3 minute read
Risk Management
Improving Risk Management to enhance stability and growth within the business
Risk Management philosophy
Risk and the management of risk are fundamental to the success of our business. We encourage our teams to take risks to ensure the continued growth of the business, however the risk and choice of mitigation should be commensurate to the return envisaged. All our employees are responsible for taking an active part in appropriately assessing and managing risk, as well as highlighting crystallising risks within our businesses.
Continuous improvement in risk management practices
The Group continues to embed its risk management process across all our businesses, to ensure that there is a good understanding of all the potential upside and downside of all the key factors that may affect both the individual businesses and the Group as a whole. This is to help the Group to ensure that it has suitable decision making, supported by the requisite control and processes to enable the business to achieve its strategic objectives.
We review and measure our strategic risks determining both the likelihood and impact of key risks to business, using a wide range of measurements beyond the core financial measurement, to ensure a wide range of factors are considered as part of the assessment of risk. We concentrate on the residual risk and proportionate actions that could be taken to manage the identified risks.
Embedding risk culture across the Group
The Group Board owns the Risk Management process and ensures the risk management processes are embedded and working effectively across the Group. They also have a good understanding of the significant risks facing the Group, and consider the risk implications of the Board’s decisions.
The Executive Directors are responsible to the Board for overseeing the risk management of the entire Group and they meet quarterly to discuss the risk activities within the Group to ensure that the risk culture is becoming firmly embedded across all our businesses. They review the individual business entities and the core Group activities to ensure these teams are managing their risks effectively. They also ensure that they consider risk and implications within their own decision making.
The Audit Committee is responsible for overseeing there is an effective risk management process in place and reporting to the Board over its views on its adequacy.
Empowering our businesses to enhance their risk management frameworks
The individual entities management teams are responsible for defining and embedding the risk culture into their own operating businesses. They are also responsible for ensuring they understand the risks affecting their businesses and for ensuring their employees are suitably empowered to both identify and deal with these risks appropriately. They are also responsible for creating a culture that allows for an openness to allow wide ranging and difficult discussion to be had over the risks the businesses may face.
Assessment of risk
We consider a wide range of factors within risk management process both from a macro strategic point of view through to operational risks assessed within each business. We assess each risk identified for both likelihood and impact against a wide range of measures, including:
• Damage to the financial performance of the business
• Damage to reputation
• Production downtime
• Information security
• Employee morale
• Management time
The output from these assessments are aggregated into the ten principal risks affecting the Group, which are set out within the Statement of Principal Risks. As we continue to evolve the processes and functions we will seek to enhance and improve the process, and produce information in a more intuitive manner.
Key business risks are currently identified as follows:
Principal Risks
Impact
Insignificant Minor Moderate Major Critical
1 9 4 8
7
2 5 6 3 10
Key to table
1 Strategic 2 Financial 3 People 4 Product design 5 Business continuity 6 IT systems and cyber security 7 Regulatory & compliance 8 Economic & political instability 9 Safety 10 Pandemic
Rare Unlikely Credible Likely Almost Certain
