The group’s risk management system is subject to regular review to ensure full compliance with the requirements of the Combined Code and the Turnbull Guidance on internal control and is designed to deliver improved value to the operating businesses.
In 2004 a programme was initiated to enhance the group’s risk management framework of prudent and effective controls, which enable risk to be assessed and managed appropriately to the evolving structure and needs of the group.
These enhancements now include the following.
- The appointment of a group risk manager to further develop and guide the risk management approach within the group.
- The formal adjustment of the group’s existing risk management system to improve:
The appointment of regional risk management co-ordinators.
The implementation of a common terminology and standards for managing operational risk.
- alignment with strategic and operational business objectives;
- risk accountability and oversight;
- a more robust framework to effectively identify, assess and manage risk;
- greater co-ordination of risk activities and sharing of risk information globally;
- greater visibility of the progress of key risk controls for the risk management committee; and
- group internal audit assurance as to group-wide compliance with the risk management policy.
Risk and the board of directors
The directors are ultimately responsible for the group’s risk management systems and for reviewing their effectiveness. The risk management system is designed to manage, rather than eliminate, the risk of failure to achieve business objectives, and there is an ongoing process in place for identifying, assessing, managing, monitoring and reporting on the significant risks faced by individual group companies and by the group as a whole. This process, which has been regularly reviewed during the period, has been in place for the year under review up to and including the date of approval of the annual report and accounts.
In accordance with Turnbull guidance, reviews on the effectiveness of the risk management system were carried out by the executive committee (excom), acting as the risk management committee in May and November 2004 and in May 2005.
Risk and the executive committee
The excom, which is chaired by the chief executive, and comprises senior SABMiller plc executives, has specific responsibility for the system of risk management. Excom reviews the risk reports of the group and the business units twice yearly, reporting to the board on key risks and their associated mitigating actions.
Enterprise-wide risk management
The focus of risk management in the group is to support the delivery of business objectives by identifying, assessing, managing and monitoring risk across the group. Management is involved in a continuous process of developing and enhancing its comprehensive risk and control procedures to improve the mechanisms for identifying and monitoring risks.
Key features of the group’s system of risk management are:
- group statements on strategic direction, ethics and values;
- clear business objectives and business principles;
- an established risk policy;
- a continuing process for identification and evaluation of significant risks to the achievement of business objectives;
- management processes in place to mitigate the significant risks to an acceptable level;
- continued monitoring of significant risks and internal/external environmental factors that may change the group’s risk profile; and
- an internal audit process review of the risk management system.
In addition to excom’s twice yearly reports to the board on key risks, there is a process of regular reporting to the board through the audit committee on the status of the risk management process and internal control systems, and any evolving risk issues or internal control breakdowns that may have occurred.
Key reports include those that identify, rank, monitor and measure strategic, operational and financial risks in each division and on a group basis. These are supplemented by reports on internal control processes and breakdowns, along with reviews of the structure and effectiveness of internal audit functions.
back to top