Our risk management strategy supports our ability to respond to the changing needs of our stakeholders and dynamics of the markets in which we operate. The purpose of our risk management strategy is to identify risk which could impact the delivery of our strategic objectives and mitigate these to an acceptable level.

There is a formal governance structure underpinning our approach to risk management. Key roles and responsibilities within the structure are as follows:


Identifying risks

The Board and the Group’s management are responsible for identifying the major business risks facing the Group, and for developing systems to mitigate and manage those risks. The Board and the Regional Executive Teams review the control of key risks at their monthly meetings.

The Group risk register comprises risks identified and owned at the business unit level by the Regional Executive Teams. Risks incorporated into the risk register are given a score and categorised as strategic, financial or operational risks. We assess the Group-wide impact and effectiveness of any mitigation by internal audit.

The Board oversees the ongoing process for identifying, evaluating and managing the significant risks the Group faces. The Board is also responsible for ensuring the process has been in place for the year under review, and up to the date of approval of this Annual Report, and that it accords with corporate governance guidance and therefore the Board has performed a robust assessment of the principal risks facing the Group.

Risk appetite

The Board takes a conservative view of risk, and maintains a focus on effective risk management, which flows all the way through the organisation. The culture of the organisation ensures all activities, from day-to-day operations to high level strategic decisions, are performed in line with this approach.

The Board’s assessment of our principal risks is based on the perceived impact on the Group’s ability to achieve its strategic objectives, and the likelihood of their occurrence taking into account controls that have been put into place to mitigate the impact.

Risk is governed in the context of the Group’s overall risk appetite. The Group considers risk appetite to ensure adequate resources are allocated to the correct risks.

Principal risks

Recognising that all businesses entail elements of risk, the Board maintains a policy of continuously identifying and reviewing risks that represent a threat to the existence of the business, or that may cause future Group results to differ materially from expected
results. The table overleaf is an overview of the principal risks the Group faces, with corresponding controls and mitigating factors. The risks specified are not intended to represent an exhaustive list of all potential risks and uncertainties. The risk factors outlined overleaf should be considered in conjunction with the Group’s system for managing risk, described above and in the Corporate Governance Report on page 50 of our annual report.

There has been no change in the level of risk exposure in any of the principal risks since the prior year as, although the risk environment has changed, the Group’s dynamic response to risk management means we have taken appropriate mitigating action to reduce the exposure to an acceptable level.