2 minute read
Risk Management
Improving risk management to enhance stability and growth within the business.
Risk management philosophy
Risk and its management are fundamental to the success of our business. We encourage our teams to take risks; however, the risk and its mitigation should be commensurate with the expected return. All our employees are responsible for assessing and managing risk appropriately, as well as highlighting and responding to emerging risks within our businesses.
Continuous improvement in risk management practices
The Group continues to embed risk management processes across all our businesses, to ensure that there is a good understanding of all the potential positives and negatives of key factors that may affect both individual businesses and the Group as a whole. This helps to ensure suitable decision making, supported by the necessary controls and processes, to achieve our strategic objectives.
We review and measure our strategic risks, determining both the likelihood and impact of key risks to the business, using a wide range of measurements to ensure that multiple factors are considered as part of the assessment of risk. We concentrate on the residual risk and proportionate actions that could be taken to manage the identified risks.
Embedding risk culture across the Group
The Group Board owns the risk management processes and ensures that they are embedded and working effectively across the Group. The Board also has a good understanding of the significant risks facing the Group and considers the implications of the Board’s decisions.
The Executive Directors are responsible for overseeing the risk management of the entire Group. They meet quarterly to discuss the risk activities within the Group to ensure that the risk culture is firmly embedded across all our businesses. They review the individual business entities and the core Group activities to ensure these teams are managing their risks effectively. The Executive Directors also ensure that they consider risk and implications within their own decision making. The Audit Committee is responsible for overseeing that there is an effective risk management process in place and for reporting to the Board on its adequacy.
Empowering our businesses to enhance their risk management frameworks
The individual entities’ management teams are responsible for defining and embedding the risk culture into their own areas. They are responsible for ensuring that they understand the risks affecting their businesses and that their employees are able to both identify and deal with these risks appropriately. They are also responsible for creating a culture of openness to allow wide-ranging and difficult discussions to be had over the risks the businesses may face.
Principal risks and uncertainties
Key
The results are aggregated into the ten principal risks affecting the Group, which are set out within the Statement of Principal Risks and Uncertainties. We will continue to seek to improve the process and produce information in a more intuitive manner.
Assessment of risk
We consider a wide range of factors within risk management processes from macro strategic points through to operational risks within each business. We assess each risk identified for likelihood and impact against a wide range of measures, including:
• Damage to the financial performance of the business
• Damage to reputation
• Production downtime
• Information security
• Employee morale
• Management time
