Assurance statement

BAE Systems plc (‘BAE Systems’) has engaged us to give assurance on:

Limited Assurance:

• Their description, on the Introduction page in the section "Scope and data" , for compiling the BAE Systems (Group) Corporate Responsibility (CR) Report (‘CR Report Compilation’);
• Group level safety performance indicators comprising fatalities, major injuries recorded (total and rate per 100,000 employees), cause of major injuries recorded, lost work day case incident rate per 100,000 employees;
• Group level diversity performance indicators encompassing gender diversity, age diversity and ethnic diversity; and
• Group level responsible business conduct performance indicators encompassing dismissals for reasons relating to unethical behaviour.

Reasonable assurance:

• Their statement on responsible business conduct made under the heading ‘Responsible Business Conduct’, excluding the table headed ‘Dismissals for reasons relating to unethical behaviour’ which has been subject to limited assurance; and
• The responsible business conduct performance indicators in the 'Performance summary' indicated with a ^.

Our work was carried out by a multi-disciplinary team of CR and business ethics assurance specialists in accordance with the International Standard on Assurance Engagements 3000 (ISAE 3000).

For the CR Report Compilation we planned and performed the work to provide limited assurance as to whether the BAE Systems’ description of the Group compilation of the CR Report as outlined on the Introduction page in the section “Scope and data” is not materially misstated.

For the safety, diversity and responsible business conduct indicators we planned and performed the work to provide limited assurance as to whether the BAE Systems’ data in the 'Performance summary', indicated with a *, is not materially misstated. This provides less assurance and is substantially less in scope than reasonable assurance.

For the statement on responsible business conduct we planned and performed the work to obtain reasonable – not absolute – assurance as to whether the statements on Responsible Business Conduct is a fair description of the activities undertaken. For the responsible business conduct indicators we planned and performed the work to obtain reasonable assurance that the responsible business conduct indicators in the 'Performance summary', indicated with a ^, are fairly stated. The basis of reporting for each indicator marked with* or a ^ is provided here.

Considering the risk of material error, we planned and performed the work to obtain all the information and explanations considered necessary to provide sufficient evidence to support our assurance conclusion. The key procedures we carried out were:

In relation to the limited assurance of CR Report compilation, safety, diversity and selected responsible business conduct indicators:

• Interviewing managers at BAE Systems’ head office, including the CR and Safety, Health and Environment (SHE) team and those with responsibility for CR management and reporting systems;
• Gaining an understanding of BAE Systems’ own process to collect information from issue owners (including subsidiary entities) and the process for collation and validation by the Group CR team;
• Analysing and reviewing on a sample basis the key structures, systems, processes, procedures and controls relating to the Group level collation, validation and reporting processes of the CR Report, including:
  • the selection of issues to be reported on, related key performance indicators and other matters to be reported on
  • the collection, collation, validation and reporting of safety, diversity and selected responsible business conduct performance data at the year end
• Undertaking questionnaires and interviews with 23 sites and visiting a sample of seven further businesses/operating sites to corroborate Group level findings. Sites were selected for visits based on safety performance, materially to the Group and inherent risk of the location; and
• Reviewing the CR report against the findings of our work whilst assessing that the CR Report has been compiled as described on the Introduction page in the section "Scope and data".

The scope of our work excluded CR environmental performance data.

In relation to the reasonable assurance over the statements on responsible business conduct and business conduct indicators:

• Interviewing the Woolf programme management team to understand the milestones and activities undertaken in 2009 to address the recommendations;
• Interviewing a sample of senior executives, including the Steering Committee Chairman and members of the Executive Board to understand the commitment, drive and actions undertaken to date to address the recommendations;
• Interviewing a sample of members of the Group’s legal department and its legal advisers to understand the process followed to roll out and monitor compliance with the Business Development Adviser Policy in 2009;
• Performing sample testing to verify that a selection of Advisers added to the BAE Systems’ approved Adviser register in 2009 were appointed in compliance with the BAE Systems Adviser policy;
• Interviewing a sample of owners of BAE Systems’ policies referred to in the statement on responsible business conduct to understand the scope and roll out of these policies;
• Interviewing a sample of BAE Systems’ Code of Conduct central delivery and roll out team to understand the scope and coverage of their activities;
• Performing sample testing at a selection of sites, in conjunction with BAE Systems’ Internal Audit department, to understand the nature and extent of the roll out of the Code of Conduct, including but not limited to the cascade of and training on the Code;
• Interviewing the Head of Internal Audit and performing sample testing to understand how internal audit responsibilities have been expanded to provide assurance over non-financial risk management across the business;
• Interviewing individuals with responsibility for BAE Systems’ external stakeholder engagement to understand the nature, extent and timing of stakeholder engagement;
• Reviewing underlying documents to corroborate interview outcomes and inform our assessment of the statements made on responsible business conduct; and
• Analysing and reviewing the key structures, systems, processes, procedures and controls relating to the Group level collection, collation, validation and reporting of selected responsible business conduct performance data at the year end.

The scope of our work did not include the provision of assurance over whether BAE Systems’ programme of work is adequately designed to, or will, meet the requirements of the Woolf Report.

Limited assurance conclusion:

• Based on the assurance work performed nothing has come to our attention to suggest that the description on the Introduction page in the section "Scope and data" for compiling the Group CR Report is materially misstated.
• Based on the assurance work performed nothing has come to our attention to suggest that the safety, diversity and business conduct indicators in the 'Performance summary', indicated with a *, are materially misstated.

Reasonable assurance opinion:

• BAE Systems’ statement on responsible business conduct made under the heading “Responsible Business Conduct” is, in our opinion, in all material respects fairly stated as at 10 March 2010.
• The responsible business conduct indicators in the 'Performance summary', indicated with a ^, are, in our opinion, in all material respects fairly stated.

Responsibilities of Directors and independent assurance provider

BAE Systems’ responsibilities

• The Directors are responsible for the preparation of the CR Report and for the information and statements contained in connection with it. They are responsible for determining BAE Systems’ objectives in respect of CR performance and for establishing and maintaining appropriate performance management and internal control systems from which the reported information is derived.

Deloitte’s responsibilities

• Our responsibility is to independently express conclusions on the reliability of management’s assertions on the selected subject matters as defined within the scope of work above.
• This report is made solely to BAE Systems plc in accordance with our letter of engagement for the purpose of the directors’ governance and stewardship. Our work has been undertaken so that we might state to the Company those matters we are required to state to them in this report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than BAE Systems plc for our work, for this report, or for the conclusions we have formed.
• Our multi-disciplinary team of CR and business ethics assurance specialists performed the engagement
  in accordance with Deloitte’s independence policies, which cover all of the requirements of the International Federation of Accountants (IFAC) Code of Ethics and in some areas are more restrictive. We confirm to
  BAE Systems that we have maintained our independence and objectivity throughout the year, including the fact that there were no events or prohibited services provided which could impair that independence and objectivity in the provision of this engagement.