The Group has adopted a risk management framework that is designed to provide a formal structure through which the business will:

• Endeavour to reduce the exposure of all its businesses to risk as far as possible.
• Seek to recognise and derive the maximum benefit from any opportunities identified through risk analysis.
• Seek to achieve excellence through managing risk effectively throughout the organisation.

In order to achieve the framework objectives, a dedicated Group risk management team has been established and is developing the appropriate policies and procedures to ensure that the risk management framework is embedded throughout the organisation on a consistent basis. This framework has been designed and tested in line with best practice and in accordance with Turnbull Guidance. For further information on Corporate Governance.

The Process

The Group’s risk framework seeks to engage the entire business.  A bespoke set of tools have been developed by the Group to support a common and effective approach to identification, evaluation and management of risk at a business level.  Active risk workshops, facilitated by Group Risk Management, are being carried out at functional and divisional levels within the sectors to introduce the new framework. All risks identified and evaluated are assigned to risk owners within the businesses.  As part of this process, existing controls are documented along with further action plans and delivery dates to treat and mitigate risk appropriately. Sector Boards have nominated Risk Champions to actively support the process, ensuring that it is embedded as an ongoing working practice and updated risk reports are provided periodically at Sector Board level.  The framework is supported by a written procedure and facilitated by a web-based IT solution which is integrated with our Group incident management system.

Reporting and Governance

Sectors report their risk profile on a quarterly basis. The Group Risk Management function consolidates and aggregates the Group risk profile, closely monitoring the businesses’ progress in relation to risk management throughout the organisation.

Group Risk Management presents the consolidated Group risk profile to the Audit Committee for review on a half-yearly basis.  Additionally, at each Audit Committee meeting, progress on the development of the framework is reported and individual sector management teams are invited to review and discuss their risk profile on a rotational basis.   

Group Audit Services (GAS) play a key role in ensuring that the businesses adhere to the risk management procedure.  More importantly, GAS also reviews and tests the evaluation of reported risks - ensuring that identified controls are tested and actions have been validated to appropriately mitigate risk as reported.

Groupwide risk treatment

Certain common risks exist across the Group and therefore benefit from a Group approach to mitigation such as customer and employee health and safety, business continuity, corporate and social responsibility and incident management response. Policy and mitigation for such Groupwide risks are facilitated and supported by subject experts at the centre but responsibility for managing such risks clearly lies within the businesses themselves.

Due to the nature of our products and activities, customer health and safety related risks remain of paramount importance to the Group.  For this reason, expertise has been consolidated in a central team to provide a greater degree of shared skills across the entire Group.  This team is responsible for developing Group policy on customer and employee health and safety and for facilitating practical application of such policies at varying levels across the Group, as required by individual source markets.  Andrew John, Group Legal Director & Company Secretary, takes responsibility for such health and safety matters on behalf of the Board and closely guides the Risk Management team in the development of Group health and safety risk mitigation framework.