8. Risk management
The group’s risk management system is subject to regular review to ensure full compliance with the requirements of the Combined Code and the Turnbull Guidance (2005) on internal control and risk management and is designed to deliver improved value to the operating businesses.
8.1 Risk and the board of directors
The directors are ultimately responsible for the group’s risk management system and for reviewing its effectiveness. The risk management system is designed to manage, rather than eliminate, the risk of failure to achieve business objectives and there is an ongoing process in place for identifying, assessing, managing, monitoring and reporting on the significant risks faced by individual group companies and by the group as a whole. This process has been in place for the year under review up to and including the date of approval of the annual report and accounts. The principal risks and uncertainties facing the group are set out within Our strategic priorities.
8.2 Executive committee
Excom has specific responsibility as the risk management committee for the group’s system of risk management. Bi-annually, excom reviews the group’s significant risks and subsequently reports to the board on material changes and the associated mitigating actions.
In accordance with the Turnbull Guidance (2005), reviews on the effectiveness of the risk management system were carried out by the risk management committee in April and September 2007 and in April 2008.
8.3 Enterprise-wide risk management
Excom views the careful and appropriate management of risk as a key management role. Managing business risk to deliver opportunities is a key element of all our business activities. This is undertaken using a practical and flexible framework which provides a consistent and sustained approach to risk evaluation. The business risks, which may be strategic, operational, financial, environmental or concerning the group’s reputation, are understood and visible. The business context determines in each situation the level of acceptable risk and controls. We continue to seek improvement in the management of risk by sharing best practice throughout the organisation.
Key features of the group’s system of risk management are:
- group statements on strategic direction, ethics and values;
- clear business objectives and business principles;
- an established risk policy;
- a continuing process for identification and evaluation of significant risks to the achievement of business objectives;
- management processes in place to mitigate significant risks to an acceptable level;
- ongoing monitoring of significant risks and internal and external environmental factors that may change the group’s risk profile; and
- a regular review by the group of both the type and amount of external insurance that it buys, bearing in mind the availability of such cover, its cost and the likelihood and magnitude of the risks involved.
In addition to excom’s bi-annual reports to the board on key risks, there is a process of regular reporting to the board through the audit committee on the status of the risk management process.
Key annual reports include those that identify, rank, monitor and measure strategic, operational and financial risks in each division and on a group basis.