundamental reorganisation costs as we continue to reshape the
Group to implement the Group’s strategy.
Finance costs
Finance costs for the 16-month period were £8.3m (2023:
£6.2m). Finance costs include lease financing costs of £1.7m
(2023: £1.1m).
Taxation
The Group’s effective statutory tax rate is (18.2%) (2023: (7.0)%).
The change in tax rate from 2023 to 2024 is due to a number of
factors including an increase in the UK corporate tax rate, the
impact of non-deductible goodwill and intangible assets
impairment and the derecognition of deferred tax assets in North
America. The Group’s adjusted tax rate is 24.3% (2023 restated:
15.4%). The increase in the adjusted tax rate from 2023 to 2024
is due predominantly to an increase in the UK statutory tax rate
and increased tax losses not recognised as deferred tax assets.
(Loss)/earnings per share (EPS)
16-month
period ended
30 September
2024
Year ended
31 May 2023
(restated)
2
Statutory
Statutory loss for the period (32.5) (4.6)
Basic loss per share (10.4p) (1.5p)
Diluted loss per share (10.4p) (1.5p)
Adjusted
1
Adjusted profit for the period 10.6 7.3
Basic EPS 3.4p 2.8p
Diluted EPS 3.4p 2.8p
Weighted average number
of shares (million)
Basic 311.7 310.4
Diluted 313.2 311.2
49
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Financial review continued
(Loss)/earnings per share (EPS) continued
Adjusted basic EPS
1
is reconciled as follows:
16-month
period ended
30 September
2024
Year ended
31 May 2023
(restated)
2
Statutory loss for the period (32.5) (4.6)
Individually Significant Items 41.5 14.7
Tax effect of Individually significant items (5.8) (2.8)
North America deferred tax Asset derecognition (adjusting item) 7.4 —
Adjusted profit for the period 10.6 7.3
1 Adjusted EPS is an Alternative Performance Measures (APMs) and not an IFRS measure. See unaudited appendix 2 for an explanation of APMs and adjusting
items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APMs, the Group has reduced the number of adjusted measures
and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of Amortisation of acquisition intangibles and
share-based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further detail, please refer
to the Financial Review and appendix 1 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
Reconciliation of net debt
1
The table below summarises the Group’s cash flow and net debt
1
:
30 September
2024
£m
31 May
2023
£m
Operating cash inflow before movements in working capital 48.5 38.7
Movement in working capital and non-payables (10.1) 3.9
Cash generated from operating activities before interest and taxation 38.4 42.6
Interest element of lease payments (1.7) (1.1)
Finance interest paid (6.0) (4.0)
Taxation paid (4.3) (5.4)
Net cash generated from operating activities 26.4 32.1
Purchase of property, plant and equipment (6.2) (3.9)
Software and development expenditure (2.6) (3.4)
Acquisition of trade and assets as part of a business combination (1.0) (1.0)
Sale proceeds from business disposals 12.4 2.0
Equity dividends paid (14.5) (14.5)
Repayment of lease liabilities (principal amount) (10.2) (6.1)
Acquisition of treasury shares (5.8) —
Purchase of shares — (0.5)
Proceeds from the issue of ordinary share capital 0.3 0.1
Net movement (1.2) 4.8
Opening net debt (excluding lease liabilities)
1
(49.6) (52.4)
Non-cash movements (release of deferred issue costs) (0.6) (0.8)
Foreign exchange movement 6.1 (1.2)
Closing net debt excluding lease liabilities
1
(45.3) (49.6)
Lease liabilities (27.6) (30.0)
Closing net debt
1
(72.9) (79.6)
Net debt
1
can be reconciled as follows:
30 September
2024
£m
31 May
2023
£m
Cash and cash equivalents 29.8 34.1
Bank overdraft (13.6) (1.8)
Borrowings (net of deferred issue costs) (61.5) (81.9)
Net debt excluding lease liabilities
1
(45.3) (49.6)
Lease liabilities (27.6) (30.0)
Net debt
1
(72.9) (79.6)
50 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Reconciliation of net change in cash and cash equivalents to movement in net debt
1
:
30 September
2024
£m
31 May
2023
£m
Net decrease in cash and cash equivalents (inc. bank overdraft) (18.4) (41.5)
Change in net debt
1
resulting from cash flows (net of deferred issue costs) 17.2 44.8
Release of deferred issue costs (0.6) (1.0)
Issue costs related to borrowings (non-cash) — 1.7
Effect of foreign currency on cash flows 2.3 0.6
Foreign currency translation differences on borrowings 3.8 (1.8)
Change in net debt
1
during the period 4.3 2.8
Net debt
1
at start of period excluding lease liabilities (49.6) (52.4)
Net debt
1
at end of period excluding lease liabilities (45.3) (49.6)
Lease liabilities (27.6) (30.0)
Net debt
1
at end of period (72.9) (79.6)
1 Net debt is an Alternative Performance Measures (APMs) and not an IFRS measure. See unaudited appendix 2 for an explanation of APMs and adjusting
items, including a reconciliation to statutory information.
The calculation of the cash conversion ratio
1
is set out below and is lower due to the summer period:
30 September
2024
£m
31 May 2023
(restated)
2
£m
% change/
% pts
Operating cash flow before interest and taxation 38.4 42.6 (9.9%)
Adjusted EBITDA
1,2
51.6 39.2 31.6%
Cash conversion ratio
1,2
(%) 74.4% 108.7% (34.3% pts)
1 See Financial Review for an explanation of Alternative Performance Measures (APMs) and adjusting items. See unaudited appendix 2 for an explanation of
APMs and adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APM’s, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item ‘Individual Significant Items’. Previous adjusted items of Amortisation of acquisition
intangibles and share based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. For further
detail, please refer to the Financial Review for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
Cash capital expenditure during the period was £8.8m (2023:
£7.3m), which includes tangible asset expenditure of £6.2m
(2023: £3.9m) and capitalised software and development costs
of £2.6m (2023: £3.4m). The increase in tangible capital
expenditure includes the opening of our new Manila office.
Sale proceeds from disposals represent payment of contingent
consideration in relation to the disposal of the Group’s DDI
business of £3.8m, the full payment of £8.2m for the DetACT
business disposed in April 2024 and £0.4m for disposal of a 3.35%
shareholding in an unlisted investment. Acquisition of trade and
assets as part of a business combination of £1.0m relates to the
final consideration payable in relation to the Adelard acquisition.
Dividends
During the period total dividends of £14.5m were paid in the
period (2023: £14.5m). Additionally, a dividend of £9.8m was
recognised but not yet paid as of the period end. The Board is
proposing a final dividend of 1.5p per ordinary share. This is
equivalent to the interim dividend previously paid albeit for the
final 4-month period ending 30 September 2024.
The final dividend of 1.5p per ordinary share, which, together with
the interim dividends of 3.15p and 1.5p per ordinary share paid on
4 October 2024 and 15 March 2024 respectively, makes a total
dividend of 6.15p for the period ended 30 September 2024.
The final dividend will be paid on 4 April 2025, subject to approval
at the AGM on 28 January 2025, to shareholders on the register
at the close of business on 21 February 2025. The ex-dividend
date is 20 February 2025.
Our FY25 framework
Looking forward to FY25, we have set a framework to measure
ourselves against as follows:
•
Sustainable revenue growth
• Deliver underlying growth in Cyber Security
• Increase Managed Services revenue as a proportion of total
Cyber Security
• Maintain momentum in Escode
•
Improved gross margin
• Maintain utilisation %
• Smart pricing and margin investment decision making
• Globalise technical resource footprint
•
Efficiency for growth
• Simplify operating model to generate efficiencies
• Drive towards consistent profit conversion in every market
• Eliminate stranded costs resulting from non-core disposals
•
Capital deployment supporting growth
• Strong cash conversion
• Ensure appropriate liquidity and debt facilities
• Maintain dividend
• Accretive acquisition opportunities
Guy Ellis
Chief Financial Officer
10 December 2024
51
Strategic report
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Dear Shareholder
On behalf of the Board, I am pleased to present the Corporate
Governance Report for the period ended 30 September 2024.
Throughout the period the Board has worked cohesively as a
team and I would like to thank each Director for their wise
counsel and continued efforts during this time. The Board is
composed of highly skilled and experienced Directors from
a diverse range of industries and backgrounds, all of whom
contribute towards the long-term success of the Company
and show commitment and enthusiasm in the performance
of their roles and duties.
I would like to thank all of my Board colleagues for their
commitment, support and flexibility over the past period.
We now have returned to predominantly face-to-face Board
meetings, but we still use virtual meetings for shorter update
meetings or when we need to meet at short notice. This
continued hybrid way of working has enabled us to maintain
strong governance and robust decision making, delivering
against our strategy. During the period, particular highlights
were our visits as a Board to our Manchester, Cheltenham and
London offices, where we enjoyed and valued spending time
with colleagues. We look forward to visiting more offices and
meeting more colleagues in the coming period.
The Board is committed to creating and maintaining a culture
where strong levels of governance thrive throughout the
organisation, specifically ensuring that we send out consistent
messages on our values and principles for our colleagues,
our customers, our suppliers and our advisers.
Governance standards
The Board is committed to high standards of corporate
governance and is pleased to confirm that throughout the
period ended 30 September 2024, the Company complied with
all relevant provisions of the UK Corporate Governance Code.
A key focus of the Code is culture and ensuring it aligns with
the Group’s purpose, strategy and values. Culture has been high
on the Board’s agenda for a long time and the Board considers
culture to be an essential ingredient in meeting our long-term,
sustainable returns to all stakeholders.
The Board, the Executive Committee and senior management
continue to promote our culture and standards throughout the
business and lead by example to provide a strong corporate
governance framework.
One of the most significant parts of the Code affecting NCC
Group is in respect of workforce engagement. Our main
stakeholder is our colleagues and we continue to maintain
meaningful mechanisms to ensure that we, as a Board, have
constructive and regular dialogue with our dedicated and
committed workforce. This then puts us in a strong position to
deliver our strategy.
During the period, Julie Chakraverty, Senior Independent
Director and designated Non-Executive Director for workforce
engagement, has been reaching out to colleagues across the
business. As a people business, insights from our colleagues
are invaluable, therefore employee engagement is a crucial area
for us to continue to focus on and continue to get right. We have
not let distance or differing time zones be a barrier to hearing
our colleagues’ opinions around the Board table.
Chair’s introduction to governance
Chris Stone
Non-Executive Chair
NCC Group plc — Annual report and accounts for the period ended 30 September 202452
Board composition and diversity
With regard to our current diversity, I am satisfied that we have an
appropriately diverse Board in terms of experience, skills and
personal attributes among our Board members. The Directors have
many years of experience gained across a variety of industries and
sectors, ensuring a mix of views and providing a broad perspective.
We recognise that we still have some progress to make in terms
of improving the diversity of the Board and our executive team
(and indeed our workforce as a whole). During the year ended
31 May 2021, we made the firm commitment that by 2024, we
will have at least 33% female representation on our Board and
at least one person of colour.
We have now delivered on our commitment and are also on course
to meet the FTSE Women Leaders Review and Listing Rules target
of 40% female representation by the end of 2025. Although this is
best practice for FTSE 350 companies, we have committed to this
target regardless of which share index we are in. Our Board now
has 43% female representation (three out of seven) and we will
look to improve this further still during any future appointments
to the Board.
Improvements in diversity are often not a quick process but we
are very mindful of the need to take positive action, and the
matter remains fully on our agenda, as can be seen with the
progress we have made over recent periods. Accessing the
candidates we require to reach this target will involve us looking
beyond the obvious pool of existing board directors within the
UK and we intend to ensure that we extend our talent search to
other sectors and countries to ensure we find a diverse pool of
candidates from which to choose to provide us with true
diversity around our Board table.
To confirm, as at 30 September 2024, we complied with
the following:
•
At least 40% of the individuals on our Board of Directors
are women
•
At least one of the senior positions on our Board of Directors
is held by a woman (our Senior Independent Director)
•
At least one individual on our Board of Directors is from
a minority ethnic background
Our approach
The Directors have acted in a way they consider, in good faith,
to be most likely to promote the long-term success of the
Company. Our role as the Board is to set the strategy of the
Group and ensure that management operates the business in
accordance with our priorities. We believe this approach will
promote the Group’s long-term success and our customers’
interests as well as create value for shareholders and have
regard to our other key stakeholders such as our colleagues.
The Board’s intention is to hand over the business to our
successors in a better and more sustainable position for the
future. We recognise the renewed focus on the contribution that
a successful company can make to wider society in general, in
addition to generating value for shareholders, and as a Board
we want to ensure that we have effective engagement with,
and encourage participation from, shareholders and other
stakeholders. The Board acknowledges that there are competing
priorities for different stakeholders but strives to balance the
priorities, while ensuring decisions made are in the best interests
of the Company.
Board changes
As announced on 22 June 2023, Guy Ellis succeeded Tim Kowalski
as CFO on 30 June 2023. Prior to stepping down, Tim supported
an orderly handover to Guy. The biographies of all the Board
members can be found on pages 56 and 57. After over eight years’
service on the Board (along with being Senior Independent Director
and Chair of the Audit Committee), Chris Batterham retired from
the Board at the November 2023 AGM. I would like to pay tribute
to Chris for all that he has done for the Company over his time
with NCC Group, and his extremely valuable and insightful
contributions to the Board. We also wish him well for the future.
Board tenure as at 30 September 2024
7 years 6 months
Mike Maddison
Guy Ellis
Chris Stone
2 years 3 months
1 year 3 months
Lynn Fordham
2 years 9 months
Julie Chakraverty
6 years 5 months
Jennifer Duvalier
7 years 0 months
Mike Ettling
2016 2017 2018 2019 2020 2021 202420232022
30 September:
2 years 1 month
53
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Effectiveness
As Chair, I am responsible for providing leadership to ensure that
the Board operates effectively. I have been supported in this by
all the Directors, but in particular our Senior Independent Director
(Julie Chakraverty). The annual reviews of Board effectiveness
help the Board to consider how it operates and how its operations
can be improved. This period, we undertook an internally facilitated
Board and Committee evaluation and the findings of this review
have provided us with ideas to further improve the manner in
which the Board operates, and build on our inaugural externally
facilitated evaluation in 2023, along with previous internally
facilitated evaluations. The results were very useful and insightful
and will be incorporated into our plans for the coming period.
In particular, Board succession planning remains a priority,
particularly as we look to ensure the Board and Executive
Committee have the right set of skills and experience to support
the Group as the business evolves.
You can read more about the Board and the Committee
evaluation on pages 63 and 64.
Our investors
We are in regular contact with our large investors through a
regular scheduled programme of meetings attended by our CEO,
CFO and Chair. Julie Chakraverty (Senior Independent Director),
Lynn Fordham (Audit Committee Chair) and Jennifer Duvalier
(Remuneration Committee Chair) are also available to meet with
investors should the need arise. Our Director of Investor Relations
and Sustainability (Yvonne Harley) has now been in her role for
over a year and this has allowed us to make a step change in our
approach to Investor Relations, notably the two Capital Markets
events we hosted in April and June 2024 which were both very
well received. This was an internal appointment and Yvonne
continues to bring energy and rigour to the role and ensures
that our engagement with shareholders is done efficiently
and properly.
I continue to meet with our larger investors and I feed back my
findings to Board colleagues. We have been particularly active
with our investor engagement during the period as we sought
their views on the Directors’ Remuneration Policy for the period
2024–2027, which we will seek shareholder approval for at
our AGM in early 2025. Jennifer Duvalier (our Remuneration
Committee Chair) has led this process diligently and you can
read more about this in the Remuneration Committee Report
starting on page 79. In addition, our brokers undertook an
investor survey on the back of our half-year results in January
2024 and the results of this were presented and discussed at
a Board meeting. Our aim is to engage with our shareholders
in an open and meaningful way.
Chair’s introduction to governance continued
Ensuring that the Directors’ remuneration packages align the
Directors’ and senior managers’ interests with the long-term
interests of NCC Group and its shareholders is always a key area
of interest for investors. The 2021 Directors’ Remuneration Policy
received 87.43% of votes in favour at the 2021 AGM, and it was
pleasing that our 2023 Directors’ Remuneration Report received
85% of votes in favour, recognising the continued support of our
shareholders for our approach to executive remuneration.
As part of our 2021 Remuneration Policy, we have now aligned
our Executive Directors’ pensions with our wider colleague
population and introduced post-employment shareholding rules.
Statement of compliance with the UK Corporate
Governance Code
The Company measures itself against the requirements of the
UK Corporate Governance Code 2018 (the “Code”), which is
available on the Financial Reporting Council website
(www.frc.org.uk).
I can confirm that the Board has applied the principles and
complied with the provisions of the UK Corporate Governance
Code 2018 throughout the financial period to 30 September 2024.
Thank you
We are immensely proud of our colleagues for their continuing
extraordinary efforts, always acting in the best interests of our
customers and our stakeholders. I would like to thank all our
colleagues for their incredible contribution in stepping up and
meeting the challenges that the Group has faced over the
past period.
Chris Stone
Non-Executive Chair
10 December 2024
54 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Governance framework
Provides leadership and is responsible for the overall management of NCC Group, its strategy, long-term objectives and risk
management. It ensures the right Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Has responsibility for managing the business and overseeing the implementation of the strategy agreed by the Board.
Currently comprises the Group’s most senior business and operational Executives. It is responsible for assisting the Chief Executive
Officer in the performance of its duties including:
•
Developing the budget
•
Monitoring the performance of the different
divisions of the Company against the plan
•
Carrying out a formal risk review process
•
Reviewing the Company’s policies and procedures
•
Prioritisation and allocation of resources
•
Overseeing the day-to-day running of the Company
•
Being responsible for people, talent and culture
Support the Board in its work with specific areas of review and oversight objectives and risk management. They ensure the right
Company structure is in place to deliver long-term value to shareholders and other stakeholders.
Board
(The Board has collective responsibility to promote the long-term sustainable success of the Group,
ensuring due regard is paid to the interests of its stakeholders.)
Board Committees
(The Board oversees the Group’s operations through a unitary Board and four principal Committees, being Audit,
Nomination, Remuneration, and Cyber Security. The terms of reference for these Committees can be found on our website.
Further information on the work of these Committees can be found in later sections of this Annual Report and Accounts.)
Executive Committee (ExCom)
Chief Executive Officer
(Manages the day-to-day operations of the Group, prioritising and allocating resources.
The CEO is supported by the Executive Committee.)
The different parts of the Company’s governance framework are
shown below, with a description of how they operate and the
linkages between them.
Primary function is to
assist the Board in fulfilling
its financial and risk
responsibilities. It also
reviews financial reporting,
the internal controls in
place and the external
audit process.
Responsible for considering
the Board’s structure, size,
composition, diversity and
succession planning.
Responsible for
overseeing and advising
on the Group’s exposure
to cyber risk and its future
cyber risk strategy, its
Cyber Security breach
response and its crisis
management plan and the
review of reports on any
Cyber Security incidents.
Responsible for
determining the overall
remuneration of the
Executive Directors and
the remuneration of senior
managers (ExCom) within
the broader institutional
context of remuneration
practice.
Audit
Committee
Nomination
Committee
Cyber Security
Committee
Remuneration
Committee
Read more on
pages 67 to 73
Read more on
pages 74 to 76
Read more on
pages 77 and 78
Read more on
pages 79 to 100
For further details on Board composition and division of responsibilities, see pages 58 to 65
55
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Chris Stone
Non-Executive Chair
Appointment to the Board:
6 April 2017
Career experience
Chris has held various Non-Executive
Director and Chief Executive roles at listed
and private equity backed technology
companies. He was CEO of Northgate
Information Solutions plc from 1999 to 2008,
until its sale, and stayed as CEO until 2011.
From 2013 to 2016, he was CEO of Radius
Worldwide. Chris was also a Non-Executive
Director of CSR plc, and Chair of the
Remuneration Committee, from 2012 until
its sale in 2015. Chris was also Chair of
AIM listed CityFibre plc from January 2017
until June 2018, when it was sold to private
equity buyers. Chris has also been Chair
of Everynet BV, a privately owned Internet
of Things infrastructure business.
External appointments
Chris is currently Chair of AIM listed
Idox plc.
Appointment to the Board:
7 July 2022
Career experience
Mike was formerly head of EY’s Cyber
Security, privacy and trusted technology
practice for EMEA, a role he has held
since 2017. During that time Mike has
successfully delivered strong growth
across the 97 countries in the region and
reinforced EY’s position as a leading Cyber
Security adviser. Previously he led PwC’s
risk services practice across the Middle
East and before that was head of Deloitte’s
Cyber Security consultancy in EMEA for ten
years where he also drove significant growth.
External appointments
Mike does not currently have any
external appointments.
Appointment to the Board:
30 June 2023
Career experience
Guy joined NCC Group in 2021, as
Director of Commercial Finance as well
as serving as Interim Managing Director
of our Software Resilience business, and
most recently as Interim Managing Director
of our UK Cyber Security business.
Guy has over 25 years’ experience in
finance and commercial roles in the retail
sector for brands including Asda and
Specsavers. This experience and the
recent interim roles in NCC Group have
given him a breadth of understanding of
the commercial drivers and operations
across the whole business.
External appointments
Guy does not currently have any
external appointments.
Our business is led by our Board of Directors. Biographical and
other details of the Directors are as follows:
N
Mike Maddison
Chief Executive Officer
Guy Ellis
Chief Financial Officer
Board of Directors
C
View our Executive Committee: nccgroupplc.com/our-board-executive-committee/
During the period a number of Directors took on additional
appointments outside of their role with NCC Group. The Board
considered these appointments and concluded that these
appointments did not conflict with NCC Group, and the Director
would have sufficient time to devote to NCC Group following
the additional appointments, and that the appointments did not
result in the Directors concerned being “overboarded”.
56 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
A
Member of
Audit Committee
C
Member of
Cyber Security
Committee
N
Member of
Nomination Committee
R
Member of
Remuneration Committee
Committee Chair
Committee key:
Jennifer Duvalier
Independent
Non-Executive Director
Julie Chakraverty
Senior Independent
Non-Executive Director (and
designated Non-Executive
Director for Colleague
Engagement)
Appointment to the Board:
1 January 2022
Career experience
Julie has a wealth of PLC board
experience, recently serving
as a Non-Executive Director
on the boards of Santander
UK and Abrdn plc (formerly
Standard Life Aberdeen plc,
having been Senior Independent
Director and Chair of the Risk
and Innovation Committees for
Aberdeen Asset Management
plc prior to merging). She has
also been Chair of the
Remuneration Committee for
the global insurer MS Amlin plc,
a Non-Executive Director for
Spirit Pub Company Limited
and a Trustee for The Girls’
Day School Trust. During her
executive career, Julie was
a board member of UBS
Investment Bank where she
held a number of global
leadership positions and won
industry awards for innovation
every year from 2001–2009 for
her “CreditDelta” technology
product. Julie was a Director
and founder of Rungway
Limited, a colleague engagement
platform that empowers people
to seek and share advice at
work, used by leading
global firms.
External appointments
Julie is currently an Independent
Non-Executive Director of AJ
Bell plc, and also at Starling
Bank Limited (where she chairs
the Ethics and Sustainability
Committee and is the Board’s
Consumer Duty Champion).
Appointment to the Board:
25 April 2018
Career experience
Jennifer was Executive Vice
President of People at ARM
Holdings plc, with responsibility
for all people and internal
communications activity
globally, from September 2013
to March 2017.
External appointments
Jennifer is currently the
Senior Independent Director
of Trainline plc (where she is
also a member of the Audit
and Risk, Nomination and
Remuneration Committees)
and an Independent Non-
Executive Director and Chair of
the Remuneration Committee
of Mitie Group plc (as well as
being a member of its
Nomination Committee)
(she is also the designated
Non-Executive Director for
colleague engagement at both
companies). She is a Trustee of
Somerset House (a UK-based
charity) and also an adviser
to the New York Presbyterian
hospitals in the US, along with
being Senior Advisor to the
Board of M Squared Lasers
Limited. Jennifer is also a
Non-Executive Director of
The Cranemere Group Ltd, and
(until recently) was a member
of The Council of the Royal
College of Art and Chair of the
Remuneration Committee.
R NC
Appointment to the Board:
22 September 2017
Career experience
Mike has strong sector and
non-executive experience. He
has had an extensive career in
global technology businesses
including SAP-Sucessfactors,
NorthgateArinso, Unisys,
Synstar and EDS and was
formerly a Non-Executive
Director of Backoffice
Associates LLC, a US PE
backed data business, and also
formerly a Non-Executive
Director of Telkom BCX Ltd,
a South African IT and
telecommunications business.
Mike has also served as a
Non-Executive Director with
Topia Inc, a Silicon Valley cloud
relocation software business.
He has also served as a
Non-Executive Director of
Impellam PLC, an AIM listed
recruitment business.
External appointments
Mike is currently CEO of Unit4,
a world leader in enterprise
applications for services and
people organisations.
Mike Ettling
Independent
Non-Executive Director
NCA R A
Other Directors during the period
Tim Kowalski
Served as Chief Financial Officer for the period 1 June
to 30 June 2023.
Chris Batterham
Served as an Independent Non-Executive Director for the
period 1 June to 30 November 2023.
Lynn Fordham
Independent Non-Executive
Director (and lead
Non-Executive Director
for Sustainability)
Appointment to the Board:
1 September 2022
Career experience
Lynn, a Chartered Accountant,
was most recently Managing
Partner of private investment
firm Larchpoint Capital LLP, a
position she held from 2017 to
2021. Prior to joining Larchpoint,
Lynn was CEO of SVG Capital
for eight years, having previously
served as CFO. Before that she
held senior finance, risk and
strategy positions at Barratt
Developments, BAA, Boots,
ED&F Man, BAT and Mobil Oil.
She also served as a Non-
Executive Director on the board
of Fuller, Smith & Turner for
seven years until 2018, chairing
its Audit Committee. Lynn was
also a supervisory board
member of VARO Energy B.V.
External appointments
Lynn is currently a
Non-Executive Director and
Chair of the Finance, Risk and
Audit Committees of Caledonia
Investments plc, Domino’s
Pizza Group and Enfinium
Limited. Lynn also serves as
Chair and a member of the
Nomination Committee of
NewRiver REIT plc. Lynn is
also Chair of RMA – The Royal
Marines Charity.
NCA R
57
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Board composition and division of responsibilities
The Board has agreed a clear division of responsibilities with the responsibilities of the Chair, Chief Executive Officer, Chief Financial
Officer, Senior Independent Director and other Directors clearly defined so that no individual has unrestricted powers of decision and
no small group of Directors can dominate the Board’s decision making.
Role Responsibilities
Chair of the Board
(Chris Stone)
Is responsible for the running and leadership of the Board, setting its agenda and ensuring its effectiveness
in all aspects of its role, and promoting a culture of openness, debate and the highest standards of
corporate governance. The Chair, in conjunction with the CEO and other Board members, plans the
agendas, which are issued with the supporting Board papers in advance of the Board meetings. These
supporting papers provide appropriate information to enable the Board to discharge its duties, which
include monitoring, assessing and challenging the executive management of the Group.
Chief Executive Officer
(Mike Maddison)
Together with the senior management team (ExCom), is responsible for the day-to-day running of the
Group’s business, implementing the strategy and policies approved by the Board, and regularly providing
performance reports to the Board. The role of CEO is separate from that of the Chair to ensure that no one
individual has unfettered powers of decision.
Chief Financial Officer
(Guy Ellis)
Works closely with the CEO with specific responsibility for all financial matters, including Group accounting
policies, financial control, tax and treasury management, risk management and financial probity. The CFO
is also accountable for the transparency and appropriateness of management information and key
performance indicators, internally and externally.
Senior Independent
Director
(Julie Chakraverty)
Provides a sounding board for the Chair and serves as an intermediary for other Directors, colleagues and
shareholders when necessary. The main responsibility is to be available to the shareholders should they
have concerns that they have been unable to resolve through normal channels or when such channels
would be inappropriate.
Non-Executive Directors
(Jennifer Duvalier,
Mike Ettling and
Lynn Fordham)
Bring experience and independent judgement to the Board. Maintain an ongoing dialogue with the
Executive Directors, which includes constructive challenge of performance and the Group’s strategy.
Designated
Non-Executive Director
for engagement with
the workforce
(Julie Chakraverty)
Leads on Board engagement with the workforce (please see separate section on page 14).
Company Secretary
(Jonathan Williams)
Ensures good information flows within the Board and its Committees and between senior management
and Non-Executive Directors. The Company Secretary is responsible for facilitating the induction of new
Directors and assisting with their professional development as required. All Directors have access to the
advice and services of the Company Secretary to enable them to discharge their duties as Directors. The
Company Secretary is responsible for ensuring that Board procedures are complied with and for advising
the Board via the Chair on governance matters. The appointment and removal of the Company Secretary
is a matter for the Board as a whole.
Gender identity or sex as at 30 September 2024
No. of Board
members
% of
the Board
No. of senior positions on the
Board (CEO, CFO, SID, Chair)
No. in executive
management (ExCom)
% of
executive management
Men 4 57% 3 3 43%
Women 3 43% 1 4 57%
Not specified/prefer not to say — — — — —
Ethnic background as at 30 September 2024
No. of Board
members
% of
the Board
No. of senior positions on the
Board (CEO, CFO, SID, Chair)
No. in executive
management (ExCom)
% of
executive management
White British or other White
(including minority-white groups) 5 72% 3 7 100%
Mixed/multiple ethnic groups — — — — —
Asian/Asian British 1 14% 1 — —
Black/African/Caribbean/Black British — — — — —
Other ethnic group, including Arab — — — — —
Not specified/prefer not to say 1 14% — — —
58 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Meetings and attendance
The Board considers that each Director is able to allocate sufficient time to the Company to discharge their responsibilities effectively.
The Non-Executive Directors are contracted to spend a minimum of 24 days per annum on the Group’s affairs, and the Chair 60 days.
A summary of each current Director’s attendance at meetings that they were eligible to attend of the Board and its Committees during the
financial period ended 30 September 2024 is shown below. Unless otherwise indicated, all Directors held office throughout the period.
More meetings were held within the financial period owing to the fact that this was a 16 month as opposed to a 12 month financial
period. For the avoidance of doubt, no concerns have been raised about the attendance record of any Directors, nor their continued
commitment to their work and NCC Group.
Board Audit Nomination Cyber Security Remuneration
Chris Stone
14
14
n/a
2
2
*
4
4
n/a
Mike Maddison
14
14
n/a n/a n/a n/a
Guy Ellis
13
13
1
n/a n/a n/a n/a
Tim Kowalski
1
1
2
n/a n/a n/a n/a
Chris Batterham
5
5
3
3
3 1
1 1
1 2
2
Lynn Fordham
14
14 7
7
*
2
2 4
4 8
8
Julie Chakraverty
14
14 6
7
5
2
2 4
4
*
7
8
5
Jennifer Duvalier
14
14
n/a
2
2 4
4 8
8
*
Mike Ettling
13
14
4
6
7
6
n/a n/a n/a
At all times, all of the Board and Committee meetings remained quorate.
Meetings attended
Possible meetings
* Committee Chair
n/a Director is not required to attend the meeting, but may have attended by invitation.
1 Appointed to the Board on 30 June 2023.
2 Stepped down from the Board on 30 June 2023.
3 Stepped down from the Board on 30 November 2023.
4 Unable to make one Board meeting because of a pre-existing business commitment (scheduled before NCC Group set its Board meeting dates) that could
not be rearranged.
5 Was unable to make one meeting due to an important personal matter that could not be rearranged.
6 Was unable to make one meeting due to illness.
What principal decisions have been made and what have we looked at as a Board during 2023/24?
Section 172 statement
Section 172 of the Companies Act 2006 requires a director of a company to act in the way they consider, in good faith, would most likely
promote the success of the company for the benefit of its members as a whole, but having regard to a range of factors set out in section
172(1)(a)–(f) of the Companies Act 2006. In discharging our section 172 duty, we have regard for these factors, taking them into
consideration when decisions are made.
The Board understands the importance of stakeholder engagement and, through regular updates from the Executive Directors and other
senior managers, it has provided challenge and oversight throughout the period. The Company’s stakeholders are set out on pages 14
and 15, with an overview of how we engage with them, how they relate to our strategy and highlights from the previous year.
Principal decisions made during the period
Throughout this Annual Report, we have provided examples of how we have thought about the likely consequences of long-term
decisions and detailed below is how the Board considered stakeholders, and the information we received through engagement, in a
number of its key decisions in 2023/24.
When making each decision, the Board carefully considered how it impacted on the success of the Group and its long-term (financial and
non-financial) impact and had due regard to the others matters set out in section 172(1)(a)–(f) of the Companies Act 2006.
The below should be read in conjunction with our Stakeholder Engagement section on pages 14 and 15, along with other sections of the
Annual Report where appropriate.
59
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
What principal decisions have been made and what have we looked at as a Board during 2023/24? continued
Principal decisions made during the period continued
The below should be read in conjunction with our Stakeholder Engagement section on pages 14 and 15, along with other sections of the
Annual Report where appropriate.
Topic Stakeholder group Decision taken Engagement process Reference
Strategic
disposals
Colleagues,
shareholders
During the financial period, a
decision was taken to dispose
of DetACT (an advanced
preventive fraud detection
solution for banks in Europe),
and Fox Crypto B.V. (part of
NCC Group’s European Cyber
division in the Netherlands).
These disposals represent a
continuation of the Group’s
transformation strategy to
simplify the business and
create a more focused Cyber
Security business, and these
non-core disposals will not
impact the Group’s continuing
cyber capabilities.
We endeavoured to communicate
with affected colleagues as soon
as we could and ensured that any
questions they had were
answered in a timely manner.
We were also mindful of the
feelings of remaining colleagues
unaffected by the disposal
process who could be potentially
losing long-term colleagues
and friends.
Shareholder engagement over
the past one to two years and
since announcing our new
strategy has indicated that they
were supportive of us disposing
of non-core assets, further
simplifying the business and
creating a more focused Cyber
Security business.
Strategic Report on
pages 4 and 32
Change in
financial year
end
Shareholders,
colleagues
To drive greater efficiency in our
corporate reporting and audit
process, it was decided to
change the year end from 31 May
to 30 September.
Shareholders were first informed
of this on 25 January 2024.
Shareholders were kept up to date
on Group performance during the
transition period (i.e. the period
1 June 2024 to 30 September 2024)
with updates on 20 June, 1 August
and 12 September 2024. In addition,
two Capital Markets events were
also held in April and June.
Colleagues were kept regularly
updated on the matter, particularly
around issues concerning
payment of bonuses and how the
additional four months would be
dealt with, along with the timing
for future pay reviews.
An internal steering group was
formed to ensure that the Group
complied with all stakeholder and
regulatory reporting requirements.
Colleague
engagement
section on page 14
Board composition and division of responsibilities continued
60 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
What have we looked at as a Board during 2023/24?
At every meeting the Board reviews the minutes from the
previous meeting and the status of any outstanding actions.
Colleague engagement is a standing agenda item presented by
Julie Chakraverty as our designated Non-Executive Director for
workforce engagement. The CEO and CFO present their monthly
performance update reports, which are also circulated to Board
members in months where there is no scheduled Board meeting.
The Board has also reviewed the following during 2023/24:
Leadership and colleagues
•
Received an update on colleague engagement and the results
of the annual colleague engagement survey, and any questions
colleagues have raised on executive remuneration and how
this aligns with the wider Company pay policy
•
Continued with the colleague engagement programme, led by
an appointed designated Non-Executive Director, with an
update to the Board at every Board meeting
•
Been updated on senior management changes to the
Executive Committee
•
Spent informal time with wider colleagues during Board
meetings held at our UK offices
Strategy
•
Continued to be kept informed of progress with the Group’s
strategy
•
Held a dedicated one day strategy session (see page 61)
•
Discussed the strategy day and the key points arising out of it,
along with regular check-ins on progress against strategy
•
Had a number of post-acquisition reviews of acquisitions that
the Group had made over the past few years
•
Considered and approved two non-core disposals in the
Netherlands (the Fox Crypto business and the DetACT
business)
Governance
•
Continued with the colleague engagement programme, with
an appointed designated NED leading the Board’s engagement
activities
•
Completed the internally facilitated Board, Committee and
Chair effectiveness reviews
•
Had a number of presentations on the Group’s ESG work and
progress (labelled as “sustainability” internally)
•
Considered and approved a number of amendments to the
Group’s delegated authority matrix
•
Discussed and approved the Group’s Modern Slavery Statement
•
Approved a change in external auditor, after recommendation
from the Audit Committee, following a tender process
(resulting in PwC replacing KPMG)
•
Received reports on any material litigation and colleague
litigation issues affecting the Group
•
Reviewed and approved a number of country risk assessments
for work in certain countries
•
Held a dedicated Enterprise Risk Management (ERM) Board
workshop facilitated by the Director of Global Governance and
Global Head of Risk and Assurance
•
Kept up to date on the Remuneration Committee’s progress
with engaging with shareholders on the 2024–2027 Directors’
Remuneration Policy
Financial
•
Reviewed and approved the Annual Report and Accounts,
ensuring that it is fair, balanced and understandable
•
Discussed and approved the full-year and half-year results
and associated presentations to investors
•
Approved the interim and final dividends and discussed the
dividend policy
•
Noted and approved the Group insurance cover renewal
•
Discussed and approved the 2024/25 budget, along with
approving a four month budget (i.e. 1 June 2024 to
30 September 2024) to take into account the year end change
•
Considered and approved the market purchase of shares to
fund future discretionary share plan maturities
•
Was kept informed in the run up to two Capital Markets
events which NCC Group hosted and noted the feedback
from these sessions
•
Received external presentations on shareholder perspectives
on the Company, including receiving regular updates from
investor meetings and noting circular investor letters
•
Considered and approved a change to the year end
Other Group business
•
Had a number of updates on the progress of the Company’s
operations in the Philippines
•
Kept updated on a number of strategic projects
•
Had a number of sales and marketing presentations
•
Approved a number of major customer contracts and bids
Board strategy review
With a year having passed since the launch of the new Group
strategy to the market and the completion of substantial
transformation activity since that time, the Board met in March
2024 to hold a detailed review of the strategic plans for the
business (with a focus on the coming stub period and FY25).
The objective of the session was to review the vision, strategy
and plans proposed to drive success in each of the strategic
pillars that compose of the strategy.
The session began with a senior analyst from Forrester offering
an outside-in view of the evolving cyber market, covering the
threats and trends that they were seeing, together with an
assessment of how NCC Group’s service compare to that of
its peers’.
After this, an in-depth discussion was held on the Group’s vision,
long-term financial and strategic goals and the strategic roadmap
up to the end of FY25. The rest of the session was structured
around the four pillars and associated enablers of the strategy,
with senior executives and programme leads each presenting
their workstream plans with objectives, roadmaps, timelines and
deliverables. This was an opportunity for Board members to give
valuable input and feedback on the emerging plans and it also
enabled the Board to get a sense of the implementation risks and
the mitigations being put in place to underpin the programme
delivery. Specific topics addressed as part of the pillar programmes
included continued global commercial strategy, development of
each of our four capabilities, optimising NCC Group to take
advantage of our global operating model and continuing to grow
Escode and putting in place the building blocks that will steer
NCC Group to becoming an employer of choice in cyber
and escrow.
Senior executives took the collective feedback, ideas and
direction to help shape the strategy implementation plans and
agreed it was a useful insight at a more detailed level than is
usually possible during update and review sessions.
61
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Independent advice
All Directors have access to the advice and services of the
Company Secretary and Directors are entitled to take
independent professional advice if necessary, at the expense
of the Company.
Conflicts of interest
The Companies Act 2006 requires Directors to avoid situations
where they have, or could have, a direct or indirect interest
that conflicts or potentially conflicts with the interests of the
Company. The Company’s Articles of Association require any
Director with a conflict or potential conflict to declare this to
the Board.
That Director will not then be involved in the discussions relating
to the proposal, transaction, contract or arrangement in which
they have an interest, unless agreed otherwise by the Directors
of the Company in the limited circumstance specified in the
Articles of Association, nor will they be counted in the quorum or
be permitted to vote on any issue in which they have an interest.
Directors are required to inform the Board without delay should
they be aware of any actual or potential conflicts of interest and
a check on conflicts is undertaken each year with a report to
the Board.
Colleague engagement
Julie Chakraverty is the Board’s designated Non-Executive
Director to lead the Board’s colleague engagement programme
and is committed to understanding the views of our colleagues
and ensuring they are incorporated into the Board’s decision-
making process.
In addition, there is also opportunity for colleagues to ask any
questions they have on executive remuneration and how this
aligns with the wider Company pay policy.
Prior to meeting with Julie at one of the engagement sessions,
colleagues are introduced to Julie via our internal social channels
where she explains her role through a video and written
communications. Julie has access to these channels to enable
her to engage fully outside of the formal events.
We were keen to build on the momentum generated in previous
years and Julie is sometimes joined by our Chair, Chris Stone,
or other Non-Executives, to meet colleagues, all of whom are
invited from below the mid-management level and all parts of
the business to ensure diversity of thought. We ensure that no
one has their line manager in either the physical or the virtual
room to ensure they can speak freely and tell Julie what is on
their mind.
Feedback from each session’s participants is shared
anonymously to the Board and to our CEO. This enables action to
be taken, further strengthening the value of listening. Colleagues
attending are invited to give their feedback and, so far, results
have been positive and valued.
Board independence
As required by the Code, at least 50% of the Board, excluding
the Chair, are Independent Non-Executive Directors. The Board
comprises two Executive Directors, four independent
Non-Executive Directors and the Non-Executive Chair.
The Board has debated and considers that all of the current
Non-Executive Directors are independent, and in so doing
considered the profile of all of the individuals, concluding that
none of them:
•
Have ever been a colleague of the Group
•
Have ever had a material business relationship with the Group
or receive any remuneration other than their salary or fees
•
Have close family ties with the advisers, other Directors or
senior management of the Group that could reasonably be
expected to cause a conflict
•
Hold cross-directorships or have significant links with other
Directors through involvement with other companies or bodies
•
Represent a significant shareholder
•
Have, at the point of this report, served on the Board for more
than nine years from the date of their first election
The Non-Executive Directors provide a strong independent
element on the Board and are well placed to constructively
challenge and help develop proposals on strategy and
succession planning. Between them, they bring an extensive
and broad range of experience to the Group.
Details of the Directors’ respective experience are set out in their
biographical profiles on pages 56 and 57.
The terms and conditions of appointment of Non-Executive
Directors are available for inspection at the Company’s
registered office during normal business hours.
Diversity
The principle of Board diversity (and indeed diversity across the
Group) is strongly supported by the Board. It is the Board’s policy
that appointments to the Board will always be based on merit so
that the Board has the right balance of individuals in place. The
Board recognises that diversity of thought, approach and
experience is an important consideration and it is therefore one
of the selection criteria used to assess candidates prior to any
Board appointments. Read more about diversity in the
Nomination Committee Report on pages 74 to 76.
The Company’s policy is to find, develop and maintain a diverse
workforce at all levels with an initial focus on developing a
culture where women can achieve and retain senior positions.
Board composition and division of responsibilities continued
62 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Annual re-election
In accordance with the Code, any Directors appointed in the
financial year are subject to election by shareholders at the AGM
and, in line with best practice, all the other Directors are subject
to re-election annually.
Director induction, training and development
New Directors are provided with an induction on appointment,
which would include visits to the Group’s operations and
meetings with operational and executive management. Each
Director’s induction is tailored to their experience and
background with the aim of enhancing their understanding of the
Group’s strategy, business, operating divisions, colleagues,
customers, suppliers and advisers, and the role of the Board in
setting the tone of our culture and governance standards.
The Company acknowledges the importance of developing the
skills of the Directors to run an effective Board. To assist in this,
Directors are given the opportunity to attend relevant courses
and seminars to acquire additional skills and experience to
enhance their contribution to the ongoing progress of the Group.
All of the Directors attend sessions which are aimed at updating
the Board on trends and developments in corporate governance.
During the financial period, our new CFO (Guy Ellis) was provided
with a formal, comprehensive and tailored induction programme.
Board and Committee effectiveness review
The performance of the Board and its Committees is appraised
annually and during the financial period an internally facilitated
Board effectiveness review was undertaken by the Company
Secretary, building on the externally facilitated review
undertaken by Manchester Square Partners (MSP) in March and
April 2023, which was the Board’s first ever externally facilitated
effectiveness review.
Outline of Board, Committee and Chair evaluation process
The Company Secretary reviews
previous year’s questionnaires
and evaluation exercise results
and, based on this, proposed
questionnaires for the forthcoming
evaluation exercise.
The proposed questionnaires are
reviewed and approved by the
Chair and Committee Chairs and
(for the Chair’s review) the Senior
Independent Director.
The Senior Independent Director
meets with the Chair to feed back
and discuss the Chair evaluation
results.
Questionnaires are added to an
online survey website, which
ensures the anonymous and
efficient collection of answers.
Board members, the Company
Secretary and regular Committee
attendees are then invited to
complete the questionnaires.
The responses are collated and
analysed by the Company
Secretary who then shares these
with the Chair and Committee
Chairs and (for the Chair’s review)
the Senior Independent Director.
Summary reports together with
the results and comments received
are prepared for the Board and
Committee meetings where the
results are discussed and key actions
for the coming year agreed.
The Chair holds one-to-one
meetings with Board members
where areas of interest could be
discussed in more detail.
The Senior Independent Director
meets with the other Non-Executive
Directors (without the Chair being
present) to discuss the Chair’s
performance during the period.
63
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Outcomes
The results were presented at a Board meeting.
The overall rating of the Board performance was positive. The Board and its Committees continue to function well, but a number of
observations and recommendations were noted, which are detailed below.
Area Recommendation/observation
Board composition
•
Considering the next NED appointment and the skills and experience required to complement those
already around the Board table
Board agendas/
papers
•
Although it was felt that the Board papers had improved significantly, it was agreed that hearing further
client feedback in a more systematic manner, including information on sales pipelines and the external
perspective, was important
•
A suggestion that more colleagues from NCC Group’s global operations could join Board meetings virtually
and present updates
•
A suggestion of a “reflections” session at the end of each Board meeting to play back what had been
discussed at the meeting, and suggest topics for future Board meetings
•
More briefings and training on AI and cyber developments/emerging threats
Board meetings
•
Consideration should be given to the frequency and number of Board meetings, i.e. was there an
opportunity to have a fewer meetings
•
Spend more time visiting other NCC Group offices
Strategy
•
Consider and discuss strategy and risks together
•
Build on the excellent progress of the last few annual strategy days and continue to hold dedicated Board
strategy sessions, as well as check in on progress regularly
Succession
planning
•
Continue to focus on talent and ensuring the Board gets opportunities to meet colleagues within the
business, both within Board meetings and in more informal settings such as Board dinners
Stakeholder
management
•
An appreciation that Investor Relations had improved significantly over the previous 18 months and that it
was important to maintain this level of momentum and trajectory
•
Receive more external perspectives on how NCC Group is viewed, particularly by clients/prospective clients
Information flows
•
Keep focusing on timeliness of papers; although this had improved, it was important to maintain discipline
around this
Committees
•
Audit Committee – ensure the Committee is briefed on key changes to accounting policies and Corporate
Governance Code developments
•
Remuneration Committee – spend time discussing remuneration perspectives beyond the UK, i.e.
internationally in the areas NCC Group competes for talent, along with new remuneration ideas that the
Committee might consider in the future
•
Remuneration Committee – spend time considering from a Committee perspective how effectively the
wider pay and benefits policy aligns with NCC Group’s strategy and talent agenda, and the implications
of this for pay at the top of the organisation
•
Nomination Committee – spend more time over the annual cycle exploring the development actions that
are in progress to actualise the potential of those on the succession plan to CEO/CFO and ExCom roles
•
Cyber Security Committee – make sure the education content on emerging trends, threats and
opportunities is a focus for the Committee
Board composition and division of responsibilities continued
64 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Operation of governance framework
Role of the Board
The Board is responsible for reviewing, challenging and
approving the strategic direction of the Group, while providing
strong values-based leadership of the Company, within a
framework of prudent and effective controls which enable risk
to be assessed and appropriately managed. The Board reviews
the Group’s business model and strategic objectives to ensure
that the necessary financial and human resources are in place
to achieve these objectives, to sustain them over the long term
and to review management’s performance in their delivery.
The Board sets the tone of the Company’s values and ethical
standards and manages the business in a manner to meet its
obligations to shareholders and other stakeholders.
The Board receives information on at least a monthly basis to
enable it to review trading performance, forecasts and strategy
and it has a schedule of matters specifically reserved for its
decision. The most significant of these are:
•
Approval of strategic plans, the annual budget and any
material changes to them
•
Oversight of the Group’s operations, ensuring competent and
prudent management, sound planning and an adequate
system of internal control and governance
•
Through the Audit Committee, oversight of financial reporting
systems and information and adherence to appropriate
accounting policies
•
Changes to the structure, size and composition of the Board
and Executive Committee, and oversight of the Company
culture and the ethical standards of the leadership and the
independence of Non-Executive Directors, taking into
consideration prudent succession planning
•
Approval of the acquisition or disposal of subsidiaries and
major investments and capital projects
•
Approval of the dividend, treasury and banking policies,
including the Group’s capital structure
•
Through the Remuneration Committee, the delivery of
an effective executive and senior management
Remuneration Policy
•
Receiving reports on the views of shareholders and approval
of all documents put to shareholders at a general meeting
or circulated to shareholders
•
Approval of the appointment of key advisers
The Board has a schedule of specific matters reserved for its
decision where it feels they are critical to the ongoing success
of the business and are of a significant nature to merit the Board
having such a decision reserved to it. The Group also has a
Group authority matrix (which documents the levels of authority
delegated from the Board to various role holders within the
Group). The schedule of matters reserved for decision by the
Board and the Group authority matrix are complementary
documents and are designed to ensure that decisions are either
made by the Board or delegated to an appropriate senior
colleague within the Group.
As noted above, the operational management of the Group
is delegated to the Executive Committee. The Board also
delegates other matters to Board Committees and management
as appropriate.
Risk management
The Board has ultimate responsibility for ensuring that business
risks are effectively managed. The Board has delegated regular
review of the risk management procedures to the Cyber Security
Committee in relation to cyber risks, and to the Audit Committee
in relation to all other risks. The Board reviews the overall risk
environment on at least an annual basis. The day-to-day
management of business risks is the responsibility of the
Executive Committee (ExCom).
Internal control
The Group has a system of internal controls which aims to
support the delivery of the Group’s strategy by managing the
risk of failing to achieve business objectives and to protect the
stewardship of the Group’s assets. As with all such systems, the
goal is to manage risk within acceptable parameters, rather than
to eliminate risk entirely. The Group can therefore only provide
reasonable and not absolute assurance that the business
objectives and asset stewardship will be delivered successfully.
In addition, the Group insures against various risks, but certain
risks remain difficult to insure, due to the breadth and cost of
cover. In some cases, external insurance is not available at all, or
at least not at an economically viable price. The Group regularly
reviews both the type and amount of external insurance that it
buys in conjunction with its insurance brokers. For a more detailed
review of risk management processes, the principal risks faced
by the Group and their mitigation, see pages 29 to 38.
The Audit Committee is responsible for reviewing the effectiveness
of the risk management and internal control systems. The steps
it takes in relation to the review are set out on page 70.
The Audit Committee makes recommendations to the Board on
the effectiveness of risk management and internal controls,
which the Board considers, together with reports from the Cyber
Security Committee, in forming its own view on the effectiveness
of the risk management and internal control systems.
During the period ended 30 September 2024, the Board reviewed
the effectiveness of the Group’s risk management and internal
control systems together with internal control findings issued by
our auditor. We confirm that the processes outlined above and
on page 70 have been in place for the period under review and
up to the date of this Annual Report and Accounts, and that
these processes accord with the UK Corporate Governance
Code and the FRC Guidance on Risk Management, Internal
Control and Related Financial and Business Reporting. While we
have had a number of weaknesses identified through our internal
audit reports issued throughout the period, management has
agreed the required actions and is working to close these down.
We report on these regularly to the Audit Committee and are
working with local management to continuously improve controls
and processes across the business.
Executive remuneration
During the period, we operated within the Remuneration
Policy approved by shareholders at the 2021 AGM. Details of
how the Remuneration Policy has been applied during this
financial year are set out on pages 79 to 100 of the Remuneration
Committee Report.
65
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Shareholder engagement
Share capital structure
The Company’s issued share capital at 30 September 2024
consists of 314,524,630 ordinary shares of 1p each. There are no
special control rights or restrictions on share transfer or special
rights pertaining to any of the shares in issue and the Company
does not have preference shares.
As far as is reasonably known to the Board, the Company is not
directly or indirectly owned or controlled by another company
or by any government.
Board engagement with shareholders
Communications with shareholders are given high priority.
There is a regular dialogue with institutional investors including
presentations after the Company’s year end and half-year results
announcements.
A programme of meetings takes place throughout the period
with major institutional shareholders, and private shareholders
have the opportunity to meet the Board face to face and ask
questions at the AGM.
We are in regular contact with our large investors through a
regular scheduled programme of meetings attended by either
our CEO or CFO or both of them. Julie Chakraverty, our Senior
Independent Director, and I are also available to meet with
investors should the need arise. After meeting our larger
investors, I feed back my findings to Board colleagues at the
next Board meeting. In addition, our brokers undertake investor
surveys on the back of our half and full-year results and the
results of these were presented and discussed at a Board
meeting. Our aim is to engage with our shareholders in an open
and meaningful way. During the financial period, the Directors
held a number of meetings with shareholders as set out below.
Board shareholder updates
Feedback from major institutional shareholders is provided to the
Board on a regular basis and, where appropriate, the Board takes
steps to address their concerns and recommendations.
Investor meetings
One-to-one meetings
1 28
Group meetings
52
Substantial shareholdings
As at 30 September 2024, the Company had been notified of the
following interests of 3% or more in the issued share capital of
the Company under the UK Disclosure and Transparency Rules:
Shareholder
Number of
ordinary
shares
% of NCC
Group’s
total share
capital
Aberforth Partners LLP 38,305,282 12.18%
Odyssean Investment Trust 19,578,896 6.22%
Canaccord Genuity Wealth
Management (Inst) 14,470,000 4.60%
NFU Mutual 14,183,506 4.51%
Vanguard Group 13,295,985 4.23%
Slater Investments 12,403,914 3.94%
BlackRock 11,886,968 3.78%
Schroder Investment Management 11,440,000 3.64%
JO Hambro Capital Management 11,382,302 3.62%
Kestrel Partners 10,255,458 3.26%
Montanaro Asset Management 9,660,000 3.07%
The following changes to the above interests have been notified
to the Company from 30 September 2024 to 10 December 2024:
Shareholder
Number of
ordinary
shares
% of NCC
Group’s
total share
capital
Montanaro Asset Management 8,310,000 2.64%
Directors’ shareholdings
For details of Directors’ shareholdings, remuneration and
interests in the Company’s shares and options, together with
information on service contracts, see pages 79 to 100 of the
Directors’ Remuneration Report.
Annual General Meeting
The AGM is an opportunity for shareholders to vote on certain
aspects of Group business and provides a useful forum for
one-to-one communication with private shareholders. At the
AGM shareholders receive presentations on the Company’s
performance and may ask questions of the Board. The Chair
seeks to ensure that the Chairs of the Audit, Remuneration,
Nomination and Cyber Security Committees are available at the
meeting to answer questions and all Directors attend.
The Company prepares separate resolutions on each substantially
separate issue to be voted upon at the AGM. The result of the
vote on each resolution is published on the Company’s website
after the AGM and will be announced via the regulatory
information service. At the 2023 AGM, shareholders representing
over 76.72% of the Company’s issued share capital returned their
proxy votes.
On behalf of the Board
Chris Stone
Non-Executive Chair
10 December 2024
66 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
I am pleased to present the Audit Committee Report for the
period ended 30 September 2024 to explain how we have
discharged our responsibilities with an overview of our
principal activities and their outcomes.
Committee membership, attendees’ access
and objectives
I have been Chair of the Audit Committee for the past
financial period and I am a Chartered Accountant with
diverse sector experience across listed companies, private
equity and financial services in several disciplines including
risk management, internal control and financial reporting.
I am also currently Chair of the Audit and Risk Committees
at Caledonia Investments plc, Domino’s Pizza Group plc
and Enfinium Group, all of which provide me with an
additional external perspective to bring to my chairing of
this Committee. The Board therefore considers that I have
the recent and relevant financial experience required by
the Code.
Mike Ettling, Julie Chakraverty and I all served on the
Committee throughout the period. All members of the
Committee are considered to be independent, and the
Committee as a whole continues to have competence in the
technology sector.
Summary biographies of each member of the Committee
are included on pages 56 and 57.
The purpose of the Audit Committee is to assist the Board
in the discharge of its fiduciary duties of stewardship of
the Group’s assets. The Committee particularly focuses on
systems and processes of management control, and the
reporting of internal management information and externally
reported financial information. The Committee also provides
a forum for reporting by the external auditor. Cyber risk and
controls are also considered in the Cyber Security Committee.
A full copy of the Committee’s terms of reference can be
found in the Investor Relations section of the Group’s
website at www.nccgroupplc.com/investor-relations/
corporate-governance/.
Audit Committee report
Meeting frequency and attendance
The terms of reference for the Committee require at least three
meetings per year. During this financial period, the Committee
met seven times. As well as the members of the Committee,
standing invitations are given to the Company Chair, the other
Independent Non-Executive Directors, the Chief Executive
Officer, the Chief Financial Officer, the Group Director of
Finance and the Group Director of Global Governance, with
other attendees also attending by invitation. The external
auditor also attends each meeting. During the period, the
Committee held meetings with the external auditor and
the Group Director of Global Governance without the Executive
Directors being present.
Attendance during the period of individual Audit Committee
members is shown in the table on page 59.
Significant accounting areas and areas of significant
management judgement or estimation uncertainty
The table below summarises the significant accounting issues,
judgements and estimates considered by the Committee during
the period in relation to the Financial Statements. These are
categorised as either recurring items the Committee regularly
reviews or current period focus areas. The table also indicates
the level of judgement or estimation applied to each item.
Items with a “low” judgement level typically have extensive
independent third party evidence, while those requiring “high”
judgement rely more on management estimates and historical
trends than third party evidence.
Review items
Accounting
judgement?
Estimation
required?
Impairment of goodwill – North America
Cyber Security n/a High
Reallocation of goodwill – Europe Cyber
Security n/a High
Lynn Fordham
Chair, Audit Committee
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Governance
67
Principal duties delegated to the Audit Committee
Areas delegated to the
Audit Committee Committee responsibilities Activities during the period
Financial reporting
•
Monitoring the integrity of the Financial Statements
relating to the Group’s financial performance and
their compliance with the provisions of IFRS, the
Companies Act, the UK Corporate Governance Code,
the Disclosure Guidance Transparency Rules and
other regulations
•
Reviewing material information and significant
accounting judgements contained in the Annual Report
and Accounts
•
Advising the Board on the continuing appropriateness
of the Group’s existing accounting policies and the
application of any new or modified accounting and
reporting standards
•
Continued focus on quality of earnings and
adherence to Individually Significant Items
accounting policy
•
Reviewed all significant accounting areas and
areas of key estimation. Reviewed PwC audit
conclusions in these areas with significant
discussions around the Group’s annual impairment
review, assumptions and resultant disclosures
•
Changed the year end from May to September
Narrative reporting
•
Advising the Board on the effectiveness of the
processes ensuring that the Annual Report and
Accounts, when taken as a whole, is fair, balanced
and understandable
•
Undertook an internally facilitated Committee
evaluation exercise to assess where the
Committee should best focus its attention
•
Considered recent technical updates including
guidance issued by the Financial Reporting Council
•
Reviewed management’s going concern and
Viability Statement assessment, including
macro-economic considerations. Reviewed
PwC audit conclusions in these areas
•
Reviewed a summary of why management
considers the Annual Report is fair, balanced
and understandable
Internal controls
and risk
management
systems
•
Reviewing the effectiveness of the Group’s internal
control systems
•
Reviewing the nature and extent of significant financial
risks and how they can be mitigated
•
Received regular briefings from the Director
of Global Governance summarising risk
management and control issues
•
Received a self-assessment of the finance controls
highlighting enhancements made during the period,
areas of continuous improvement and specific
actions to implement minimum control standards
•
Planning for regulatory changes arising from the
new corporate governance reform requirements,
including identifying material controls
•
Monitoring ESG reporting, including progress on
TCFD and CSRD, and embedding sustainability
into the business
Compliance,
whistleblowing
and fraud
•
Reporting to the Board on the procedures for
responding to whistleblowing, fraud or potential
breaches of anti-bribery legislation
•
Received a summary of regulatory updates
including health and safety updates documenting
new initiatives and activities
•
Health and safety briefings were held for the
Board and Executive Committee during the period
•
Review of the failure to prevent fraud legislation
including reviewing our policies, risk assessment
and training
Internal audit
•
Reviewing the internal audit reports discussing any
major control failures or weaknesses
•
Reviewed the findings from the internal audit
reviews and projects conducted during the period
and approved the Internal Audit Plan for the
forthcoming year
External audit
•
Reviewing the audit findings with the external auditor
including discussing any major issues that arise during
an audit, the accounting and audit judgements made,
the level of any errors identified during the audit and
the effectiveness of the audit process itself
•
Making recommendations to the Board in relation
to the appointment of the external auditor, approving
its remuneration and terms of engagement
•
Overseeing the relationship with the external auditor
including, but not limited to, assessing its
independence, objectivity and effectiveness
•
Appointed a new external auditor for FY24
•
Assessed the effectiveness of the 2023 external
audit process and Audit Committee effectiveness
•
Reviewed the findings from the audit for the
period ended 30 September 2024
Audit Committee report continued
68 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Significant issues considered during the period in
relation to the Financial Statements
During the period, the Committee reviewed and considered the
following areas in respect of financial reporting and the
preparation of the interim and annual Financial Statements:
•
The appropriateness of the accounting policies used
•
Compliance with external and internal financial reporting
standards and policies
•
Significant areas of management judgement or estimation
•
Assumptions and models used to determine fair value of all
key business units for the Group annual impairment review
•
Assessed the quality of earnings by reviewing one-off,
out of period or non-trading items arising over the period
•
Continued focus on the adherence to the Individually
Significant Items (ISIs) accounting policy and presentation
of ISIs
•
Accounting for the disposal of non-core operations during
the period
•
Disclosure and presentation of GAAP and Alternative
Performance Measures (APMs)
•
The effectiveness and changes to the financial control
environment (including change in financial year end)
•
Whether the Annual Report and Accounts, taken as a whole,
is fair, balanced and understandable and provides the
information necessary to assess the Group’s financial position,
performance, business model and strategy
•
Revenue recognition on material contracts to the Group
•
Going concern and Viability Statement
In carrying out this review the Committee challenged the
significant estimates and judgements made by the Group’s
finance team and considered the external auditor’s reports
setting out its views on the accounting treatments and
judgements included in the Financial Statements.
Goodwill carrying value
(Recurring item: see Note 11 to the Financial Statements)
The Group has significant balances relating to goodwill as at
30 September 2024 as a result of acquisitions of businesses in
previous years. The carrying value of goodwill at 30 September
2024 is £156.5m (31 May 2023: £255.8m). Goodwill balances are
tested annually for impairment. The Group allocated goodwill to
cash generating units (CGUs) which represent the lowest level of
asset groupings that generate separately identifiable cash
inflows that are not dependent on other CGUs.
An impairment review was conducted as at 31 May 2024,
resulting in full impairment of the goodwill held in this North
America Cyber Security CGU of £31.9m.
Following the Group’s change in its year end reporting date, a
further impairment review was carried out as at 30 September
2024, leading to the allocation of £51.9m of goodwill to the new
Fox Crypto CGU. This new impairment testing date is expected
to be consistently applied for the annual impairment review
going forward.
Fair value less costs to sell
In accordance with IAS 36, during the period ended
30 September 2024, tests for impairment are based on the
calculation of a fair value less costs to sell (FVLCTS) which has
been used to establish the recoverable amount of the CGU.
The FVLCTS valuation for of each standalone CGU has been
calculated by determining sustainable earnings, which are based
on the Adjusted EBITDA
1
, and applying a reasonable market
multiple on the calculated sustainable earnings. Estimated
sustainable earnings have been determined taking into account
past experience and includes expectations based on a market
participant view of maintainable performance of the business
based on market volatility and uncertainty as at 31 May 2024 and
30 September 2024. The sustainable earnings input is a level 3
measurement; level 3 measurements are inputs which are
normally unobservable to market participants.
The sustainable earnings figures used in this calculation include
key assumptions regarding sustainable revenues and costs for
the business. If the assumptions and estimates used in this
valuation prove to be incorrect, the carrying value of goodwill
may be overstated.
During this period, the Committee has reviewed the Group’s
latest available forecasts, along with its ongoing execution of the
new strategy and management’s future action plans, as part of
its consideration of the utilised sustainable earnings figures.
The Group incurs certain overhead costs in respect of support
services provided centrally to the CGUs. Such support services
include Finance, Human Resources, Legal, Information Technology
and additional central management support in respect of
stewardship and governance. In calculating sustainable earnings
these overhead costs have been allocated to the CGUs based on
the extent to which each CGU has benefited from the services
provided. Commonly this is driven by time spent by the relevant
central department in supporting the CGU, informed by headcount
or where possible specific cost allocations have been made.
This allocation methodology remains consistent with the prior
year, to ensure the allocation is representative of the business
operating model.
The Adjusted EBITDA
1
multiple used in the calculations is based
on an independent third party assessment of the implied
enterprise value (from a market participant perspective as at
31 May 2024 and 30 September 2024) of each CGU based on a
population of comparable companies and precedent transactions.
The estimated cost to sell was based on other recent
transactions that the Group has undertaken.
The Committee reviewed the FVLCTS calculations including the
sustainable earnings used and the multiple applied (considering
the independent third party valuation as at 31 May 2024 and
30 September 2024 that takes into account a market participant
view of the performance of the business based on market volatility
and uncertainty as at 31 May 2024 and 30 September 2024).
Impairment of goodwill – North America Cyber Security
The Committee concurred with the view of management that a
full goodwill impairment of £31.9m should be taken as at 31 May
2024 in relation to North America Cyber Security CGU and that
no other impairments should be recognised as recoverable
amount was higher than carrying value for all other CGUs.
The Committee reviewed the sensitivity analysis and the
disclosure included in Note 11 to the consolidated Financial
Statements and concurred with management’s assessments.
This assessment considered reasonable possible changes in
the expected gross margin, a key assumption for sustainable
earnings, and evaluated how changes in sustainable earnings
could impact the potential for further impairment of North
American Cyber Security other assets as at 31 May 2024. As the
goodwill in the North America Cyber Security CGU was fully
impaired as at 31 May 2024, no further sensitivity analysis is
provided as at 30 September 2024.
1 Revenue at constant currency, Adjusted EBITDA and net debt excluding lease liabilities are Alternative Performance Measures (APMs) and not IFRS
measures. See appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
69
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Goodwill carrying value continued
Goodwill reallocation – Europe Cyber Security
During June 2024, as part of the expected disposal of the Fox
Crypto B.V. entity, the Group reorganised its reporting structure
to separate out the Fox Crypto B.V. entity from the Europe Cyber
Security CGU. On this basis the Europe Cyber Security goodwill
has been reallocated between the newly created Fox Crypto
CGU and the remaining Europe Cyber Security CGU.
Goodwill has been reallocated based on the relative values of
the two CGUs, with adjustments made to reflect the fact that
the Fox Crypto CGU is less asset-intensive than the remaining
Europe Cyber Security CGU.
The value of each CGU is based on FVLCTS. For the Fox Crypto
CGU the FVLCTS is based on the expected consideration to be
received on disposal (see Note 18 of the Financial Statements)
of this business less estimated selling costs. For the remaining
Europe Cyber Security CGU the fair value has been calculated
using a methodology consistent with that used in the goodwill
impairment review and described above.
Based on this assessment, goodwill of £51.9m has been reallocated
to the Fox Crypto CGU, leaving £2.2m as reallocated to the EU
Cyber Security CGU. Goodwill reallocated to the Fox Crypto CGU
has been reclassified to asset held for sale (see Note 18).
The FVLCTS valuation for of each standalone CGU has been
calculated by determining sustainable earnings, which are based
on the Adjusted EBITDA
1
, and applying a reasonable market
multiple on the calculated sustainable earnings. Specifically, the
key assumption for the Europe Cyber Security CGU is considered
to be the forecast revenue that has been used to calculate
sustainable earnings. On this basis, sensitivity analysis was
performed for certain scenarios where management considered
that reasonably possible changes in key assumptions as at
30 September 2024 could occur, potentially leading to a change
in the reallocation of goodwill.
The Committee concurred that it was appropriate to separate
the Europe Cyber Security CGU into two separate CGUs and that
the goodwill reallocation between the Fox Crypto CGU and the
remaining Europe Cyber Security CGU was appropriate.
The Committee also reviewed the sensitivity analysis and the
disclosure included in Note 11 to the consolidated Financial
Statements and concurred with management’s assessment. This
assessment considered reasonable possible changes in revenue,
a key assumption for sustainable earnings, and evaluated how
changes in sustainable earnings could impact the reallocation of
goodwill as at 30 September 2024.
The Group’s approach to materiality
In considering the materiality of any individual issue or issues
in aggregate, the Group looks at a range of qualitative and
quantitative measures to assess whether omitting, misstating or
obscuring information could reasonably be expected to influence
decisions that the primary users of general-purpose Financial
Statements make on the basis of those Financial Statements.
The range of measures includes (but is not limited to) the primary
Financial Statements themselves, the individual line item in
question, and whether the issue moves the result from one side
of an inflection point to another (for example, turning a profit
into a loss or a net asset into a net liability). Qualitative and
quantitative measures are both considered, as is any potential
impact on remuneration or banking arrangements such as
debt covenants.
Internal audit
The Internal Audit function is responsible for internal audit, and
the provision of assurance in relation to financial, operational
and quality systems and processes. The team is responsible for
supporting the implementation of risk management across the
business and monitors the implementation of related action
plans. During the period, 19 internal audit reports were issued to
the Audit Committee covering a range of risk areas including key
financial controls, payroll processes, expenses, user access
controls, use of spreadsheets, and an IR35 review.
The Audit Committee maintains an ongoing review of the
Internal Audit function, which reports directly into the Chair of
the Committee. The Committee is responsible for approving the
content and coverage of the Internal Audit Plan, which documents
the links to the Group’s strategic risks, key controls and associated
assurance coverage. As a result, the Committee has approved
the expansion of the internal audit team with an the additional
of a qualified auditor joining in during the period, increasing
the volume and coverage of assurance audits. In addition,
Internal Audit has a co-source arrangement as required for IT
specialist audits and also utilises the cyber experts from within
the business. The members of the internal audit team are all
qualified in ACA, ACCA, or CIMA, and one member is completing
the CIIA qualification. The Internal Audit Plan also includes time
for the continual professional development of the team.
The work of the Internal Audit function is a regular standing
agenda item at all Committee meetings where a full update is
provided including updates on audit and assurance activities,
progress against on the Internal Audit Plan, and commentary and
tracking of the implementation of agreed management actions
where to address deficiencies are addressed in an expedited
manner. All internal audit reports are provided to the PwC
external audit team and discussed with it during regular
catch-up meetings. The Internal Audit Plan is reviewed to ensure
continued relevance or is adjusted to the current environment
taking a risk-based approach.
Finally, the internal audit team is reviewing the new 2024 CIIA
Standards and preparing a gap analysis to ensure full compliance
to expected practice.
Internal controls and risk management
The Board is responsible for establishing, maintaining and
monitoring the Group’s system of risk management and internal
control and reviewing its effectiveness. The Committee monitors
the performance of management in this area.
We have an ongoing process for identifying, evaluating and
managing the principal risks faced by the Group, which has been
in place for the period under review and is deemed effective up
to the date of approval of the Annual Report and Accounts.
The Group’s non-Cyber Security risks are monitored by the Audit
Committee on behalf of the Board, which sets aside time for an
in-depth discussion of notable or changing risks to the business.
A description of the process for managing risk, together with a
description of the principal risks and strategies to manage those
risks, is provided on pages 29 to 38. Cyber risks are reviewed by
the Cyber Security Committee; the Cyber Security Committee
Report can be found on pages 77 and 78.
Internal control systems are designed to meet the needs of the
Group and the risks to which it is exposed. By their nature,
however, internal control systems are designed to manage rather
than eliminate the risk of failure and can provide only reasonable
but not absolute assurance against material misstatement or
loss. Key elements of the risk management and internal control
system are described below.
Audit Committee report continued
70 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Controls relating to financial reporting and preparation
of the Annual Report and Accounts
•
Information provided to management covering financial
performance and key performance indicators, including
non-financial measures
•
A robust internal review process to ensure the integrity of the
preparation of the Annual Report and Accounts
•
A detailed budgeting process where business units prepare
plans for the coming year
•
Procedures for the approval of capital expenditure and
investments and acquisitions
•
Monthly operational reviews to monitor and reforecast results
as required against the annual operating plan, with major
variances followed up and management action taken
where appropriate
•
Introduction of the Group finance manual in FY24
Other controls
•
Defined management structure and delegation of authority to
Committees of the Board, subsidiary boards and associated
business units
•
Regional governance committees established
•
Recruitment standards and compliance training to ensure the
integrity and competence of staff
•
Annual economic crime, ethics, data protection, information
security, health and safety and export controls training for
all colleagues
•
Clearly documented internal procedures set out in the Group’s
ISO 9001-2015-accredited quality manual
•
Regular internal audits of key processes and procedures under
the Group’s ISO 9001 and ISO 27001-accredited quality
assurance process
•
Monitoring of any whistleblowing or fraud reports supported
by recently introduced red flag reporting
The external auditor regularly reports its findings on those areas
of internal control which it assesses as part of the external audit
to the Board and the Audit Committee.
Our internal control effectiveness is assessed through the
performance of regular checks, which in the period ended
30 September 2024 included:
•
Assessment of the identification and management of risks
connected to the Group’s new strategy and management of
strategic change
•
Reviewing and testing the Group’s financial reporting processes
•
Performing compliance monitoring activities
•
Assessment of the Group’s processes for identifying and
mitigating potential conflicts of interest
•
Monitoring the completion of the Group’s mandatory
colleague training
Following these regular checks, it was deemed that the controls
were effective and the internal control systems are designed to
meet the needs of the Group and its risks.
Whistleblowing and confidential reporting procedures
The Group operates a confidential reporting and whistleblowing
procedure (known as our “Whistleblowing Policy”). The policy
aims to support the stewardship of the Group’s assets and the
integrity of the Financial Statements as well as protecting
colleague welfare. The procedure is reviewed annually by the
Committee to ensure that it remains fit for purpose.
The Group has appointed an independent third party reporting
agent to be the first point of contact for those who do not wish
to use normal internal line management channels for reporting
their concerns. This is advertised both internally, via colleague
noticeboards and our intranet, and externally on the website.
Colleagues are asked to undertake mandatory training on an
annual basis including a reminder on the Code of Ethics policy
and the Whistleblowing Helpline.
The Committee reviews any whistleblowing or confidential
reporting of concerns raised during the period with respect to
their nature, scale and any associated or consequential risks.
Review of the Audit Committee’s effectiveness
The Committee has reviewed and considered the effectiveness
of its performance during the period via an internally facilitated
Board and Committee evaluation process. The review included
the views of members of the Committee and of regular attendees
at the various meetings (including the Executive Directors). I am
satisfied that the degree of rigour and challenge applied in
performing the Committee’s responsibilities is appropriate and
effective and continues to improve. Please see pages 63 and 64
for further details of the Committee evaluation process.
External auditor appointment
The Committee is responsible for overseeing the relationship
with the external auditor, including recommending to the Board
their appointment, reappointment and removal, assessing their
independence on an ongoing basis and approving the statutory
audit fees. The Committee notes the publication in May 2023 of the
FRC’s Audit Committees and the External Audit: Minimum Standard.
In making these recommendations the Committee considers:
•
The experience, industry knowledge and expertise of the auditor
•
The scope and planning of the audit and any variations from
the plan
•
The quality of the processes adopted
•
The auditor’s explanations of significant risks to audit quality
by reference to the Company’s specific circumstances and
changes to the risks
•
The fees charged
•
Its attitude to, and handling of, key audit judgements
•
Its ability to challenge and communicate effectively with
management
•
The quality of the final report
•
The FRC’s Audit Quality Review report relating to the auditor
•
The appropriate and effective use of experts and specialists
As part of the Board’s responsibility to ensure the integrity of
the Company’s financial reporting and audit processes, the Audit
Committee undertook a comprehensive review of the effectiveness
of the external audit, leading to a change in the Company’s
statutory auditor.
In accordance with UK corporate governance requirements, the
Company initiated a formal tender process in November 2023,
inviting several audit firms to participate. The process was
overseen by the Audit Committee and involved a thorough
assessment of each firm’s capabilities, including:
•
Audit approach: The Committee evaluated each firm’s
approach to addressing the Company’s specific audit risks,
especially considering its industry and international scope
•
Expertise and resources: The firm’s sector expertise, team
quality and global reach were assessed, as these factors are
critical for effective audit service delivery
71
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
External auditor appointment continued
•
Independence and ethics: The firm’s commitment to
maintaining the highest levels of independence and adherence
to ethical standards was also a key consideration
Following this process, the Board approved the recommendation
of the Audit Committee to appoint PricewaterhouseCoopers
(PwC) as the Company’s statutory auditor, effective for the
financial period ended 30 September 2024.
The external audit
PwC is engaged to express an opinion on the Financial
Statements. It reviews the data contained in the Financial
Statements to the extent necessary to express its opinion.
It discusses with management the reporting of results and the
financial position of the Company and presents findings to the
Committee. Where it makes recommendations in its report to
the Committee, the Committee reviews them and agrees with
management the manner and extent to which they should
be implemented.
Each of the Directors in office at the date of this report is not
aware of any relevant information that has not been made
available to PwC and each Director has taken steps to be aware
of all such information and to ensure it is available to PwC.
PwC’s audit report is published on pages 106 to 111.
Auditor’s independence and objectivity
The Committee received a formal statement of independence
from the external auditor.
The Committee recognises the importance of ensuring that the
independence and objectivity of the external auditor is not
impaired through the provision of non-audit services. We have in
place robust policies on the use of auditors for non-audit work.
Additionally, the Audit Committee’s approval is also required for
any fees for any non-audit work undertaken by the auditor.
During the period, the Group paid PwC £80,000 (2023: £nil) for
their review of the interim Financial Statements and £2,000 for
access to a generic online accounting manual (both of which are
non-audit services). These represented 4.9% of the total audit
fees. No other non-audit services were provided by the
external auditor.
All significant pieces of non-audit work are put to informal tender
to suitable parties that, if appropriate, can include the external
auditor. Upon review as to suitability and price, the work will then
be placed with the service provider recommended. If this is the
external auditor, then Audit Committee approval is required. The
external auditor was not engaged during the period to provide
any services which may have given rise to a conflict of interest.
The Committee is satisfied that the overall levels of audit and
non-audit fees are not material relative to the income of the
external auditor as a whole and therefore that the objectivity and
independence of the external auditor were not compromised.
During the period, our external auditor received ad hoc cyber
resilience services in the ordinary course of business, totalling
£151,861 (2023: £82,907). The Committee is satisfied that this
work is immaterial and provided on normal commercial terms
to both the external auditor and the Company and therefore
the objectivity and independence of the external auditor are
not compromised.
External auditor’s effectiveness
For the financial year ended 31 May 2023, KPMG LLP served as
the Company’s statutory auditor. The Audit Committee conducted
an annual assessment of KPMG’s effectiveness, taking into
account factors such as:
•
Audit quality: The Committee evaluated the quality of the
audit conducted by KPMG, including the rigour of audit
procedures, its technical capabilities and its understanding
of the Company’s industry and risks
•
Independence and objectivity: The independence of KPMG
was reviewed to ensure that there were no conflicts of interest
and that it adhered to the applicable ethical standards
•
Communication and transparency: The Committee
considered the quality of communication between KPMG and
both management and the Audit Committee. This included its
willingness to challenge management’s judgements where
appropriate and the timeliness of its feedback
Following this review, the Committee concluded that while KPMG
had performed adequately, it was in the Company’s long-term
interest to rotate auditor in line with best practice governance.
Since its appointment, PwC has been fully engaged with both
management and the Audit Committee to ensure a smooth and
effective transition. This has included:
•
Audit planning: PwC presented a detailed audit plan for the
financial period ended 30 September 2024, which included
its approach to significant areas of risk
•
Independence: PwC has confirmed its independence in
accordance with applicable regulations and has established
rigorous controls to ensure this is maintained throughout
their engagement
•
Engagement with management: Initial feedback from
management indicates that PwC has adopted a thorough
and collaborative approach to understanding the business’
operations, processes and risk areas
During the financial period, I attended regular meetings with
PwC’s engagement partner without management being present.
This provided the opportunity for open dialogue. The engagement
partner demonstrated her understanding of the Group’s business
risks and the consequential impact on the Financial Statements.
The Audit Committee will continue to closely monitor PwC’s
performance throughout the audit period and conduct a
post-audit review to assess its effectiveness in delivering a high
quality and independent audit.
In line with the UK Corporate Governance Code, the Audit
Committee will continue to monitor the effectiveness of the
external audit process annually, ensuring that the Company’s
auditor continues to meet the highest standards of
independence, audit quality and service.
Related party transactions and other fees approved
by the Committee
Refer to Note 31 for related party transactions during the period.
Audit Committee report continued
72 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Fair, balanced and understandable
The following process was followed by the Committee in making its assessment:
1. Financial information
•
Prepared by individual business units
•
Consolidated by Group finance team
•
Reviewed by Group Financial Controller and CFO
2. Narrative disclosures
•
Prepared by Group finance team
•
Reviewed by Group Financial Controller and CFO
•
Various reports prepared by Committee Chairs,
CEO and CFO
3. Independent reviewers
•
Senior members of the Executive Committee
or other senior colleagues
•
Those who have not been major contributors
4. Audit Committee Chair
•
Review of detailed verification documents
•
Review of findings and observations from
independent reviewers
1
Financial
information
3
Independent
reviewers
2
Narrative
disclosures
4
Audit
Committee
Chair
Fair, balanced and understandable
At the request of the Board, the Committee considered whether
the 2024 Annual Report and Accounts, when taken as a whole,
was fair, balanced and understandable (FBU) and whether it
provided the necessary information for shareholders to assess
NCC Group’s position and performance, business model and
strategy. The reviews outlined in the diagram above include
reviews of all material matters, as reported elsewhere in this
Annual Report and Accounts, and reviews of the balance of good
and bad news and ensure the Annual Report and Accounts
correctly reflects:
•
The Group’s position and performance as described on pages
6 and 7 and 40 to 51
•
The Group’s business model as described on pages 8 and 9
•
The Group’s strategy as described on pages 12 and 13
The independent reviewers were not major contributors to the
Annual Report and Accounts but, at the same time, as members
of the Executive Committee or other senior colleagues, are
deemed to be sufficiently well informed on the Group’s activities
to be able to give appropriate feedback on the FBU criteria. They
undertake a qualitative review of disclosures and a review of
internal consistency throughout the Annual Report and Accounts.
The Directors’ statement on a fair, balanced and understandable
Annual Report and Accounts is set out on page 105.
Lynn Fordham
Chair, Audit Committee
10 December 2024
73
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Nomination Committee report
We also assess the time commitment required. Candidates are
sought by third party executive search consultants and, where
appropriate, through the assessment of internal candidates and
are then formally considered by the Nomination Committee.
Extensive external referencing is also completed.
Board succession
The Committee is tasked with overseeing the succession
planning process and providing recommendations to the Board.
It adopts a long-term perspective on succession planning,
consistently evaluating Board tenure and diversity (with an
emphasis on gender, cultural background and experience),
and identifying the skills necessary for the Board to effectively
support the Company’s strategy both in the immediate future
and over several years.
The Committee’s efforts in succession planning played a crucial
role in recruitment activities over the years. In the forthcoming
period, the Committee will continue to prioritise the establishment
of suitable succession plans for various timeframes.
Diversity
Our objective is to have a broad range of skills, backgrounds,
experiences and personal attributes within the Board as this
ensures the Board is best placed to serve the Company.
All appointments are made on merit and against objective
criteria with due regard for the benefits of diversity on the
Board, including gender identity, nationality and educational
and professional background, as well as individual
characteristics which will enhance diversity of thinking on the
Board. NCC Group and the Committee value the aims and
objectives of the FTSE Women Leaders Review (formerly the
Hampton-Alexander Review on FTSE women leaders) and the
Parker Review on ethnic diversity of UK boards and support and
apply the Group’s diversity policy.
The Committee is also mindful of the Group’s diversity policy
when making appointments to the Board Committees (Audit,
Cyber Security, Nomination and Remuneration), ensuring an
appropriate range of backgrounds across Committee members
to enhance quality decision making.
The members of the Nomination Committee are Julie
Chakraverty, Jennifer Duvalier and Lynn Fordham, along with me.
(Chris Batterham also served as a Committee member until
30 November 2023).
The Nomination Committee’s objectives
and responsibilities
The Nomination Committee is responsible for reviewing the
size, structure, balance, composition and progressive refreshing
of the Board and its Committees and as such its duties include:
•
Reviewing the structure of the Board
•
Evaluating the balance of skills, knowledge, experience and
diversity on the Board
•
Making recommendations for further recruitment to the Board
or proposing changes to the existing structure of the Board,
or individual Directors
•
Reviewing the leadership needs of the Company, both
Executive and Non-Executive
•
Succession planning for Directors and other senior executives
within the business
•
Recruiting, appointing and exiting of Directors
•
Overseeing membership of, and succession to, the various
Board Committees
•
Reviewing the time commitment required from the Non-Executive
Directors on NCC Group business
The Chair of the Board leads the process for the appointment
of new Non-Executive Directors to the Board and for the
appointment of the Chief Executive Officer. The Chief Executive
Officer, in conjunction with the Chair, leads the process for the
Chief Financial Officer. The Senior Independent Director leads
the process for a new Chair of the Board.
In relation to an appointment to the Board, the Committee draws
up a specification and assesses the capabilities and experience
required for such a role, taking into account the Board’s existing
composition, including relevant experience and understanding
of our stakeholder groups.
Chris Stone
Chair, Nomination Committee
NCC Group plc — Annual report and accounts for the period ended 30 September 202474
The Group’s gender diversity statistics are set out on page 18.
At Board level, we currently have three females, one of whom
is a person of colour; however, we note that diversity extends
beyond the measurable statistics of gender and ethnicity.
We continue to take diversity in its wider context into account,
having regard to the diversity policy, and recommend only the
most appropriate candidates for appointment to the Board.
During the year ended 31 May 2021, we made the firm
commitment that by 2024, we would have at least 33% female
representation on our Board and at least one person of colour.
Through our most recent Non-Executive appointments, in 2022
we delivered on our commitment and are also on course to meet
the FTSE Women Leaders Review target of 40% by the end of
2025. Although this is best practice for FTSE 350 companies, we
have committed to this target regardless of which share index
we are in. Our Board now has 43% female representation.
We remain focused on ensuring diversity within our leadership
population and will continue to address this during future Board
and Executive Committee appointments. Improvements in
diversity are often not a quick process; however, we are very
mindful of the need to continue to take positive action, and the
matter remains an ongoing priority on our agenda. Accessing the
candidates we require to reach this target will involve us looking
beyond the obvious pool of existing board directors within the
UK and we are committed to ensuring that we extend our talent
search to other sectors and locations globally to ensure we find
a diverse pool of candidates to provide us with true diversity of
thought, culture and lived experience, around our Board table.
When a new Director is appointed, they receive a full, formal and
tailored induction into the Company and discuss with the Chair
to identify any immediate and longer-term training requirements.
During the period, we ensured that our CFO (Guy Ellis) was
provided with a formal, comprehensive and tailored induction
programme, supported by internal and external stakeholders,
to establish himself in his statutory role.
The Committee’s terms of reference can be found in the Investor
Relations section of the Company’s website: www.nccgroupplc.
com/investor-relations/corporate-governance. The terms of
reference are reviewed annually and updated when necessary.
Committee meetings
During this financial year, the Committee held two
scheduled meetings.
The attendance of individual Committee members at Nomination
Committee meetings is shown in the table on page 59.
Activities during the period
During the period, the Committee:
•
Evaluated the skills, knowledge and experience around the
Board table
•
Reviewed the structure, size and composition of the Board
•
Reviewed the Directors’ length of service
•
Reviewed the diversity of the Board
•
Reviewed the memberships of all Committees
•
Reviewed the expected time commitment of the Chair and the
Non-Executive Directors
•
Evaluated its own performance as a Committee
During the period, the Nomination Committee has had several
in-depth presentations from the Chief People Officer, focused
on leadership, succession planning and talent management and
development, informed by insights from our data analysis and
the external environment. These presentations looked at the
overall current position, and in particular senior succession,
i.e. the Executive Committee and its direct reports.
Presentations and updates during the period
This period the Committee has had a number of presentations
and updates on various colleague matters across the Group,
including:
•
Undertook a deep dive into Board composition and
succession, inclusive of Chair succession
•
Reviewed achievements over the previous year for the
global people team and looked forward to priorities for the
year ahead
•
Reviewed our ongoing development of capability, with a
particular focus on senior succession and talent
•
Reviewed our approach to collecting colleague diversity data,
with a focus on building colleague sentiment
•
Considered the generational perspectives of colleagues within
the Group and their diverse needs from an organisational and
leadership perspective
•
Received comprehensive colleague engagement briefings
on survey results from the “MyVoice” survey (which utilises
the Glint platform), along with the agreed next steps and
future commitments in response to colleague feedback.
Exit interview data and key themes were also presented to
the Committee
•
Reviewed both present and former colleague sentiment on
Glassdoor and LinkedIn
•
Explored our current global leadership KPIs and discussed
opportunities for improvement as we launched our leadership
development programme during the period
75
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Presentations and updates during the period continued
To support the ambition and our commitment to improving global
diversity, we are focusing on:
Processes
•
Removing barriers to entry and making our talent attraction and
acquisition experience world class, leading to a review of our
selection methodology and a new framework being developed,
to help to level the playing field for under-represented
communities, remove bias and create a robust and valid way
of identifying and selecting talent
•
The ongoing review of our policies, processes and
documentation to ensure all bias is removed (including adverts
and job descriptions), and ensuring the use of inclusive
language wherever possible
•
Throughout the period, the people team has been working
on a strategic project to introduce diversity data collection
processes for both future and current talent for NCC Group.
The Chief People Officer has been driving this initiative and
has kept the Board regularly updated on progress with a
planned go-live for this project early during the next financial
year, leveraging diversity data to foster inclusion, drive
equitable recruitment and provide equal opportunities for all
candidates and colleagues
Culture
•
Development of a behavioural framework which has been
launched and embedded into several elements of the
employee lifecycle, namely performance management
reviews, hiring and, in particular, our bespoke psychometric
profiling tools developed with Saville Assessment, and through
our Group annual bonus plan in the assessment of behavioural
indicators. Further development and embedding are planned
for the coming financial year. The framework was created in
partnership with diversity, equity and inclusion (DE&I) experts
and talent consultancy Pearn Kandola and with input from our
global colleague resource groups
•
Roll-out of our new leadership development programme,
enabling performance to create a consistent understanding
of the essential role of leadership for NCC Group
•
Continued support for our DE&I colleague resource groups to
make positive change and build awareness, to foster inclusion,
awareness and meaningful conversations while empowering
colleagues to drive positive change and cultivate an inclusive
work environment. Additionally, each colleague resource
group now has a dedicated ExCom sponsor to provide
support, and the colleague resource group leads meet
quarterly with the CPO and CEO to maintain continuous
dialogue and development
•
Shared our first Annual Inclusivity Survey to establish a
baseline understanding of comfort level and how accepted
colleagues feel at NCC Group, gauge familiarity with Company
resources and programmes and to understand what
colleagues would like to see more of
•
Launched moments that matter: our suite of supportive,
people-focused policies designed around our colleagues
and their needs. Moments that matter aligns to our people
proposition, evolving and supporting family (in its many forms),
flexibility and wellbeing
•
Our Chief People Officer, Michelle Porteus, signed the Working
with Cancer Pledge to demonstrate our support in providing a
more open, supportive and recovery-forward culture at work,
not only for our colleagues with a diagnosis themselves, but to
bolster those whose loved ones are also living with cancer
Colleague voice
•
Committed to an ongoing open dialogue with our colleagues,
through our bi-annual engagement survey (“MyVoice”),
colleague forums, live leadership “Ask Me Anything” sessions,
Board engagement sessions with colleagues, our colleague
resource groups, listening sessions and our whistleblowing
lines which all play an active role in creating a great place
to work (for further information, please see the Stakeholder
Engagement section on pages 14 and 15)
•
Our “Speak Up” Framework was launched globally to provide
clear guidance and signposting to colleagues, covering the
various routes to raise concerns, and the relevant policies
to address these issues where required, as well as sharing
colleague feedback. This activity was prioritised due to
feedback that there was a lack of clarity around the routes
to take, and the expectations of the process
•
NCC Diamonds, our annual colleague recognition programme
completed its fourth cycle. NCC Diamonds provides colleagues
across the organisation with the opportunity to nominate
individuals or teams for the incredible work they do, recognising
the brilliance and accomplishments of their peers. Nominations
are linked to our NCC Group values, followed by regional and
global judging periods, with each category winner receiving
a “money can’t buy experience”
•
Continuing to develop and assess the broad range of opportunities
for colleagues to ask questions, provide feedback and play an
active role in creating a great place to work
Long term
•
Developing our employer brand to broaden our attraction
strategies, supported by a flexible, distinctive proposition to
ensure we remain current and attractive in an extremely
competitive global tech talent market
•
Building strategic partnerships with organisations to support
our commitment to create an inclusive and diverse environment
•
Connecting the initiatives at every stage of colleagues’ lives
and careers to create enriched career pathways and achieve
the best return for investment with improved colleague
retention. Initiatives include work experience, the Next
Generation Talent programme, mentoring and CyberFirst
bursaries and alumni programmes
Committee effectiveness
During the period, the Nomination Committee carried out
an internally facilitated evaluation of its effectiveness.
The Committee was found to be working effectively with
a number of recommendations made.
Further information can be found on pages 63 and 64
External search consultancies
During the period, no external search agencies were engaged.
Chris Stone
Chair, Nomination Committee
10 December 2024
Nomination Committee report continued
76 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Cyber Security Committee report
The Cyber Security Committee was formed to focus specifically
on the cyber and data protection risks faced by the Group. This
reflects the significant threat posed by cyber risks, the nature
of our business and the potential damage to the business as a
high value target for malicious acts. The Committee’s activities
aim to challenge and support improvements to the Group’s
information security and data protection policies, defences and
controls, so as to comply with global data protection regulations
around the world, and ensure that the Group looks after its own
information, and the information that its customers entrust to it,
with the proper care and attention.
The Committee was formed in November 2016 and I have been
Chair since July 2022.
Chris Batterham (until 30 November 2023), Jennifer Duvalier,
and Lynn Fordham (all Independent Non-Executive Directors)
served as members of the Committee throughout the period.
Chris Stone (Company Chair) is also a member of the Committee.
The Group’s Director of Global Governance, the Group’s Director
of Security Operations (DSO), the Group’s Chief Information
Officer and the Group General Counsel (also Head of Data
Governance) (GC) are standing invitees of the Committee. The
Executive Directors are invited to attend Committee meetings
when the Committee considers it to be appropriate.
The Cyber Security Committee’s objectives
and responsibilities
The Cyber Security Committee is responsible for assessing the
performance of the Group’s internal security and defences and
as such its duties are to:
•
Oversee and advise the Board on the current cyber risk
exposure of the Group and future cyber risk strategy
Julie Chakraverty
Chair, Cyber Security Committee
•
Review at least annually the Group’s Cyber Security breach
response and crisis management plan
•
Review reports on any Cyber Security incidents and the
adequacy of resulting actions
•
Receive and consider the regular update reports from the
DSO and GC and ensure the DSO and GC are given the right
of direct access to the Committee
•
Consider and recommend actions in respect of all cyber and
data protection risk issues escalated to it
•
Keep under review the effectiveness of the Group’s controls,
services and products to analyse potential vulnerabilities that
could be exploited
•
Regularly assess what are the Group’s most valuable
intangible assets and the most sensitive Group and customer
information and assess whether the controls in place
sufficiently protect those assets and information
•
Review the Group’s ability to identify and manage new
cyber risks
•
Assess the adequacy of resources and funding for data
protection and Cyber Security defence and control activities
•
Regularly review the cyber and data protection risk posed by
third parties including outsourced IT and other partners
•
Oversee Cyber Security and data protection due diligence
undertaken as part of an acquisition and advise the Board of
the risk exposure
•
Annually assess the adequacy of the Group’s cyber
insurance cover
The Committee’s terms of reference can be found in the Investor
Relations section of the Company’s website: www.nccgroupplc.
com/investor-relations/corporate-governance/. The terms of
reference are reviewed annually and updated when necessary.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Governance
77
Committee effectiveness
During the period, the Cyber Security Committee carried out
an internally facilitated evaluation on its effectiveness, as it
continues to mature since its formation in November 2016.
The Committee was found to be working effectively and I am
satisfied that the degree of rigour and challenge applied in
performing the Committee’s responsibilities is appropriate and
effective and continues to improve.
As an output of both this and previous evaluations, the
Committee, along with the Board, reaffirmed that Cyber Security
and data protection are sufficiently important risks for the
business and that the Committee should remain focused on this
specific set of risks. Therefore, the current structure in which the
responsibility for broader risk management remains with the
Audit Committee will continue.
Committee activities during the period
The focus for 2024, in terms of Cyber Security, was ensuring the
risks to the Group were well documented and the types of threats
and attacks were well understood. To this end, a risk analysis
was performed to ensure cyber risks map to the enterprise risk
architecture and the work of the GTS security team was tailored
to the highest value areas.
Cyber incident readiness has been a key focus for 2024, with
exercises and training undertaken at all levels, from operational
teams to business leaders to ensure a swift and effective
response in the case of cyber attack. This has involved teams
from all areas of the business continuing the collaboration on
Cyber Security across diverse areas.
Training has been another critical area, with an increased
emphasis on identifying phishing emails as this is an attack
vector that is frequently observed. All colleagues now partake
in monthly phishing exercises that cycle through difficulty levels
to target different attacker sophistication, with educational
assistance sent out post-exercise to help identify suspicious
elements of an email that may indicate a phishing attack. Board
training and updates on developments within Cyber Security
are also provided regularly.
Turning to data protection, the regulatory landscape is
continually changing, particularly in light of the UK GDPR and
regulatory updates in other key jurisdictions, and the team is
working closely to stay abreast of such changes. The team
has also experienced a notable upswing in the number of
Data Subject Rights Requests it receives as individuals become
more aware of their rights under GDPR.
Noteworthy highlights since our previous report include:
•
All Rights Requests received this period have been fulfilled
within legally compliant time periods
•
Our data protection team is now incorporated into the Legal
function, reporting into the Group General Counsel, allowing
better alignment and collaboration between the two teams.
We have restructured the existing team with two Data
Protection and Governance Officers (one focusing on Europe
and one on the UK and RoW) and a Data Protection Manager
to ensure support for the business globally while taking into
account jurisdictional variation
•
Significant progress has been made to support our global
delivery model, including updating the Intra-Group Agreement
to strengthen cross-border transfers. Additionally, the
standard terms and conditions have been updated to
strengthen the Group’s data protection positions while
maintaining commercial outcomes
•
A project to transfer our Records of Processing Activities into
a unified system is in progress which allows us to better track
our activities and simplify reviews
•
Further, our three year strategy continues to pave the way
for our intended application for Binding Corporate Rules.
As detailed in last year’s report, Binding Corporate Rules
provide colleagues and customers alike with a sense of trust
through demonstration of our commitment to protecting
personal data, wherever in the world it may be processed
during our business activities
Committee meetings
During this financial year, the Committee met four times and the
attendance of individual Committee members at the Cyber
Security Committee meetings is shown in the table on page 59.
Julie Chakraverty
Chair, Cyber Security Committee
10 December 2024
Cyber Security Committee report continued
78 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Remuneration Committee report
Annual Statement
The Committee closely monitors shareholder guidance and
feedback on remuneration. Shareholder voting on AGM
remuneration resolutions is reviewed annually, shareholders
are consulted when changes to policy are being considered
and major shareholders have the opportunity to provide annual
feedback to the Board and Remuneration Committee on NCC
Group’s remuneration approach at annual engagement meetings.
There are a number of existing channels of communication with
colleagues with regard to NCC Group’s remuneration policies
and executive remuneration. Our engagement survey enables
colleagues to provide feedback confidentially on many
employment issues, including remuneration. Our designated
NED for colleague engagement also holds a number of
colleague engagement sessions during the period in which
colleagues are invited to provide feedback and comments on
any issue, including executive remuneration and broader
remuneration policies. In particular, a question and answer
discussion is always held on executive remuneration and how
this aligns with the wider Company pay policy. Our designated
NED also reminds colleagues where the information can be
located and answers any questions as they arise. The
Committee also receives regular feedback from the Chief
People Officer and the Director of Reward and Benefits on
how colleagues perceive our remuneration policies and
practices in the context of recruitment, retention and
motivation. This information is used by the Committee in
its monitoring and development of remuneration policies.
Jennifer Duvalier
Chair, Remuneration Committee
On behalf of your Board, I am pleased to present our
Directors’ Remuneration Report (DRR) for the period ended
30 September 2024.
The report is divided into three sections: this Annual Committee
Chair’s Statement, the Annual Report on Remuneration for
FY24, and the proposed Directors’ Remuneration Policy for the
period 2025–2028.
At the AGM in November 2023, 84.86% of shareholders voted
in favour of the Directors’ Remuneration Report, and I would like
to thank shareholders for their continuing support.
Annual statement
2023/24 was another full period for the Remuneration Committee
as we developed our 2025–2028 Directors’ Remuneration Policy,
and also worked through a number of challenges in relation to
the change of year end. The Committee comprised Julie
Chakraverty, Lynn Fordham and myself as Chair. Our Board
Chair, Chris Stone, also attended all meetings. Our remuneration
consultants, Chief People Officer, Director of Reward and
Benefits, CEO and other Executives, including the Group
Director of Finance, were invited to meetings as required,
although we always ensure that we have time without
Executives present and no Executive was present
when decisions relating to their own reward were made.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Governance
79
Proposed Remuneration Policy and changes
Throughout the 16 month period ended 30 September 2024, we
operated within the Remuneration Policy that was approved by
shareholders at the AGM in November 2021 with 87.43% of votes
in favour. In early 2024, we commenced our engagement
process with our major shareholders to shape the Directors’
Remuneration Policy for 2025–2028 (the “DR Policy”) and also to
discuss our remuneration approach in relation to our change in
year end.
Since our last Remuneration Policy, we have seen significant
change amongst our executive team, including the appointment
of a new CEO and CFO who continue to drive the execution of our
strategy, transforming the business at pace with the objective of
creating a stronger, more resilient organisation that can truly
deliver on its purpose to create a more secure digital future.
Having reviewed the Policy, the Committee proposes to make
relatively limited amendments to the variable incentives, as follows.
Annual bonus:
•
The deferral provisions will be slightly adjusted; deferral will
take place for 35% of any bonuses in excess of the first
£50,000 earned. Awards will still be deferred for a period of
two years into shares.
•
The performance scorecard will be simplified with fewer
metrics. The intention is to focus on growth in profit, which is
a key measure of success for the strategy.
Long Term Incentive Plan (LTIP):
•
The Committee and management wish to strengthen the
alignment to value creation by focusing on relative total
shareholder return (TSR), earnings per share (EPS) and cash
conversion, weighted 50%/30%/20% respectively. The
Committee will retain flexibility to adjust these metrics and
their weightings in the life of the policy, but no major changes
would be made without shareholder consultation.
•
The Committee believes that the strategy offers a significant
opportunity for NCC Group to rebuild and increase value to
shareholders over the next three years. We have proposed an
exceptional maximum opportunity in the Policy which provides
an additional 50% of salary headroom. For the LTIPs issued in
June 2024 only, the maximum opportunity was increased by
50% of salary for both the CEO and CFO. This additional
opportunity is also linked to all three performance metrics
proportionately. Vesting will be subject to exceptional
performance and delivery of super stretch targets over and
above the normal award opportunity currently available in the
Policy. Similar provisions have been applied for performance
share awards to other senior executives. The normal maximum
will then apply for the CEO and CFO from 2025.
•
The additional LTIP award will help retain and incentivise the
executive team over this period. The additional shares will only
vest in the event that NCC Group delivers additional value to
our shareholders via truly exceptional financial and share
price performance.
No other material changes are proposed since the DR Policy is
already aligned to best practice. The Remuneration Committee
felt it was important to test with our major shareholders whether
our proposed changes were fit for purpose in the medium to
long term. We would like to thank those investors who we met
with and who provided valuable feedback in helping to shape
our revised Policy, during our extensive consultation with our
larger shareholders.
Year end change
As set out in the announcement of our interim results published
on 25 January 2024, the Board has changed the year end of the
Group from 31 May to 30 September, to drive greater efficiency
in our corporate reporting and audit process. As a result, the
Group announced H2 2024 results and the 12 months trading to
31 May 2024 on 1 August 2024. In addition, the 16 months
trading to 30 September 2024 is reported within this Annual
Report and Accounts and approved on 10 December 2024 in line
with the new reporting timetable.
The Committee deliberated on the course of action in relation to
variable incentives. In general, the approaches taken are within
the currently approved Remuneration Policy and are in line with
the same treatment to the wider workforce and (where applicable)
the rules of the 2020 Long Term Incentive Plan. However, in one
area, we were required to make awards conditional upon the
approval of the new DR Policy as noted below.
•
Annual bonus: a 12 month period operated as per normal,
ended 31 May 2024. The additional four month period to
30 September 2024 was measured based on financial targets
aligned to the four month period. There was a payout after
12 months following the review opinion by NCC Group’s
auditor, PwC, with the four month period payouts made after
publication of our final results for the 16 month period. All
payments in respect of the 16 month period are disclosed
within this report. This course of action is in line with the
treatment to the wider workforce.
•
The 2021 LTIP has a measurement period that ends on
31 May 2024. Vesting was calculated based on performance
to that date, subject to a review opinion by PwC.
•
The 2022 and 2023 LTIP awards will have a performance
measurement period of 40 months to align with the publication of
the 2025 and 2026 financial results. The Committee will review
the EPS and cash conversion targets to ensure that the change
to the financial year does not make the targets any less or more
difficult to achieve. The holding period will continue to run until
five years from date of grant in line with the Governance Code.
•
2024 LTIP: previously, awards were granted annually in October
with the performance period commencing on 1 June. In the
future, awards will be granted in January with the performance
period starting on 1 October. For the 2024 incentive, the
Committee proposes to uplift the award opportunity for all
long-term incentive participants by four months to allow for a
smoother transition between grants. The performance period will
begin on 1 June for the relative TSR element only with other
financial metrics measured based on the October to September
financial year. For the CEO and CFO, these awards are
conditional on shareholder approval of the new DR Policy.
Base salaries
For the 16 month period ended 30 September 2024, an increase
of 9% to Mike Maddison’s salary took effect from 1 December
2023 (the new base salary being £545,000). A further salary
increase of 3% took place with effect from 1 June 2024, taking
the new base salary to £561,350. The Committee thought it
important to recognise Mike’s efforts in formulating and driving
the strategy and for his significant personal contribution to
business performance and the journey the Company is on. This
increase should also be set against the fact that Mike had no
increases to base salary during his first year of service. The
Committee acknowledges that this was above the workforce
average, but for the reasons explained above felt that it
was appropriate.
The CFO also received an increase of 4% effective 1 June 2024,
(the new base salary being £312,000). The Committee recognised
that his salary was somewhat below the appropriate level given
the size and nature of the role, plus the strong start Guy had in
Remuneration Committee report continued
Annual Statement continued
80 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
the role, and his personal positive contribution to the Company
and the finance teams. Last year, the Committee set Guy’s
incentive opportunities slightly below the Policy limits for his
first year; during the period the Committee decided to set
his incentive opportunities in line with the Policy maximum
– i.e. 125% of salary for the bonus and 150% for the LTIP.
Performance related pay – annual bonus
The annual bonus for the period ended 30 September 2024 for
both the CEO and CFO was based on the satisfaction of
stretching financial and strategic targets.
The financial target of Group Adjusted operating profit for the
12 months to 31 May 2024 had a weighting of 60%. Group Adjusted
operating profit was £31.1m and this resulted in a payout of 40% of
the 60%. The strategic objectives had a weighting of 40% and
covered a number of areas supporting our strategy, including
strategic bonus measures around our clients, our capabilities,
people and operational excellence, global delivery and differentiated
brands. The Committee determined that the strategic element
should pay out at maximum. Further detail on performance
against strategic objectives is provided later in the report.
This resulted in a total bonus for the 12 month period at 80% of
maximum resulting in a bonus payout of £522,500 for the CEO
and £250,000 for the CFO.
Given the short time period, and recognising that setting meaningful
strategic targets for such a short timeframe would be challenging,
the bonus for the four month period ended 30 September 2024 was
based purely on financial measures. The payout for this was 100%
of maximum resulting in a bonus payout of £233,895 for the CEO
and £130,000 for the CFO. For both the CEO and CFO, 35% of the
aggregate bonus earned over the 16 month period to 30 September
2024 will be deferred into shares and will vest after two years.
Clawback and malus provisions are also in place for the bonus.
The Committee considered whether it should exercise any
discretion to the bonus outcomes. The Committee concluded
that the outcomes for both the financial and the strategic,
non-financial elements were a fair reflection of the good
performance in the relevant areas, and the Committee therefore
decided not to exercise any discretion.
For 2024/25, the Committee has considered the weighting of
metrics in the annual bonus. The Committee concluded that the
weighting on the Group Adjusted operating profit should be
maintained at 60% of maximum, to continue to give appropriate
emphasis to this metric. The remaining 40% will apply to key
strategic metrics, with stretching targets. These will include
targets linked to the pillars of the strategy, together with people
and operational excellence objectives. These will be fully
disclosed in the Remuneration Report for 2024/25.
Performance related pay – LTIP
The 2023–2026 LTIP was granted in October 2023 and the
2024–2027 LTIP was granted in June 2024. The awards will vest
subject to demanding EPS, cash and relative TSR targets
outlined later in this report. For the CEO and CFO the 2024–2027
awards are subject to the approval of the new DR Policy.
The 2021 LTIP vested at 30% of maximum. This was based on the cash
conversion element (weighting 30%) being achieved in full but with
below-threshold achievement of the EPS growth and TSR metrics.
The Committee considered whether any downward discretion should
be applied to the overall vesting outcome. It concluded that it
remained important to recognise and continue to incentivise strong
levels of cash conversion and that it would not be appropriate to apply
discretion to the payment outcome. The Committee also considered
NCC Group’s underlying performance and the experience of both our
shareholders and wider workforce. Neither of the current Executive
Directors received an award under the 2021 LTIP.
The Committee has reviewed targets and weightings in order to
incentivise growth, maintain high levels of cash conversion and
take into account market expectations. Performance will continue
to be measured against stretching targets. The metrics and the
targets for FY24 to FY27 are set out below:
1. Relative TSR (50% weighting): Median performance against
the FTSE 250 (excluding investment trusts) will be required
for any vesting. For this element to vest at 100%, upper
quartile performance against the FTSE 250 (excluding
investment trusts) will be required. For the stretch target
to pay out (i.e. additional the 50% of salary opportunity that
applies for 2024 awards only), TSR will need to be above the
90th percentile (i.e. within the top 10% when compared to
the FTSE 250 (excluding investment trusts).
2. Cash conversion – new measure (20% weighting): The range
will be increased to 85%–90%, with the stretch target being
above 95%.
3. Adjusted basic EPS – new measure growth (30% weighting):
The threshold is 6.0p, with the target being 7.0p, and the
stretch being 8.5p.
Non-Executive Director and Chair’s fees
In accordance with our Remuneration Policy, the fees for
Non-Executive Directors were thoroughly reviewed by the Company
Chair, CEO and CFO. After careful consideration, it was determined
that there would be no increases during the 2023/24 period.
The Remuneration Committee also conducted a review of the fees
for the Board Chair, utilising data provided by our remuneration
consultants. Once again, it was decided that no increases would
be made for the 2023/24 period. It is our intention to conduct a
thorough review of both the fees for Non-Executive Directors and
the Chair in the upcoming 2024/25 financial year.
Details of these fees and allowances are given in the Annual Report
on Remuneration on page 82
Grants of shares under a below-Board Restricted
Share Plan to broaden colleague share ownership
We remain committed to broadening share ownership throughout
the Group, both as a reward and a retention tool. During the
period, we made further grants to around 150 colleagues under
our Restricted Share Plan (RSP), authorisation for which had
been granted at the 2020 AGM.
In addition, we also offered colleagues the opportunity to
participate in our Save As You Earn/stock purchase share plans in
the UK, the US, Canada, the Netherlands, Australia and Spain. Once
again, these proved popular with high take-up levels. Over the
course of the next year, we will explore how we can launch share
plans within the Philippines for our new colleagues based there.
The Group also has a new Share Incentive Plan (SIP) for UK-based
colleagues, further increasing our commitment to cost effective
colleague share ownership.
Conclusion
The 2024 Directors’ Remuneration Report will be put to the usual
annual advisory vote at the AGM on 28 January 2025, along with
the binding vote on the three year DR Policy covering the period
2025–2028. The Committee is committed to engagement and
transparency and I welcome the opportunity for discussion of
the Group’s remuneration with shareholders, at our AGM or at
any other time during the period, and look forward to your
continuing support.
Jennifer Duvalier
Chair, Remuneration Committee
10 December 2024
81
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Annual Report on Remuneration
This part of the report has been prepared in accordance with Part 3 of The Large and Medium-sized Companies and Groups
(Accounts and Reports) (Amendment) Regulations 2013 as amended and 9.8.8R of the Listing Rules.
The following report will be subject to an advisory shareholder vote at the AGM, which is scheduled to be held on 28 January 2025.
The information on pages 79 to 100 has been audited where indicated.
How the Remuneration Policy has been implemented in the period ended 30 September 2024
This section sets out how the Remuneration Policy was implemented in 2023/24. The key implementation decisions during the period
related to:
•
Review of salaries for Executive Directors
•
The determination of bonus outcomes for the 2023/24 performance period
•
The performance targets and value of awards granted under the LTIP, which will vest in 2026 and 2027
Further detail on these decisions, together with other information on payments made to Directors, is set out in the following sections.
Single total figure of remuneration (audited)
The detailed emoluments received by the Executive and Non-Executive Directors for the period ended 30 September 2024 are below.
For ease of comparison, a 12 month period to 31 May 2024 has also been shown:
Director Period ended
Salary/
Non-
Executive
Director fees
1
£000
Benefits
2
£000
Pension
benefits ³
£000
Total
fixed pay
£000
Bonus
12 months
to 31 May
2024 ⁴
£000
Bonus 4
months to
30 Sept
2024 ⁴
£000
Long-term
incentive ⁵
£000
Other
8
£000
Total
variable
pay
£000
Total
£000
Chris Stone
16 months to
30 Sept 2024 217 — — 217 — — — — — 217
31 May 2024 163 — — 163 — — — — — 163
31 May 2023 163 — — 163 — — — — — 163
Mike Maddison
16 months to
30 Sept 2024 710 14 32 756 523 234 — — 757 1,513
31 May 2024 523 11 24 558 523 — — — 523 1,081
31 May 2023 449 1 16 466 39 — — 500 539 1,005
Adam Palser
16 months to
30 Sept 2024 — — — — — — — — — —
31 May 2024 — — — — — — — — — —
31 May 2023 24 1 1 26 — — — — — 26
Guy Ellis
8
16 months to
30 Sept 2024 379 8 17 404 250 130 — — 380 784
31 May 2024 275 6 12 293 250 — — — 250 543
31 May 2023 — — — — — — — — — —
Tim
Kowalski
9
16 months to
30 Sept 2024 28 2 1 31 — — — — — 31
31 May 2024 28 2 1 31 — — — — — 31
31 May 2023 333 13 15 361 21 — 30 — 51 412
Chris
Batterham
10
16 months to
30 Sept 2024 28 — — 28 — — — — — 28
31 May 2024 28 — — 28 — — — — — 28
31 May 2023 70 — — 70 — — — — — 70
Julie
Chakraverty
6
16 months to
30 Sept 2024 114 — — 114 — — — — — 114
31 May 2024 85 — — 85 — — — — — 85
31 May 2023 78 — — 78 — — — — — 78
Jennifer
Duvalier
16 months to
30 Sept 2024 90 — — 90 — — — — — 90
31 May 2024 67 — — 67 — — — — — 67
31 May 2023 67 — — 67 — — — — — 67
Lynn Fordham
7
16 months to
30 Sept 2024 90 — — 90 — — — — — 90
31 May 2024 67 — — 67 — — — — — 67
31 May 2023 46 — — 46 — — — — — 46
Mike Ettling
16 months to
30 Sept 2024 75 — — 75 — — — — — 75
31 May 2024 56 — — 56 — — — — — 56
31 May 2023 56 — — 56 — — — — — 56
Total
16 months to
30 Sept 2024 1,731 24 50 1,805 773 364 — — 1,137 2,942
31 May 2024 1,292 19 37 1,348 773 — — — 773 2,121
31 May 2023 1,286 15 32 1,333 60 — 30 500 590 1,923
Remuneration Committee report continued
Annual Report on Remuneration
82 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
1 The Chair and Non-Executive Directors each receive an allowance paid as part of their base fees of £8,200 and £4,750 respectively, to cover all travel
and expenses related to their roles on the Board.
2 Benefits currently include the provision to every Executive Director of private medical insurance, income protection and life assurance. Benefits also
include the discount to market value (plus savings bonus) of the SAYE option granted to Mike Maddison during the financial period.
3 Executive Directors are entitled to a Company pension contribution, which is paid into the Group defined contribution personal pension scheme.
They can also opt to have the same level of contribution made in the form of a cash contribution.
4 Annual bonus payments for performance in the relevant financial year; 35% of this bonus is deferred into nominal cost share options for two years.
Dividend equivalents accrue on these shares. Awards are subject to service conditions but there are no further performance conditions.
5 Long-term incentive awards vesting under the LTIP. Neither Mike Maddison or Guy Ellis had any LTIP awards vesting during the 16 month period to
30 September 2024 (and indeed have not had any awards vesting to date under this scheme since they joined NCC Group). (The awards made to
Tim Kowalski are covered within payments to former Directors.)
6 Julie Chakraverty joined the Board on 1 January 2022 and took over from Jennifer Duvalier as the designated Non-Executive Director for engaging with
colleagues on behalf of the Board. On 1 July 2022, Julie took over from Chris Stone as Chair of the Cyber Security Committee, and on 1 February 2023
took over from Chris Batterham as the Senior Independent Director.
7 Lynn Fordham was appointed to the Board on 1 September 2022 and became Chair of the Audit Committee on 1 February 2023.
8 Guy Ellis was appointed CFO on 30 June 2023.
9 Tim Kowalski stepped down as CFO on 30 June 2023.
10 Chris Batterham stepped down as a Non-Executive Director on 30 November 2023.
Additional information in respect of the single total figure of remuneration
Pension and benefits
The CEO’s and CFO’s pension provisions are in line with the level of the wider workforce, which is currently 4.5% of salary. These are
either paid as pension contributions, or cash in lieu of pension.
Annual bonus (audited)
2023/24 annual bonus (audited)
For the period ended 30 September 2024, the maximum annual bonus opportunity for Mike Maddison was 125% of salary. For Guy Ellis,
the maximum annual bonus opportunity was 100% of salary for the period 30 June to 30 November 2023 and 125% of salary for the
period 1 December 2023 to 30 September 2024. For the 12 months ended 31 May 2024, bonuses of 80% of maximum were payable
for both the CEO and CFO being £522,500 and £250,000 respectively for Mike Maddison and Guy Ellis. In accordance with the
Remuneration Policy, 35% of each payment will be deferred into nominal cost share options for two years (these shares are subject
to service conditions but there are no further performance conditions), with the remaining 65% paid in cash in August 2024.
The performance measures and targets are set out below.
Financial targets – up to 60% of the 12 month bonus to 31 May 2024 (audited)
Performance targets Mike Maddison Guy Ellis
Threshold
(12%)
Target
(40%)
Max.
(60%) Actual Weighting Outturn Weighting Outturn
Adjusted operating
profit – previous
measure
1,2
, target for
CEO and CFO £28.8m £31.0m £34.0m £31.1m 60% 40% 60% 40%
Strategic The strategic targets were set individually for the
Executive Directors based on key strategic objectives
for the period in their area of responsibility – see below. 40% 40% 40% 40%
Total payout (% of bonus) 100% 80% 100% 80%
Bonus opportunity £653,125 £312,500
Total bonus for 12 months to 31 May 2024 £522,500 £250,000
Amount paid in cash (65%) £339,625 £162,500
Amount deferred in shares (35%) £182,875 £87,50 0
(Guy Ellis was appointed as CFO on 30 June 2023.)
1 Adjusted operating profit – previous measure represents operating profit before share-based payments, amortisation of acquired intangibles and
Individually Significant Items.
2 Adjusted operating profit – previous measure is an Alternative Performance Measure (APM) and not an IFRS measure. (See Note 3 for an explanation of
APMs and adjusting items.)
83
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Additional information in respect of the single total figure of remuneration continued
Annual bonus (audited) continued
Strategic targets – up to 40% of the 12 month bonus to 31 May 2024 (audited)
The table below highlights the key strategic targets and achievements for each Executive Director. Bonus target ranges have been disclosed
to the extent possible, but the achievement of some areas is determined by the Committee based on its judgement of performance.
Bonus award (% of
maximum total bonus)
31 May 2024
Target and performance conditions Outcome Weighting Outcome
CEO targets
Our clients Deeper client engagement on the most pressing Cyber Security needs. 10% 10%
Our capabilities Broader service portfolio addressing the full Cyber Security lifecycle. 10% 10%
Global delivery Transition from an international to a global business taking into
consideration actions to progress NCC Group’s journey to achieve net zero
before 2050. 10% 10%
Differentiated brands Clear and relevant brands for Cyber Security and Escode to support
separate and distinct growth strategies. 2.5% 2.5%
People and
operational excellence
Improvement in colleague engagement and appropriate succession
planning following new executive team appointments.
Ensure operational efficiency programme is executed. 7.5% 7.5%
CEO outcome 40% 40%
CFO targets
Our clients Step change in Investor Relations engagement. 5% 5%
Our capabilities Establish Global Cyber Commercial Finance function. 10% 10%
Global delivery Transition from an international to a global business taking into
consideration actions to progress NCC Group’s journey to achieve
net zero before 2050. 10% 10%
People and
operational excellence
Improvement in colleague engagement and appropriate succession
planning following new executive team appointments. 5% 5%
Ensure operational efficiency programme is executed. 10% 10%
CFO outcome 40% 40%
For the four months ended 30 September 2024, bonuses of 100% of maximum were payable. The actual bonus awarded for the
four months to 30 September 2024 to Mike Maddison was £233,895 and to Guy Ellis was £130,000 based on the achievement of
the performance conditions set out below. 35% of each payment will be deferred into nominal cost share options for two years
(these shares are not subject to any further performance conditions), with the remaining 65% paid in cash in December 2024.
The performance measures and targets are set out below.
Financial targets – 100% of the four month bonus to 30 September 2024 (audited)
Participants Threshold
Potential Payout
of pro rata OTE Target
Potential Payout
of pro rata OTE Stretch
Potential Payout
of pro rata OTE
Executive Directors £3.0m 33% £4.0m 67% £4.5m 100%
Performance Targets Potential Payout Mike Maddison Guy Ellis
Adjusted operating profit – previous measure
1,2
,
target for CEO and CFO
Threshold £3.0m 33%
Target £4.0m 67%
Stretch £4.5m 100%
Actual £6.0m 100% 100%
1 Adjusted operating profit – previous measure represents operating profit before share-based payments, amortisation of acquired intangibles and
Individually Significant Items.
2 Adjusted operating profit – previous measure is an Alternative Performance Measure (APM) and not an IFRS measure. (See Note 3 for an explanation of
APMs and adjusting items.)
(Given the short time period, and recognising that setting meaningful strategic targets for such a short timeframe would be
challenging, the bonus for the four month period ended 30 September 2024 was based entirely on Group Adjusted operating
profit – previous measure
1,2
.)
Remuneration Committee report continued
Annual Report on Remuneration continued
84 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Long Term Incentive Plan (LTIP) vesting (audited)
Neither Mike Maddison nor Guy Ellis had any LTIP awards vesting during the 16 month period to 30 September 2024. (The awards
made to Tim Kowalski are covered within payments to former Directors.)
Executive
Number of
LTIP awards
1
Basis Performance period
Tim Kowalski 40,630 150% of base salary 1 June 2021 to 31 May 2024
The performance conditions for these awards are set out below:
Weighting Component Metric
Threshold
(15% vesting)
Maximum
(100%
vesting)
Actual
performance
Actual %
vested Vesting basis
60% Adjusted
basic EPS
– previous
measure
3,4
Average growth over a three
year period
9% 20% (9.9%) 0% Straight line between
threshold and maximum
30% Cash
conversion
– previous
measure
3,5
Average cash conversion
3
ratio – previous measure over
a three year period
70% 80% 97.7% 30% Straight line between
threshold and target, then
target and maximum
10% TSR TSR over three years vs FTSE
250 comparator group
(excluding investment trusts)
Median Upper
quartile
Below
median
0% Straight line between
threshold and maximum
Total 30%
Long-term incentives granted during the 16 month period to 30 September 2024 (audited)
During the 16 month period to 30 September 2024, the Executive Directors were granted awards subject to the performance
conditions set out below. The awards were as follows:
October 2023 awards
Executive
Number of shares
under awards
1
Basis Face value
2
Performance period
Mike Maddison 822,368 175% of base salary £875,000 1 June 2023 to 30 September 2026
Guy Ellis 281,954 100% of base salary £300,000 1 June 2023 to 30 September 2026
The performance conditions for these awards are set out below:
Proportion Component Metric
Threshold
(15% vesting)
Target
(50% vesting)
Maximum
(100%
vesting) Vesting basis
40% Adjusted basic EPS –
previous measure
3,4
CAGR growth over a three
year period
6% n/a 18% Straight line between
threshold and maximum
20% Cash conversion –
previous measure
3,5
Average cash conversion
ratio over three years
80% 85% 90% Straight line between
threshold and target, then
target and maximum
40% TSR TSR over – previous measure
three years vs FTSE 250
comparator group (excluding
investment trusts)
Median n/a Upper
quartile
Straight line between
threshold and maximum
1 LTIP awards are structured as nominal cost options.
2 Based on a share price of £1.064, which was the closing mid-market price of the Company’s shares on the day before the date of grant.
3 Adjusted basic EPS – previous measure
4
, cash conversion – previous measure
5
, and cash conversion ratio – previous measure, are Alternative Performance
Measures (APMs) and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
4 Adjusted basic EPS – previous measure, is statutory basic EPS before share-based payments, amortisation of acquired intangibles and Individually
Significant Items and the tax effect thereon.
5 Cash conversion – previous measure ratio percentage of net cash flow from operating activities before interest and tax divided by Adjusted EBITDA
– previous measure.
85
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Long-term incentives granted during the 16 month period to 30 September 2024 (audited) continued
June 2024 awards
As mentioned in the introductory letter, awards have historically been granted annually in October; in future, with the change of year
end, awards will be granted in January. To allow for the transition between grants, the Committee proposed that the 2024 awards
should be uplifted by four months. It also proposed that the award basis be increased by 50% of salary (“stretch awards”) for each
Director, as proposed in the new Policy and subject to shareholder approval at the 2025 AGM. The 50% uplift is subject to stretch
performance criteria. No further awards will be made until January 2026. This period’s awards were as follows:
Executive
Number of shares
under awards
1
Basis Face value
2
Performance period
Mike Maddison 1,140,954 225% of 16 months’ salary £1,684,050 1 June 2024 to 30 September 2027
Guy Ellis 563,685 200% of 16 months’ salary £832,000 1 June 2024 to 30 September 2027
The performance conditions for these awards are set out below:
Proportion Component Metric
Threshold
(20% vesting)
Normal maximum
(maximum vesting
for standard
awards)
6
Stretch target
(maximum vesting
for stretch
awards)
7
Vesting basis
30% Adjusted basic EPS
– new measure
3,4
Growth of Adjusted EPS over
a three year period
6.0p 7.0p 8.5p Straight line between
these points
20% Cash conversion
– new measure
3,5
Average cash conversion
ratio over three years
85% 90% 95% Straight line between
these points
50% TSR TSR over three years vs FTSE
250 comparator group
(excluding investment trusts)
Median Upper
quartile
Above 90% Straight line between
these points
1 LTIP awards are structured as nominal cost options. (Awards were granted on a 16/12ths basis to take account of the 40 month performance period arising
from the change to the financial year end) and to allow for the ease of transition between grants.
2 Based on a share price of £1.476, which was the closing mid-market price of the Company’s shares on the day before the date of grant.
3 Adjusted basic EPS – new measure, cash conversion – new measure, and cash conversion ratio – new measure are Alternative Performance Measures
(APMs) and not IFRS measures. See Note 3 for an explanation of APMs and adjusting items.
4 Adjusted basic EPS – new measure is statutory basic EPS before Individually Significant Items and the tax effect thereon.
5 Cash conversion – new measure is the ratio percentage of net cash flow from operating activities before interest and tax divided by Adjusted EBITDA – new measure.
6 Standard award relates to 887,409 shares for the CEO and 422,764 shares for the CFO.
7 Stretch award relates to 253,545 shares for the CEO and 140,921 shares for the CFO. (Subject to shareholder approval.)
SAYE options granted in the period ended 30 September 2024 (audited)
The Group operates an HMRC-approved SAYE scheme. All eligible colleagues, including Executive Directors, may be invited to
participate on similar terms for a fixed period of three years. During the period, Mike Maddison joined the 2024 SAYE scheme
(which will mature on 1 June 2027) and has options over 18,699 shares with an option price of £0.992. No awards vested this period.
Payments for loss of office and to past Directors (audited)
As disclosed last year, Tim Kowalski stepped down as CFO on 30 June 2023. He was not eligible for a bonus in the 16 month period
ended 30 September 2024 and did not receive any further grants of long-term incentives.
In June 2023, Tim Kowalski’s departure was announced and his contractual six month notice period commenced. Tim’s base salary
continued to be paid during his notice period in monthly instalments (total £166,000), together with fringe benefits (total £5,000)
(including pension payments in lieu of pension contributions (total £7,000)) while he remained a colleague.
Annual Bonus
Tim was not eligible for a bonus for the financial period beginning 1 June 2023.
Deferred annual bonus awards
The 2021 deferred bonus plan award vested as normal in October 2023. In accordance with the Directors’ Remuneration Policy, the
Remuneration Committee exercised its discretion to allow the 2022 and 2023 awards to vest at the termination date, as performance
for these awards was assessed previously in respect of the relevant bonus year.
Shares vesting from the 2022 and 2023 awards are subject to the post-employment shareholding policy (see below).
Long Term Incentive Plan (LTIP) awards
Tim did not receive a 2023 LTIP grant. In respect of Tim’s existing LTIP awards, these were all pro-rated until the end of his notice period.
The LTIP awards made in November 2021 (with a performance period of 1 June 2021–31 May 2024) will vest in December 2024. Tim
Kowalski was a beneficiary of these and achieved a vesting of 30% of the award of 135,434 shares, being 40,630 shares (the original
number of shares granted was 192,099 shares which was pro-rated for service). (The Committee is satisfied that the formulaic outcomes
are appropriate and that they reflect performance over the performance period.) The three month average share price to 30 September
2024 was £1.56; therefore, the overall value of the shares was £63,000. The share price on the date of grant was £2.40, therefore (£0.84)
was due to share price depreciation. These awards are subject to the post-employment shareholding guideline.
Remuneration Committee report continued
Annual Report on Remuneration continued
86 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
In the year ended 31 May 2023, 28,762 shares vested to Tim Kowalski which had a performance period ending on 31 May 2023.
The share price on the date of vesting was £1.06; therefore, the award had an overall value of £30,000. The share price on the date
of grant was £2.94, therefore, (£1.88) was due to share price depreciation.
The two year post-vesting holding period applies to all LTIPs.
Post-employment shareholding requirements
The two year post-employment shareholding requirement, under the Directors’ Remuneration Policy, which came into effect from
November 2021, applies to the 2021 and 2022 LTIPs and the 2022 and 2023 deferred annual bonus plan awards.
Other
Tim was reimbursed £6,000 (including VAT) for legal costs and £500 in respect of his non-compete agreement, and £30,000
(including VAT) for outplacement and transition support.
Directors’ interests in shares (audited)
The tables below set out details of the Executive Directors’ outstanding share awards, which will vest in future years subject to
performance conditions and/or continued service.
Summary of maximum LTIP awards outstanding
Total LTIP
options held
at 31 May
2023
1
Granted
during the
period
Exercised
during the
period
Share price
on date of
exercise
Lapsed
during the
period
Total LTIP
options
held at
30 September
2024
1
Mike Maddison 436,408 1,963,322 — n/a — 2,399,730
Guy Ellis — 845,639 — n/a — 845,639
1 Includes only unvested and unexercised LTIP options.
All awards granted under the LTIP are subject to continued employment and the satisfaction of the performance conditions as set out
above. The awards were all nil-cost options.
Share ownership (audited)
The beneficial and non-beneficial interests of the current Directors in the share capital of NCC Group plc at 30 September 2024 are set out below.
(Details of Executive Director shareholding requirements and achievement against these are set out on page 88.)
Beneficial interests
in ordinary shares
1
Nil-cost options subject
to performance
2
SAYE options
3
Deferred bonus
nil-cost options
4
Vested but
unexercised
nil-cost options
Special
Replacement
Award
5
Total
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
30 Sept
2024
31 May
2023
Chris
Stone
712,843 162,843 — — — — — — — — — — 712,843 162,843
Mike
Maddison
148,063 — 2,399,730 436,408 18,699 14,269 130,190 — — — — 222,222 2,696,682 672,899
Guy
Ellis
8
3,533 — 845,639 — — — 70,901 — — — — — 920,073 —
Tim
Kowalski
7
147,197 147,197 — 440,956 — 14,269 — 66,921 — 28,764 — — 147,197 698,107
Chris
Batterham
6
55,000 55,000 — — — — — — — — — — 55,000 55,000
Julie
Chakraverty 63,914 20,249 — — — — — — — — — — 63,914 20,249
Jennifer
Duvalier
19,115 19,115 — — — — — — — — — — 19,115 19,115
Mike
Ettling
50,000 50,000 — — — — — — — — — — 50,000 50,000
Lynn
Fordham
50,000 25,000 — — — — — — — — — — 50,000 25,000
1 This information includes holdings of any connected persons.
2 These awards represent the outstanding LTIP interests, included in the table above, which are due to vest after 30 September 2024.
3 Representative SAYE scheme interests, which will vest after the end of the three year savings period in 2027.
4 Nominal cost share options granted under the deferred bonus plans, subject to a service condition, tax and National Insurance. (For Guy Ellis, awards made
under the Restricted Share Plan of 14,450 shares made prior to his promotion to CFO are also included in this figure.)
5 Relates to the Special Replacement Award granted to replace remuneration at previous employment. The award was subject to a service condition.
6 Chris Batterham stepped down as a Director on 30 November 2023. At that time he held 55,000 shares.
7 Tim Kowalski stepped down as a Director on 30 June 2023. At that time he held 147,197 shares.
8 Guy Ellis was appointed as a Director on 30 June 2023 hence no shareholding is shown as at 31 May 2023.
87
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Share ownership (audited) continued
Following the period ended 30 September 2024, the following Directors dealt shares. The number of shares traded are shown below:
•
On 7 October 2024, Mike Maddison purchased 521 shares at £1.688 by reinvesting his dividends
•
On 17 October 2024, Mike Maddison and Guy Ellis purchased 90 and 45 shares respectively at £1.6787 within the UK Share Incentive Plan
•
On 4 October 2024, Mike Maddison purchased 42 shares and Guy Ellis purchased 15 shares, both at £1.72 by reinvesting dividends
within the UK Share Incentive Plan
•
On 11 October 2024, Guy Ellis sold 2,614 shares (held at 30 September 2024) at £1.656, along with 7,634 shares (again at £1.656)
from the exercise of a Restricted Share Plan awards made prior to his promotion to CFO
•
On 18 November 2024, Mike Maddison and Guy Ellis purchased 94 and 47 shares respectively at £1.586 within the UK Share
Incentive Plan
Shareholding requirements (audited)
The Executive Directors are expected to build and retain a shareholding in the Group equivalent to at least 200% of base salary.
Executives will normally be required to retain all vested deferred bonus shares and LTIP shares released from the holding period, until
they have attained the minimum shareholding requirement and, even then, only when they have held vested LTIP shares for a minimum
period of two years. Executive Directors will also be required to retain all shares vesting from SAYE schemes. For the avoidance of
doubt, Executive Directors are permitted to sell sufficient shares in order to meet any tax obligation arising from vesting shares.
The table below sets out the Executive Directors’ shareholding requirements and achievement against these. The percentages within this
table have been calculated using a three month average share price (1 July 2024 to 30 September 2024) of £1.56 and include Mike
Maddison’s vested Special Award of 117,515 shares, and all unvested deferred bonus plans on a net of tax and National Insurance basis.
Shareholding
requirements
(% of salary)
Shareholding
as at
30 September
2024
(% of salary)
Requirement
met
Mike Maddison 200% 60% No
Guy Ellis 200% 21% No
Relative importance of the spend on pay
The table below shows the percentage change in total remuneration paid to all colleagues compared to the total dividends
(including those recognised but not yet paid as of 30 September 2024) in the current and previous financial periods.
30 September
2024
£m
31 May
2023
£m % change
Colleague remuneration costs
1
283.6 236.9 19.7%
Dividends
2
24.3 14.5 67.6%
1 Based on the figure shown in Note 6 to the consolidated Financial Statements.
2 During the period ended 30 September 2024, a total of £14.5m was paid out in dividends to shareholders, as detailed in Note 9 of the consolidated financial
statements, excluding the proposed final dividend for 2024. Additionally, a dividend of £9.8m was recognised but not yet paid as at the period end,
reflecting the Company’s continued commitment to returning value to its shareholders.
Percentage change in the remuneration of Directors
The table below shows the movement in the salary or fees, benefits and annual bonus for each Director over the last three financial
years compared to the equivalent changes for all colleagues of the Company.
The comparator group for salaries and benefits is all colleagues in the UK – there were no benefit policy changes in this time. There
are no employees of NCC Group plc.
The comparator group for the bonus is those in the senior management population who also have an annual scheme and excludes
those on commission and incentive plans.
Remuneration Committee report continued
Annual Report on Remuneration continued
88 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
% increase in salary % increase in benefits % increase in annual bonus
2023/24 2023/24 2023/24
Director 2020/21 2021/22 2022/23
(12
months)
(16
months) 2020/21 2021/22 2022/23
(12
months)
(16
months) 2020/21 2021/22 2022/23
(12
months)
(16
months)
Chris Stone (5.0%) 14.0% 3.0% — — — — — — — — — — — —
Mike Maddison
(CEO) — — — 16.5% 18.6% — — —
1,000.0%
950.0% — — —
1,241.0% 1,841.0%
Guy Ellis (CFO) — — — — — — — — — — — — — — —
Adam Palser 3.0% 3.0% (95.0%) — — — (25.0%) (92.0%) — — 303.0% (33.0%) — — —
Tim Kowalski 1.0% 8.0% 8.0% (92.0%) (94.0%) — (10.0%) (54.0%) (84.6%) (88.5%) 341.0% (17.0%) (90.0%) — —
Chris Batterham (6.0%) 24.0% (4.0%) — — — — — — — — — — — —
Julie
Chakraverty — — 225.0% 9.0% 9.6% — — — — — — — — — —
Jennifer
Duvalier 2.0% 29.0% 2.0% — — — — — — — — — — — —
Lynn Fordham — — — 45.7% 46.7% — — — — — — — — — —
Mike Ettling (8.0%) 20.0% 2.0% — — — — — — — — — — — —
All colleagues 5.1% 5.1% 7.9% 6.7% 7.4% — — — — — 1.0% (40.0%) (89.0%) 412.0% 561.0%
The decrease and subsequent increase of NED fees in 2020/21 and 2021/22 are the results of the removal and reintroduction of the
travel allowance and a review of NED fee levels. The travel allowance was removed in 2020/21 due to the lower levels of travel resulting
from the reaction to the pandemic and then was reintroduced in 2021/22. The combination of these factors results in changes which are
not reflective of changes to NED fee levels. The changes are also affected by the comparison of fees for a full year to fees for a part year
when a Director joins or leaves. The increase for the CEO’s salary has been explained within the Committee Chair’s opening statement.
The significant increase in CEO bonus from the previous year was caused by the 2022/23 bonus paying out at a very low level, with
the 2023/24 bonus being paid out at a much higher level. For the 2023/24 16 month comparison, this has been annualised to provide
a meaningful comparison to the prior year.
To note that for the 2022/23 year, Mike Maddison (CEO) joined on 7 July 2022 hence the 2022/23 year is not a full year for comparison purposes.
To note that for the 2023/24 year, Guy Ellis (CFO) was appointed on 30 June 2023 hence the 2023/24 period is not a full year for
comparison purposes and there is no prior year comparator.
Chief Executive pay compared to pay of UK colleagues
The following table shows the ratio between the single total figure of remuneration (STFR) of the Chief Executive for 2023/24 and the
lower quartile, median and upper quartile pay of our UK colleagues. The salary and total pay and benefits for the lower quartile,
median and upper quartile colleagues are also shown.
Total pay ratio
Financial year Method
25th
percentile
pay ratio
50th
percentile
pay ratio
75th
percentile
pay ratio
2019/20 Option B 18:1 12:1 8:1
2020/21 Option B 27:1 18:1 11:1
2020/21 Option C 26:1 16:1 12:1
2021/22 Option C 23:1 14:1 10:1
2022/23 Option C 22:1 14:1 10:1
2023/24 Option C 25:1 16:1 11:1
2023/24 (16 months) Option C 26:1 17:1 11:1
12 months to 31 May 2024
Mike Maddison,
CEO
25th
percentile
50th
percentile
75th
percentile
Salary (£000) 523 36 47 90
Total pay and benefits (£000) 1,081 44 68 101
16 months to 30 September 2024
Mike Maddison,
CEO
25th
percentile
50th
percentile
75th
percentile
Salary (£000) 710 49 63 120
Total pay and benefits (£000) 1,513 58 90 134
89
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Chief Executive pay compared to pay of UK colleagues continued
CEO pay ratio
The CEO pay ratio has been calculated using Option C, which we deem the most appropriate methodology for NCC Group. Under
Option C, we have used the most recent P60 information (for the 2023/24 tax year) to determine the relevant colleague at the 25th,
50th and 75th percentile. As such the data was correct as of 5 April 2024. As in prior years, we have omitted joiners and leavers from
the data to ensure that the data is on a like-for-like basis. This option was chosen in preference to the other possibilities as it uses the
most accurate and comprehensive data currently available and provides a fair reflection of the total pay received by colleagues. We
are satisfied that the applicable colleagues chosen are a fair representation of the workforce.
The CEO pay ratio has marginally increased due to the fact that the CEO had a higher than workforce average pay increase for the
reasons explained within the Committee Chair’s opening statement.
The pay ratio is consistent with the pay, reward and progression policies currently in place at NCC Group.
Performance graph and table
The following graph shows the total shareholder return, with dividends reinvested, from 1 June 2014 against the corresponding
changes in a hypothetical holding in shares in both the FTSE All Share and FTSE 250 Indices.
The FTSE All Share and FTSE 250 Indices represent broad equity indices. The Company is a constituent member of the FTSE 250 and
FTSE All Share Index and the Committee has adopted the FTSE 250 Index for part of its LTIP performance measure. Both indices give
a market capitalisation-based perspective.
During the financial period ended 30 September 2024, the Company’s share price varied between £0.863 and £1.782 and ended the
financial year at £1.782.
Ten year historical TSR performance is the growth in the value of a hypothetical £100 holding over ten years. It has been calculated
for NCC Group plc and the FTSE All Share, FTSE 250 and FTSE Small Cap Indices (excluding investment trusts) based on spot values.
200
150
100
50
0
2015 20162014 2017 2018
All years ended 31 May with exception of 2024 which was a 16 month period to 30 September 2024.
2019 2020 2021 2022 2023 2024
£100
£121
£168
£98
£129
£103
£101
£192
£62
£143
£129
NCC Group plc FTSE All Share Index FTSE 250 (excluding investment trusts) FTSE Small Cap (excluding investment trusts)
Value (£)
The share price was £0.913 on 1 June 2023 and £1.782 on 30 September 2024.
The table below shows the total remuneration for the Chief Executive over the same ten year period, including share awards valued
at the date they vested.
Period ended
1,2,3,4
Incumbent
Total remuneration
£000
Annual bonus
% of maximum
5
Long-term incentives
% of maximum
6
31 May/30 September 2024 Mike Maddison 1,081/1,513 80/100 —
31 May 2023
1
Mike Maddison 1,005 7.5 —
31 May 2023
2
Adam Palser 26 — 30
31 May 2022 Adam Palser 1,081 60 59
31 May 2021 Adam Palser 1,110 92 40
31 May 2020 Adam Palser 861 23 52
31 May 2019 Adam Palser 679 48 —
31 May 2018
3
Adam Palser 292
3
32 —
31 May 2018
4
Brian Tenner 257
4
32 —
31 May 2017 Rob Cotton 610 — —
31 May 2016 Rob Cotton 1,091 70 20
31 May 2015 Rob Cotton 993 73 15
1 Mike Maddison was appointed on 7 July 2022. The amount above is in respect of the period from 7 July 2022 to 31 May 2023. Mike Maddison was not
eligible for long-term incentives vesting in 2023 and 2024. However, LTIP awards vested at 30% and 30% in 2023 and 2024 respectively.
2 Adam Palser stepped down from the Board on 17 June 2022. The amount above is in respect of the period from 1 June 2022 to 17 June 2022.
3 Adam Palser was appointed on 1 December 2017. The total remuneration figure above is in respect of the period from 1 December 2017 to 31 May 2018.
4 During the year ended 31 May 2018, Brian Tenner acted as Interim Chief Executive Officer for the period 1 June 2017 to 30 November 2017. The total
remuneration figure above is the total remuneration received in relation to that six month period.
5 Note that this shows the annual bonus payments as a percentage of the maximum opportunity. (For 2024, 80% relates to the 12 months to 31 May 2024, and
100% relates to the four months to 30 September 2024. Two figures are shown due to the change in financial year end and the 16 month financial period.)
6 This shows the LTIP vesting level as a percentage of the maximum opportunity.
Remuneration Committee report continued
Annual Report on Remuneration continued
90 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Membership and attendance
The Remuneration Committee membership consists solely of Non-Executive Directors and comprises Jennifer Duvalier,
Julie Chakraverty and Lynn Fordham.
The Company Chair, Chief Executive Officer, Group Director of Finance, Chief People Officer, Director of Reward and Benefits
and Company Secretary attend the Remuneration Committee meetings by invitation of the Chair of the Committee from time
to time and assist the Committee with its considerations. No Director is involved in setting their personal remuneration.
The attendance of individual Committee members at Remuneration Committee meetings is shown within the table on page 59.
Committee effectiveness
During the period, the Remuneration Committee carried out an internally facilitated evaluation of its effectiveness and a number of
recommendations were made. The Committee was found to be working effectively with a number of recommendations made.
Further information can be found on pages 63 and 64
Adviser to the Committee
During the period, the Committee received advice on senior executive remuneration from Mercer and was comfortable that the advice
was objective and independent. Mercer was appointed via an open tender process. Mercer is a founding member of the Remuneration
Consultants Group and is a signatory to its Code of Conduct. The total fee charged in 2023/24 for providing advice in relation to
executive remuneration was £98,000, with fees being determined on a time and expenses basis. At the end of FY23, the Committee
made the decision to move the executive remuneration advisory relationship to Mercer, which also provides below-Board reward
advice to NCC Group. This change allows the upcoming executive remuneration policy review to be linked in with other reward
workstreams in the Group.
Service contracts and letters of appointment
The service contracts and letters of appointment of the current Directors include the following terms:
Date of contract Notice period
Executive
Mike Maddison 28 April 2022 12 months
Guy Ellis 30 June 2023 6 months
Non-Executive
Chris Stone 31 March 2017 3 months
Julie Chakraverty 27 October 2021 3 months
Jennifer Duvalier 25 April 2018 3 months
Mike Ettling 21 September 2017 3 months
Lynn Fordham 19 July 2022 3 months
Dilution
The LTIP has a dilution limit, for new and treasury shares, of 10% of the issued ordinary share capital of the Company in any ten
year period for any share option scheme operated by the Company. As at 30 September 2024, the Company had utilised 22,262,996
(2023: 20,304,107) ordinary shares through LTIP, DABS, SAYE, CSOP, ISO, RSP and ESPP awards counting towards the 10% limit, which
represents 7.08% (2023: 6.51%) of the issued ordinary share capital of the Company. To clarify, this figure of 7.08% includes both
discretionary and all-colleague share schemes.
How will the Remuneration Policy be implemented in the year ending 30 September 2025?
Executive Directors’ base salaries
Increases were made to the base salaries of both Executive Directors for the period ended 30 September 2024. The table below
details the Executive Directors’ salaries as at 30 September 2024 and salaries which are in force on 1 October 2024, with the next
review of salaries being January 2025, in line with the wider workforce.
Base salary
at 30
September
2024
£000
Base salary
at 1 October
2024
£000 % change
Chief Executive Officer – Mike Maddison 561 561 0%
Chief Financial Officer – Guy Ellis 312 312 0%
Pension
Pensions will remain aligned with the level for other colleagues.
91
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Annual bonus
The annual bonus maximum in 2024/25 will be 125% of salary for the Chief Executive Officer and 125% for the Chief Financial Officer,
with 60% based on the achievement of Adjusted operating profit targets and 40% based on the achievement of strategic targets as
outlined on page 84. These targets are commercially sensitive and will be disclosed in the next annual report.
Awards will also be subject to the Committee’s assessment of the overall financial health of the business.
In addition, to ensure that this bonus opportunity results in shareholder alignment and provides greater retention value, 35% of any
bonus payment will be deferred into nominal cost share over £50,000 for a period of two years.
The bonus, nominal cost share options and associated dividend equivalents are also subject to malus and clawback provisions.
Long Term Incentive Plan (LTIP)
LTIP awards were granted in June 2024. It is intended that no further awards will be made under the LTIP scheme for the year
ending 30 September 2025, with the next round of LTIP awards expected to be made in January 2026 during the financial year
ending 30 September 2026, which will be for performance period 1 October 2025 to 30 September 2028.
Non-Executive Directors’ fees
In line with the current Policy, Non-Executive Director fees are reviewed annually.
The last increase was applied on 1 June 2022, and following the annual review in 2022, fees were increased as set out in the table
below. A review was carried out of Non-Executive Directors’ fees during the period for 2023/24 and the decision was taken not to
increase them and review the matter again in the financial year ending 30 September 2025:
FY24/25 FY23/24
Chair fee (excluding travel allowance of £8,200) £154,500 £154,500
Non-Executive Director base fee (excluding travel allowance of £4,750) £51,500 £51,500
Supplemental fees for additional responsibilities:
SID £10,000 £10,000
Audit Committee Chair £11,000 £11,000
Remuneration Committee Chair £11,000 £11,000
Cyber Security Committee Chair £8,000 £8,000
Designated NED for colleague engagement £11,000 £11,000
Statement of shareholder voting
The following votes were received from the shareholders in respect of the Directors’ Remuneration Report and in respect of the
Remuneration Policy:
Remuneration Report
(2023 AGM)
Remuneration Policy
(2021 AGM)
Total number of votes % of votes cast Total number of votes % of votes cast
For
1
206,893,530 84.86 217,981,169 87.43
Against 36,926,077 15.14 31,344,728 12.57
Total votes cast (for and against excluding
withheld votes)
243,819,607 249,325,897
Votes withheld
2
5,772 3,296,572
Total votes cast (including withheld votes) 243,825,379 252,622,469
1 Includes Chair’s discretionary votes.
2 A vote withheld is not a vote in law and is not counted in the calculation of the proportion of votes cast “for” and “against” a resolution.
Approved by the Board and signed on its behalf:
Jennifer Duvalier
Chair, Remuneration Committee
10 December 2024
Remuneration Committee report continued
Annual Report on Remuneration continued
92 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Overall approach to remuneration
The Remuneration Committee determines the Company’s policy on the remuneration of the Executive Directors and (from 1 June 2019)
the Executive Committee (ExCom). The principles which underpin the Remuneration Policy for the Company are to:
•
Ensure Executive Directors’ rewards and incentives are directly aligned with the interests of the shareholders in order to reinforce
the strategic priorities of the Group, optimise the performance of the Group and create long-term sustained growth in shareholder
value, without encouragement to take undue risk
•
Provide the level of remuneration required to attract, retain and motivate Executive Directors and senior executives of an
appropriate calibre
•
Ensure a proper balance of fixed and variable performance related components, linked to short and longer-term objectives and
delivered in a mix of cash and shares
•
Reflect market competitiveness, taking account of the total value of all the benefit elements
Our remuneration strategy has been designed to reflect the needs of a complex multinational organisation, which has grown both
organically and by acquisition.
Remuneration for the Executive Directors is structured so that the variable pay elements (annual bonus and long-term incentives)
form a significant proportion of the overall package. This provides a strong link between the remuneration paid to Executive Directors
and the performance of the Group, as well as providing a strong alignment of interest between the Executive Directors and shareholders.
As a reminder, the following table summarises how our 2025–2028 shareholder-approved Remuneration Policy is aligned with the
factors set out in provision 40 of the 2018 UK Corporate Governance Code.
Code requirements How the Policy aligns
Clarity – remuneration arrangements should be
transparent and promote effective engagement with
shareholders and the workforce
The Committee is committed to providing transparent disclosures to
shareholders and the workforce about executive remuneration arrangements
and, to this end, the Directors’ Remuneration Report sets out the remuneration
arrangements for the Executive Directors in a clear and transparent way. Our
designated Non-Executive Director for colleague engagement engages with
colleagues about our executive remuneration approach. Our AGM allows
shareholders to ask any questions on the remuneration arrangements, and
we welcome any queries on remuneration practices from shareholders
throughout the period.
Simplicity – remuneration structures should avoid
complexity and their rationale and operation should
be easy to understand
Our remuneration arrangements for Executive Directors, as well as
those throughout the Group, are simple in nature and understood by all
participants, having been operated in a similar manner for a number of
years. Executive Directors receive fixed pay (salary, benefits and pension)
and participate in a single short-term incentive (the annual bonus) and
a single long-term incentive (the Long Term Incentive Plan).
Risk – remuneration arrangements should ensure
reputational and other risks from excessive rewards,
and behavioural risks that can arise from target-based
incentive plans are identified and mitigated
The Committee has designed incentive arrangements that do not
encourage inappropriate risk taking. The Committee retains overarching
discretion in both the annual bonus and LTIP schemes to adjust payouts
where the formulaic outcomes are not considered reflective of underlying
business performance and individual contributions. Robust withholding
and recovery provisions apply to variable incentives.
Predictability – the range of possible values of
rewards to individual Directors and any other limits or
discretions should be identified and explained at the
time of approving the Policy
Payouts under the annual bonus and LTIP schemes are dependent on
the performance of the Company over the short and long term, and a
significant proportion of Executive Director remuneration is performance
linked. These schemes have strict maximum opportunities, with the
potential value at threshold, target and maximum performance
scenarios provided in the Directors’ Remuneration Report.
Proportionality – the link between individual awards,
the delivery of strategy and the long-term
performance of the Company should be clear.
Outcomes should not reward poor performance
Payments from variable incentive schemes require strong performance
against challenging conditions over the short and longer term. Performance
conditions have been selected to support Group strategy and consist of
both financial and non-financial metrics. The Committee retains discretion
to override formulaic outcomes in both schemes to ensure that they are
appropriate and reflective of overall performance.
Alignment to culture – incentive schemes should drive
behaviours consistent with Company purpose, values
and strategy
Performance measures used in our variable incentive schemes are selected
to be consistent with the Company’s purpose, values and strategy. The use
of annual bonus deferral, LTIP holding periods and our shareholding
requirements provide a clear link to the ongoing performance of the Group
and ensure alignment with shareholders, which continues after employment.
93
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Proposed Policy table for Executive Directors
This Policy, if approved, will take effect from the date of the 2025 AGM on 28 January 2025. It will be binding for a 3 year period.
Purpose and link to
short and long-term
strategic objectives Operation (including framework to assess performance) Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
Salary
To attract, retain
and reward high
calibre Executive
Directors
The Remuneration Committee reviews salaries for Executive
Directors and also the Executive Committee (ExCom) annually
unless responsibilities change.
Pay reviews take into account Group and personal
performance. Salaries are set on appointment and
benchmarked periodically against market data for companies
operating in IT services, management consulting and relevant
high tech sectors, which, although not directly comparable,
provide an indicative range.
In setting appropriate salary levels the Committee takes into
account pay and employment conditions of colleagues
elsewhere in the Group, alongside the impact of any increase
to base salaries on the total remuneration package.
Any changes are normally effective from 1 January each year.
Details of current Executive
Director salaries are set out
on page 91.
Salary increases are
normally in line with those
for other colleagues but
also take account of other
factors such as changes to
responsibility, development
and the complexity of
the role.
n/a
Benefits
To attract, retain
and reward high
calibre Executive
Directors
Benefits in kind currently include the provision of private
medical insurance, income protection and life assurance.
Executive Directors may be invited to participate in the
Sharesave and SIP Schemes approved by HMRC or other
benefits introduced for all colleagues.
Market-competitive benefits.
SAYE Sharesave and SIP
Schemes subject to
HMRC-approved limits.
n/a
Pension
To provide a
competitive benefit,
which attracts high
calibre Executives
and allows flexible
retirement planning
to suit individual
needs
Executive Directors are entitled to a Company pension
contribution, which is paid into the Group defined contribution
personal pension scheme.
They can also opt to have the same level of contribution made
in the form of a cash contribution.
4.5% Company pension
contribution (or payment in
lieu of pension) (which is line
with the majority of the
workforce (currently 4.5%)).
Annual bonus
To drive and reward
sustainable
business
performance
Based on a range of stretching targets measured over one year. This
might include, but not exclusively, profit measures and other strategic
objectives such as cash management, brand development, customer
satisfaction and retention, business unit sales growth and colleague
engagement. In normal circumstances at least 60% of the bonus will
be related to financial measures. Performance below the minimum
performance target results in no bonus. No more than 20% of the
maximum opportunity is paid for achievement of the threshold
performance targets. Payments rise from the threshold payment to
100% of the maximum opportunity for levels of performance between
the threshold and maximum targets. The rate of the rise and the
various payment targets are determined annually by the Committee.
The Committee has discretion to reduce the formulaic bonus
outcome if individual performance is determined to be unsatisfactory
or if the individual is the subject of disciplinary action.
35% of any bonus payment earned in excess of £50,000 is
normally deferred into shares or nominal cost share options which
vest after a two year period. At the discretion of the Remuneration
Committee, dividend equivalents may be included.
Malus and clawback provisions are in place for both cash
and deferred elements.
125% of base salary. First £50,000
of any bonus
will be paid in
cash before
any bonus
deferral.
Remuneration Committee report continued
Directors’ Remuneration Policy
94 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Purpose and link to
short and long-term
strategic objectives Operation (including framework to assess performance) Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
Long Term Incentive Plan
To drive long-term
performance in line
with Group strategy
and incentivise
through share
ownership
Awards have a performance period of at least three years and
normally must be held for a further two years after vesting.
The level of vesting is determined by measures appropriate
to the strategic priorities of the business. At least half of
any award will normally be subject to financial performance
measures. Measures might include, but not exclusively, EPS,
cash flow and relative TSR metrics.
The Remuneration Committee has the discretion to determine
the number of measures and the actual performance measures
to be used.
Performance below the threshold target results in no vesting.
For performance between the threshold target and maximum
performance target, vesting starts at 20% and rises to 100% of
the shares vesting.
Should a change in control of the Group occur,
crystallisation of any LTIP awards is within the discretion of
the Remuneration Committee.
Malus and clawback provisions are in place.
At the discretion of the Remuneration Committee, dividend
equivalents may be included.
Normally awards over shares
with a face value at grant of
175% of salary per annum for
the CEO and awards of 150%
of salary for the CFO.
In exceptional circumstances,
the maximum opportunity is
225% per annum for the CEO
and 200% for the CFO.
It is the Committee’s
intention to only allow this for
the 2024 awards with the
normal maximum being used
from 2025. The 2024 awards
have a higher opportunity
with a longer performance
period to ease the transition
between changing of
financial year-ends. The
additional 50% opportunity is
subject to super stretch
targets over and above the
normal targets for the normal
maximum of annual awards.
Use of an
exceptional
maximum
with
additional
50% of salary
opportunity
for both the
CEO and CFO
for the 2024
awards only.
Threshold
increased
from 15%
to 20%.
Executive Director shareholding requirement
To align the
interests of
Executive Directors
with the interests of
all of the
Company’s
shareholders
The Executive Directors are expected to build and retain a
shareholding in the Group at least equivalent to 200% of base
salary. Executives will be required to retain all vested deferred
bonus shares and LTIP shares released from the holding period
until they have attained the minimum shareholding requirement
and even then they may normally only sell when they have held
vested LTIP shares for a minimum period of two years.
For the avoidance of doubt, Executive Directors are permitted to
sell sufficient shares in order to meet any tax or withholding
obligation arising from vesting shares.
Retention of shares post-employment: Executives will be
expected to retain the lower of their holding on cessation or
200% of salary for the first year following cessation, reducing to
100% of salary for the second year.
n/a n/a
Choice of performance measures and target setting
For both the annual bonus and LTIPs, the objective of our Policy is to choose performance measures which help drive and reward the
achievement of our strategy and which also provide alignment between Executives and shareholders. The Committee reviews metrics
annually to ensure they remain appropriate and reflect the future strategic direction of the Group.
Targets for each performance measure are set by the Committee with reference to internal plans and external expectations.
Performance is generally measured so that incentive payouts increase pro rata for levels of performance in between the threshold
and maximum performance targets.
With regard to the annual bonus, the Remuneration Committee believes that a simple and transparent scheme with sufficiently
stretching targets and an element of bonus deferral prevents short-term decisions being made and ensures that the Executives are
focused on the delivery of sustainable business performance.
With regard to the LTIP, the Committee believes in setting demanding objectives, which reward steady, progressive growth, in order
to incentivise and encourage long-term growth and enhance shareholder value. Where in exceptional circumstances the maximum
opportunity is increased, more demanding performance objectives will normally be set.
Performance measures and targets are disclosed in the Annual Report on Remuneration. In cases where targets are commercially
sensitive, for example annual profit targets for the annual bonus, they will normally be disclosed retrospectively in the period in which
the bonus is paid.
95
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Differences in Remuneration Policy for colleagues and Executive Directors
The principles behind the Remuneration Policy for Executive Directors are cascaded down through the Group and their aims are to
attract and retain the best talent and to focus their remuneration on the delivery of long-term sustainable growth by using a mix of
salary, benefits, bonus and longer-term incentives.
As a result, no element of the Executive Director Remuneration Policy is operated exclusively for Executive Directors other than the
post-employment shareholding policy:
•
The annual performance related pay scheme for Executive Directors is largely the same as that of the Executive Committee and
other senior managers within the business and all are aligned with similar business objectives.
•
Participation in the LTIP is extended to the Executive Committee and other senior managers where possible although restricted
shares rather than performance shares are typically granted at levels below the Executive Committee.
•
The pension scheme is operated for all permanent colleagues and from 1 December 2021 the Executive Directors received the
same level of contribution as the majority of other colleagues.
The main difference between pay for Executive Directors and colleagues is that, for Executive Directors, the variable element of
total remuneration is greater while the total remuneration opportunity is also higher to reflect the increased responsibility of the role.
In addition, we have the ability to grant awards of restricted shares to Executive Committee members. This will enable us to be
competitive in certain markets, most notably the US, where such plans are very much part of any executive remuneration package.
Non-Executive Director Policy table
Purpose and link to
short and long-term
strategic objectives Operation (including framework to assess performance) Maximum opportunity
Changes since
last Directors’
Remuneration
Policy
Fees
To attract, reward
and retain
experienced
Non-Executive
Directors
Fees for the Non-Executive Directors are determined by the
Board within the limits set by the Articles of Association and
are based on information on fees paid in similar companies,
taking into account the experience of the individuals and the
relative time commitments involved.
There will be separate disclosures of fees paid for chairing
the Audit, Remuneration and Cyber Security Committees,
and for acting as Senior Independent Director or for other
additional responsibilities.
Fees for the Non-Executive Directors are reviewed annually.
Additional fees may be paid in certain circumstances such as
taking on extra duties, or if exceptionally the time commitment
is significantly increased.
An expenses allowance is paid or alternatively any reasonable
business related expenses (including tax thereon) can be
reimbursed if determined to be a taxable benefit.
Current fee levels are set
out on page 92.
The overall fee limit will
be within the current
£750,000 limit set out in
the Company’s Articles of
Association, approved on
25 September 2019,
which is subject to
increase on 25 September
each year by the same
percentage increase as
the percentage increase
in the General Index of
Retail Prices for all items
(or such other
comparable index as may
be substituted for it from
time to time before such
anniversary) in the 12
months immediately
preceding such date.
n/a
Remuneration Committee report continued
Directors’ Remuneration Policy continued
96 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Approach to recruitment
The principle applied in the recruitment of a new Executive Director is for the remuneration package to be set in accordance with the
terms of the approved Remuneration Policy for existing Executive Directors in force at the time of appointment. Further details of this
Policy for each element of remuneration are set out below.
Pay element Approach Areas of flexibility
Salary Set to reflect the Executive’s skills and
experience, the Company’s intended pay
positioning and the market rate for the
applicable role.
The Committee will have the discretion to allow phased salary
increases over a period of time for newly appointed Directors,
even though this may involve increases in excess of the rate
for the wider workforce and inflation in circumstances where
starting salary was below median levels.
Benefits
and pension
Benefits will be provided in line with those
offered to other Executive Directors, taking
account of local market practice, with
relocation expenses or arrangements provided
if necessary.
Tax equalisation may also be considered if an Executive
Director is adversely affected by taxation due to their
employment with the Company. The Company may also pay
legal fees and other costs incurred by the individual. These
would all be disclosed. Pension would be set in line with the
workforce level.
Incentive
opportunity
The aggregate ongoing incentive opportunity
offered to new recruits will be no higher than
that offered under the annual bonus plan and
the LTIP to the existing Executive Directors.
Different performance measures and targets may be set
initially for the annual bonus plan, taking into account the
responsibilities of the individual and the point in the
financial year at which they join.
“Buyout” awards Sign-on bonuses are not generally offered by the Group
but, at Board level, the Committee may offer additional
cash and/or share-based “buyout” awards when it
considers these to be in the best interests of the Company
and, therefore, shareholders, including awards made under
Listing Rule 9.4.2R. Any such “buyout” payments would be
based solely on remuneration lost when leaving the former
employer and would reflect the delivery mechanism such
as cash, shares, options, time horizons and performance
requirements attaching to that remuneration.
Transitional
arrangements
for internal
appointments
to the Board
In the case of an internal appointment, any
variable pay element awarded in respect of the
prior role may be allowed to pay out according
to its terms on grant, adjusted as relevant to
take into account the appointment.
In addition, any other ongoing remuneration obligations
existing prior to appointment may continue, provided that
they are put to shareholders for approval at the first AGM
following their appointment.
Approach to service contracts and letters of appointment
The Committee’s policy is to offer service contracts for Executive Directors with notice periods of between six and 12 months
exercisable by either party. In addition, the Executive Directors are subject to a non-compete clause from the date of termination,
where enforceable.
All Non-Executive Directors’ appointments are terminable on at least three months’ notice on either side.
The Executive Directors and Non-Executive Directors offer themselves for re-election at the AGM every year.
97
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Policy on payment for loss of office
Payments on termination for Executive Directors are restricted to the value of salary and contractual benefits for the duration of the
notice period. It is the policy of the Remuneration Committee to seek to mitigate termination payments and pay what is due and fair.
There are no predetermined special provisions for Executive Directors with regard to compensation in the event of loss of office. The
Company may also pay an amount considered to be reasonable by the Committee where loss of office is due to redundancy or in
respect of fees for legal advice for the outgoing Director or to settle or compromise any legal claims. Assistance with outplacement
may also be provided.
Elements of variable remuneration would be treated as follows:
Pay element Approach Areas of flexibility
Annual bonus Determined on a case-by-case basis. When the
Committee determines that the payment of an annual
bonus is appropriate, the annual bonus payment
is typically:
•
Pro-rated for the period of time served from the
start of the financial year to the date of termination
and not for any period in lieu of notice or
garden leave
•
Subject to the normal bonus targets, tested at the
end of the period, and would take into account
performance over the notice period
•
Subject to deferral of 35% of the value, in line
with Policy
The Committee has the discretion to pay cash
bonus amounts in lieu of deferred bonuses in
appropriate circumstances.
Deferred bonuses will ordinarily be forfeited by
leavers but for Good Leavers (defined as ill-health,
injury or disability, the Participant’s employing
company ceasing to be a Group Company or any
other reason at the Committee’s discretion), the
Committee may allow deferred bonus awards to
vest on at the normal vesting date or on exit.
If the Committee exercises this discretion, it can
also determine if the vesting should be pro-rated
to reflect time served since the beginning of the
deferral date. The same discretionary principle
would apply to the payment of dividend equivalents
on any shares that have been deferred, but not
yet vested.
Long Term
Incentive Plan
Unvested awards will normally lapse upon cessation
of employment.
For Good Leavers (defined as ill-health, injury or
disability, the Participant’s employing company
ceasing to be a Group Company or any other reason
at the Committee’s discretion), the Committee has
discretion to allow awards to vest at the normal
vesting date or earlier. If the Committee exercises
this discretion, awards are normally pro-rated to
reflect time served since the date of grant and
based on the achievement of the performance
criteria. The holding period detailed above will
apply to such incentives.
All-colleague
share schemes
The Executive Directors, where eligible for
participation in all-colleague share schemes,
participate on the same basis as for other colleagues.
None.
Remuneration Committee report continued
Directors’ Remuneration Policy continued
98 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Illustration of remuneration scenarios
The charts below detail the hypothetical composition of each Executive Director’s remuneration package and how it could vary at
different levels of performance under the new Remuneration Policy set out above.
Chief Executive Officer Chief Financial Officer
3,000
2,500
2,000
1,500
1,000
500
0
100%
100%
52%
31%
17%
54%
31%
15%
26%
31%
43%
28%
33%
39%
21%
25%
54%
23%
28%
49%
Minimum MinimumTarget TargetMaximum MaximumMaximum +
50% share
price
growth
Maximum +
50% share
price
growth
£592
£332
£1,140
£621
£2,276
£1,190
£1,424
Fixed pay
Long-term incentives
Annual bonus
£000
£2,768
Note that the charts are indicative, as actual amounts may depend on share price; in addition, charts are based on a 12 month
financial period and not the 16 month financial period. Assumptions made for each scenario are as follows:
•
Minimum. Fixed remuneration only: salary, benefits and pension. Salary based on 1 June 2024 salary and benefits based on
2023/24 disclosed benefit amounts.
•
Target. Fixed remuneration plus “target” annual bonus opportunity of 50% of maximum bonus opportunity for the Chief Executive
Officer and the Chief Financial Officer, plus 20% vesting of the normal maximum award under the LTIP. NCC Group does not use the
concept of a “target” bonus; however, in order to be fully compliant with the regulations, an assumption of 50% of the maximum for
2024/25 has been used.
•
Maximum. Fixed remuneration plus maximum annual bonus opportunity equivalent to 125% of salary for both the Chief Executive
Officer and the Chief Financial Officer for 2024/25, as well as 100% vesting of the normal maximum award under the LTIP, being
175% of salary for the Chief Executive Officer and 150% of salary for the Chief Financial Officer.
•
Effect of a 50% increase in share price. Same assumptions as for the maximum scenario, but with the additional assumption that
the value of LTIP awards increases by 50% as a result of share price appreciation over the performance period.
Statement of consideration of employment conditions elsewhere in the Group
The Remuneration Committee does not consult directly with colleagues when determining the Remuneration Policy for Executive
Directors. However, as stated above, the annual bonus and LTIP are operated for other colleagues to ensure alignment of objectives
across the Group and the terms of the pension scheme are comparable with the majority of the UK workforce. In addition, the
Committee compares information on general pay levels and policies across the Group when setting Executive Director pay. Until
1 January 2022, Jennifer Duvalier and, from 1 January 2022, Julie Chakraverty have undertaken regular colleague engagement
sessions where colleagues are able to ask about Executive Director pay. During the period no questions or concerns on executive pay
were raised to Julie (please see page 62 for further information).
How shareholder views are taken into account
The Remuneration Committee considers shareholder feedback received on the Directors’ Remuneration Report each year and
guidance from shareholder representative bodies more generally. Shareholders’ views are key inputs when shaping remuneration
policy. When any material changes are proposed to the Remuneration Policy, the Remuneration Committee Chair will inform major
shareholders in advance and will generally offer a meeting to discuss these.
99
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Key areas of discretion in the Remuneration Policy
The Committee operates the Group’s variable incentive plans
according to their respective rules and in accordance with HMRC
rules where relevant. To ensure the efficient administration of
these plans, the Committee will apply certain operational
discretions. These discretions are implicit in the Policy stated
above, but we have listed them for clarity. These include, but are
not limited to, the following:
•
Selecting the participants in the incentive plans on an
annual basis
•
Determining the timing of grants of awards and/or payments
•
Determining the quantum of awards and/or payments (within
the limits set out in the Policy table)
•
Reviewing performance against annual bonus and LTIP
performance metrics
•
Determining the extent of payout or vesting based on the
assessment of performance
•
Making the appropriate adjustments required in certain
circumstances, for instance for changes in capital structure
•
Determining “good leaver” status for incentive plan purposes
and applying the appropriate treatment
•
Undertaking the annual review of weighting of performance
measures and setting targets for the incentive plans, where
applicable, from year to year
•
Discretion to override formulaic outcomes of the incentive
schemes if an event occurs which results in the annual bonus
plan or LTIP performance conditions and/or targets being
deemed no longer appropriate (e.g. material acquisition or
divestment); the Committee will have the ability to adjust
appropriately the measures and/or targets and alter
weightings, provided that the revised conditions are not
materially less challenging than the original conditions
•
Discretion to override formulaic vesting outcomes if they are
judged by the Committee not to be an accurate reflection of
Company performance
Legacy arrangements
For the avoidance of doubt, in approving the Remuneration
Policy, authority is given to the Company to honour any
commitments entered into with current or former Directors
before the current legislation on remuneration policies came
into force or before an individual became a Director, such as the
payment of outstanding incentive awards; even where it is not
consistent with the Policy prevailing at the time, such
commitment is fulfilled.
Details of any payments to former Directors will be set out in the
Annual Report on Remuneration as they arise.
External directorships for Executive Directors
Executive Directors may accept one external non-executive
directorship with the prior agreement of the Board, provided
it does not conflict with the Group’s interests and the time
commitment does not impact upon the Executive Director’s
ability to perform their primary duty. The Executive Directors
may retain the fee from external directorships. Neither of the
Executive Directors currently undertake any external non-
executive directorships.
Remuneration Committee report continued
Directors’ Remuneration Policy continued
100 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
The Directors present their report and the Group and Company
Financial Statements of NCC Group plc (the “Company”) and its
subsidiaries (together the “Group”) for the financial period ended
30 September 2024.
Principal activities
The Company is a public limited company incorporated in
England, registered number 4627044, with its registered office
at XYZ Building, 2 Hardman Boulevard, Spinningfields,
Manchester M3 3AQ.
The principal activity of the Group is the provision of independent
advice and services to customers through the provision of
Software Resilience and Cyber Security services. The principal
activity of the Company is that of a holding company.
Going concern
At the time of approving the Financial Statements, the Board
of Directors is required to formally assess that the business has
adequate resources to continue in operational existence and
as such can continue to adopt the ”going concern” basis of
accounting. To support this assessment, the Board is required
to consider the Group’s current financial position, its strategy,
the market outlook, and its principal risks.
The Group’s business activities, together with the factors likely
to affect its future development, performance and position, are
set out in the Business Review and Financial Review. The Group’s
financial position, cash and borrowing facilities are also
described within these sections.
The Financial Statements have been prepared on a going concern
basis which the Directors consider to be appropriate for the
following reasons.
The Directors have prepared cash flow and covenant compliance
forecasts for 12 months from the date of approval of the Financial
Statements which indicate that, taking account of severe but
plausible downsides on the operations of the Group and its
financial resources, the Group will have sufficient funds to meet
its liabilities as they fall due for that period.
The going concern period is required to cover a period of at least
12 months from the date of approval of the Financial Statements
and the Directors still consider this 12 month period to be an
appropriate assessment period due to the Group’s financial
position and trading performance and that its borrowing facilities
do not expire until December 2026. The Directors have considered
whether there are any significant events beyond the 12 month
period which would suggest this period should be longer but
have not identified any such conditions or events.
The Group is financed primarily by a £162.5m multi-currency
revolving credit facility maturing in December 2026. Under these
banking arrangements, the Group can also request (seeking
bank approval) an additional accordion facility to increase the
total size of the revolving credit facility by up to £75m. This
accordion facility has not been considered in the Group’s going
concern assessment as it requires bank approval and is therefore
uncommitted as at the date of approval of these consolidated
Financial Statements. As of 30 September 2024, net debt
(excluding lease liabilities)
1
amounted to £45.3m which comprised
cash and cash equivalents of £29.8m, a bank overdraft of
£13.6m and a drawn revolving credit facility of £61.5m, leaving
£101.0m of undrawn facilities, excluding the uncommitted
accordion facility of £75.0m. The Group’s day-to-day working
capital requirements are met through existing cash resources,
the revolving credit facility and receipts from its continuing
business activities. The Group is required to comply with
financial covenants for leverage (net debt to Adjusted EBITDA)
1
and interest cover (Adjusted EBITDA
1
to interest charge) that are
tested bi-annually on 31 May and 30 November each year
(following the change in the Group’s financial year end, these
covenants will be tested bi-annually on 31 March
and 30 September each year going forward).
As of 30 September 2024, leverage amounted to 1.0x and net
interest cover amounted to 8.8x compared to a maximum of 3.0x
and a minimum of 3.5x respectively. The terms and ratios are
specifically defined in the Group’s banking documents (in line
with normal commercial practice) and are materially similar to
amounts noted in these Financial Statements with the exceptions
being net debt excludes IFRS 16 lease liabilities and Adjusted
EBITDA
1
. The Group was in compliance with the terms of all its
facilities during the period, including the financial covenants on
30 September 2024, and, based on forecasts, expects to remain
in compliance over the going concern period. In addition, the
Group has not sought or is not planning to seek any waivers to
its financial covenants noted above.
Management has prepared a base case model derived from
the FY25 board-approved budget. In addition, management has
produced forecasts that reflect severe yet plausible downside
scenarios, taking into account the principal risks faced by the
Group, including the loss of key customers and further reductions
in the North America ‘TAS’ business. These forecasts, which
have been reviewed by the Directors, lead them to believe that
the Group can operate within its available committed banking
facilities and meet its liabilities as they fall due during this period.
The assumptions underpinning these forecasts (and severe yet
plausible downside scenarios) are set out in more detail in the
Viability Statement on page 39.
Having reviewed the current trading performance, forecasts,
debt servicing requirements, total facilities and risks, as well as
factoring in the expected proceeds from the sale of Fox Crypto
B.V. (see Note 18), the Directors are confident that the Group will
have sufficient funds to meet its liabilities as they fall due for a
period of at least 12 months from the date of approval of these
consolidated Financial Statements. This period is referred to as
the going concern period. Accordingly, the Directors continue
to adopt the going concern basis of accounting in preparing the
Group’s consolidated Financial Statements for the period ended
30 September 2024.
Directors’ report
The Directors present
theirreport
1 Revenue at constant currency, Adjusted EBITDA and net debt excluding lease liabilities are Alternative Performance Measures (APMs) and not IFRS measures.
See appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
101
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Going concern continued
From a Company perspective, the Company places reliance on
other Group trading entities for financial support. The Company
controls these Group entities and therefore has the ability to
direct the financial activities of the Group. Having reviewed the
current trading performance, forecasts, debt servicing
requirements, total facilities and risks, the Directors are confident
that the Company and the Group will have sufficient funds to
continue to meet their liabilities as they fall due for a period of at
least 12 months from the date of approval of these consolidated
Financial Statements, which is determined as the going concern
period. Accordingly, the Directors continue to adopt the going
concern basis of accounting in preparing the Group’s Financial
Statements for the period ended 30 September 2024.
There are no post-Balance Sheet events which the Directors
believe will negatively impact the going concern assessment.
Results and dividends
The Group’s and Company’s audited Financial Statements for the
financial period ended 30 September 2024 are set out on pages
112 to 173.
The Directors propose a final dividend of 1.5p per ordinary share,
which, together with the interim dividends of 3.15p and 1.5p per
ordinary share paid on 4 October 2024 and 15 March 2024
respectively, makes a total dividend of 6.15p for the period
ended 30 September 2024.
The final dividend will be paid on 4 April 2025, subject to approval
at the AGM on 28 January 2025, to shareholders on the register
at the close of business on 21 February 2025. The ex-dividend
date is 20 February 2025.
Share capital and control
At the AGM held on 30 November 2023, the Directors were
granted authority to allot up to 104,042,900 ordinary shares
representing approximately one-third of the Company’s issued
share capital. In addition, the Directors were granted authority to
allot a further 104,042,900 ordinary shares, again representing
approximately one-third of the Company’s issued share capital,
solely to be used in connection with a pre-emptive rights issue.
As at 30 September 2024, the Company’s issued ordinary share
capital comprised 314,524,630 ordinary shares with a nominal
value of 1p each.
During the period ended 30 September 2024, 2,395,738 shares
in the Company were issued further to the exercise of options
pursuant to the Company’s share option schemes.
The holders of ordinary shares are entitled, among other rights,
to receive the Company’s Annual Reports and Accounts, to
attend and speak at general meetings of the Company, to
appoint proxies and to exercise voting rights.
Details of the movements of the called up share capital of the
Company are set out in Note 27 to the Financial Statements and
the information in this note is incorporated by reference and
forms part of this Directors’ Report.
All rights and obligations attaching to the Company’s ordinary
shares are set out in the Company’s Articles of Association (the
“Articles”), copies of which can be obtained from the Companies
House website or by writing to the Company Secretary. Unless
otherwise provided in the Articles, the terms of issue of any
shares, any restrictions from time to time imposed by laws or
regulations (for example insider trading laws) or pursuant to the
UK Market Abuse Regulation whereby certain Directors, officers
and colleagues of the Group require the approval of the
Company to deal in ordinary shares of the Company, any
shareholder may transfer any or all of their shares.
The Company is not aware of any agreements between
shareholders that may result in restrictions on the transfer of
securities and/or voting rights.
The Directors may refuse to register a transfer of shares in
certificated form that are not fully paid up or otherwise in
accordance with the Articles.
Authority to purchase own shares
At the AGM held on 30 November 2023, shareholders authorised
the Company to make market purchases of up to 31,212,800
ordinary shares representing approximately 10% of the issued
share capital. At the 2025 AGM, shareholders will be asked to
give a similar authority.
During the period, the Employee Benefit Trust purchased
4 million shares in connection with the Company’s employee
share plans.
Directors
Biographical details of the Company’s current Directors are set
out on pages 56 and 57 together with the names of Directors
that have held office during the period. Subject to law and the
Company’s Articles of Association, the Directors may exercise all
of the powers of the Company and may delegate their power and
discretion to Committees.
The Company’s Articles of Association give the Directors power
to appoint and replace Directors. Under the terms of reference of
the Nomination Committee, any appointment to the Board of the
Company must be recommended by the Nomination Committee
for approval by the Board. The Articles of Association also
require one-third of the Directors to retire by rotation each year
end and each Director must offer themself for re-election at
least every three years. However, in accordance with previous
years and in accordance with best practice, all Directors will
submit themselves for re-election at the AGM each year. During
the period, no Director had any material interest in any contract
of significance in the Group’s business.
Directors’ report continued
102 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Directors’ and Officers’ insurance and indemnities
The Company maintains Directors’ and Officers’ liability insurance,
which provides appropriate cover for any legal action brought
against its Directors (including those who served as Directors or
Officers during 2023/24). This cover was in place throughout the
financial period ended 31 September 2024 and up to the date of
this Directors’ Report. The Directors of the Company have also
entered into individual deeds of indemnity with the Company
which constitute as qualifying third party indemnity provisions
for the purposes of section 234 of the Companies Act 2006.
The deeds were in effect during the course of the financial period
ended 30 September 2024 for the benefit of the Directors and, at
the date of this report, are in force for the benefit of the Directors
in relation to certain losses and liabilities which they may incur
(or have incurred) in connection with their duties, powers or office.
Colleagues
The Group uses a number of ways to engage with its colleagues
on matters that impact them and the performance of the Group.
These include briefings by members of the Executive Committee,
regular team meetings, the Group’s intranet site, global
communications and update emails which together provide, among
other information, an awareness of the financial and economic
factors affecting the Company’s performance. Further information
on how the Directors engage with colleagues along with how
colleague interests are taken into account during decision making
can be found within the Corporate Governance Report on pages
52 to 66. We also conduct colleague engagement surveys to
ensure all colleagues are given a voice in the organisation.
We offer colleagues the opportunity to purchase ordinary shares
in the Company through participation in either the Company’s
Save As You Earn (SAYE) Scheme or Employee Stock Purchase
Plan (ESPP). Colleagues in the UK also have the opportunity to
purchases shares through a Share Incentive Plan (SIP). All these
schemes help to encourage colleague interest in the
performance of the Group.
Business relationships with suppliers,
customers and others
The Directors have summarised how they have fostered the
Company’s business relationships with suppliers, customers and
others on pages 14 and 15. In addition, on page 59 the Directors
have included the principal decisions taken by the Company
during the financial year.
Equal opportunities
The Group is committed to providing equality of opportunity to
all colleagues without discrimination and applies fair and
equitable employment policies which seek to promote entry into
and progression within the Group. Appointments are determined
solely by application of job criteria, personal ability, behaviour
and competency.
In the opinion of the Directors, all colleague policies are deemed
to be effective and in accordance with their intended aims.
Disabled persons
Disabled persons have equal opportunities when applying
for vacancies, with due regard to their aptitudes and abilities.
Procedures ensure that disabled colleagues are fairly treated
in respect of training and career development. For those
colleagues becoming disabled during the course of their
employment, the Group is supportive so as to provide an
opportunity for them to remain with the Group, wherever
reasonably practicable.
Political donations and expenditure
NCC Group believes in the rights of individuals to engage in
the democratic process; however, it is NCC Group’s policy not
to make political donations. There were no political donations
made or political expenditure incurred during the financial period
ended 30 September 2024. We acknowledge the vote of
“significant dissent” at the 2023 AGM, and we commented on the
matter within the results of the AGM published on 30 November
2023, and we also published an update statement on our website
on 5 July 2024, and also on the Investment Association’s Public
Register on the same date.
Although 21% of votes against were received, the Company
acknowledges the 79% of shareholders who voted in favour of
this resolution.
To be clear, it is not the Company’s policy to make political
donations, the Company has not made a political donation in the
past, and the Company has no intention either now or in the
future of changing its policy or making any political donation or
incurring any political expenditure in respect of any political
party, political organisation or independent election candidate.
The resolution is put forward to allow the Company to support
the community and put forward its views to wider business and
government entities without running the risk of being in
inadvertent breach of the law.
Sustainability Report
The Company’s Sustainability Report provides an update on the
Group’s policies and activities in respect of its wider stakeholders,
including colleagues; community, environmental, ethical and
health and safety issues; and modern slavery.
Overseas branches
As at 30 September 2024, the Group had no overseas branches.
Research and development
We are committed to using innovative, cost effective and
practical solutions for providing high quality services and we
recognise the importance of ensuring that we focus our
investment on the development of technology. The Group’s
research and development expenditure is predominantly
associated with computer and software systems.
Change of control
In the event of a change of control of the Company, the Group
and each of its lenders shall enter into negotiation for a period to
determine how the Group’s loan facilities may continue and if
after negotiation there is no agreement the lender has the right
to cancel the commitment.
There are no agreements between the Company and its
Directors or colleagues providing for compensation for loss of
office or employment (whether through resignation, purported
redundancy or otherwise) that occurs because of a takeover bid.
Disclosure of information to the auditor
The Directors who held office at the date of approval of this
Directors’ Report confirm that, so far as they are each aware,
there is no relevant audit information of which the Company’s
auditor is unaware; and each Director has taken all the steps that
they ought to have taken as a Director to make themselves aware
of any relevant audit information and to establish that the
Company’s auditor is aware of that information.
Reappointment of auditor
In accordance with section 489 of the Companies Act 2006, a
resolution for the reappointment of PricewaterhouseCoopers LLP as
auditor of the Company is to be proposed at the forthcoming AGM.
103
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Annual General Meeting
The Notice of the Company’s AGM to be held at 9.00am
on 28 January 2025 at the offices of DLA Piper UK LLP,
160 Aldersgate Street, London EC1A 4HT, along with details of the
business to be proposed and explanatory notes, will be available
on the Group’s website together with the Annual Report and
Accounts. All shareholders will be notified by post or email,
at their request, when the documents have been made available.
The Board recognises that the AGM provides an important
opportunity to engage with shareholders. Therefore, the Company
will ensure that shareholders can submit any questions in writing
prior to the AGM as outlined in the Notice of AGM.
The result of the poll vote will be made available as soon as
possible after the meeting on our website.
Capitalised interest
During the period, no interest was capitalised by the Group
(2023: £nil). The tax benefit on this amount was £nil (2023: £nil).
Reporting requirements
The following sets out the location of additional information
forming part of the Directors’ Report, which is incorporated by
reference into this report:
Reporting requirement Location
Board’s assessment of the Group’s internal control systems Corporate Governance Report on pages 52 to 66 and Audit
Committee Report on page 67
Details of uses of financial instruments and specific policies
for managing financial risk
Note 25 (Financial Instruments) on pages 151 to 155
Directors’ interests Remuneration Committee Report on page 87
Directors’ Responsibilities Statement Directors’ Responsibilities Statement on page 105
Directors’ remuneration including disclosures required by
Schedule 5 and Schedule 8 of SI2008/410 – Large and
Medium-sized Companies and Groups (Accounts and Reports)
Regulations 2008
Remuneration Committee Report on pages 79 to 100
DTR 4.1.8.R – Management Report – the Directors’ Report and
Strategic Report comprise the Management Report
Directors’ Report on pages 101 to 104 and Strategic Report on
pages 1 to 51
Going Concern Statement Directors’ Report on page 101 and Going Concern section within
Note 1 on pages 119 and 120
Greenhouse gas emissions and energy consumption TCFD Report on pages 21 to 27
Likely future developments of the business and Group Strategic Report on pages 1 to 51
LR 9.8.4 (4) – Long-term incentive schemes Remuneration Committee Report on pages 79 to 100
LR 9.8.6 (2) – Substantial shareholders Shareholder Engagement section of Corporate Governance Report
on page 66
Statement on corporate governance Corporate Governance Report, Audit Committee Report,
Nomination Committee Report and Remuneration Committee
Report on pages 67 to 100. Statement of compliance with the UK
Corporate Governance Code is on page 54
Strategic Report – Companies Act 2006 section 414A–D Strategic Report on pages 1 to 51
The Strategic Report on pages 1 to 51 and this Directors’ Report on pages 101 to 104 have been approved and authorised for issue by
the Board. They were signed on its behalf by:
Mike Maddison Guy Ellis
Chief Executive Officer Chief Financial Officer
10 December 2024 10 December 2024
Directors’ report continued
104 NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Directors’ responsibilities statement
Statement of Directors’ responsibilities in respect
of the Financial Statements
The Directors are responsible for preparing the Annual Report
and the Financial Statements in accordance with applicable law
and regulation.
Company law requires the Directors to prepare Financial
Statements for each financial year. Under that law the Directors
have prepared the Group Financial Statements in accordance
with UK-adopted international accounting standards and the
Company Financial Statements in accordance with United
Kingdom Generally Accepted Accounting Practice (United
Kingdom Accounting Standards, comprising FRS 101 ‘Reduced
Disclosure Framework’, and applicable law).
Under company law, Directors must not approve the Financial
Statements unless they are satisfied that they give a true and
fair view of the state of affairs of the Group and Company and
of the profit or loss of the Group for that period. In preparing
the Financial Statements, the Directors are required to:
•
Select suitable accounting policies and then apply
them consistently
•
State whether applicable UK-adopted international accounting
standards have been followed for the Group Financial
Statements and United Kingdom Accounting Standards,
comprising FRS 101, have been followed for the Company
Financial Statements, subject to any material departures
disclosed and explained in the Financial Statements
•
Make judgements and accounting estimates that are
reasonable and prudent
•
Prepare the Financial Statements on the going concern basis
unless it is inappropriate to presume that the Group and
Company will continue in business
The Directors are responsible for safeguarding the assets of the
Group and Company and hence for taking reasonable steps for
the prevention and detection of fraud and other irregularities.
The Directors are also responsible for keeping adequate
accounting records that are sufficient to show and explain
the Group’s and Company’s transactions and disclose with
reasonable accuracy at any time the financial position of
the Group and Company and enable them to ensure that the
Financial Statements and the Directors’ Remuneration Report
comply with the Companies Act 2006.
The Directors are responsible for the maintenance and integrity
of the Company’s website. Legislation in the United Kingdom
governing the preparation and dissemination of Financial
Statements may differ from legislation in other jurisdictions.
Directors’ confirmations
The Directors consider that the Annual Report and Accounts,
taken as a whole, is fair, balanced and understandable and
provides the information necessary for shareholders to assess
the Group’s and Company’s position and performance, business
model and strategy.
Each of the Directors, whose names and functions are listed in
Board of Directors section of this report confirm that, to the best
of their knowledge:
•
The Group Financial Statements, which have been prepared
in accordance with UK-adopted international accounting
standards, give a true and fair view of the assets, liabilities,
financial position and profit of the Group
•
The Company Financial Statements, which have been
prepared in accordance with United Kingdom Accounting
Standards, comprising FRS 101, give a true and fair view of
the assets, liabilities and financial position of the Company
•
The Strategic Report includes a fair review of the development
and performance of the business and the position of the
Group and Company, together with a description of the
principal risks and uncertainties that they face
In the case of each Director in office at the date the Directors’
Report is approved:
•
So far as the Director is aware, there is no relevant audit
information of which the Group’s and Company’s auditor
is unaware
•
They have taken all the steps that they ought to have taken as
a Director in order to make themselves aware of any relevant
audit information and to establish that the Group’s and
Company’s auditor is aware of that information
For and on behalf of the Board
Mike Maddison Guy Ellis
Chief Executive Officer Chief Financial Officer
10 December 2024 10 December 2024
105
Governance
NCC Group plc — Annual report and accounts for the period ended 30 September 2024
Independent auditors’ report
to the members of NCC Group plc
Report on the audit of the
financial statements
Opinion
In our opinion:
•
NCC Group plc’s group financial statements and company
financial statements (the “financial statements”) give a true
and fair view of the state of the group’s and of the company’s
affairs as at 30 September 2024 and of the group’s loss and
the group’s cash flows for the 16 month period then ended;
•
the group financial statements have been properly prepared
in accordance with UK-adopted international accounting
standards as applied in accordance with the provisions of the
Companies Act 2006;
•
the company financial statements have been properly
prepared in accordance with United Kingdom Generally
Accepted Accounting Practice (United Kingdom Accounting
Standards, including FRS 101 “Reduced Disclosure
Framework”, and applicable law); and
•
the financial statements have been prepared in accordance
with the requirements of the Companies Act 2006.
We have audited the financial statements, included within the
Annual report and accounts (the “Annual Report”), which comprise:
the Consolidated and Company balance sheets as at 30 September
2024; the Consolidated income statement, the Consolidated
statement of comprehensive income, the Consolidated cash flow
statement and the Consolidated and Company statements of
changes in equity for the period then ended; and the notes to the
financial statements, comprising material accounting policy
information and other explanatory information.
Our opinion is consistent with our reporting to the Audit Committee.
Basis for opinion
We conducted our audit in accordance with International
Standards on Auditing (UK) (ISAs (UK)) and applicable law.
Our responsibilities under ISAs (UK) are further described in the
Auditors’ responsibilities for the audit of the financial statements
section of our report. We believe that the audit evidence we
have obtained is sufficient and appropriate to provide a basis
for our opinion.
Independence
We remained independent of the group in accordance with the
ethical requirements that are relevant to our audit of the financial
statements in the UK, which includes the FRC’s Ethical Standard,
as applicable to listed public interest entities, and we have
fulfilled our other ethical responsibilities in accordance with
these requirements.
To the best of our knowledge and belief, we declare that
non-audit services prohibited by the FRC’s Ethical Standard
were not provided.
Other than those disclosed in Audit Committee report, we have
provided no non-audit services to the company or its controlled
undertakings in the period under audit.
Our audit approach
Context
The group provides independent advice and services to customers
through the provision of cyber security and software escrow
services. The group operates globally and is headquartered in the
UK. The consolidated financial statements are primarily an
aggregation of legal entities from countries around the world. The
period ended 30 September 2024 is our first period as external
auditors of the group and the Company, and as part of our audit
transition, we performed specific procedures over opening
balances by reviewing the predecessor auditors’ working papers
and risk assessment. We also performed process walkthroughs to
understand and evaluate the key financial processes and controls
across the group. As we undertook each phase of this first-period
audit, we regularly reconsidered our risk assessment to reflect
audit findings, including our assessment of the group’s control
environment and the impact on our planned audit approach.
Given the historical performance and recovery of customer
demand in North America being less consistent than expected
by management, we considered the recoverability of goodwill in
the North American Cyber Security cash generating unit (CGU)
to be of most significance in our audit of the financial statements
and therefore we have included this as a key audit matter.
Overview
Audit scope
•
Our work incorporated full scope audits of three components
and audit procedures on specific balances for a further six
components and central consolidation adjustments.
•
The entities where we conducted audit work, together
with audit work performed at the consolidated level,
accounted for approximately 91% of the group’s revenue.
Key audit matters
•
Recoverability of goodwill in North America Cyber Security
cash generating unit (group).
•
Recoverability of Investments in subsidiary undertakings
(parent).
Materiality
•
Overall group materiality: £3,200,000 based on 0.75%
of revenue.
•
Overall company materiality: £3,400,000 based on 1% of
total assets.
•
Performance materiality: £2,400,000 (group) and £2,500,000
(company).
The scope of our audit
As part of designing our audit, we determined materiality
and assessed the risks of material misstatement in the
financial statements.
Key audit matters
Key audit matters are those matters that, in the auditors’
professional judgement, were of most significance in the audit
of the financial statements of the current period and include
the most significant assessed risks of material misstatement
(whether or not due to fraud) identified by the auditors, including
those which had the greatest effect on: the overall audit
strategy; the allocation of resources in the audit; and directing
the efforts of the engagement team. These matters, and any
comments we make on the results of our procedures thereon,
were addressed in the context of our audit of the financial
statements as a whole, and in forming our opinion thereon,
and we do not provide a separate opinion on these matters.
This is not a complete list of all risks identified by our audit.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024106
Report on the audit of the financial statements continued
Our audit approach continued
Key audit matters continued
Key audit matter How our audit addressed the key audit matter
Recoverability of goodwill in North America Cyber Security
cash generating unit (group)
Refer to notes 2, 4 and 11 in the group financial statements.
Goodwill of £nil (2023: £31.6 million) is allocated to the North
America Cyber Security CGU after the recognition of a goodwill
impairment charge of £31.9 million (2023: £9.8 million) against
the carrying value of goodwill in the period.
The group’s CGUs are assessed for impairment annually or more
frequently if indicators of impairment have been identified. The
performance of these impairment reviews require determining
the recoverable amounts of the CGUs and comparing these
calculations against the carrying values of the groups CGUs.
The fair value less cost to sell (“FVLCS”) model utilised to
determine the recoverable amount of the North American
Cyber Security CGU required a significant level of management
judgement around determining reasonable market multiples
and sustainable earnings assumptions as changes in individual
assumptions had a potential of significantly changing the
calculated impairment charge. Given the historical performance
and recovery of customer demand being less consistent than
expected by management, we considered the recoverability
of goodwill in the North American Cyber Security CGU to be
of most significance in our audit of the financial statements
and therefore we have included this as a key audit matter.
In assessing the appropriateness of the impairment assessment
for the North American Cyber Security CGU, we have performed
the following procedures:
We obtained the management impairment model and compared
the actual results with previous forecasts to assess the historical
accuracy of management forecasts. We held discussions and
challenged directors and management to understand the
reasons for the performance below management expectations
over the last two years and the strategic plans in place to
support the revenues and gross margin assumptions in the
forward-looking sustainable earnings projections.
We compared key assumptions around revenue growth rates to
external market research on industry market growth rates to
identify any inconsistencies.
We assessed management’s assumptions for gross margin
percentages by comparing to historical actual achieved margins.
We considered management bias throughout the assumptions
used and considered any contradictory evidence.
We engaged our internal valuations experts to review the FVLCS
model and assess the assumptions for the market multiple by
comparing their assessment against external market data and
comparable companies.
We evaluated the competency, independence and objectivity of
the experts engaged by management who supported management
in the determination of the reasonable market multiples.
We assessed the mathematical accuracy of the impairment
assessment.
We evaluated the appropriateness of disclosures included in the
financial statements.
As a result of these procedures, we were satisfied with the
impairment charge recognised in the current period.
Recoverability of Investments in subsidiary undertakings
(parent)
Refer to note 32 in the Company financial statements. The
Company financial statements have investment in subsidiaries
of £291.1 million (2023: £279.1 million).
The investment is held in NCC Group Holdings Limited
which subsequently holds an investment in other subsidiary
undertakings in the group. An assessment is performed
annually to identify whether there are internal or external
factors that indicate the investment in subsidiary undertakings
may be impaired. If indicators of impairment are identified, the
Company would proceed to evaluate the recoverable amount of
its investment in subsidiary undertakings.
Given the magnitude of this balance, and the management
judgement involved in determining whether any indicators for
impairment exist, we have considered the risk of impairment
of these assets as a key audit matter.
In assessing the appropriateness of the investment valuation
of NCC Group Holdings Limited, we performed the following
procedures:
We obtained a schedule of investments in subsidiary undertakings
and ensured this is reconciled to the financial statements.
We reviewed the assessment of the indicators of impairment and
compared their assessment to external market factors and the
results of the group’s annual goodwill impairment review.
We compared the carrying value of the investment to the group’s
market capitalisation at the reporting date.
We reviewed the disclosures included within note 32 of the
financial statements and consider these to be appropriate.
As a result of these procedures, we were satisfied with the
conclusion that no indicators of impairment were identified
in the current period.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 107
Independent auditors’ report continued
to the members of NCC Group plc
Report on the audit of the
financial statements continued
Our audit approach continued
How we tailored the audit scope
We tailored the scope of our audit to ensure that we performed
enough work to be able to give an opinion on the financial
statements as a whole, taking into account the structure of the
group and the company, the accounting processes and controls,
and the industry in which they operate.
The group provides independent advice and services to
customers through the provision of cyber security and software
escrow services.
The group is split into two main reporting segments being
Cyber Security and Escode. Each reportable segment has
multiple management reporting units in a range of different
geographies and is structured mainly across Europe and North
America. Certain functions relevant for financial reporting are
managed by the group’s head office. The financial statements
are a consolidation of the group’s management reporting units
and its centralised functions.
As the group is headquartered and its principal finance offices are
in Manchester, United Kingdom, the group engagement team is
also based in Manchester. All audit work was completed by the
group engagement team, with the exception of Fox-IT Holding B.V,
which was audited by a component team in the Netherlands. In
establishing the overall approach to the group audit, we determined
the type of work that needed to be performed at the entities by us,
as the group engagement team, or component auditors operating
under our instruction. Where work was performed by the
component auditor, we determined the level of involvement we
needed to have in this work to be able to conclude that sufficient
appropriate audit evidence had been obtained. Our group audit
incorporated full scope audits of NCC Group Security Services
Limited, Fox-IT Holding B.V. and NCC Group Security Services Inc,
as well as specific audit procedures in relation to NCC Group
Corporate Limited, NCC Group plc, NCC Services Limited, NCC
Group (Solutions) Limited, NCC Group Accumuli Security Limited
and NCC Group Software Resilience (NA) LLC. We also performed
audit procedures over the consolidation adjustments for selected
financial statement line items. The entities where we conducted
audit work accounted for approximately 91% of the group’s revenue.
The parent company is comprised of one reporting unit which
was subject to a full scope audit for the purposes of the
company financial statements.
The impact of climate risk on our audit
We made enquiries of management to understand the process
they have adopted to assess the extent of the potential impact
of climate risk on the group’s financial statements. The key areas
of the financial statements where management evaluated that
climate risk has a potential impact are set out in note 1 to the
financial statements. The directors have reached the overall
conclusion that there has been no material impact on the
financial statements for the current period from the potential
impact of climate change.
We used our knowledge of the group to challenge management’s
assessment. We particularly considered how climate risk would
impact the assumptions made in the forecasts prepared by
management used in their goodwill impairment analysis, going
concern and viability. We also considered the consistency of
the disclosures in relation to climate change (including the
disclosures in the Non-Financial and Sustainability Information
Statement) within the Annual Report with the financial
statements and our knowledge obtained from our audit.
Our procedures did not identify any material impact in the
context of our audit of the financial statements as a whole, or on
our key audit matters for the period ended 30 September 2024.
Materiality
The scope of our audit was influenced by our application of
materiality. We set certain quantitative thresholds for materiality.
These, together with qualitative considerations, helped us to
determine the scope of our audit and the nature, timing and
extent of our audit procedures on the individual financial
statement line items and disclosures and in evaluating the effect
of misstatements, both individually and in aggregate on the
financial statements as a whole.
Based on our professional judgement, we determined materiality for the financial statements as a whole as follows:
Financial statements – group Financial statements – company
Overall materiality £3,200,000. £3,400,000.
How we determined it 0.75% of revenue. 1% of total assets.
Rationale for
benchmark applied
We considered materiality in a number of different ways and used our
professional judgement having applied ‘rule of thumb’ percentages to
a number of potential benchmarks. On the basis of this, we concluded
that 0.75% of revenue is an appropriate level of materiality considering
the overall scale of the business.
The company does not trade
and therefore total assets is
considered to be the most
appropriate benchmark.
For each component in the scope of our group audit, we
allocated a materiality that is less than our overall group
materiality. The range of materiality allocated across components
was between £730,000 and £2,417,000. Certain components
were audited to a local statutory audit materiality that was also
less than our overall group materiality.
We use performance materiality to reduce to an appropriately
low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds overall materiality. Specifically,
we use performance materiality in determining the scope of our
audit and the nature and extent of our testing of account balances,
classes of transactions and disclosures, for example in determining
sample sizes. Our performance materiality was 75% of overall
materiality, amounting to £2,400,000 for the group financial
statements and £2,500,000 for the company financial statements.
In determining the performance materiality, we considered
a number of factors – the history of misstatements, risk
assessment and aggregation risk and the effectiveness of
controls – and concluded that an amount at the upper end
of our normal range was appropriate.
We agreed with the Audit Committee that we would report
to them misstatements identified during our audit above
£160,000 (group audit) and £170,000 (company audit) as well
as misstatements below those amounts that, in our view,
warranted reporting for qualitative reasons.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024108
Report on the audit of the
financial statements continued
Conclusions relating to going concern
Our evaluation of the directors’ assessment of the group’s and
the company’s ability to continue to adopt the going concern
basis of accounting included:
•
We obtained the latest assessments supporting the directors’
conclusions with respect to the going concern basis of
preparation of the financial statements and confirmed these
assessments included directors’ evaluation of the downside
scenarios that were considered severe but plausible.
•
We obtained the terms of the group’s revolving credit facility
and the covenants in place in relation to this facility and
determined that the directors’ forecast demonstrated
compliance with all covenant conditions for at least 12 months
from the date of the approval of the financial statements.
•
We tested the mathematical integrity of the directors’ going
concern forecast model.
•
We evaluated and assessed the directors’ key assumptions in
the going concern assessment over the period to December
2025, which included consideration of the severe by plausible
downside scenarios.
•
We agreed the opening net debt position within the forecast
to bank statements and revolving credit facility statements.
•
We reviewed the disclosures made in respect of going concern
included in the financial statements.
Based on the work we have performed, we have not identified
any material uncertainties relating to events or conditions that,
individually or collectively, may cast significant doubt on the
group’s and the company’s ability to continue as a going concern
for a period of at least twelve months from when the financial
statements are authorised for issue.
In auditing the financial statements, we have concluded that the
directors’ use of the going concern basis of accounting in the
preparation of the financial statements is appropriate.
However, because not all future events or conditions can be
predicted, this conclusion is not a guarantee as to the group’s
and the company’s ability to continue as a going concern.
In relation to the directors’ reporting on how they have applied
the UK Corporate Governance Code, we have nothing material to
add or draw attention to in relation to the directors’ statement in
the financial statements about whether the directors considered
it appropriate to adopt the going concern basis of accounting.
Our responsibilities and the responsibilities of the directors with
respect to going concern are described in the relevant sections
of this report.
Reporting on other information
The other information comprises all of the information in the
Annual Report other than the financial statements and our
auditors’ report thereon. The directors are responsible for the
other information. Our opinion on the financial statements does
not cover the other information and, accordingly, we do not
express an audit opinion or, except to the extent otherwise
explicitly stated in this report, any form of assurance thereon.
In connection with our audit of the financial statements, our
responsibility is to read the other information and, in doing so,
consider whether the other information is materially inconsistent
with the financial statements or our knowledge obtained in the
audit, or otherwise appears to be materially misstated. If we
identify an apparent material inconsistency or material
misstatement, we are required to perform procedures to
conclude whether there is a material misstatement of the
financial statements or a material misstatement of the other
information. If, based on the work we have performed, we
conclude that there is a material misstatement of this other
information, we are required to report that fact. We have nothing
to report based on these responsibilities.
With respect to the Strategic report and Directors’ report, we
also considered whether the disclosures required by the UK
Companies Act 2006 have been included.
Based on our work undertaken in the course of the audit, the
Companies Act 2006 requires us also to report certain opinions
and matters as described below.
Strategic report and Directors’ report
In our opinion, based on the work undertaken in the course of
the audit, the information given in the Strategic report and
Directors’ report for the period ended 30 September 2024 is
consistent with the financial statements and has been prepared
in accordance with applicable legal requirements.
In light of the knowledge and understanding of the group and
company and their environment obtained in the course of the
audit, we did not identify any material misstatements in the
Strategic report and Directors’ report.
Annual Report on Remuneration
In our opinion, the part of the Annual Report on Remuneration to
be audited has been properly prepared in accordance with the
Companies Act 2006.
Corporate governance statement
The Listing Rules require us to review the directors’ statements
in relation to going concern, longer-term viability and that part of
the corporate governance statement relating to the company’s
compliance with the provisions of the UK Corporate Governance
Code specified for our review. Our additional responsibilities
with respect to the corporate governance statement as other
information are described in the Reporting on other information
section of this report.
Based on the work undertaken as part of our audit, we have
concluded that each of the following elements of the corporate
governance statement, included within the Governance section
of the Annual Report is materially consistent with the financial
statements and our knowledge obtained during the audit, and we
have nothing material to add or draw attention to in relation to:
•
The directors’ confirmation that they have carried out a robust
assessment of the emerging and principal risks;
•
The disclosures in the Annual Report that describe those
principal risks, what procedures are in place to identify
emerging risks and an explanation of how these are being
managed or mitigated;
•
The directors’ statement in the financial statements about
whether they considered it appropriate to adopt the going
concern basis of accounting in preparing them, and their
identification of any material uncertainties to the group’s
and company’s ability to continue to do so over a period of
at least twelve months from the date of approval of the
financial statements;
•
The directors’ explanation as to their assessment of the
group’s and company’s prospects, the period this assessment
covers and why the period is appropriate; and
•
The directors’ statement as to whether they have a reasonable
expectation that the company will be able to continue in
operation and meet its liabilities as they fall due over the
period of its assessment, including any related disclosures
drawing attention to any necessary qualifications
or assumptions.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 109
Independent auditors’ report continued
to the members of NCC Group plc
Report on the audit of the
financial statements continued
Corporate governance statement continued
Our review of the directors’ statement regarding the longer-term
viability of the group and company was substantially less in scope
than an audit and only consisted of making inquiries and
considering the directors’ process supporting their statement;
checking that the statement is in alignment with the relevant
provisions of the UK Corporate Governance Code; and considering
whether the statement is consistent with the financial statements
and our knowledge and understanding of the group and company
and their environment obtained in the course of the audit.
In addition, based on the work undertaken as part of our audit,
we have concluded that each of the following elements of the
corporate governance statement is materially consistent with
the financial statements and our knowledge obtained during
the audit:
•
The directors’ statement that they consider the Annual Report,
taken as a whole, is fair, balanced and understandable, and
provides the information necessary for the members to assess
the group’s and company’s position, performance, business
model and strategy;
•
The section of the Annual Report that describes the review
of effectiveness of risk management and internal control
systems; and
•
The section of the Annual Report describing the work of the
Audit Committee.
We have nothing to report in respect of our responsibility to
report when the directors’ statement relating to the company’s
compliance with the Code does not properly disclose a departure
from a relevant provision of the Code specified under the Listing
Rules for review by the auditors.
Responsibilities for the financial statements
and the audit
Responsibilities of the directors for the financial statements
As explained more fully in the Directors’ responsibilities
statement, the directors are responsible for the preparation of
the financial statements in accordance with the applicable
framework and for being satisfied that they give a true and fair
view. The directors are also responsible for such internal control
as they determine is necessary to enable the preparation of
financial statements that are free from material misstatement,
whether due to fraud or error.
In preparing the financial statements, the directors are
responsible for assessing the group’s and the company’s ability
to continue as a going concern, disclosing, as applicable,
matters related to going concern and using the going concern
basis of accounting unless the directors either intend to liquidate
the group or the company or to cease operations, or have no
realistic alternative but to do so.
Auditors’ responsibilities for the audit of the financial statements
Our objectives are to obtain reasonable assurance about
whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error, and to
issue an auditors’ report that includes our opinion. Reasonable
assurance is a high level of assurance, but is not a guarantee
that an audit conducted in accordance with ISAs (UK) will always
detect a material misstatement when it exists. Misstatements
can arise from fraud or error and are considered material if,
individually or in the aggregate, they could reasonably be
expected to influence the economic decisions of users taken on
the basis of these financial statements.
Irregularities, including fraud, are instances of non-compliance
with laws and regulations. We design procedures in line with our
responsibilities, outlined above, to detect material misstatements
in respect of irregularities, including fraud. The extent to which
our procedures are capable of detecting irregularities, including
fraud, is detailed below.
Based on our understanding of the group and industry, we
identified that the principal risks of non-compliance with laws
and regulations related to employment laws in the countries
where the group has more significant operations and data
protection laws and regulations, and we considered the extent
to which non-compliance might have a material effect on the
financial statements. We also considered those laws and
regulations that have a direct impact on the financial statements
such as local and international tax laws and the Companies Act
2006. We evaluated management’s incentives and opportunities
for fraudulent manipulation of the financial statements (including
the risk of override of controls), and determined that the principal
risks were related to posting inappropriate journal entries to
manipulate financial performance and revenue recognition.
The group engagement team shared this risk assessment with
the component auditors so that they could include appropriate
audit procedures in response to such risks in their work. Audit
procedures performed by the group engagement team and/or
component auditors included:
•
discussions with management, the Audit Committee and
internal audit, including consideration of known or suspected
instances of non-compliance with laws and regulations
and fraud;
•
reviewing minutes of meetings of those charged with
governance;
•
auditing the tax computations to evaluate compliance with
tax legislation;
•
identifying and testing journal entries, in particular any journal
entries posted with unusual account combinations impacting
revenue recognition; and
•
reviewing financial statement disclosures and testing to
supporting documentation where appropriate to assess
compliance with applicable laws and regulations.
There are inherent limitations in the audit procedures described
above. We are less likely to become aware of instances of
non-compliance with laws and regulations that are not closely
related to events and transactions reflected in the financial
statements. Also, the risk of not detecting a material
misstatement due to fraud is higher than the risk of not
detecting one resulting from error, as fraud may involve
deliberate concealment by, for example, forgery or
intentional misrepresentations, or through collusion.
Our audit testing might include testing complete populations of
certain transactions and balances, possibly using data auditing
techniques. However, it typically involves selecting a limited
number of items for testing, rather than testing complete
populations. We will often seek to target particular items for
testing based on their size or risk characteristics. In other cases,
we will use audit sampling to enable us to draw a conclusion
about the population from which the sample is selected.
A further description of our responsibilities for the audit of the
financial statements is located on the FRC’s website at:
www.frc.org.uk/auditorsresponsibilities. This description forms
part of our auditors’ report.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024110
Report on the audit of the
financial statements continued
Responsibilities for the financial statements
and the audit continued
Use of this report
This report, including the opinions, has been prepared for and
only for the company’s members as a body in accordance with
Chapter 3 of Part 16 of the Companies Act 2006 and for no other
purpose. We do not, in giving these opinions, accept or assume
responsibility for any other purpose or to any other person to
whom this report is shown or into whose hands it may come save
where expressly agreed by our prior consent in writing.
Other required reporting
Companies Act 2006 exception reporting
Under the Companies Act 2006 we are required to report to you
if, in our opinion:
•
we have not obtained all the information and explanations we
require for our audit; or
•
adequate accounting records have not been kept by the
company, or returns adequate for our audit have not been
received from branches not visited by us; or
•
certain disclosures of directors’ remuneration specified by law
are not made; or
•
the company financial statements and the part of the Annual
Report on Remuneration to be audited are not in agreement
with the accounting records and returns.
We have no exceptions to report arising from this responsibility.
Appointment
Following the recommendation of the Audit Committee, we were
appointed by the directors on 7 March 2024 to audit the financial
statements for the period ended 30 September 2024 and
subsequent financial periods. This is therefore our first period
of uninterrupted engagement.
Other matter
The company is required by the Financial Conduct Authority
Disclosure Guidance and Transparency Rules to include these
financial statements in an annual financial report prepared under
the structured digital format required by DTR 4.1.15R – 4.1.18R
and filed on the National Storage Mechanism of the Financial
Conduct Authority. This auditors’ report provides no assurance
over whether the structured digital format annual financial report
has been prepared in accordance with those requirements.
Hazel Macnamara (Senior Statutory Auditor)
for and on behalf of PricewaterhouseCoopers LLP
Chartered Accountants and Statutory Auditors
Manchester
10 December 2024
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 111
Consolidated income statement
for the 16 month period ended 30 September 2024
| 16 months | Year | ||
| period ended | ended | ||
| 30 September | 31 May | ||
| 2024 | 2023 | ||
| Notes | £m | £m | |
Revenue | 3 | ||
Cost of sales | 3 | ( | ( |
Gross profit | 3 | ||
| Administrative expenses | |||
Individually Significant Items | 4 | ( | ( |
Depreciation and amortisation | 5 | ( | ( |
Other administrative expenses | ( | ( | |
Total administrative expenses | ( | ( | |
Operating (loss)/profit | 3 | ( | |
Finance costs | 7 | ( | ( |
Loss before taxation | 5 | ( | ( |
Taxation | 8 | ( | ( |
Loss for the period/year attributable to owners of the Company | ( | ( | |
Loss per ordinary share | 10 | ||
Basic EPS | ( | ( | |
Diluted EPS | ( | ( |
Consolidated statement of comprehensive income
for the 16 month period ended 30 September 2024
| 16 months | ||
| period ended | Year | |
| 30 September | ended | |
| 2024 | 2023 | |
| £m | £m | |
Loss for the period/year attributable to the owners of the Company | ( | ( |
| Other comprehensive (loss)/income | ||
| Items that may be reclassified subsequently to profit or loss (net of tax) | ||
Foreign exchange translation differences | ( | |
Total other comprehensive (loss)/income | ( | |
Total comprehensive loss for the period/year (net of tax) attributable to the owners of the Company | ( | ( |
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024112
Consolidated balance sheet
at 30 September 2024
| 30 September | 31 May | ||
| 2024 | 2023 | ||
| Notes | £m | £m | |
| Non-current assets | |||
Goodwill | 11 | ||
Intangible assets | 11 | ||
Property, plant and equipment | 12 | ||
Right-of-use assets | 13 | ||
Investments | 14 | ||
Deferred tax asset | 17 | ||
Total non-current assets | |||
| Current assets | |||
Inventories | 15 | ||
Trade and other receivables | 16 | ||
Contract assets | 23 | ||
Contingent consideration receivable | 33 | ||
Current tax receivable | |||
Cash and cash equivalents | 24 | ||
Assets classified as held for sale | 18 | ||
Total current assets | |||
Total assets | |||
| Current liabilities | |||
Trade and other payables | 19 | ||
Bank overdraft | 24 | ||
Lease liabilities | 20 | ||
Current tax payable | |||
Derivative financial instruments | 25 | ||
Contingent consideration payable | |||
Provisions | 21 | ||
Contract liabilities – deferred revenue | 22 | ||
Liabilities directly associated with assets classified as held for sale | 18 | ||
Total current liabilities | |||
| Non-current liabilities | |||
Borrowings | 24 | ||
Lease liabilities | 20 | ||
Deferred tax liabilities | 17 | ||
Provisions | 21 | ||
Contract liabilities – deferred revenue | 22 | ||
Total non-current liabilities | |||
Total liabilities | |||
Net assets | |||
| Equity | |||
Share capital | 27 | ||
Share premium | 27 | ||
Merger reserve | 27 | ||
Currency translation reserve | 27 | ||
Retained earnings | 27 | ( | ( |
Total equity |
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 113
Consolidated cash flow statement
for the 16 month period ended 30 September 2024
| 16 months | |||
| period | Year | ||
| ended | ended | ||
| 2024 | 2023 | ||
| Notes | £m | £m | |
| Cash flows from operating activities | |||
Loss for the period/year | ( | ( | |
| Adjustments for: | |||
Depreciation of property, plant and equipment | 12 | ||
Depreciation of right-of-use assets | 13 | ||
Amortisation of customer contracts and relationships | 11 | ||
Amortisation of software and development costs | 11 | ||
Impairment of goodwill | 11 | ||
Impairment of non-current assets included in ISIs | 4 | ||
Impairment of non-current assets included in administrative costs | 5 | ||
Impairment reversal of non-current assets included in ISIs | 4 | ( | |
Share-based payments | 26 | ||
Lease financing costs | 7 | ||
Other financing costs | 7 | ||
Foreign exchange loss | 5 | ||
Disposal of business – transaction costs | 33 | ( | |
Non-cash impact from other Individually Significant Items | 4 | ||
Profit on disposal of right-of-use assets | 5 | ( | ( |
Profit on disposal of businesses | 33 | ( | ( |
Profit on disposal of investment | 14 | ( | |
Loss on disposal of fixed assets | |||
Income tax expense/(credit) | ( | ||
Cash inflow for the year before changes in working capital | |||
Decrease in trade and other receivables | |||
(Increase)/decrease in contract assets | ( | ||
Decrease in inventories | |||
Decrease in trade and other payables | ( | ( | |
Increase/(decrease) in contract liabilities | ( | ||
Increase/(decrease) in provisions | ( | ||
Cash generated from operating activities before interest and taxation | |||
Interest element of lease payments | 20 | ( | ( |
Other interest paid | ( | ( | |
Taxation paid | ( | ( | |
Net cash generated from operating activities | |||
| Cash flows from investing activities | |||
Acquisition of trade and assets as part of business combinations | ( | ( | |
Purchase of property, plant and equipment | ( | ( | |
Software, development and customer contracts expenditure | ( | ( | |
Sale proceeds of business disposals | 4,14 | ||
Net cash generated from/(used in) in investing activities | ( | ||
| Cash flows from financing activities | |||
Proceeds from the issue of ordinary share capital | 27 | ||
Purchase of own shares | ( | ||
Acquisition of treasury shares | ( | ||
Principal element of lease payments | 20 | ( | ( |
Drawdown of borrowings (net of deferred issue costs) | |||
Issue costs related to borrowings | ( | ||
Repayment of borrowings | ( | ( | |
Equity dividends paid | 9 | ( | ( |
Net cash used in financing activities | ( | ( | |
Net decrease in cash and cash equivalents (inc. bank overdraft) | ( | ( | |
Cash and cash equivalents (inc. bank overdraft) at beginning of period | |||
Effect of foreign currency exchange rate changes | |||
Cash and cash equivalents (inc. bank overdraft) at end of period/year | 24 |
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024114
Consolidated statement of changes in equity
for the 16 month period ended 30 September 2024
| Currency | |||||||
| Share | Share | Merger | translation | Retained | |||
| capital | premium | reserve | reserve | earnings | Total | ||
| Notes | £m | £m | £m | £m | £m | £m | |
Balance at 1 June 2022 | ( | ||||||
Loss for the year | ( | ( | |||||
Foreign currency translation differences | |||||||
Total comprehensive income/(loss) for the year | ( | ( | |||||
| Transactions with owners recorded directly | |||||||
| in equity | |||||||
Dividends to equity shareholders | 9 | ( | ( | ||||
Share-based payments | 26 | ||||||
Tax on share-based payments | 8 | ( | ( | ||||
Purchase of own shares | ( | ( | |||||
Shares issued | 27 | ||||||
Total contributions by and distributions to owners | ( | ( | |||||
Balance at 31 May 2023 | ( | ||||||
Loss for the period | ( | ( | |||||
Foreign currency translation differences | ( | ( | |||||
Total comprehensive loss for the period | ( | ( | ( | ||||
| Transactions with owners recorded directly | |||||||
| in equity | |||||||
Dividends to equity shareholders | 9 | ( | ( | ||||
Share-based payments | 26 | ||||||
Acquisition of treasury shares | ( | ( | |||||
Shares issued | 27 | ||||||
Total contributions by and distributions to owners | ( | ( | |||||
Balance at 30 September 2024 | ( |
The accompanying Notes 1 to 34 are an integral part of these consolidated Financial Statements.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 115
Company balance sheet
at 30 September 2024
Company no: 4627044
Notes
30 September
2024
£m
31 May
2023
£m
Non-current assets
Investments in subsidiary undertakings 32 291.1 279.1
Trade and other receivables 16 43.1 23.2
Total fixed assets 334.2 302.3
Current assets
Cash and cash equivalents 24 9.8 15.0
Total current assets 9.8 15.0
Total assets 344.0 317.3
Current liabilities
Trade and other payables 19 9.9 0.2
Total current liabilities 9.9 0.2
Total liabilities 9.9 0.2
Net assets 334.1 317.1
Equity
Share capital 27 3.1 3.1
Share premium 27 224.4 224.1
Merger reserve 27 42.3 42.3
Retained earnings 27 64.3 47.6
Total equity 334.1 317.1
During the period ended 30 September 2024, the Parent Company reported a profit of £38.7m (2023: £17.5m).
The accompanying Notes 1 to 34 are an integral part of these Financial Statements.
These Financial Statements were approved and authorised for issue by the Board of Directors on 10 December 2024. They were
signed on its behalf by:
Mike Maddison Guy Ellis
Chief Executive Officer Chief Financial Officer
10 December 2024 10 December 2024
NCC Group plc — Annual report and accounts for the period ended 30 September 2024116
Company statement of changes in equity
for the 16 month period ended 30 September 2024
Notes
Share
capital
£m
Share
premium
£m
Merger
reserve
£m
Retained
earnings
£m
Total
£m
Balance at 31 May 2022 and 1 June 2022 3.1 224.0 42.3 42.4 311.8
Profit for the year — — — 17.5 17.5
Total comprehensive income for the year — — — 17.5 17.5
Transactions with owners recorded directly in equity
Dividends to equity shareholders 9 — — — (14.5) (14.5)
Increase in subsidiary investment for share-based charges — — — 2.2 2.2
Shares issued 27 — 0.1 — — 0.1
Total contributions by and distributions to owners — 0.1 — (12.3) (12.2)
Balance at 31 May 2023 and 1 June 2023 3.1 224.1 42.3 47.6 317.1
Profit for the period — — — 38.7 38.7
Total comprehensive income for the period — — — 38.7 38.7
Transactions with owners recorded directly in equity
Dividends to equity shareholders 9 — — — (24.3) (24.3)
Increase in subsidiary investment for share-based charges — — — 2.3 2.3
Shares issued 27 — 0.3 — — 0.3
Total contributions by and distributions to owners — 0.3 — (22.0) (21.7)
Balance at 30 September 2024 3.1 224.4 42.3 64.3 334.1
The accompanying Notes 1 to 34 are an integral part of these Financial Statements.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 117
Notes to the Financial Statements
for the 16 month period ended 30 September 2024
NCC Group plc — Annual report and accounts for the period ended 30 September 2024118
1 Accounting policies continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 119
1 Accounting policies continued
Going concern continued
NCC Group plc — Annual report and accounts for the period ended 30 September 2024120
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
1 Accounting policies continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 121
1 Accounting policies continued
Impairment of non-financial assets continued
NCC Group plc — Annual report and accounts for the period ended 30 September 2024122
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
1 Accounting policies continued
Leases continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 123
1 Accounting policies continued
Revenue recognition continued
Summary continued
| Timing of satisfaction of performance | Revenue recognition policies, including determination | ||
Revenue stream | Nature | obligations and significant payment terms | of transaction price and rationale |
| Global | GPS is the Group’s core | The customer simultaneously | Revenue is recognised on an input basis to |
| Professional | consulting service represented | receives the benefits of the | measure the satisfaction of performance |
| Services (GPS) | by consultants providing Cyber | consulting services provided by | obligations over time. This is done according |
| Security consultancy services | the Group in the period over which | to the number of days worked in comparison | |
| to a customer over time or to a | the work is performed and one | to the total contracted number of days of the | |
| set deliverable. | promise (performance obligation) | performance obligation. The work performed | |
| Some contracts may contain | is identified. Work is performed | occurs on a daily basis (for example security | |
| multiple services (e.g. Cyber | on a daily basis. | assessment of a customer’s security | |
| Security assessment and | Invoices are raised monthly or | environment). | |
| certified product evaluation | based on an agreed invoicing | It is considered that as the customer benefits | |
| services). These will be | profile with the customer. | over time based on consultants’ time, the | |
| identified as separate | Invoices are usually payable | input method faithfully depicts the Group’s | |
| performance obligations, and | within 30 days. | performance towards complete satisfaction | |
| the transaction price allocated | of the single performance obligation. | ||
| to each of these is determined | No discounts or retrospective | Transaction price is determined by fixed | |
| by using a fixed contract rate | rebates are provided. | contract rates based upon day rates and | |
| based upon day rates, being | number of days. | ||
| the relative standalone selling | |||
| price basis. | |||
| Specifically, the contract terms | |||
| range from time and materials | |||
| (based upon consultants’ time | |||
| and expenses) to discrete | |||
| statements of work, whereby | |||
| the customer benefits | |||
| gradually over the period over | |||
| which the work is performed, | |||
| unless there is a set deliverable | |||
| (for example a defined security | |||
| assessment report). |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024124
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Timing of satisfaction of performance | Revenue recognition policies, including determination | ||
Revenue stream | Nature | obligations and significant payment terms | of transaction price and rationale |
| Global | The Group in certain situations | The customer simultaneously | Revenue is recognised on an input basis to |
| Professional | operates on agreed customer | receives and consumes the benefits | measure the satisfaction of performance |
| Services (GPS) | terms, which allow the Group | of the consulting services provided | obligations over time. |
| continued | to recover any abortive | by the Group over the period over | Transaction price is determined by fixed |
| revenue from its customer in | which the work is performed by | contract rates based upon day rates and | |
| the event that a customer | the Group and one performance | number of consultancy days. Invoices in | |
| terminates a contract before | obligation is identified. This is done | relation to the abortive revenue will be | |
| the contract or deliverable | according to the number of days | recognised when aborted. | |
| is complete. | worked in comparison to the total | ||
| contracted number of days of the | |||
| performance obligation. | |||
| Invoices are usually payable | |||
| within 30 days. | |||
| Global Managed | These services provide | The customer will benefit from | The amount of revenue recognised in relation |
| Services (GMS) | operational cyber defence, | the services over the period of | to software licence(s) depends on whether the |
| incident response, scanning, | the contract. | Group acts as an agent or as a principal. | |
| simulation and managed | However, the type of contract | The Group acts as principal when the Group | |
| security operations centres | will depend on how the customer | controls the specified software licence or | |
| (SOCs). Services are typically | benefits from the software | service prior to transfer (MSP model). | |
| for an extended delivery | licence(s). | ||
| duration, with contract lengths | When the Group acts as a principal the | ||
| varying up to a maximum of | Where an MSP model is selected | revenue recorded is the gross amount billed. | |
| five years. | by the customer, the Group | The transaction price is determined by a | |
| The proposition will also | generally recognises three | contract price (cost plus mark-up). The | |
| provide the customer with | performance obligations: | transaction price for the overall service is | |
| outlined within the customer contract. In | |||
| software licence(s) to enable | • Set-up fees | certain scenarios, the contract will outline the | |
| these services to occur. | • Post-go-live fees | price for each performance obligation, which is | |
| On this basis, the Group | • Combined monitoring cyber | considered to be the standalone selling price | |
| operates two types of | and licence service | of the services/goods, and the transaction | |
| contracts: | Where the licence and monitoring | price is allocated to each performance | |
| obligation on this basis. Where the contract | |||
• A Managed Service Provider | services terms are not coterminous, | does not stipulate the price per performance | |
| (MSP) model whereby the | they are treated as separate | obligation, management determines the | |
| customer is supplied with | performance obligations. | relative standalone selling price for each | |
| one complete integrated | The MSP model is considered to | performance obligation based on the residual | |
| service including the | be under a principal arrangement | approach. This is assessed by reference to the | |
| software licence(s) | whereby the Group controls the | total transaction price less the sum of the | |
• A reseller model whereby the | service prior to transfer. | observable standalone selling prices of the | |
| Group sources the software | other services promised in the contract. The | ||
| licence(s) on behalf of the | Where a reseller model is selected | contract transaction price is allocated to each | |
| customer and provides the | by the customer, the Group | performance obligation in proportion to those | |
| Managed Detection and | recognises four performance | standalone selling prices. | |
| Response services | obligations: | Under a reseller model, the Group’s | |
| These services will also | • Sourced software licence(s) | responsibility is to arrange for a third party to | |
| include set-up fees. Set-up | • Set-up fees | provide a specified software licence(s) to the | |
| fees represent workshops, | • | customer. In these cases, the Group is acting | |
| design and configuration to | Post-go-live fees | as an agent and the Group does not control the | |
| create a “connection” | • Monitoring cyber service | relevant licence(s) before it is transferred to | |
| between systems. | The reseller model is considered to | the customer. In particular, the Group does not | |
| Following services going live, | be under an agency arrangement | have inventory risk, have access to its source | |
| the Group will also provide a | whereby the customer receives the | code or hold the IP rights. | |
| certain level of professional | benefit and control of the licence | When the Group is acting as an agent, the | |
| service consultancy days | on delivery. | revenue is recorded at the net amount retained | |
| based on a day rate | Invoices are raised monthly or | (commission) at a point in time as the customer | |
| (post-go-live fees). | based on an agreed invoicing | receives immediate benefit from access to the | |
| profile with the customer. | licence and the Group does not have any further | ||
| Invoices are usually payable | obligations in relation to the provision of the | ||
| within 30 days. | licence. The commission transaction value | ||
| represents the mark-up on the licence provided. |
1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 125
| Timing of satisfaction of performance | Revenue recognition policies, including determination | ||
Revenue stream | Nature | obligations and significant payment terms | of transaction price and rationale |
| Global Managed | The majority of set-up fees relate to the MSP model. | ||
| Services (GMS) | Set-up fees are recognised over time of the set-up. | ||
| continued | The set-up activities are completed by a separate | ||
| deployment team that typically spans a period of | |||
| one to two months. The set-up activities do not | |||
| customise the licence provided by the third party | |||
| but only allow a link between the client’s | |||
| infrastructure and the software to allow monitoring | |||
| services to be provided by the Group one the | |||
| set-up process is completed. On this basis, the | |||
| client can benefit from each of the goods and | |||
| services either on their own or together with the | |||
| other goods and services that are readily available | |||
| and the promise to transfer the goods or service | |||
| is distinct. | |||
| The set-up fees are based on day rates incurred | |||
| (defined by an in-house day rate sales pricing | |||
| matrix). Accordingly, the charge out rates are | |||
| recognised and allocated to these tasks when | |||
| performed akin to technical professional day rate | |||
| services. These rates are considered to be the | |||
| standalone selling prices and are not discounted | |||
| or reduced for other services. | |||
| Post-go-live fees are recognised on delivery of | |||
| consultancy services over time as the customer | |||
| obtains incremental benefit from the hours | |||
| provided. Revenue is recognised on an input basis | |||
| (day rates) to measure the satisfaction of | |||
| performance obligations over time. | |||
| Transaction price is determined by fixed contract | |||
| rates based upon day rates and number of | |||
| post-go-live consultancy days. | |||
| Where one performance obligation, being a | |||
| combined monitoring cyber and licence service, is | |||
| identified in relation to the MSP model monitoring | |||
| service, revenue is recognised over the contract | |||
| length as the software and monitoring process is an | |||
| overall service, whereby the Group retains control | |||
| of the licence and provides a complete monitoring | |||
| service to the customer. If the customer cancels the | |||
| contract, the Group will retain control of the licence. | |||
| Where separate performance obligations are | |||
| identified for monitoring services and the licence, | |||
| revenue is recognised over the period the | |||
| respective services are offered, in line with the | |||
| underlying contract. | |||
| The customer benefits from a 24/7 monitoring | |||
| service whereby benefit is obtained daily and | |||
| therefore revenue is recognised on straight-line | |||
| basis as the performance obligation is satisfied | |||
| over time. | |||
| The transaction price is determined by fixed | |||
| contract rates for the services. | |||
| Revenue in relation to the reseller model monitoring | |||
| service is recognised over the contract length on a | |||
| straight-line basis as the performance obligation is | |||
| satisfied over time. The customer benefits from a | |||
| 24/7 monitoring service whereby benefit is | |||
| obtained daily on straight-line basis. |
1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
NCC Group plc — Annual report and accounts for the period ended 30 September 2024126
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Timing of satisfaction of performance | Revenue recognition policies, including determination | ||
Revenue stream | Nature | obligations and significant payment terms | of transaction price and rationale |
Product sales | This revenue represents | The customer only benefits from | Revenue is recognised when control of |
| the sale of own manufactured | the products on delivery. | the product is transferred to the customer. | |
| and/or resale of third party | Invoices are raised monthly or | This occurs upon delivery under the | |
| products with no connection | based on an agreed invoicing | contractual terms. | |
| to other Group services. | profile with the customer. | On certain sales of third party products, the | |
| Invoices are usually payable | control of the product is considered to pass | ||
| within 30 days. | from the vendor to the end customer and in | ||
| these cases the Group acts as an agent, and | |||
| hence only records a commission on sale as | |||
| opposed to gross revenue and costs of sale. | |||
| Long-term fixed | This revenue represents | Delivery of the product is | Revenue is recognised on an input basis to |
| price contracts | the long-term development | considered to represent one | measure the satisfaction of the performance |
| and/or manufacture of | performance obligation. | obligation over time. This is done according to | |
| specialised software and | The development and/or | total costs incurred in comparison to the total | |
| hardware solutions. | manufacturing work carried out | expected costs to be incurred to satisfy the | |
| by the Group is not considered to | performance obligation. This input measure is | ||
| create an asset with an alternative | driven by the nature of the activities carried | ||
| use to the entity. The Group is | out in satisfying the performance obligation. | ||
| entitled to payment as performance | The transaction price is fixed within the terms | ||
| of the contract is completed. On | of the contractual arrangement. | ||
| this basis, revenue is recognised | |||
| over time. | |||
| Invoices are raised based on | |||
| achievements of pre-defined | |||
| milestones in the contract. | |||
| Invoices are usually payable | |||
| within 30 days. | |||
| Escode | |||
| Escrow contract | These services securely | The customer benefits from the | Revenue is recognised over time on a straight- |
| services | maintain in “escrow” the | escrow service evenly over a | line basis representing the service delivery |
| long-term availability of | contract period, usually at least | agreement. The nature of the agreement gives | |
| business-critical software and | a year and potentially up to | rise to the customer having the benefit of Escode | |
| applications while protecting | three years. | if and when required over the contract period. | |
| the intellectual property rights | The service represents one | Revenue is recognised on a straight-line basis | |
| (IPR) of technology partners. | performance obligation. | as the pattern of benefit to the customer as well | |
| The service will include set-up | as the Group’s efforts to fulfil the contract are | ||
| time, which is administrative | Invoices are raised based on | generally even throughout the period. | |
| in nature. | an agreed invoicing profile with | The transaction price is determined by a | |
| the customer. | contract price. | ||
| Invoices are usually payable | Set-up time is not considered distinct and a | ||
| within 30 days. | separate performance obligation due to the | ||
| administrative nature and therefore is | |||
| recognised over the period of the contract. | |||
| Verification | These services verify source | The customer benefits from the | Revenue is recognised on completion of the |
| services | code based upon an agreed | verification service on completion | verification services. |
| scope between all parties and | because the source code will only | Transaction price is determined by fixed | |
| provide a fully managed secure | have been fully verified/validated | contract rates based upon day rates and | |
| service and result validation, | at that point. | number of verification days. | |
| typically delivered over a short | The service represents one | ||
| period of time (days). | performance obligation. | ||
| These include SaaS services | Invoices are raised monthly or | ||
| and ICANN services. | based on an agreed invoicing | ||
| profile with the customer. | |||
| Invoices are usually payable | |||
| within 30 days. |
1 Accounting policies continued
Revenue recognition continued
Detailed policies continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 127
1 Accounting policies continued
NCC Group plc — Annual report and accounts for the period ended 30 September 2024128
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
1 Accounting policies continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 129
1 Accounting policies continued
Accounting area | Accounting judgement? | Accounting estimate? |
Carrying value of Goodwill | No | Yes |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024130
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
2 Critical accounting judgements and key sources of estimation uncertainty continued
3 Segmental information
The Group is organised into the following two (2023: two) reportable segments: Cyber Security and Escode. The two reporting
segments provide distinct types of service. Within each of the reporting segments the operating segments provide a homogeneous
group of services. These operating segments are deemed to hold similar economic characteristics. The operating segments are
grouped into the reporting segments on the basis of how they are reported to the Chief Operating Decision Maker (CODM) for the
purposes of IFRS 8 ‘Operating Segments’, which is considered to be the Board of Directors of NCC Group plc.
Operating segments are aggregated into the two reportable segments based on the types and delivery methods of services they
provide, common management structures, and their relatively homogeneous commercial and strategic market environments.
Performance is measured based on reporting segment profit, with interest and tax not allocated to business segments. There are
no intra-segment sales.
| Cyber | Central and | |||
| Security | Escode | head office | Group | |
| Segmental analysis for the period ended 30 September 2024 | £m | £m | £m | £m |
Revenue | 342.1 | 87.4 | — | 429.5 |
Cost of sales | (224.1) | (26.7) | — | (250.8) |
Gross profit | 118.0 | 60.7 | — | 178.7 |
Gross margin % | 34.5% | 69.5% | — | 41.6% |
Administrative expenses | (97.3) | (24.1) | (3.4) | (124.8) |
Share-based payments | (0.1) | (0.2) | (2.0) | (2.3) |
Depreciation and amortisation | (10.9) | (0.6) | (5.3) | (16.8) |
Amortisation of acquired intangibles | (1.4) | (7.1) | (4.0) | (12.5) |
Individually Significant Items (Note 4) | (41.4) | (0.1) | — | (41.5) |
Operating (loss)/profit | (33.1) | 28.6 | (14.7) | (19.2) |
Finance costs | (8.3) | |||
Loss before taxation | (27.5) | |||
Taxation | (5.0) | |||
Loss for the period | (32.5) |
1 Revenue at constant currency, Adjusted EBITDA, and net debt excluding lease liabilities are Alternative Performance Measures (APMs) rather than IFRS
measures. For an explanation of APMs and adjusting items, including a reference to the reconciliation with statutory information, please see appendix 2.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 131
3 Segmental information continued
| Cyber | Central and | |||
| Security | Escode | head office | Group | |
| Segmental analysis for the year ended 31 May 2023 | £m | £m | £m | £m |
Revenue | 270.8 | 64.3 | — | 335.1 |
Cost of sales | (184.7) | (18.4) | — | (203.1) |
Gross profit | 86.1 | 45.9 | — | 132.0 |
Gross margin % | 31.8% | 71.4% | — | 39.4% |
Administrative expenses | (70.7) | (14.7) | (5.2) | (90.6) |
Share-based payments | (1.6) | (0.1) | (0.5) | (2.2) |
Depreciation and amortisation | (8.5) | (0.6) | (3.5) | (12.6) |
Amortisation of acquired intangibles | (1.2) | (5.8) | (3.0) | (10.0) |
Individually Significant Items (Note 4) | (12.3) | (2.4) | — | (14.7) |
Operating (loss)/profit | (8.2) | 22.3 | (12.2) | 1.9 |
Finance costs | (6.2) | |||
Loss before taxation | (4.3) | |||
Taxation | (0.3) | |||
Loss for the year | (4.6) |
| Cyber | Central and | |||
| Security | Escode | head office | Group | |
| Segmental analysis for the period ended 30 September 2024 | £m | £m | £m | £m |
Additions to non-current assets | 12.6 | 1.6 | 4.0 | 18.2 |
Reportable segment assets | 183.8 | 198.8 | 37.5 | 420.1 |
Reportable segment liabilities | (77.2) | (24.7) | (113.0) | (214.9) |
| Cyber | Central and | |||
| Security | Escode | head office | Group | |
| Segmental analysis for the year ended 31 May 2023 Restated* | £m | £m | £m | £m |
Additions to non-current assets | 7.0 | 0.3 | 4.3 | 11.6 |
Reportable segment assets | 238.8 | 209.1 | 53.5 | 501.4 |
Reportable segment liabilities | (131.4) | (21.0) | (70.8) | (223.2) |
* The prior year figures have been restated following a review of the Group’s segmental goodwill allocation. £143.7m of goodwill previously allocated to the
central and head office segment has been reallocated to the Cyber Security (£115.1m) and Escode (£28.6m) segments to better reflect the Group’s
operational structure and ensure consistency with the segment disclosures in Note 11, Goodwill and Intangible Assets. In the prior presentation, the UK
reportable segment assets were as follows: £197.2m for central and head office, £180.5m for Escode, and £123.7m for Cyber Security.
The central and head office cost centre is not considered to be a separate operating segment nor part of any other operating
segment as it does not generate any revenues. Included within central and head office are assets and liabilities not specifically
allocated to the reporting segments and include investments, head office tangible and intangible assets, deferred tax assets and
liabilities, right-of-use assets and associated lease liabilities, Parent Company cash balances, the RCF facility and certain provisions.
Central and head office assets and liabilities are disclosed to allow a reconciliation back to the Group’s assets and liabilities.
| Restated * | ||
| 2024 | 2023 | |
| £m | £m | |
UK | 85.9 | 96.9 |
APAC | 5.4 | 2.4 |
North America | 164.3 | 222.6 |
Europe | 18.0 | 76.2 |
Total non-current assets | 273.6 | 398.1 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024132
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
3 Segmental information continued
| Cyber | 2024 | Cyber | 2023 | |||
| Security | Escode | Total | Security | Escode | Total | |
| £m | £m | £m | £m | £m | £m | |
| Revenue by originating country | ||||||
UK | 158.9 | 36.5 | 195.4 | 106.6 | 25.8 | 132.4 |
APAC | 14.4 | — | 14.4 | 11.8 | — | 11.8 |
North America | 90.7 | 45.5 | 136.2 | 99.3 | 34.5 | 133.8 |
Europe | 78.1 | 5.4 | 83.5 | 53.1 | 4.0 | 57.1 |
Total revenue | 342.1 | 87.4 | 429.5 | 270.8 | 64.3 | 335.1 |
| Cyber | 2024 | Cyber | 2023 | |||
| Security | Escode | Total | Security | Escode | Total | |
| £m | £m | £m | £m | £m | £m | |
| Revenue by category | ||||||
Services | 337.5 | 87.4 | 424.9 | 267.1 | 64.3 | 331.4 |
Products | 4.6 | — | 4.6 | 3.7 | — | 3.7 |
Total revenue | 342.1 | 87.4 | 429.5 | 270.8 | 64.3 | 335.1 |
| Cyber | 2024 | Cyber | 2023 | |||
| Security | Escode | Total | Security | Escode | Total | |
| £m | £m | £m | £m | £m | £m | |
| Timing of revenue recognition | ||||||
Services and products transferred over time | 322.1 | 57.9 | 380.0 | 252.9 | 42.8 | 295.7 |
Services and products transferred at a point in time | 20.0 | 29.5 | 49.5 | 17.9 | 21.5 | 39.4 |
Total revenue | 342.1 | 87.4 | 429.5 | 270.8 | 64.3 | 335.1 |
| Restated * | ||
| 2024 | 2023 | |
| £m | £m | |
Technical Assurance Services (TAS) | 141.4 | 142.9 |
Consulting and Implementation (C&I) | 55.2 | 44.7 |
Managed Services (MS) | 91.8 | 50.1 |
Digital Forensics and Incident Response (DFIR) | 20.6 | 13.5 |
Other services | 33.1 | 19.6 |
Total Cyber Security revenue | 342.1 | 270.8 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 133
3 Segmental information continued
Escode revenues analysed by service line:
| 2024 | 2023 | |
| £m | £m | |
Escrow contracts | 57.2 | 42.8 |
Verification services | 30.2 | 21.5 |
Total Escode revenue | 87.4 | 64.3 |
4 Individually Significant Items (ISI)
The Group separately identifies items as Individually Significant Items. Each of these is considered by the Directors to be sufficiently
unusual in terms of nature or scale so as not to form part of the underlying performance of the business. They are therefore separately
identified and excluded from adjusted results (as explained in appendix 2).
| 2024 | 2023 | ||
| Reference | £m | £m | |
North America Cyber Security goodwill impairment | a | 31.9 | 9.8 |
Fundamental reorganisation costs | b | 9.4 | 4.2 |
Transaction costs associated with disposal of Fox Crypto | c | 1.6 | — |
Costs associated with strategic review of Escode business | d | 0.1 | 3.0 |
NCC Group A/S goodwill impairment | e | — | 3.0 |
IPM Escode business deferred revenue adjustment | f | — | (0.6) |
Profit on disposal of non-core operations | g | (1.5) | (4.7) |
Total ISIs | 41.5 | 14.7 |
(a) North America Cyber Security goodwill impairment
Following the impairment review of goodwill as at 31 May 2024, an impairment of £31.9m (2023: £9.8m) has been recognised in
North America Cyber Security. For further details, please refer to Note 11.
(b) Fundamental reorganisation costs
In order to implement the next chapter of the Group’s strategy to enhance future growth, certain strategic actions are required
including reshaping the Group’s global delivery and operational model. This reshaping is considered a fundamental reorganisation
and restructuring programme that will span reporting periods, and the total project size and nature are considered in totality. The
programme commencement was accelerated following the Group experiencing specific market conditions that validated the rationale
of the next chapter of the Group’s strategy. The programme has three planned phases as follows:
•
Phase 1 (March–April 2023) – initial reduction in global delivery and operational headcount; c.7% reduction of the Group’s global
headcount.
•
Phase 2 (June–September 2023) – a further reduction in global delivery, operational and corporate functions headcount prior to
opening our offshore operations and delivery centre in Manila.
•
Phase 3 (October 2023–December 2025) – finalisation of the Group’s operating model.
Costs of £9.4m (2023: £4.2m) and a cash outflow of £6.0m (2023: £3.4m) have been incurred in relation to the implementation of
this reorganisation. These cash outflows consist of severance payments, associated taxes, and professional fees for advisory and
legal services.
The reorganisation costs include £3.4m related to property rationalisation. This comprises £3.5m (2023: £nil) in property closure
impairment charges and £0.4m (2023: £nil) in fixed asset impairment charges, both relating to non-current assets. Additionally, £0.7m
(2023: £nil) relates to non-rental provision costs.
Offsetting these costs are £0.8m (2023: £nil) in non-current asset impairment reversals and £0.4m (2023: £nil) in provision reversals.
These costs and reversals reflect the impact of a reduction in the Group’s global headcount, leading to decreased office utilisation
and a re-evaluation of the global property portfolio.
It is expected that costs will also be incurred for the year ending 30 September 2025 and the Group will have to exercise judgement
in assessing whether the restructuring items should be classified as ISI, this will involve taking into account the nature of the item,
cause of occurrence and scale of the impact of those items on the reported performance, resultant benefits and after considering the
original reorganisation programme principles and plans.
(c) Transaction costs associated with the disposal of Fox Crypto
On 1 August 2024, the Group announced the disposal of Fox Crypto B.V. for initial expected gross consideration of €77.3m to
CR Group Nordic AB. As at 30 September 2024, the disposal was yet to be finalised, with completion expected in early FY25.
As of 30 September 2024, transaction costs of £1.6m were incurred (2023: £nil), which meet the Group’s policy for ISIs as they relate
to the disposal of a non-core operation. The expected gain on this disposal will be included within ISIs for the year ending
30 September 2025.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024134
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
4 Individually Significant Items (ISI) continued
(d) Costs associated with strategic review of Escode business
During February 2023, the Group announced its ongoing strategic review of Escode business and of other core and non-core assets.
During the period ended 30 September 2024, a number of additional professional fees totalling £0.1m (2023: £3.0m) have been incurred,
mainly in respect of advisory services. Such costs meet the Group’s policy for ISIs as they have been incurred as part of the wider
restructuring/reorganisation activities that are ongoing within the Group. The Group has now stopped the strategic review of the
Escode business.
(e) NCC Group A/S goodwill impairment
On 1 June 2022, the Group made the decision to reorganise its Danish business (NCC Group A/S) which had previously been a part of
the EU Assurance CGU. Following that reorganisation, the cash inflows associated with the Danish business are separately identifiable
and therefore the carrying value of the CGU assets were assessed separately for impairment at 31 May 2023. The charge of £nil
(2023: £3.0) represented the impairment of goodwill associated with the Danish business following completion of that review. Such
costs met the Group’s policy for ISIs as this is a significant one-off event.
(f) IPM Software Resilience business deferred revenue adjustment
This represents an adjustment to the opening deferred revenue balance in respect of the IPM acquisition in June 2021. During FY24,
opening deferred revenue balances on verification tests totalling £nil (2023: £0.6m) have been identified for which the work has not
been performed and the statute of limitations has now expired. As the period of hindsight for adjusting goodwill has now expired
management has released these amounts to the Income Statement. Given the nature of this release which would typically have been
adjusted to goodwill it is considered to meet the definition of an individually significant item and has been classified as such.
(g) Profit on disposal of non-core operations
On 30 April 2024, the Group disposed of its DetACT business for cash consideration of £8.2m. The profit of £1.6m (2023: £nil) is
directly attributable to the disposal of the DetACT business. Please see Note 33 for further details.
On 31 December 2022, the Group disposed of its DDI business for a total consideration of £5.8m, consisting of a cash payment of
£2.0m and contingent consideration of £3.8m. This disposal resulted in a profit of £nil (2023: £4.7m), directly attributable to the DDI
business sale. Further details are available in Note 33. The Group classified these proceeds under ISIs due to the material profit on
disposal. During the period, the £3.8m contingent consideration identified in 2023 was received, and a £0.1m reclassification (2023:
£nil) related to the final tranche payment was recorded.
| 2024 | 2023 | |
| £m | £m | |
| Loss before taxation is stated after charging/(crediting): | ||
| Amounts receivable by auditor and its associates in respect of: | ||
Audit of the Parent and consolidated annual Financial Statements | 1.6 | 1.1 |
Audit of Financial Statements of subsidiaries pursuant to legislation | 0.1 | 0.2 |
Other assurance services (See Audit Committee Report on page 67 for further information) | 0.1 | — |
Total audit 1 | 1.8 | 1.3 |
Amortisation of development costs (Note 11) | 1.3 | 1.2 |
Amortisation of software costs (Note 11) | 2.0 | 1.2 |
Amortisation of acquired intangibles (Note 11) | 12.5 | 10.0 |
Depreciation of property, plant and equipment (Note 12) | 5.4 | 4.5 |
Depreciation of right-of-use assets (Note 13) | 8.1 | 5.7 |
Other impairment charge of non-current assets | 0.9 | 1.1 |
Individually Significant Items (ISIs) (Note 4) | 41.5 | 14.7 |
Net impairment losses/(gains) on financial and contract assets (Note 16, 23) | 0.4 | (1.5) |
Cost of inventories recognised as an expense | 0.8 | 0.6 |
Foreign exchange losses | 1.9 | 0.6 |
Research and development UK tax credits | (0.5) | (0.5) |
Profit on disposal of right-of-use assets | (0.1) | (0.7) |
The impairment charge of non-current assets relates to impairment charges not included within Individually Significant Items.
1 The only non-audit services provided by the auditor were the interim review as of 31 May 2024, for which the fee was £80,000, and access to a generic
online accounting manual, for which the fee was £2,000. No interim review was provided in the year ended 31 May 2023, nor fee charged for access to
such a manual.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 135
6 Staff numbers and costs
Directors’ emoluments are disclosed in the Remuneration Committee Report. Total aggregate emoluments of the Directors in respect of
the 16 months period ended 30 September 2024 were £3.4m (2023: £2.3m). Employer contributions to pensions for Executive Directors
for qualifying periods were £50,000 (2023: £32,000). The Company provided pension payments in lieu of pension contributions for three
(2023: three) Executive Directors during the period ended 30 September 2024 amounting to £38,000 (2023: £32,000). The aggregate
net value of share awards granted to the Directors in the period was £3.7m (2023: £1.9m). The net value has been calculated by
reference to the closing mid-market price of the Company’s shares on the day before the date of grant. During the period, 5,000
(2023: 98,598) share options were exercised by Directors and their gain on exercise of share options was £5,000 (2023: £13,463).
The average monthly number of persons employed by the Group during the period, including Executive Directors, is analysed by
category as follows:
| Number of colleagues | ||
2024 | 2023 | |
Operational | 1,733 | 1,955 |
Administration | 468 | 478 |
Total | 2,201 | 2,433 |
The aggregate payroll costs of these persons were as follows:
| 2024 | 2023 | |
| £m | £m | |
Wages and salaries | 247.4 | 208.1 |
Share-based payments (Note 26) | 2.3 | 2.2 |
Social security costs | 25.9 | 20.3 |
Other pension costs (Note 30) | 8.0 | 6.3 |
Total payroll costs | 283.6 | 236.9 |
| 2024 | 2023 | |
| £m | £m | |
Interest payable on bank loans and overdrafts | 6.6 | 4.5 |
Unamortised underwriting fees associated with old revolving credit facility | — | 0.6 |
Interest expense on lease liabilities | 1.7 | 1.1 |
Finance costs | 8.3 | 6.2 |
8 Taxation
Recognised in the Income Statement
| 2024 | 2023 | |
| £m | £m | |
| Current tax expense | ||
Current period/year | 1.6 | 0.1 |
Overseas current tax for the period/year | 6.0 | 5.9 |
Impact of prior year US R&D tax credits | (1.8) | (1.0) |
Adjustments in respect of prior periods | (2.6) | (2.8) |
Total current tax | 3.2 | 2.2 |
| Deferred tax expense | ||
Origination and reversal of temporary differences | (1.2) | (3.0) |
Movement in tax rate | — | (0.2) |
Impact of prior year US R&D tax credits | (0.2) | (0.4) |
Adjustment to tax expense in respect of prior periods | 3.2 | 1.7 |
Total deferred tax | 1.8 | (1.9) |
Total tax expense | 5.0 | 0.3 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024136
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
8 Taxation continued
Reconciliation of taxation
| 2024 | 2023 | |
| £m | £m | |
Loss before taxation | (27.5) | (4.3) |
Current tax using the UK effective corporation tax rate of 25% (2023: 20%) | (6.9) | (0.9) |
| Effects of: | ||
Items not deductible/(taxable) for tax purposes | 5.0 | 2.6 |
Adjustment to tax charge in respect of prior periods | 0.6 | (1.1) |
Impact of prior year US R&D tax credits | (2.0) | (1.4) |
Impact of current period/year US R&D tax credits | 0.3 | (0.3) |
Differences between overseas tax rates | (0.6) | 1.0 |
Movements in temporary differences not recognised | 8.6 | 0.6 |
Movement in tax rate | — | (0.2) |
Total tax expense | 5.0 | 0.3 |
During the period, a deferred tax asset of £7.1m was generated in North America, which has not been recognised. This reflects an
assessment of the recoverability of the Group’s North American deferred tax assets, based on latest available forecasts and expectations
of future taxable profits in the region. The decision not to recognise these assets was made in accordance with IAS 12 Income Taxes,
which requires that deferred tax assets be recognised only to the extent it is probable that sufficient taxable profits will be available
to utilise the deductible temporary differences. As of 30 September 2024, the criteria for recognition were not met.
As this derecognition relates to the historical performance of our North American Cyber Security Business, where the recovery in
demand has been less consistent than expected, it is directly tied to the goodwill impairment of £31.9m at 31 May 2024 (taken to ISIs,
see note 4). The Group has included this adjustment as an adjusted item within the taxation line in the Income Statement. For
reconciliation to statutory measures, please see page 50.
The UK government introduced legislation in the Finance Bill 2021 to increase the main rate of UK corporation tax from 19% to 25%
with effect from 1 April 2023. The legislation was substantively enacted on 24 May 2021 and therefore UK deferred tax balances as at
balance sheet date are generally measured at a rate of 25%.
Tax uncertainties
The tax expense reported for the current period and prior year is affected by certain positions taken by management where there
may be uncertainty. The most significant source of uncertainty arises from claims for US R&D tax credits relating to the current and
previous periods. Uncertainty relates to the interpretation of US legislation applicable to periods where the statute of limitations has
not expired. As at 30 September 2024, the gross cumulative amount of US R&D tax credits amounts to £9.5m (2023: £10.4m) of which
a cumulative tax benefit has been recognised of £6.7m (2023: £6.2m). The unrecognised benefit is £2.8m (2023: £4.2m).
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 137
9 Dividends
| 2024 | 2023 | |
| £m | £m | |
Dividends paid and recognised in the period/year | 14.5 | 14.5 |
Dividends recognised but not paid in the period/year | 9.8 | — |
Dividends per share paid and recognised in the period/year | 4.65p | 4.65p |
Dividends per share recognised but not paid in the period/year | 3.15p | — |
Dividends per share proposed but not recognised in the period/year | 1.5p | 3.15p |
The interim dividend of £9.8m which was approved during the period ended 30 September 2024 was paid on 1 October 2024,
and therefore included within non-trade payables (see Note 19).
The proposed final dividend for the period ended 30 September 2024 of 1.5 p per ordinary share was recommended by the Board
on 5 December 2024 and will be paid on 4 April 2025, to shareholders on the register at the close of business on 21 February 2025.
The ex-dividend date is 20 February 2025. The dividend will be recommended to shareholders at the AGM on 28 January 2025.
The dividend has not been included as a liability as at 30 September 2024. The payment of this dividend will not have any tax
consequences for the Group.
10 Loss per ordinary share
| 2024 | 2023 | |
| £m | £m | |
Loss for the period/year attributable to owners of the Company | (32.5) | (4.6) |
| Number | Number | |
| of shares | of shares | |
| m | m | |
Weighted average number of shares in issue | 313.3 | 311.1 |
Less: weighted average holdings by Group ESOT | (1.6) | (0.7) |
Basic weighted average number of shares in issue | 311.7 | 310.4 |
Dilutive effect of share options | 1.5 | 0.8 |
Diluted weighted average shares in issue | 313.2 | 311.2 |
For the purposes of calculating the dilutive effect of share options, the average market value is based on quoted market prices for the
period during which the options are outstanding. Given the Group reported a loss for the period, the diluted EPS does not include the
dilutive effect of share options.
| 2024 | 2023 | |
| Pence | Pence | |
| Loss per ordinary share | ||
Basic | (10.4) | (1.5) |
Diluted | (10.4) | (1.5) |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024138
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Customer | ||||||
| Development | contracts and | Intangibles | ||||
| Goodwill | Software | costs | relationships | sub-total | Total | |
| £m | £m | £m | £m | £m | £m | |
| Cost: | ||||||
At 1 June 2022 | 322.1 | 18.7 | 12.9 | 176.8 | 208.4 | 530.5 |
Additions | — | 2.5 | 0.9 | — | 3.4 | 3.4 |
Disposals (see Note 33) | (1.0) | — | — | — | — | (1.0) |
Effects of movements in exchange rates | 3.5 | — | — | 2.4 | 2.4 | 5.9 |
At 31 May 2023 | 324.6 | 21.2 | 13.8 | 179.2 | 214.2 | 538.8 |
Additions | — | 1.4 | 1.0 | 0.2 | 2.6 | 2.6 |
Disposals (see Note 33) | (5.9) | (0.6) | (9.9) | — | (10.5) | (16.4) |
Assets classified as held for sale | (51.9) | — | (2.5) | — | (2.5) | (54.4) |
Effects of movements in exchange rates | (9.6) | (0.2) | (0.1) | (9.4) | (9.7) | (19.3) |
At 30 September 2024 | 257.2 | 21.8 | 2.3 | 170.0 | 194.1 | 451.3 |
| Accumulated amortisation and impairment: | ||||||
At 1 June 2022 | (56.0) | (12.7) | (9.8) | (67.3) | (89.8) | (145.8) |
Charge for year | — | (1.2) | (1.2) | (10.0) | (12.4) | (12.4) |
Impairment | (12.8) | (0.6) | — | — | (0.6) | (13.4) |
Effects of movements in exchange rates | — | — | (0.1) | (0.4) | (0.5) | (0.5) |
At 31 May 2023 | (68.8) | (14.5) | (11.1) | (7 7.7) | (103.3) | (172.1) |
Charge for year | — | (2.0) | (1.3) | (12.5) | (15.8) | (15.8) |
Impairment | (31.9) | — | — | — | — | (31.9) |
Disposals | — | — | 8.8 | — | 8.8 | 8.8 |
Assets classified as held for sale | — | — | 2.4 | — | 2.4 | 2.4 |
Effects of movements in exchange rates | — | — | 0.1 | 2.9 | 3.0 | 3.0 |
At 30 September 2024 | (100.7) | (16.5) | (1.1) | (87.3) | (104.9) | (205.6) |
| Net book value: | ||||||
At 31 May 2023 | 255.8 | 6.7 | 2.7 | 101.5 | 110.9 | 366.7 |
At 30 September 2024 | 156.5 | 5.3 | 1.2 | 82.7 | 89.2 | 245.7 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 139
11 Goodwill and intangible assets continued
| Goodwill | Goodwill | |
| 2024 | 2023 | |
| Cash generating units | £m | £m |
UK Escode | 22.8 | 22.9 |
North America Escode | 80.1 | 87.2 |
Europe Escode | 7.1 | 7.4 |
Total Escode | 110.0 | 117.5 |
UK and APAC Cyber Security | 44.3 | 44.3 |
North America Cyber Security | — | 31.6 |
Europe Cyber Security | 2.2 | 62.4 |
Total Cyber Security | 46.5 | 138.3 |
Total Group | 156.5 | 255.8 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024140
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
11 Goodwill and intangible assets continued
Fair value less costs to sell continued
| Decrease in gross margin | |
| of 0.5 percentage points | |
| CGU | £m |
North America Cyber Security | 2.9 |
| 5% increase | |
| in revenue | |
| CGU | £m |
Europe Cyber Security | 13.3 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 141
12 Property, plant and equipment
| Fixtures, | ||||
| Computer | fittings and | Motor | ||
| equipment | equipment | vehicles | Total | |
| £m | £m | £m | £m | |
| Cost | ||||
At 1 June 2022 | 24.6 | 19.1 | 0.1 | 43.8 |
Additions | 2.7 | 1.2 | — | 3.9 |
Disposals | — | — | (0.1) | (0.1) |
Movement in foreign exchange rates | 0.2 | 0.1 | — | 0.3 |
At 31 May 2023 | 27.5 | 20.4 | — | 47.9 |
Additions | 3.8 | 2.4 | — | 6.2 |
Disposals | (0.1) | (0.2) | — | (0.3) |
Assets classified as held for sale | (1.1) | (1.2) | — | (2.3) |
Movement in foreign exchange rates | (0.3) | (0.2) | — | (0.5) |
At 30 September 2024 | 29.8 | 21.2 | — | 51.0 |
| Accumulated depreciation | ||||
At 1 June 2022 | (20.2) | (10.6) | (0.1) | (30.9) |
Charge for year | (2.7) | (1.8) | — | (4.5) |
On disposals | — | — | 0.1 | 0.1 |
Movement in foreign exchange rates | (0.1) | — | — | (0.1) |
At 31 May 2023 | (23.0) | (12.4) | — | (35.4) |
Charge for year | (3.4) | (2.0) | — | (5.4) |
Impairment | — | (0.4) | — | (0.4) |
On disposals | 0.1 | 0.1 | — | 0.2 |
Assets classified as held for sale | 0.9 | 0.3 | — | 1.2 |
Movement in foreign exchange rates | 0.2 | 0.2 | — | 0.4 |
At 30 September 2024 | (25.2) | (14.2) | — | (39.4) |
| Net book value | ||||
At 31 May 2023 | 4.5 | 8.0 | — | 12.5 |
At 30 September 2024 | 4.6 | 7.0 | — | 11.6 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024142
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Land and | Motor | ||
| buildings | vehicles | Total | |
| £m | £m | £m | |
| Cost: | |||
At 1 June 2022 | 35.7 | 4.6 | 40.3 |
Additions | 2.9 | 1.4 | 4.3 |
Disposals | (1.8) | — | (1.8) |
Impairment | (0.5) | — | (0.5) |
At 31 May 2023 | 36.3 | 6.0 | 42.3 |
Additions | 5.2 | 4.2 | 9.4 |
Disposals | — | (1.7) | (1.7) |
Impairment | (3.2) | — | (3.2) |
Assets classified as held for sale | — | (0.4) | (0.4) |
At 30 September 2024 | 38.3 | 8.1 | 46.4 |
| Accumulated depreciation: | |||
At 1 June 2022 | (14.9) | (3.4) | (18.3) |
Charge for year | (4.4) | (1.3) | (5.7) |
Disposals | 0.3 | — | 0.3 |
At 31 May 2023 | (19.0) | (4.7) | (23.7) |
Charge for year | (5.6) | (2.5) | (8.1) |
Disposals | — | 1.1 | 1.1 |
At 30 September 2024 | (24.6) | (6.1) | (30.7) |
| Net book value: | |||
At 31 May 2023 | 17.3 | 1.3 | 18.6 |
At 30 September 2024 | 13.7 | 2.0 | 15.7 |
14 Investments
| Group | Group | |
| 2024 | 2023 | |
| £m | £m | |
Interest in unlisted shares | — | 0.3 |
During the year, the Group disposed of its 3.35% shareholding in an unlisted company. The shares were sold for a total consideration
of £0.4m. A gain of £0.1m has been recognised within the Income Statement in relation to this disposal.
A further potential contingent consideration may be received after three years, subject to specific performance conditions. As this
payment is not considered virtually certain at the reporting date, it has not been recognised in the current period’s Financial
Statements. If achieved, the maximum additional amount receivable would be £0.2m.
In the prior year, the Directors assessed the carrying value of the investment and did not identify any indicators of impairment. Prior to
disposal, the Group received annual dividends from the investment; the trading performance and the net assets reported were strong
and profitable.
15 Inventories
| Group | Group | |
| 2024 | 2023 | |
| £m | £m | |
Goods for resale | — | 0.8 |
There have been no write-downs of inventory in the period (2023: £nil). The Directors have considered the impact of climate change
on inventory, with no material impact identified.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 143
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
| Current | ||||
Trade receivables | 17.3 | 26.7 | — | — |
Prepayments | 12.6 | 10.5 | — | — |
Contract costs (see Note 23) | 1.2 | 1.7 | — | — |
Other receivables | 1.1 | 2.0 | — | — |
Amounts owed by Group undertakings | — | — | — | — |
| Non-current | ||||
Amounts owed by Group undertakings | — | — | 43.1 | 23.2 |
Total | 32.2 | 40.9 | 43.1 | 23.2 |
| Disclosed as follows: | ||||
Current assets | 32.2 | 40.9 | — | — |
Non-current assets | — | — | 43.1 | 23.2 |
32.2 | 40.9 | 43.1 | 23.2 |
| Expected | Expected | |||||
| Gross | credit losses | Net | Gross | credit losses | Net | |
| 2024 | 2024 | 2024 | 2023 | 2023 | 2023 | |
| Group | £m | £m | £m | £m | £m | £m |
| Trade receivables: | ||||||
Not past due | 7.5 | — | 7.5 | 15.6 | (0.1) | 15.5 |
Past due 0–30 days | 5.6 | — | 5.6 | 6.8 | — | 6.8 |
Past due 31–90 days | 2.6 | — | 2.6 | 4.1 | — | 4.1 |
Past due more than 90 days | 3.2 | (1.6) | 1.6 | 2.2 | (1.9) | 0.3 |
18.9 | (1.6) | 17.3 | 28.7 | (2.0) | 26.7 | |
| Other receivables: | ||||||
Not past due | 1.1 | — | 1.1 | 2.0 | — | 2.0 |
Total | 20.0 | (1.6) | 18.4 | 30.7 | (2.0) | 28.7 |
| Expected | |
| credit loss | |
| provision | |
| £m | |
Balance at 1 June 2022 | (3.5) |
Provision utilised during the year | 1.5 |
Balance at 31 May 2023 | (2.0) |
Provision utilised during the period | 0.4 |
Balance at 30 September 2024 | (1.6) |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024144
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| 2024 | |||||
| UK | US | Netherlands | Denmark | Total | |
| Asset/(liability) | £m | £m | £m | £m | £m |
Plant and equipment | — | — | 0.3 | — | 0.3 |
Short-term temporary differences | 0.5 | 3.1 | — | — | 3.6 |
Intangible assets | (0.8) | (3.1) | (0.8) | — | (4.7) |
Share-based payments | 0.9 | — | — | — | 0.9 |
Tax losses | — | — | — | — | — |
Deferred tax (liability)/asset | 0.6 | — | (0.5) | — | 0.1 |
| Analysed as follows: | |||||
Non-current assets | 0.6 | — | — | — | 0.6 |
Non-current liabilities | — | — | (0.5) | — | (0.5) |
| 2023 | |||||
| UK | US | Netherlands | Denmark | Total | |
| Asset/(liability) | £m | £m | £m | £m | £m |
Plant and equipment | 0.2 | (0.3) | 0.3 | — | 0.2 |
Short-term temporary differences | 0.2 | 8.9 | — | — | 9.1 |
IFRS 16 assets | 0.3 | 0.2 | — | — | 0.5 |
Intangible assets | (1.4) | (7.6) | (1.7) | — | (10.7) |
Share-based payments | 0.3 | 0.2 | — | — | 0.5 |
Tax losses | 1.7 | 0.2 | — | — | 1.9 |
Deferred tax asset/(liability) | 1.3 | 1.6 | (1.4) | — | 1.5 |
| Analysed as follows: | |||||
Non-current assets | 1.3 | 1.6 | — | — | 2.9 |
Non-current liabilities | — | — | (1.4) | — | (1.4) |
| Recognised | ||||||
| 1 June | in Income | Exchange | Recognised | 30 September | ||
| 2023 | Statement | differences | in equity | Acquisition | 2024 | |
| £m | £m | £m | £m | £m | £m | |
Plant and equipment | 0.2 | 0.1 | — | — | — | 0.3 |
Short-term temporary differences | 9.1 | (5.7) | 0.2 | — | — | 3.6 |
IFRS 16 assets/(liabilities) | 0.5 | (0.5) | — | — | — | — |
Intangible assets | (10.7) | 5.8 | 0.2 | — | — | (4.7) |
Share-based payments | 0.5 | 0.4 | — | — | — | 0.9 |
Tax losses | 1.9 | (1.9) | — | — | — | — |
Total | 1.5 | (1.8) | 0.4 | — | — | 0.1 |
| Recognised | ||||||
| 1 June | in Income | Exchange | Recognised | 31 May | ||
| 2022 | Statement | differences | in equity | Acquisition | 2023 | |
| £m | £m | £m | £m | £m | £m | |
Plant and equipment | 0.2 | — | — | — | — | 0.2 |
Short-term temporary differences | 6.4 | 2.7 | — | — | — | 9.1 |
IFRS 16 assets/(liabilities) | 0.5 | — | — | — | — | 0.5 |
Intangible assets | (8.8) | (1.8) | (0.1) | — | — | (10.7) |
Share-based payments | 1.5 | (0.9) | — | (0.1) | — | 0.5 |
Tax losses | — | 1.9 | — | — | — | 1.9 |
Total | (0.2) | 1.9 | (0.1) | (0.1) | — | 1.5 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 145
17 Deferred tax assets and liabilities (Group) continued
| 2024 | 2023 | |
| £m | £m | |
Plant and equipment | (0.2) | — |
Short-term temporary differences | (6.3) | — |
Share-based payments | (0.3) | — |
Tax losses | (4.1) | (3.5) |
Total | (10.9) | (3.5) |
| 30 September | |
| 2024 | |
| £m | |
| Assets classified as held for sale: | |
Goodwill | 51.9 |
Intangible fixed assets | 0.1 |
Right-of-use assets | 0.4 |
Property, plant and equipment | 1.1 |
Inventories | 0.6 |
Trade and other receivables | 4.3 |
Contract assets | 3.1 |
Total assets classified as held for sale | 61.5 |
| Liabilities associated with assets classified as held for sale: | |
Trade and other payables | (1.4) |
Deferred revenue | (3.1) |
Lease liabilities | (0.4) |
Provisions | (0.8) |
Total liabilities associated with assets classified as held for sale | (5.7) |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024146
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
Trade payables | 4.6 | 6.3 | — | — |
Non-trade payables | 17.5 | 8.6 | 9.8 | — |
Accruals | 24.7 | 29.8 | — | — |
Amounts owed to Group companies | — | — | 0.1 | 0.2 |
Total | 46.8 | 44.7 | 9.9 | 0.2 |
20 Lease liabilities
| Land and | Motor | ||
| buildings | vehicles | Total | |
| £m | £m | £m | |
At 1 June 2022 | 29.1 | 3.5 | 32.6 |
Additions | 2.2 | 1.4 | 3.6 |
Disposals | (0.2) | — | (0.2) |
Lease payments | (5.8) | (1.3) | (7.1) |
Interest expense | 1.0 | 0.1 | 1.1 |
At 31 May 2023 | 26.3 | 3.7 | 30.0 |
Additions | 4.7 | 4.2 | 8.9 |
Disposals | — | (0.7) | (0.7) |
Lease payments | (9.2) | (2.7) | (11.9) |
Interest expense | 1.3 | 0.4 | 1.7 |
Liabilities classified as held for sale | — | (0.4) | (0.4) |
At 30 September 2024 | 23.1 | 4.5 | 27.6 |
Analysed as follows:
| 2024 | 2023 | |
| £m | £m | |
Current | 5.7 | 6.0 |
Non-current | 21.9 | 24.0 |
The maturity of lease liabilities is as follows:
| 2024 | 2023 | |
| £m | £m | |
Less than one year | 5.7 | 6.0 |
Two to five years | 16.1 | 16.7 |
More than five years | 5.8 | 7.3 |
Total lease liabilities | 27.6 | 30.0 |
The total cash outflow for leases in the period was £11.9m (2023: £7.1m), which consists of £10.2m (2023: £6.1m) principal element of
lease payments disclosed above, £1.7m (2023: £1.1m) interest element of leases payments and £nil (2023: £nil) lease payments charged
to the Income Statement in respect of short-term leases. The Group has used its incremental borrowing rate of 6.35% (2023: 5.8%)
as the discount rate for the calculation of the lease liabilities. Some leases contain break clauses or extension options to provide
operational flexibility. Potential future undiscounted lease payments not included in the reasonably certain lease term, and hence
not included in lease liabilities, total £4.6m (2023: £4.9m).
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 147
21 Provisions
| Onerous | ||||
| Loss-making | property | Other | ||
| contracts | costs | provisions | Total | |
| £m | £m | £m | £m | |
Balance as at 31 May 2022 and 1 June 2022 | 1.8 | 1.0 | 0.7 | 3.5 |
Provisions created in the year | — | 0.7 | 0.3 | 1.0 |
Provisions utilised during the year | (0.8) | (0.3) | (0.7) | (1.8) |
Balance as at 31 May 2023 and 1 June 2023 | 1.0 | 1.4 | 0.3 | 2.7 |
Provisions created in the period | 0.3 | 3.0 | 0.1 | 3.4 |
Provisions released during the period | — | (0.2) | — | (0.2) |
Provisions utilised during the period | (0.5) | (1.0) | (0.3) | (1.8) |
Transferred to assets held for sale | (0.8) | — | — | (0.8) |
Balance as at 30 September 2024 | — | 3.2 | 0.1 | 3.3 |
| Analysed as follows (2024): | ||||
Current | — | 1.3 | 0.1 | 1.4 |
Non-current | — | 1.9 | — | 1.9 |
| Analysed as follows (2023): | ||||
Current | 0.6 | 0.3 | 0.3 | 1.2 |
Non-current | 0.4 | 1.1 | — | 1.5 |
The loss-making contracts provision represents the estimated remaining net lifetime loss on long-term development and supply
contracts. It was expected in the prior year that these contracts would have been completed in 2024. However, these contracts have
faced further delays during the 2024 calendar year (mainly due to ongoing supply chain sourcing) and are now expected to be fully
completed in the 2025 calendar year. During the period, revenue has been recognised in relation to these long-term contracts of
£0.2m (2023: £0.8m).
The onerous property costs provision relates to unused and closed office spaces within the Group’s property portfolio. The onerous
property provision of £3.2m (2023: £1.4m) at 30 September 2024 includes £2.0m (2023: £0.9m) of non-rental costs relating to the
onerous properties including service charges and insurance and also the estimated costs of disposing or terminating these leases,
which includes rent incentives and letting fees. The provision at 30 September 2024 also includes estimated dilapidations liabilities
of £1.2m (2023: £0.5m) relating to the Group’s leased premises. Both of these provisions are expected to unwind over the period
of the relevant leases (2025–2034).
Other provisions of £0.1m (2023: £0.3m) comprise accrued redundancy costs relating to the implementation of the reorganisation
detailed in Note 4, to which the Group was committed as of 30 September 2024. These costs are expected to be settled within the
year ending 30 September 2025.
22 Contract liabilities – deferred revenue
Deferred revenue represents advanced consideration received from customers, for which revenue is recognised over time. Deferred
revenue is analysed as follows and is considered a contract liability:
| Group | Group | |
| 2024 | 2023 | |
| £m | £m | |
| Analysed as follows: | ||
Current | 50.7 | 51.6 |
Non-current | 2.8 | 3.3 |
53.5 | 54.9 |
Revenue recognised in the period ended 30 September 2024 that was included in the contract liability at 1 June 2023 amounted to
£54.9m (2023: £62.4m). The non-current element is expected to unwind in the year ending 31 May 2025.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024148
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Group | Group | ||
| 2024 | 2023 | ||
| Notes | £m | £m | |
Receivables, which are included in trade and other receivables | 16 | 17.3 | 26.7 |
Contract assets – accrued income | 20.1 | 17.2 | |
Contract costs – costs to obtain | 16 | 1.2 | 1.7 |
Contract liabilities – deferred revenue | 22 | (53.5) | (54.9) |
| Expected | Expected | |||||
| Gross | credit losses | Net | Gross | credit losses | Net | |
| 2024 | 2024 | 2024 | 2023 | 2023 | 2023 | |
| Group | £m | £m | £m | £m | £m | £m |
| Contract assets: | ||||||
Not past due | 21.1 | (1.0) | 20.1 | 17.4 | (0.2) | 17.2 |
Total | 21.1 | (1.0) | 20.1 | 17.4 | (0.2) | 17.2 |
| Expected | |
| credit loss | |
| provision | |
| £m | |
Balance at 1 June 2022 | (0.2) |
Charged to the Income Statement | — |
Balance at 31 May 2023 | (0.2) |
Provision created during the period | (0.8) |
Balance at 30 September 2024 | (1.0) |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 149
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
Cash and cash equivalents | 29.8 | 34.1 | 9.8 | 15.0 |
Bank overdraft | (13.6) | (1.8) | — | — |
Total cash at bank and in hand | 16.2 | 32.3 | 9.8 | 15.0 |
| Group | Group | Company | Company | ||
| 2024 | 2023 | 2024 | 2023 | ||
| Maturity | £m | £m | £m | £m | |
| Non-current liabilities: | |||||
Revolving credit facility | 2026 | 61.5 | 81.9 | — | — |
Total borrowings | 61.5 | 81.9 | — | — |
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
Two to five years | 61.5 | 81.9 | — | — |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024150
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
25 Financial instruments
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
| Non-current | ||||
| Variable rate: | ||||
Revolving credit facility | (61.5) | (81.9) | — | — |
Total loans and borrowings (excluding lease liabilities) | (61.5) | (81.9) | — | — |
| Current | ||||
Cash | 29.8 | 34.1 | 9.8 | 15.0 |
Bank overdraft | (13.6) | (1.8) | — | — |
Net (debt)/cash (excluding lease liabilities) 1 | (45.3) | (49.6) | 9.8 | 15.0 |
| Non-current | ||||
Lease liabilities | (21.9) | (24.0) | — | — |
| Current | ||||
Lease liabilities | (5.7) | (6.0) | — | — |
Net (debt)/cash 1 | (72.9) | (79.6) | 9.8 | 15.0 |
| 2024 | 2023 | |
| Group | £m | £m |
| Revolving credit facility/bank term loan: | ||
Drawdown on facility | 57.8 | 70.8 |
Repayment of facility | (75.0) | (115.6) |
Transaction costs | — | (1.7) |
Release of deferred arrangement fees | 0.6 | 1.0 |
Foreign exchange movement | (3.8) | 1.8 |
Movement in borrowings | (20.4) | (43.7) |
| IFRS 16 lease liability: | ||
New leases entered into | 8.9 | 3.6 |
Disposals | (0.7) | (0.2) |
Principal element of lease payments | (10.2) | (6.0) |
Lease liabilities held for sale (see Note 18) | (0.4) | — |
Movement in lease liabilities | (2.4) | (2.6) |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 151
25 Financial instruments continued
2024 | 2023 | |||||
| Level 1 | Level 2 | Level 3 | Level 1 | Level 2 | Level 3 | |
| £m | £m | £m | £m | £m | £m | |
Financial liabilities at fair value through profit or loss | — | 0.8 | — | — | 0.6 | — |
Total financial instruments | — | 0.8 | — | — | 0.6 | — |
| Restated * | ||||
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
Trade receivables | 17.3 | 26.7 | — | — |
Other receivables | 1.1 | 2.0 | — | — |
Amounts owed by Group undertakings | — | — | 43.1 | 23.2 |
Contract assets | 20.1 | 17.2 | — | — |
Contingent consideration receivable | — | 3.8 | — | — |
Cash and cash equivalents | 29.8 | 34.1 | 9.8 | 15.0 |
Total | 68.3 | 83.8 | 52.9 | 38.2 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024152
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
25 Financial instruments continued
Exposure to credit risk continued
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| Trade and other receivables by geographical segment | £m | £m | £m | £m |
UK | 8.0 | 14.6 | — | — |
APAC | 1.1 | 1.2 | — | — |
North America | 4.9 | 6.3 | — | — |
Europe | 4.4 | 6.6 | — | — |
Total | 18.4 | 28.7 | — | — |
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| Trade and other receivables by business segment | £m | £m | £m | £m |
Cyber Security | 15.7 | 25.1 | — | — |
Escode | 2.5 | 1.8 | — | — |
Central and head office | 0.2 | 1.8 | — | — |
Total | 18.4 | 28.7 | — | — |
| Carrying | Contractual | 1–2 | 2-5 | 5+ | ||
| amount | cash flows | <1 year | years | years | years | |
| At 30 September 2024 | £m | £m | £m | £m | £m | £m |
Borrowings | (61.5) | (73.9) | (3.8) | (3.8) | (66.3) | — |
Bank overdraft | (13.6) | (13.6) | (13.6) | — | — | — |
Lease liabilities | (27.6) | (32.5) | (8.0) | (6.6) | (13.6) | (4.3) |
Trade and other payables | (46.8) | (46.8) | (46.8) | — | — | — |
| Carrying | Contractual | 1–2 | 2+ | 5+ | ||
| amount | cash flows | <1 year | years | years | years | |
| At 31 May 2023 | £m | £m | £m | £m | £m | £m |
Borrowings | (81.9) | (98.0) | (4.9) | (4.9) | (88.2) | — |
Bank overdraft | (1.8) | (1.8) | (1.8) | — | — | — |
Contingent consideration payable | (1.0) | (1.0) | (1.0) | — | — | — |
Lease liabilities | (30.0) | (33.6) | (6.9) | (6.1) | (12.6) | (8.0) |
Trade and other payables | (44.7) | (44.7) | (44.7) | — | — | — |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 153
25 Financial instruments continued
2024 | 2023 | |||||||||
| Sterling | EUR | USD | Other | Total | Sterling | EUR | USD | Other | Total | |
| £m | £m | £m | £m | £m | £m | £m | £m | £m | £m | |
Trade receivables | 7.6 | 2.0 | 7.4 | 0.3 | 17.3 | 11.0 | 7.0 | 7.1 | 1.6 | 26.7 |
Other receivables | 1.1 | — | — | — | 1.1 | 2.0 | — | — | — | 2.0 |
Contract assets | 7.9 | 3.4 | 6.5 | 2.3 | 20.1 | 5.5 | 3.9 | 6.7 | 1.1 | 17.2 |
| Cash and cash | ||||||||||
equivalents | 18.0 | 4.1 | 4.5 | 3.2 | 29.8 | 17.0 | 5.0 | 9.4 | 2.7 | 34.1 |
Bank overdraft | (11.9) | — | (1.7) | — | (13.6) | (1.8) | — | — | — | (1.8) |
Borrowings | (19.0) | — | (42.5) | — | (61.5) | (18.6) | — | (63.3) | — | (81.9) |
Lease liabilities | (16.0) | (3.2) | (4.9) | (3.5) | (27.6) | (19.6) | (2.0) | (6.7) | (1.7) | (30.0) |
Trade and other payables | (32.7) | (3.9) | (7.6) | (2.6) | (46.8) | (31.8) | (9.2) | (1.6) | (2.1) | (44.7) |
Total | (45.0) | 2.4 | (38.3) | (0.3) | (81.2) | (36.3) | 4.7 | (48.4) | 1.6 | (78.4) |
| 2024 | 2023 | |
| Group | £m | £m |
Sterling denominated financial assets | 18.0 | 17.0 |
Euro denominated financial assets | 4.1 | 5.0 |
US Dollar denominated financial assets | 4.5 | 9.4 |
Other denominated financial assets | 3.2 | 2.7 |
Total | 29.8 | 34.1 |
| 2024 | 2023 | |
| Company | £m | £m |
| Financial assets | ||
Sterling denominated financial assets | 9.8 | 15.0 |
Amounts owed by Group undertakings | 43.1 | 23.2 |
Total | 52.9 | 38.2 |
| Financial liabilities | ||
Sterling denominated financial liabilities | 9.8 | — |
Amounts owed to Group undertakings | 0.1 | 0.2 |
Total | 9.9 | 0.2 |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024154
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
25 Financial instruments continued
Interest rate risk continued
2024 | 2023 | |||||||||
| Sterling | EUR | USD | Other | Total | Sterling | EUR | USD | Other | Total | |
| £m | £m | £m | £m | £m | £m | £m | £m | £m | £m | |
Less than one year | (34.9) | (5.0) | (9.1) | (3.4) | (52.4) | (36.6) | (10.3) | (3.0) | (2.6) | (52.5) |
Two to five years | (28.6) | (2.1) | (46.0) | (2.8) | (79.5) | (28.1) | (0.9) | (68.4) | (1.2) | (98.6) |
More than five years | (4.0) | — | — | — | (4.0) | (7.2) | — | (0.1) | — | (7.3) |
Total | (67.5) | (7.1) | (55.1) | (6.2) | (135.9) | (71.9) | (11.2) | (71.5) | (3.8) | (158.4) |
26 Share-based payments
The Company has a number of share option schemes under which options to subscribe for the Company’s shares have been granted
to Directors and colleagues, details of which are illustrated in the tables below. Expected term of options represents the period over
which the fair value calculations are based. The share-based payment charge for the period was £2.3m (2023: £2.2m) of which £2.3m
(2023: £2.2m) related to equity settled payments and £nil (2023: £nil) to cash settled payments.
Company Share Option (CSOP) scheme – equity settled
Under the CSOP scheme, options will vest if the average EPS growth for the three years following their grant is greater than 10% per
annum. Options granted in September 2019 do not have any performance criteria.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
August 2018 | 7 years | August 2021–August 2028 | £2.20 | — |
September 2019 | 7 years | September 2022–September 2029 | £1.79 | 161,998 |
Sharesave schemes – equity settled
The Company operates Sharesave schemes, which are available to all colleagues based in the UK, the Netherlands, Denmark, Spain
and Australia, and full-time Executive Directors of the Group and its subsidiaries who have worked for a qualifying period.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
March 2020 | 3 years | May 2023–October 2023 | £1.84 | — |
March 2020 | 3 years | May 2023–October 2023 | £1.84 | — |
May 2021 | 3 years | May 2024–October 2024 | £2.15 | 78,406 |
May 2021 | 3 years | May 2024–October 2024 | £2.15 | 137,171 |
May 2022 | 3 years | May 2025–October 2025 | £1.52 | 219,962 |
May 2022 | 3 years | May 2025–October 2025 | £1.52 | 273,634 |
May 2023 | 3 years | June 2026–November 2026 | £1.26 | 165,320 |
May 2023 | 3 years | June 2026–November 2026 | £1.26 | 388,754 |
May 2024 | 3 years | June 2027–November 2027 | £0.99 | 348,786 |
May 2024 | 3 years | June 2027–November 2027 | £0.99 | 1,529,982 |
Colleague stock (ESPP) purchase plan – equity settled
The Company operates a stock purchase plan, which is available to all US-based colleagues who have worked for a qualifying period.
All options are to be settled by equity. Under the scheme the following options have been granted and are outstanding at period end.
| 2024 | ||||
| Expected term | Exercise | Number | ||
| Date of grant | of options | Exercisable in | price | outstanding |
May 2023 | 1 year | May 2024 | £1.26 | — |
May 2024 | 1 year | May 2025 | £1.09 | 360,960 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 155
26 Share-based payments continued
Incentive Stock Option (ISO) scheme – equity settled
Under the ISO scheme, options granted will be subject to performance criteria. Options will vest if the average EPS growth for the
three years following their grant is greater than 10% per annum.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
September 2019 | 7 years | September 2022–September 2029 | £1.82 | 21,976 |
Long Term Incentive Plan (LTIP) schemes – equity settled
Options granted between November 2017 to May 2021 have three separate vesting conditions as set out below:
•
60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
•
30% will vest based on achieving a cash conversion ratio
1
expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion
1
is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Options granted in November 2021 have three separate vesting conditions as set out below:
•
60% will vest based on achieving an average increase in Group EPS of 22.5% or more over a three year period. If growth is equal to
an average of 9% (threshold), then 15% of the award will vest. If, however, growth is less than 9% per annum, none of the award
element will vest. Between these two points, vesting is determined on a straight-line basis.
•
30% will vest based on achieving a cash conversion ratio
1
expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion
1
is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Options granted between October 2022 and November 2022 have three separate vesting conditions as set out below:
•
60% will vest based on achieving an average increase in Group EPS of 18% or more over a three year period. If growth is equal to
an average of 6% (threshold), then 15% of the award will vest. If, however, growth is less than 6% per annum, none of the award
element will vest. Between these two points, vesting is determined on a straight-line basis.
•
20% will vest based on achieving a cash conversion ratio
1
expressed as a percentage over the measurement period of greater than
80% per annum on average. If cash conversion
1
is greater than or equal to 90% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 80% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
20% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 15% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
Options granted between October 2023 and February 2024 have three separate vesting conditions as set out below:
•
40% will vest based on achieving an average increase in Group EPS of 18% or more over a three year period. If growth is equal to
an average of 6% (threshold), then 15% of the award will vest. If, however, growth is less than 6% per annum, none of the award
element will vest. Between these two points, vesting is determined on a straight-line basis.
•
20% will vest based on achieving a cash conversion ratio
1
expressed as a percentage over the measurement period of greater than
80% per annum on average. If cash conversion
1
is greater than or equal to 90% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 80% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
40% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 15% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024156
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
26 Share-based payments continued
Long Term Investment Plan (LTIP) schemes – equity settled continued
Options granted during or after June 2024 have three separate vesting conditions as set out below:
•
30% will vest based on achieving an average increase in Group EPS of 18% or more over a three year period. If growth is equal to an
average of 6% (threshold), then 15% of the award will vest. If, however, growth is less than 6% per annum, none of the award element
will vest. Between these two points, vesting is determined on a straight-line basis.
•
20% will vest based on achieving a cash conversion ratio
1
expressed as a percentage over the measurement period of greater than
80% per annum on average. If cash conversion
1
is greater than or equal to 90% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 80% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
50% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 15% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
September 2019 | 3 years | June 2022–August 2023 | £nil | — |
March 2020 | 3 years | June 2022–August 2024 | £nil | — |
May 2021 | 3 years | June 2023–August 2025 | £nil | — |
November 2021 | 3 years | June 2024–November 2031 | £nil | 529,259 |
October 2022 | 3 years | October 2025–October 2032 | £nil | 683,559 |
November 2022 | 3 years | November 2025–November 2032 | £nil | 113,521 |
October 2023 | 3 years | October 2026–October 2033 | £nil | 1,926,725 |
February 2024 | 3 years | February 2027–February 2034 | £nil | 98,988 |
June 2024 | 3 years | October 2027–June 2034 | £nil | 3,659,199 |
Restricted State Unit (RSU) schemes – equity settled
Options granted related to the RSU schemes on or after August 2018 have three separate vesting conditions as set out below:
•
60% will vest based on achieving an average increase in Group EPS of 20% or more over a three year period. If growth is equal to an
average of 9% (threshold), then 12% of the award will vest. If, however, growth is less than 9%, none of the award element will vest.
Between these two points, vesting is determined on a straight-line basis.
•
30% will vest based on achieving a cash conversion ratio
¹
expressed as a percentage over the measurement period of greater than
70% per annum on average. If cash conversion ¹ is greater than or equal to 80% per annum, then 100% of the award element will
vest. If, however, cash conversion is less than 70% per annum, none of the award element will vest. Between these two points,
vesting is determined on a straight-line basis.
•
10% will vest based on the Group’s total shareholder return (TSR) ranking when measured against the FTSE 250 (excluding
investment trusts). If the Group’s TSR is consistent with the median group, 20% of the award will vest; below this level, none of the
award element will vest. If the TSR is within the upper quartile or above, 100% of the award element will vest; between the median
and upper quartile, vesting is determined on a straight-line basis.
The options are to be settled in equity.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
May 2021 | 3 years | June 2023–August 2023 | £0.01 | — |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 157
26 Share-based payments continued
Restricted Share Plan (RSP) – equity settled
The vesting condition for the award of RSPs relates to colleagues remaining with the Group for a certain period of time, namely two
years to receive 50% of the award, and a further year to receive the remaining 50%. There are no other performance conditions.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
May 2021 | 2/3 years | 50% exercisable August 2022 to August 2031, | £nil (£0.01 in the | 36,500 |
| 50% exercisable August 2023 to August 2031 | US and Canada) | |||
November 2021 | 2/3 years | 50% exercisable October 2023 to August 2032, | £nil (£0.01 in the | 434,381 |
| 50% exercisable October 2024 to August 2032 | US and Canada) | |||
October 2022 | 2/3 years | 50% exercisable October 2024 to October 2032, | £nil (£0.01 in the | 546,672 |
| 50% exercisable October 2025 to October 2032 | US and Canada) | |||
November 2022 | 2/3 years | 50% exercisable November 2024 to November 2032, | £nil (£0.01 in the | 30,272 |
| 50% exercisable November 2025 to November 2032 | US and Canada) | |||
October 2023 | 2/3 years | 50% exercisable September 2025 to September 2033, | £nil (£0.01 in the | 1,571,352 |
| 50% exercisable September 2026 to September 2033 | US and Canada) | |||
February 2024 | 2/3 years | 50% exercisable February 2026 to February 2034, | £nil (£0.01 in the | 56,619 |
| 50% exercisable February 2027 to February 2034 | US and Canada) |
Deferred share scheme – equity settled
At least 35% of any cash bonus payment is normally deferred into shares or nominal cost share options which vest after a two year
period. Dividend equivalents are paid on vesting share options.
| 2024 | ||||
| Expected term | Exercise | Number | ||
| Date of grant | of options | Exercisable in | price | outstanding |
October 2021 | 2 years | October 2023 | £nil | — |
October 2022 | 2 years | October 2024 | £nil | — |
October 2023 | 2 years | October 2025 | £nil | 12,207 |
August 2024 | 2 years | August 2026 | £nil | 174,434 |
Phantom schemes – cash settled
Phantom schemes are used to allow the grant of LTIPs or RSPs to members of the Executive Committee or other senior colleagues
based in certain overseas locations at a time when the Group’s option scheme rules were not structured to allow overseas grants.
Options granted on or after September 2019 do not have any performance criteria.
| 2024 | ||||
| Expected term | Exercisable | Exercise | Number | |
| Date of grant | of options | between | price | outstanding |
September 2019 | 3 years | September 2022–September 2023 | £nil | — |
July 2021 | 3 years | August 2022–July 2031 | £nil | 1,500 |
November 2021 | 3 years | October 2023–November 2031 | £nil | — |
Measurement of fair values
The fair value of services received in return for share options is calculated with reference to the fair value of the award on the date of
grant. The fair value is spread over the period during which the colleague becomes unconditionally entitled to the award, adjusted to
reflect actual and expected levels of vesting.
The assumptions used in the models are illustrated in the tables below:
| Expected | Option | Risk free | ||
Scheme | Grant date | volatility | expected term | interest rate |
CSOP scheme | August 2018–September 2019 | 48.0%–52.8% | 7 years | 0.35%–2.00% |
Sharesave scheme | March 2020–May 2024 | 37.6%–55.7% | 3 years | 0.13%–4.63% |
ESPP scheme | May 2023–May 2024 | 53.9%–55.7% | 1 year | 1.15%–4.63% |
Special Award (CEO) | September 2022 | n/a | 2 years | n/a |
ISO scheme | September 2019 | 77.0% | 7 years | 0.38% |
LTIP scheme | September 2019–June 2024 | 37.4% | 3 years | 0.21% |
RSU scheme | May 2021 | 42.3% | 3 years | 0.32% |
RSP scheme | May 2021–February 2024 | n/a | 10 years | n/a |
Deferred shares | October 2023–August 2024 | n/a | 2 years | n/a |
Phantom schemes | September 2019–November 2021 | 53.8% | 3 years | 2.2% |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024158
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
26 Share-based payments continued
Measurement of fair values continued
| Weighted average | Weighted average | ||||
| Fair value at | fair value at | Exercise | exercise value at | ||
Scheme | Grant date | measurement date | measurement date | price | measurement date |
CSOP scheme | August 2018–September 2019 | £0.55–£0.63 | £0.55 | £1.79–£2.09 | £1.80 |
Sharesave scheme | March 2019–May 2024 | £0.39–£0.86 | £0.54 | £0.99–£2.15 | £1.20 |
ESPP scheme | May 2023–May 2024 | £0.30–£0.37 | £0.37 | £1.09–£1.26 | £1.09 |
Special Award (CEO) | September 2022 | £2.30 | £nil | £nil | £nil |
ISO scheme | September 2019 | £0.54 | £0.54 | £1.82 | £1.82 |
LTIP scheme | September 2019–June 2024 | £0.90–£2.31 | £1.38 | £nil | £nil |
RSU scheme | May 2021 | £2.87 | £2.87 | £0.01 | £0.01 |
RSP scheme | May 2021–February 2024 | £0.90–£2.85 | £1.40 | £nil | £nil |
Deferred shares | October 2021–August 2024 | £1.11–£1.55 | £1.52 | £nil | £nil |
Phantom schemes | July 2021 | £2.87 | £2.87 | £nil | £nil |
The expected volatility has been based on an evaluation of the historical volatility of the Company’s share price, particularly over
the historical period commensurate with the expected term. The expected term of the instruments has been based on historical
experience and general option holder behaviour. For the options granted in the period ended 30 September 2024, dividend yield
assumed at the time of option grant is 4.52% (2023: 1.75%).
Reconciliation of outstanding share options
The options outstanding at 30 September 2024 have an exercise price in the range of £nil to £2.15 (2023: £nil to £2.15) and a
weighted average contractual life of seven years (2023
*
: six years).
* Restated based on expiry date, previously three years.
The following table illustrates the number and weighted average exercise prices (WAEP) of, and movements in, outstanding share
awards during the period:
| 2024 | 2023 | |||
| Number | 2024 | Number | 2023 | |
| ’000 | WAEP | ’000 | WAEP | |
Outstanding at beginning of period/year | 11,220 | £0.61 | 11,431 | £0.68 |
Granted during the period/year | 10,474 | £0.23 | 5,114 | £0.55 |
Exercised during the period/year | (2,049) | £0.23 | (1,488) | £0.10 |
Forfeited in the period/year | (6,083) | £0.70 | (3,837) | £0.96 |
Outstanding at end of period/year | 13,562 | £0.33 | 11,220 | £0.61 |
Exercisable at end of period/year | 1,690 | £0.48 | 1,598 | £1.00 |
| Number of | |||||
| Number of | Instruments | instruments | |||
| instruments | granted | Options | as at | ||
| as at | during | exercised in | Forfeitures | 30 September | |
| Scheme | 1 June 2023 | the period | the period | in the period | 2024 |
CSOP schemes | 284,898 | — | — | (122,900) | 161,998 |
Sharesave/SAYE schemes | 3,512,804 | 2,058,142 | — | (2,428,931) | 3,142,015 |
ESPP schemes | 604,321 | 360,960 | (363,014) | (241,307) | 360,960 |
Special Award | 222,222 | — | (222,222) | — | — |
ISO schemes | 49,446 | — | — | (27,470) | 21,976 |
LTIP schemes | 3,239,193 | 5,867,593 | (357,806) | (1,737,729) | 7,011,251 |
RSU schemes | 138,554 | — | (41,565) | (96,989) | — |
RSP scheme | 3,023,704 | 1,993,719 | (942,805) | (1,398,822) | 2,675,796 |
Deferred shares | 91,616 | 193,137 | (98,112) | — | 186,641 |
Phantom schemes | 53,345 | — | (23,250) | (28,595) | 1,500 |
11,220,103 | 10,473,551 | (2,048,774) | (6,082,743) | 13,562,137 |
The liability for cash settled share-based payments at 30 September 2024 was £nil (2023: £nil).
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 159
| 2024 | 2023 | |||
| Number | Number | 2024 | 2023 | |
| Allotted, called up and fully paid | of shares | of shares | £m | £m |
Ordinary shares of 1p each at the beginning of the period/year | 312,128,892 | 309,967,243 | 3.1 | 3.1 |
Ordinary shares of 1p each issued in the period/year | 2,395,738 | 2,161,649 | — | — |
Ordinary shares of 1p each at the end of the period/year | 314,524,630 | 312,128,892 | 3.1 | 3.1 |
30 Pension scheme
The Group operates a defined contribution pension scheme that is open to all eligible colleagues. The pension cost charge for the
period represents contributions payable by the Group to the fund and amounted to £8.0m (2023: £6.3m).
For the Company, the pension cost charge for the period represents contributions payable by the Company to the fund and amounted
to £nil (2023: £nil).
| Group | Group | Company | Company | |
| 2024 | 2023 | 2024 | 2023 | |
| £m | £m | £m | £m | |
Salary costs (including bonus) | 2.7 | 1.8 | — | — |
Social security costs | 0.4 | 0.3 | — | — |
Post-employment benefits | — | — | — | — |
Share-based payments | 0.3 | 0.2 | — | — |
Total | 3.4 | 2.3 | — | — |
NCC Group plc — Annual report and accounts for the period ended 30 September 2024160
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
| Shares in Group | |
| undertakings | |
| Company | £m |
At 1 June 2022 | 276.9 |
Increase in subsidiary investment for share-based charges | 2.2 |
At 31 May 2023 | 279.1 |
Increase in subsidiary investment for share-based charges | 2.3 |
Increase in subsidiary investment for below market value loan arrangement | 9.7 |
At 30 September 2024 | 291.1 |
Subsidiary undertakings | Country of incorporation | Principal activity | Registered office |
NCC Group Holdings Limited | England and Wales | Holding company | XYZ Building, 2 Hardman Boulevard, |
| Spinningfields, Manchester M3 3AQ | |||
(XYZ 1 ) | |||
NCC Group (Solutions) Limited | England and Wales | Holding company | XYZ 1 |
NCC Group Corporate Limited | England and Wales | Corporate cost centre | XYZ 1 |
NCC Group Finance Limited | England and Wales | Financing company | XYZ 1 |
The National Computing Centre Limited | England and Wales | Dormant | XYZ 1 |
NCC Group Software Resilience Limited | England and Wales | Holding company | XYZ 1 |
NCC Group Software Resilience (UK) Limited | England and Wales | Holding company | XYZ 1 |
NCC Services Limited | England and Wales | Escode | XYZ 1 |
NCC Group Escrow Limited | England and Wales | Dormant | XYZ 1 |
NCC Group Software Resilience (Europe) B.V. | Netherlands | Holding company | Barbara Strozzilaan 201, 1083HN |
| Amsterdam, Netherlands | |||
NCC Group GmbH | Germany | Escode | c/o Deloitte Legal |
| Rechtsanwaltsgesellschaft mbH, | |||
| Rosenheimer Platz 6, 81669, Munich, | |||
| Bavaria, Germany | |||
NCC Group Deutschland GmbH | Germany | Cyber Security | Leopoldstrasse Business Centre |
| GmbH, Konrad-Zuse-Platz 8, 81829, | |||
| Munich, Germany | |||
NCC Group Escrow Europe B.V. | Netherlands | Escode | Barbara Strozzilaan 201, 1083HN |
| Amsterdam, Netherlands | |||
NCC Group Escrow Europe (Switzerland) AG | Switzerland | Escode | Ibelweg 18A, 6300 Zug, Switzerland |
| NCC Group Software Resilience | England and Wales | Holding company | XYZ 1 |
| (MEA-APAC) Limited | |||
NCC Group FZ-LLC | United Arab Emirates Escode | F01-004, Building 5, Dubai, Media | |
| City, Dubai, United Arab Emirates | |||
NCC Group Cyber Security Limited | England and Wales | Holding company | XYZ 1 |
NCC Group Cyber Security (UK) Limited | England and Wales | Holding company | XYZ 1 |
NCC Group Security Services Limited | England and Wales | Cyber Security | XYZ 1 |
NCC Group Audit Limited | England and Wales | Cyber Security | XYZ 1 |
ArmstrongAdams Limited | England and Wales | Cyber Security | XYZ 1 |
NCC Group Signify Solutions Limited | England and Wales | Cyber Security | XYZ 1 |
NCC Group Accumuli Security Limited | England and Wales | Cyber Security | XYZ 1 |
NCC Group Cyber Security (Europe) B.V. | Netherlands | Holding company | Fox-IT 3 |
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 161
Subsidiary undertakings | Country of incorporation | Principal activity | Registered office | ||
NCC Group A/S | Denmark | Cyber Security | Lautruphøj 1, 2750 Ballerup, Denmark | ||
NCC Group Cyber Portuguesa, Unipessoal, LDA | Portugal | Cyber Security | Av. António Augusto de Aguiar nº 19 | ||
| – 4º, 1050-012 Lisboa, Portugal | |||||
NCC Group Security Services Espana SLU | Spain | Cyber Security | Plaza Manuel Gómez Moreno, | ||
| número 2, Edificio Alfredo Mahou, | |||||
| planta 19ª, letra B, 28020, Madrid, | |||||
| Spain | |||||
Cyber Assurance Sweden AB | Sweden | Cyber Security | c/o Advokatfirman Delphi, P.O. Box | ||
1432, | 111 84 Stockholm | ||||
Fox-IT Holding B.V. | Netherlands | Holding company | Olof Palmestraat 6, 2616 LM Delft, | ||
Netherlands (Fox-IT 3 ) | |||||
Fox-IT Group B.V. | Netherlands | Holding company | Fox-IT 3 | ||
Fox-IT B.V. | Netherlands | Cyber Security | Fox-IT 3 | ||
Fox-IT Operations B.V. | Netherlands | Dormant | Fox-IT 3 | ||
Fox Crypto B.V. | Netherlands | Cyber Security | Fox-IT 3 | ||
NCC Group Cyber Security (APAC) Limited | England and Wales | Holding company | XYZ 1 | ||
NCC Group Pte Limited | Singapore | Cyber Security | Unit #10-09 PLUS Building, 20 Cecil | ||
| Street, Singapore (049705) | |||||
NCC Group Pty Limited | Australia | Cyber Security | Suite 23.01, Level 23, 45 Clarence | ||
| Street, Sydney, NSW 2000 | |||||
Escode Australia Pty Limited | Australia | Software Resilience | Suite 23.01, Level 23, 45 Clarence | ||
| Street, Sydney, NSW 2000 | |||||
NCC Group Japan KK | Japan | Cyber Security | Level 18, Yesibu Garden Place Tower, | ||
| 4-20-3 Ebisu Shibuya-Ku, Tokyo | |||||
NCC Group (Americas) Inc. | USA | Holding company | 650 | California Street, Suite 2950, | |
| San Francisco, CA 94108, USA (North | |||||
America HQ 2 ) | |||||
NCC Group, LLC | USA | Escode and central/ | North America HQ 2 | ||
| head office costs | |||||
NCC Group Cyber Security (Americas), LLC | USA | Holding company | North America HQ 2 | ||
NCC Group Security Services, Inc. | USA | Cyber Security | North America HQ 2 | ||
NCC Group Secure Registrar, Inc. | USA | Domain services | North America HQ 2 | ||
NCC Group Domain Services, Inc. | USA | Domain services | North America HQ 2 | ||
NCC Group Security Services Corporation | Canada | Cyber Security | Suite | 270 | 0, The Stack, 1133 Melville |
| St, Vancouver, BC V6E 4E5 | |||||
Payment Software Company, Inc. | USA | Cyber Security | North America HQ 2 | ||
Payment Software Company Limited | England and Wales | Cyber Security | XYZ 1 | ||
NCC Group Software Resilience (Americas) LLC | USA | Holding company | North America HQ 2 | ||
NCC Group Escrow Associates, LLC | USA | Escode | North America HQ 2 | ||
NCC Group Software Resilience (NA), LLC | USA | Escode | North America HQ 2 | ||
NCC Group Asia, Inc | Philippines | Cyber Security | 37F Seven/NEO, 4th Avenue | Bonifacio Global City, Taguig City, | |
| Metro Manila, 1634 | |||||
Undertaking | % interest | Country of incorporation | Principal activity |
Deposit AB | 24% | Sweden | Escode |
32 Investments in subsidiary undertakings continued
NCC Group plc — Annual report and accounts for the period ended 30 September 2024162
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
33 Disposals
Current period disposal of DetACT business
On 30 April 2024, the Group completed the planned disposal of its DetACT business for a total cash consideration of £8.2m.
The assets and liabilities included as part of the disposal were as follows:
| 2024 | |
| £m | |
Attributable goodwill | (5.9) |
Intangible fixed assets | (1.4) |
Trade and other receivables | (1.5) |
Trade and other payables | 0.1 |
Deferred revenue | 2.8 |
Deferred tax liability | 0.3 |
Net assets disposed of | (5.6) |
Consideration | 8.2 |
Transaction costs | (1.0) |
Gain on disposal – recognised as an individual significant item (Note 4) | 1.6 |
| Satisfied by: | |
Cash and cash equivalents | 8.2 |
Total consideration | 8.2 |
Prior period disposal of DDI business
On 31 December 2022, the Group completed the planned disposal of its DDI business for consideration of £5.8m. Of this amount,
£3.8m, is contingent on the novation of certain customer contracts, which has now been settled in full. The assets and liabilities
included as part of the disposal were as follows:
| 2023 | |
| £m | |
Attributable goodwill | (1.0) |
Trade and other receivables | (1.2) |
Trade and other payables | 1.2 |
Net assets disposed of | (1.0) |
Consideration | 5.8 |
Transaction costs | (0.1) |
Gain on disposal | 4.7 |
| Satisfied by: | |
Cash and cash equivalents | 2.0 |
Contingent consideration | 3.8 |
Consideration | 5.8 |
34 Audit exemption
The subsidiary undertakings listed below are exempt from the Companies Act 2006 requirements relating to the audit of their individual
accounts by virtue of section 479A of the Act as this Company has guaranteed the subsidiary company under section 479C of the Act.
Company name | Company registration no. |
Payment Software Company Limited | 10059024 |
NCC Group Holdings Limited | 13325653 |
NCC Group (Solutions) Limited | 03742757 |
NCC Group Corporate Limited | 13247138 |
NCC Group Cyber Security (APAC) Limited | 13294684 |
NCC Group Audit Limited | 04323323 |
NCC Group Signify Solutions Limited | 03915262 |
NCC Group Finance Limited | 13350193 |
The Directors acknowledge their responsibility for complying with the requirements of the Companies Act 2006 with respect to
accounting records and preparation of accounts.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 163
Appendix 1 – Unaudited 12-months pro forma results
The following sections (pages 164 to 171) highlight the Group’s overall performance for the unaudited 12 month period ending
30 September 2024 (“2024”), compared to the previous unaudited 12 month period ending 30 September 2023 (“2023”).
The following table summarises the Group’s unaudited overall performance by division:
2024 2023
Cyber
Security
£m
Escode
£m
Central
and head
office
£m
Group –
continuing
£m
Crypto
and
DetACT
£m
Total
Group
£m
Cyber
Security
£m
Escode
£m
Central
and head
office
£m
Group –
continuing
£m
Crypto
and
DetACT
£m
Total
Group
£m
Revenue 239.2 66.0 — 305.2 24.0 329.2 238.9 65.4 — 304.3 19.5 323.8
Cost of sales (150.7) (20.6) — (171.3) (15.0) (186.3) (167.1) (18.4) — (185.5) (12.5) (198.0)
Gross profit 88.5 45.4 — 133.9 9.0 142.9 71.8 47.0 — 118.8 7.0 125.8
Gross margin % 37.0% 68.8% — 43.9% 37.5% 43.4% 30.1% 71.9% — 39.0% 35.9% 38.9%
Administrative
expenses (69.9) (16.9) (3.2) (90.0) (1.4) (91.4) (68.8) (16.6) (6.4) (91.8) (0.8) (92.6)
Share-based
payments (0.1) (0.1) (1.6) (1.8) — (1.8) (1.1) (0.1) (0.7) (1.9) (0.1) (2.0)
Adjusted EBITDA
1,2
18.5 28.4 (4.8) 42.1 7.6 49.7 1.9 30.3 (7.1) 25.1 6.1 31.2
Depreciation and
amortisation (8.5) (0.5) (3.7) (12.7) (0.1) (12.8) (8.2) (0.5) (3.6) (12.3) (0.2) (12.5)
Amortisation of
acquired intangibles (1.1) (5.3) (3.0) (9.4) — (9.4) (1.1) (5.6) (2.9) (9.6) — (9.6)
Adjusted operating
profit
1,2
8.9 22.6 (11.5) 20.0 7.5 27.5 (7.4) 24.2 (13.6) 3.2 5.9 9.1
Individually
Significant Items (38.9) (0.1) — (39.0) — (39.0) (15.6) (2.4) — (18.0) — (18.0)
Operating
(loss)/profit (30.0) 22.5 (11.5) (19.0) 7.5 (11.5) (23.0) 21.8 (13.6) (14.8) 5.9 (8.9)
Finance costs (6.1) (0.2) (6.3) (6.9) — (6.9)
Loss before taxation (25.1) 7.3 (17.8) (21.7) 5.9 (15.8)
Taxation (5.4) (1.9) (7.3) 1.9 (1.5) 0.4
Loss after taxation (30.5) 5.4 (25.1) (19.8) 4.4 (15.4)
Earnings per share
– Basic (9.8p) 1.7p (8.1p) (6.4p) 1.4p (5.0p)
– Adjusted basic 3.5p 1.7p 5.2p (0.8p) 1.4p 0.6p
1 Adjusted EBITDA and Adjusted operating profit are Alternative Performance Measures (APMs) and not IFRS measures. See unaudited appendix 2 for an
explanation of APMs and adjusting items, including a reconciliation to statutory information.
2 After reconsidering FRC best practice guidance around the disclosure of adjusting items and APMs, the Group has reduced the number of adjusted
measures and items. The Group now only has one adjusted item, “Individual Significant Items”. Previous adjusted items of amortisation of acquisition
intangibles and share-based payments are no longer disclosed as an adjusted item. Accordingly, comparative numbers have been restated. See unaudited
appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024164
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
Appendix 1 – Unaudited 12-months pro forma results continued
The following tables reconciles how these changes have affected the historic measures of Adjusted EBITDA and Adjusted operating profit:
2024 2023
Cyber
Security
£m
Escode
£m
Central
and head
office
£m
Group –
continuing
£m
Crypto
and
DetACT
£m
Total
Group
£m
Cyber
Security
£m
Escode
£m
Central and
head office
£m
Group –
continuing
£m
Crypto
and
DetACT
£m
Total
Group
£m
Adjusted EBITDA –
previously 18.6 28.5 (3.2) 43.9 7.6 51.5 3.0 30.4 (6.4) 27.0 6.2 33.2
Share-based
payments (0.1) (0.1) (1.6) (1.8) — (1.8) (1.1) (0.1) (0.7) (1.9) (0.1) (2.0)
Adjusted EBITDA –
revised 18.5 28.4 (4.8) 42.1 7.6 49.7 1.9 30.3 (7.1) 25.1 6.1 31.2
Adjusted operating
profit – previously 10.1 28.0 (6.9) 31.2 7.5 38.7 (5.2) 29.9 (10.0) 14.7 6.0 20.7
Share-based
payments (0.1) (0.1) (1.6) (1.8) — (1.8) (1.1) (0.1) (0.7) (1.9) (0.1) (2.0)
Amortisation of
acquired intangibles (1.1) (5.3) (3.0) (9.4) — (9.4) (1.1) (5.6) (2.9) (9.6) — (9.6)
Adjusted operating
profit – revised 8.9 22.6 (11.5) 20.0 7.5 27.5 (7.4) 24.2 (13.6) 3.2 5.9 9.1
Unaudited revenue summary:
2024
£m
2023
£m
%
change at
actual rates
2024
£m
Constant
currency
1
2023
£m
%
change at
constant
currency
1
Cyber Security revenue (excluding Crypto and DetACT) 239.2 238.9 0.1% 239.2 234.7 1.9%
Crypto and DetACT 24.0 19.5 23.1% 24.0 19.1 25.7%
Total Cyber Security revenue 263.2 258.4 1.9% 263.2 253.8 3.7%
Escode 66.0 65.4 0.9% 66.0 64.2 2.8%
Total revenue 329.2 323.8 1.7% 329.2 318.0 3.5%
Unaudited divisional performance – Cyber Security:
Cyber Security unaudited revenue analysis – by originating country:
2024
£m
2023
£m
%
change at
actual rates
2024
£m
Constant
currency
1
2023
£m
%
change at
constant
currency
1
UK and APAC 135.5 118.2 14.6% 135.5 117.7 15.1%
North America 67.0 84.8 (21.0%) 67.0 81.8 (18.1%)
Europe 60.7 55.4 9.6% 60.7 54.3 11.8%
Total Cyber Security revenue 263.2 258.4 1.9% 263.2 253.8 3.7%
From a total Cyber Security revenue trajectory perspective, the following tables compare half on half (being the half-year results
relating to the 12 months ending 30 September 2024 and the 12 months ending 30 September 2023) performance:
H1 2024
£m
H1 2023
£m
%
change at
actual rates
H1 2024
£m
Constant
currency
1
H1 2023
£m
%
change at
constant
currency
1
UK and APAC 69.1 62.3 10.9% 69.1 62.9 9.9%
North America 33.4 49.0 (31.8%) 33.4 46.9 (28.8%)
Europe 31.4 27.6 13.8% 31.4 26.2 19.8%
Total Cyber Security revenue 133.9 138.9 (3.6%) 133.9 136.0 (1.5%)
1 Revenue growth at constant currency is an Alternative Performance Measure (APM) and not an IFRS measure. See unaudited appendix 2 for an explanation
of APMs, including a reconciliation to statutory information.
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 165
Appendix 1 – Unaudited 12-months pro forma results continued
Unaudited divisional performance – Cyber Security: continued
H2 2024
£m
H2 2023
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H2 2023
£m
%
change at
constant
currency
1
UK and APAC 66.4 55.9 18.8% 66.4 54.8 21.2%
North America 33.6 35.8 (6.1%) 33.6 34.9 (3.7%)
Europe 29.3 27.8 5.4% 29.3 28.1 4.3%
Total Cyber Security revenue 129.3 119.5 8.2% 129.3 117.8 9.7%
The following table shows the current trajectory of revenue during the 12 month period:
H2 2024
£m
H1 2024
£m
%
change at
actual rates
UK and APAC 66.4 69.1 (3.9%)
North America 33.6 33.4 0.6%
Europe 29.3 31.4 (6.7%)
Total Cyber Security revenue 129.3 133.9 (3.4%)
Following the implementation of our new strategy, Cyber Security revenue is now analysed in more detail by type of service and
capability. This is summarised by the following unaudited revenue analysis:
2024
£m
2023
£m
%
change at
actual rates
2024
£m
Constant
currency
1
2023
£m
%
change at
constant
currency
1
Technical Assurance Services (TAS) 105.6 126.9 (16.8%) 105.6 124.2 (15.0%)
Consulting and Implementation (C&I) 42.2 44.2 (4.5%) 42.2 43.7 (3.4%)
Managed Services (MS) 74.5 51.5 44.7% 74.5 50.8 46.7%
Digital Forensics and Incident Response (DFIR) 15.1 15.1 — 15.1 14.9 1.3%
Other services 25.8 20.7 24.6% 25.8 20.2 27.7%
Total Cyber Security revenue 263.2 258.4 1.9% 263.2 253.8 3.7%
From a total Cyber Security revenue trajectory perspective in relation to types of services, the following tables compare half on half
(being the half-year results relating to the 12 months ended 30 September 2024 and the 12 months to 30 September 2023) performance:
H1 2024
£m
H1 2023
£m
%
change at
actual rates
H1 2024
£m
Constant
currency
1
H1 2023
£m
%
change at
constant
currency
1
Technical Assurance Services (TAS) 52.9 73.4 (27.9%) 52.9 71.5 (26.0%)
Consulting and Implementation (C&I) 22.7 23.4 (3.0%) 22.7 23.0 (1.3%)
Managed Services (MS) 36.9 24.7 49.4% 36.9 24.3 51.9%
Digital Forensics and Incident Response (DFIR) 7.7 6.9 11.6% 7.7 6.8 13.2%
Other services 13.7 10.5 30.5% 13.7 10.4 31.7%
Total Cyber Security revenue 133.9 138.9 (3.6%) 133.9 136.0 (1.5%)
H2 2024
£m
H2 2023
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H2 2023
£m
%
change at
constant
currency
1
Technical Assurance Services (TAS) 52.8 53.5 (1.3%) 52.8 52.9 (0.2%)
Consulting and Implementation (C&I) 19.5 20.8 (6.3%) 19.5 20.7 (5.8%)
Managed Services (MS) 37.5 26.8 39.9% 37.5 26.5 41.5%
Digital Forensics and Incident Response (DFIR) 7.4 8.2 (9.8%) 7.4 8.0 (7.5%)
Other services 12.1 10.2 18.6% 12.1 9.8 23.5%
Total Cyber Security revenue 129.3 119.5 8.2% 129.3 117.9 9.7%
1 Revenue growth at constant currency is an Alternative Performance Measure (APM) and not an IFRS measure. See unaudited appendix 2 for an explanation
of APMs, including a reconciliation to statutory information.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024166
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
Appendix 1 – Unaudited 12-months pro forma results continued
Unaudited divisional performance – Cyber Security: continued
H2 2024
£m
H1 2024
£m
%
change
at actual rates
Technical Assurance Services (TAS) 52.8 52.9 (0.2%)
Consulting and Implementation (C&I) 19.5 22.7 (14.1%)
Managed Services (MS) 37.5 36.9 1.6%
Digital Forensics and Incident Response (DFIR) 7.4 7.7 (3.9%)
Other services 12.1 13.7 (11.7%)
Total Cyber Security revenue 129.3 133.9 (3.4%)
Cyber Security unaudited gross profit is analysed as follows:
2024
£m
2024
% margin
2023
£m
2023
% margin % pts change
UK and APAC 61.3 45.2% 40.6 34.3% 10.9% pts
North America 14.8 22.1% 20.0 23.6% (1.5% pts)
Europe 21.4 35.3% 18.2 32.9% 2.4% pts
Cyber Security gross profit and % margin 97.5 37.0% 78.8 30.5% 6.5% pts
Europe gross profit excluding Crypto and DetACT would have amounted to 33.8% compared to the prior year of 31.2%.
From a total Cyber Security gross profit trajectory perspective, the following tables compare half on half (being the half-year results
relating to the 12 months ended 30 September 2024 and the 12 months to 30 September 2023) performance:
H1 2024
£m
H1 2024
% margin
H1 2023
£m
H1 2023
% margin
% pts
change
UK and APAC 31.4 45.4% 23.0 36.9% 8.5% pts
North America 7.4 22.2% 12.0 24.5% (2.3% pts)
Europe 10.2 32.5% 10.0 36.2% (3.7% pts)
Cyber Security gross profit and % margin 49.0 36.6% 45.0 32.4% 4.2% pts
H2 2024
£m
H2 2024
% margin
H2 2023
£m
H2 2023
% margin
% pts
change
UK and APAC 29.9 45.0% 17.6 31.5% 13.5% pts
North America 7.4 22.0% 8.0 22.3% (0.3% pts)
Europe 11.2 38.2% 8.2 29.5% 8.7% pts
Cyber Security gross profit and % margin 48.5 37.5% 33.8 28.3% 9.2% pts
H2 2024
£m
H2 2024
% margin
H1 2024
£m
H1 2024
% margin
% pts
change
UK and APAC 29.9 45.0% 31.4 45.4% (0.4% pts)
North America 7.4 22.0% 7.4 22.2% (0.2% pts)
Europe 11.2 38.2% 10.2 32.5% 5.7% pts
Cyber Security gross profit and % margin 48.5 37.5% 49.0 36.6% 0.9% pts
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 167
Appendix 1 – Unaudited 12-months pro forma results continued
Unaudited divisional performance – Escode:
Escode unaudited revenue analysis – by originating country:
2024
£m
2023
£m
%
change at
actual rates
2024
£m
Constant
currency
1
2023
£m
%
change at
constant
currency
1
UK 28.0 26.5 5.7% 28.0 26.5 5.7%
North America 33.9 34.7 (2.3%) 33.9 33.5 1.2%
Europe 4.1 4.2 (2.4%) 4.1 4.2 (2.4%)
Total Escode revenue 66.0 65.4 0.9% 66.0 64.2 2.8%
Escode unaudited revenues analysed by service line:
2024
£m
2023
£m
%
change at
actual rates
2024
£m
Constant
currency
1
2023
£m
%
change at
constant
currency
1
Escrow contracts 43.0 43.6 (1.4%) 43.0 43.4 (0.9%)
Verification services 23.0 21.8 5.5% 23.0 20.8 10.6%
Total Escode revenue 66.0 65.4 0.9% 66.0 64.2 2.8%
From a Escode revenue trajectory perspective, the following tables compare half on half (being the half-year results relating to the
12 months ended 30 September 2024 and the 12 months to 30 September 2023) performance:
H1 2024
£m
H1 2023
£m
%
change at
actual rates
H1 2024
£m
Constant
currency
1
H1 2023
£m
%
change at
constant
currency
1
UK 14.0 12.6 11.1% 14.0 12.8 9.4%
North America 16.8 17.4 (3.4%) 16.8 17.3 (2.9%)
Europe 2.1 2.2 (4.5%) 2.1 2.2 (4.5%)
Total Escode revenue 32.9 32.2 2.2% 32.9 32.3 1.9%
H2 2024
£m
H2 2023
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H2 2023
£m
%
change at
constant
currency
1
UK 14.0 13.9 0.7% 14.0 13.7 2.2%
North America 17.1 17.3 (1.2%) 17.1 16.3 4.9%
Europe 2.0 2.0 (0.0%) 2.0 2.0 0.0%
Total Escode revenue 33.1 33.2 (0.3%) 33.1 32.0 3.4%
H2 2024
£m
H1 2024
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H1 2024
£m
%
change at
constant
currency
1
UK 14.0 14.0 0.0% 14.0 12.6 11.1%
North America 17.1 16.8 1.8% 17.1 16.6 3.0%
Europe 2.0 2.1 (4.8%) 2.0 2.1 (4.8%)
Total Escode revenue 33.1 32.9 0.6% 33.1 31.3 5.8%
H1 2024
£m
H1 2023
£m
%
change at
actual rates
H1 2024
£m
Constant
currency
1
H1 2023
£m
%
change at
constant
currency
1
Escrow contracts 22.0 21.7 1.4% 22.0 22.4 (1.8%)
Verification services 10.9 10.5 3.8% 10.9 9.8 11.2%
Total Escode revenue 32.9 32.2 2.2% 32.9 32.2 2.2%
1 Revenue growth at constant currency is an Alternative Performance Measure (APM) and not an IFRS measure. See unaudited appendix 2 for an explanation
of APMs, including a reconciliation to statutory information.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024168
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
Appendix 1 – Unaudited 12-months pro forma results continued
Unaudited divisional performance – Escode: continued
H2 2024
£m
H2 2023
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H2 2023
£m
%
change at
constant
currency
1
Escrow contracts 21.0 21.9 (4.1%) 21.0 21.0 0.0%
Verification services 12.1 11.3 7.1% 12.1 11.0 10.0%
Total Escode revenue 33.1 33.2 (0.3%) 33.1 32.0 3.4%
H2 2024
£m
H1 2024
£m
%
change at
actual rates
H2 2024
£m
Constant
currency
1
H1 2024
£m
%
change at
constant
currency
1
Escrow contracts 21.0 22.0 (4.5%) 21.0 21.1 (0.5%)
Verification services 12.1 10.9 11.0% 12.1 10.3 17.5%
Total Escode revenue 33.1 32.9 0.6% 33.1 31.4 5.4%
Escode unaudited gross profit is analysed as follows:
2024
£m
2024
% margin
2023
£m
2023
% margin
% pts
change
UK 19.0 67.9% 18.3 69.1% (1.2% pts)
North America 24.1 71.1% 25.8 74.4% (3.3% pts)
Europe 2.3 56.1% 2.9 69.0% (12.9% pts)
Escode gross profit and % margin 45.4 68.8% 47.0 71.9% (3.1% pts)
From a Escode gross profit trajectory perspective, the following tables compare half on half (being the half-year results relating to the
12 months ended 30 September 2024 and the 12 months to 30 September 2023) performance:
H1 2024
£m
H1 2024
% margin
H1 2023
£m
H1 2023
% margin
% pts
change
UK 9.5 67.9% 9.2 73.0% (5.1% pts)
North America 11.7 69.6% 12.8 73.6% (4.0% pts)
Europe 1.2 57.1% 1.4 63.6% (6.5% pts)
Escode gross profit and % margin 22.4 68.1% 23.4 72.7% (4.6% pts)
H2 2024
£m
H2 2024
% margin
H2 2023
£m
H2 2023
% margin
% pts
change
UK 9.5 68.3% 9.1 65.5% 2.8% pts
North America 12.4 72.5% 13.0 75.1% (2.6% pts)
Europe 1.1 55.0% 1.5 75.0% (20.0% pts)
Escode gross profit and % margin 23.0 69.5% 23.6 71.1% (1.6% pts)
H2 2024
£m
H2 2024
% margin
H1 2024
£m
H1 2024
% margin
% pts
change
UK 9.5 68.3% 9.5 67.9% 0.4% pts
North America 12.4 72.5% 11.7 69.6% 2.9% pts
Europe 1.1 55.0% 1.2 57.1% (2.1% pts)
Escode gross profit and % margin 23.0 69.5% 22.4 68.1% 1.4% pts
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 169
Appendix 1 – Unaudited 12-months pro forma results continued
The unaudited Consolidated Balance Sheet position as at 30 September 2023 compared to the audited Balance Sheet position as at
30 September 2024:
30 September
2024
£m
Unaudited
30 September
2023
£m
Non-current assets
Goodwill 156.5 257.9
Intangible assets 89.2 109.4
Property, plant and equipment 11.6 12.6
Right-of-use assets 15.7 18.0
Investments — 0.3
Deferred tax asset 0.6 2.9
Total non-current assets 273.6 401.1
Current assets
Inventories — 0.8
Trade and other receivables 32.2 58.9
Contract assets 20.1 20.5
Contingent consideration receivable — 1.8
Current tax receivable 2.9 3.6
Cash and cash equivalents 29.8 13.6
Assets classified as held for sale 61.5 —
Total current assets 146.5 99.2
Total assets 420.1 500.3
Current liabilities
Trade and other payables 46.8 47.1
Bank overdraft 13.6 3.1
Lease liabilities 5.7 6.1
Current tax payable 1.6 1.5
Derivative financial instruments 0.8 0.1
Provisions 1.4 1.6
Contract liabilities – deferred revenue 50.7 62.6
Liabilities directly associated with assets classified as held for sale 5.7 —
Total current liabilities 126.3 122.1
Non-current liabilities
Borrowings 61.5 78.0
Lease liabilities 21.9 22.8
Deferred tax liabilities 0.5 1.4
Provisions 1.9 1.4
Contract liabilities – deferred revenue 2.8 4.2
Total non-current liabilities 88.6 107.8
Total liabilities 214.9 229.9
Net assets 205.2 270.4
Equity
Share capital 3.1 3.1
Share premium 224.4 224.1
Merger reserve 42.3 42.3
Currency translation reserve 24.5 39.9
Retained earnings (89.1) (39.0)
Total equity attributable to equity holders of the Parent 205.2 270.4
NCC Group plc — Annual report and accounts for the period ended 30 September 2024170
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
Appendix 1 – Unaudited 12-months pro forma results continued
The unaudited Cash Flow Statement for the 12 month period ended 30 September 2024:
12 months
period ended
30 September
2024
£m
Cash flows from operating activities
Loss for the period/year (25.1)
Adjustments for:
Depreciation of property, plant and equipment 4.3
Depreciation of right-of-use assets 6.6
Amortisation of customer contracts and relationships 9.4
Amortisation of software and development costs 2.6
Impairment of goodwill 31.9
Impairment of non-current assets included in ISIs 3.7
Share-based payments 1.8
Lease financing costs 1.6
Other financing costs 6.3
Foreign exchange loss 1.9
Profit on disposal of right-of-use assets (0.1)
Profit on disposal of businesses (1.6)
Profit on disposal of investment (0.1)
Loss on disposal of fixed assets 0.1
Income tax expense 7.3
Cash inflow for the year before changes in working capital 50.6
Decrease in trade and other receivables 19.3
Increase in contract assets (3.4)
Decrease in inventories 0.2
Decrease in trade and other payables (19.3)
Increase in provisions 0.6
Cash generated from operating activities before interest and taxation 48.0
Interest element of lease payments (1.6)
Other interest paid (5.9)
Taxation paid (2.1)
Net cash generated from operating activities 38.4
Cash flows from investing activities
Purchase of property, plant and equipment (4.3)
Software, development and customer contracts expenditure (1.3)
Sale proceeds of business disposals 10.4
Net cash generated from/(used in) in investing activities 4.8
Cash flows from financing activities
Proceeds from the issue of ordinary share capital 0.3
Acquisition of treasury shares (5.8)
Principal element of lease payments (7.9)
Drawdown of borrowings (net of deferred issue costs) 38.8
Repayment of borrowings (51.3)
Equity dividends paid (14.5)
Net cash used in financing activities (40.4)
Net decrease in cash and cash equivalents (inc. bank overdraft) 2.8
Cash and cash equivalents (inc. bank overdraft) at beginning of period 10.5
Effect of foreign currency exchange rate changes 2.9
Cash and cash equivalents (inc. bank overdraft) at end of year 16.2
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 171
Appendix 2 – Alternative Performance Measures (APMs) and adjusting items
The consolidated Financial Statements include APMs as well as statutory measures. These APMs used by the Group are not defined
terms under IFRS and may therefore not be comparable with similarly titled measures reported by other companies. They are not
intended to be a substitute for, or superior to, Generally Accepted Accounting Practice (GAAP) measures. All APMs relate to the
current period results and comparative periods where provided.
This presentation is also consistent with the way that financial performance is measured by management and reported to the Board,
and the basis of financial measures for senior management’s compensation schemes and provides supplementary information that
assists the user in understanding the financial performance, position and trends of the Group. At all times, the Group aims to ensure
that the Annual Report and Accounts gives a fair, balanced and understandable view of the Group’s performance, cash flows and
financial position. IAS 1 ‘Presentation of Financial Statements’ requires the separate presentation of items that are material in nature
or scale in order to allow the user of the Financial Statements to understand underlying business performance.
We believe these APMs provide readers with important additional information on our business and this information is relevant for use by
investors, securities analysts and other interested parties as supplemental measures of future potential performance. However, since
statutory measures can differ significantly from the APMs and may be assessed differently by the reader we encourage you to consider
these figures together with statutory reporting measures noted. Specifically, we would note that APMs may not be comparable across
different companies and that certain profit related APMs may exclude recurring business transactions (e.g. acquisition related costs
and certain share-based payment charges) that impact financial performance and cash flows.
As the Group manages internally its performance at an Adjusted operating profit level (before Individually Significant Items,
amortisation of acquired intangibles and share-based payments), which management believes represents the underlying trading of
the business. This information is still disclosed as an APM within this Annual Report. This APM is reconciled to statutory operating
profit, together with the consequently Adjusted basic EPS (before amortisation of acquisition intangibles, share-based payments and
Individually Significant Items and tax effect thereon) to statutory basic EPS. Please see page 42 of the Financial Review section.
The Group has the following APMs/non-statutory measures:
APM
Closest equivalent
IFRS measure
Adjustments to reconcile
to IFRS measure Definition, purpose and considerations made by the Directors
Income statement measures:
Constant
currency revenue
growth rates
Revenue
growth rates at
actual rates of
currency
exchange
Retranslation of comparative
numbers at current period
exchange rates to provide
constant currency
The Group reports certain geographic regions and service
capabilities on a constant currency basis to reflect the
underlying performance considering constant foreign
exchange rates year on year. This involves retranslating
comparative numbers at current period rates for
comparability to enable a growth factor to be calculated.
Adjusted
operating profit
Operating
profit or loss
Operating profit or loss before
Individually Significant Items
(Previously: Operating profit or loss
before amortisation of acquired
intangibles, share-based payments
and Individually Significant Items)
Represents operating profit before Individually Significant
Items (the only adjusting item).
This measure is to allow the user to understand the Group’s
underlying financial performance as measured by
management.
Individually Significant Items are items that are considered
unusual by nature or scale and are of such significance that
separate disclosure is relevant to understanding the Group’s
financial performance and therefore requires separate
presentation in the Financial Statements in order to fairly
present the financial performance of the Group.
Adjusted profit for
the period
Loss for the
period
Loss for the period before
Individually Significant Items
and associated tax effects
and adjusted tax items.
Represents loss for the period before Individually Significant
Items and their associated tax effect and adjusted tax items.
This measure is to allow the user to calculate the Group’s
Adjusted earnings per share.
Adjusted earnings
before interest,
tax, depreciation
and amortisation
(Adjusted EBITDA)
Operating
profit or loss
Operating profit or loss, before
adjusting item, depreciation and
amortisation, finance costs and
taxation
(Previously: before amortisation of
acquired intangibles, share-based
payments, Individually Significant
Items and the tax effect thereon)
Represents operating profit before adjusting item,
depreciation and amortisation to assist in the understanding
of the Group’s performance.
Adjusted EBITDA is disclosed as this is a measure widely used
by various stakeholders and used by the Group to measure
the cash conversion ratio.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024172
Notes to the Financial Statements continued
for the 16 month period ended 30 September 2024
APM
Closest equivalent
IFRS measure
Adjustments to reconcile
to IFRS measure Definition, purpose and considerations made by the Directors
Income statement measures: continued
Adjusted
basic EPS
Statutory
basic EPS
Statutory basic EPS before
Individually Significant Items
and their associated tax effect
and adjusted tax items.
(Previously: before amortisation of
acquired intangibles, share-based
payments, Individually Significant
Items and the tax effect thereon)
Represents basic EPS before Individually Significant Items
and their associated tax effect and adjusted tax items.
This measure is to allow the user to understand the Group’s
underlying financial performance as measured by
management, reported to the Board and used as a financial
measure in senior management’s compensation schemes.
Balance Sheet measures:
Net debt
excluding lease
liabilities
Total
borrowings
(excluding
lease liabilities)
offset by cash
and cash
equivalents
Represents total borrowings (excluding lease liabilities) offset
by cash and cash equivalents. It is a useful measure of the
progress in generating cash, strengthening of the Group
Balance Sheet position, overall net indebtedness and gearing
on a like-for-like basis.
Net debt, when compared to available borrowing facilities,
also gives an indication of available financial resources to
fund potential future business investment decisions and/or
potential acquisitions.
Net debt Total
borrowings
(including
lease liabilities)
offset by cash
and cash
equivalents
Represents total borrowings (including lease liabilities) offset
by cash and cash equivalents. It is a useful measure of the
progress in generating cash, strengthening of the Group
Balance Sheet position, overall net indebtedness and gearing
including lease liabilities.
Net debt, when compared to available borrowing facilities,
also gives an indication of available financial resources to
fund potential future business investment decisions and/or
potential acquisitions.
Cash flow measures:
Cash conversion
ratio
Ratio % of net
cash flow from
operating
activities
before interest
and tax divided
by operating
profit
Ratio % of net cash flow from
operating activities before
interest and tax divided by
Adjusted EBITDA
The cash conversion ratio is a measure of how effectively
operating profit is converted into cash and effectively
highlights both non-cash accounting items within operating
profit and also movements in working capital.
It is calculated as net cash flow from operating activities
before interest and taxation (as disclosed on the face of the
Cash Flow Statement) divided by Adjusted EBITDA.
The cash conversion ratio is a measure widely used by
various stakeholders and hence is disclosed to show the
quality of cash generation and also to allow comparison to
other similar companies.
Appendix 2 – Alternative Performance Measures (APMs) and adjusting items continued
Financial statements
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 173
Glossary of terms – other terms
Other terms Definition and usage
Code Guidance, issued by the Financial Reporting Council in 2016 and updated in 2018, on how
companies should be governed, applicable to UK listed companies including NCC Group plc.
Adjusted Any result described as adjusted excludes the impact of Individually Significant Items, and any
tax on any of these items.
Adjusted earnings Adjusted earnings are defined as statutory earnings before Individually Significant Items,
net of the tax effect of these items.
Adjusted operating profit margin
1
Calculated as Adjusted operating profit divided by revenue from continuing activities.
AGM Annual General Meeting of shareholders of the Company held each year to consider ordinary
and special business as provided in the Notice of AGM.
Alternative Performance Measure
(APM)
An Alternative Performance Measure (which is denoted in each case or use thereof by a
footnote) is a non-GAAP performance metric used by management either internally or externally
to present management’s view of the underlying business performance. They are not superior
to GAAP-based measures and are simply an alternative way of looking at performance.
See appendix 2 for further information over the Group’s APMs.
Board The Board of Directors of the Company (for more information see pages 56 and 57).
Cash conversion ratio
1
Calculated as cash generated from operating activities before interest and taxation divided by
Adjusted EBITDA
1
, expressed as a percentage.
CDO Cyber Defence Operations.
CEO Chief Executive Officer.
CFO Chief Financial Officer.
CISO Chief Information Security Officer.
Company, Group, NCC, we, our or us We use these terms, depending on the context, to refer to either NCC Group plc, the individual
Company, or to NCC Group plc and its subsidiaries collectively.
CPO Chief People Officer.
CTO Chief Technology Officer.
Directors, Executive Directors and
Non-Executive Directors
The Directors/Executive Directors and Non-Executive Directors of the Company whose names
are set out on pages 56 and 57 of this report.
EBIT Earnings before interest and tax.
EBIT margin % EBIT margin % is calculated as follows: Adjusted EBIT divided by revenue.
EBITDA Earnings before interest, tax, depreciation and amortisation. Calculated as operating profit
before Individually Significant Items and adding back depreciation and amortisation charged.
EBITDA margin % EBITDA divided by revenue.
EPS Earnings per share. Profit for the period attributable to equity shareholders of the Parent
allocated to each ordinary share.
FCA Financial Conduct Authority.
Financial year For NCC Group, following the change in year end in the current period, this is an accounting
period ending on 30 September (previously 31 May in prior periods).
FRC Financial Reporting Council.
Free cash flow Net cash from operating activities less net capital expenditure and acquisition costs.
FRS A UK Financial Reporting Standard as issued by the UK Financial Reporting Council (FRC).
FVLCTS Fair value less costs to sell.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024174
Other terms Definition and usage
Gross profit Gross profit is revenue less direct costs of sale. It excludes costs considered to be overheads
that are supporting the business as a whole as opposed to a specific revenue item.
Gross margin %/GM % Calculated as gross profit divided by revenue from continuing activities.
HMRC His Majesty’s Revenue & Customs, the tax collecting authority of the UK.
IAS or IFRS An International Accounting Standard or International Financial Reporting Standard, as issued
by the International Accounting Standards Board (IASB). IFRS is also used as the term to
describe international generally accepted accounting principles as a whole.
Individually Significant Items Items that the Directors consider to be material in nature, scale or frequency of occurrence
that need to be excluded when calculating some non-statutory performance measures in
order to allow users of the Financial Statements to gain a full understanding of the underlying
business performance. See Note 4 for further information.
PricewaterhouseCoopers (PwC) The Company’s external auditor, PwC LLP.
LTIP Long Term Incentive Plan established to align the interests of senior and executive
management with those of shareholders. The plan is formally known as the NCC Group Long
Term Incentive Plan 2013 (approved by shareholders in 2013).
MD Managing Director.
MDR Managed Detection and Response.
Net debt
1
Total borrowings offset by cash and cash equivalents.
Ordinary shares Voting shares entitling the holder to part ownership of a company.
SAYE/Sharesave Save As You Earn, being a tax efficient scheme to encourage colleague share ownership.
Escode Escode represents our escrow resilience services.
Subsidiary A company or other entity that is controlled by NCC Group.
TSC Technical Security Consulting.
TSR Total shareholder return, which is share price growth plus dividends reinvested (where
applicable) over a specified period of time, divided by the share price at the start of the period.
1 Revenue at constant currency, Adjusted EBITDA and net debt excluding lease liabilities are Alternative Performance Measures (APMs) and not IFRS
measures. See appendix 2 for an explanation of APMs and adjusting items, including a reconciliation to statutory information.
NCC Group plc — Annual report and accounts for the period ended 30 September 2024 175
Additional information
Other information
Directors
Chris Stone – Non-Executive Chair
Mike Maddison – Chief Executive Officer
Guy Ellis – Chief Financial Officer
Julie Chakraverty – Senior Independent Non-Executive Director
Jennifer Duvalier – Independent Non-Executive Director
Mike Ettling – Independent Non-Executive Director
Lynn Fordham – Independent Non-Executive Director
Company Secretary
Jonathan Williams
Registered Group and Company head office
XYZ Building
2 Hardman Boulevard
Spinningfields
Manchester
M3 3AQ
Registered number
4627044
Registered in England and Wales
Joint brokers and corporate finance advisers
Investec Bank plc
30 Gresham Street
London
EC2V 7QP
Peel Hunt LLP
Moor House
120 London Wall
London
EC2Y 5ET
Auditor
PricewaterhouseCoopers LLP
1 Hardman Square
Manchester
M3 3EB
Solicitors
DLA Piper UK LLP
1 St Peter’s Square
Manchester
M2 3DE
Registrar
Equiniti
Aspect House
Spencer Road
Lancing
West Sussex
BN99 6DA
Bankers
HSBC UK Bank plc
2nd Floor
4 Hardman Square
Spinningfields
Manchester
M3 3EB
National Westminster Bank plc
1 Hardman Boulevard
Manchester
M3 3AQ
ING Bank N.V. London Branch
8–10 Moorgate
London
EC2R 6DA
Fifth Third Bank NA
38 Fountain Square Plaza
Cincinnati
OH 45263
NCC Group plc — Annual report and accounts for the period ended 30 September 2024176
Financial calendar
AGM 28 January 2025
Ex-dividend date 20 February 2025
Record date 21 February 2025
2025 half-year end 31 March 2025
Dividend payment date 4 April 2025
2025 interim statement June 2025
2025 year end 30 September 2025
2025 preliminary year end statement December 2025
These dates are provisional and may be subject to change.
CBP028356
NCC Group plc’s commitment to environmental issues
is reflected in this Annual Report, which has been
printed on Magno Satin, an FSC
®
certified material.
This document was printed by Geoff Neal using its
environmental print technology, which minimises the
impact of printing on the environment, with 99% of dry
waste diverted from landfill. Both the printer and the
paper mill are registered to ISO 14001.
NCC Group plc Annual report and accounts for the period ended 30 September 2024
NCC Group plc Annual report and accounts for the period ended 30 September 2024