Effective risk management is essential to and underpins the delivery of our objectives. It is essential to protecting our reputation and generating sustainable shareholder value.
The Group’s approach to risk management is to identify, at an early stage, key risks and then to develop actions to eliminate or mitigate, to an acceptable level, the impact and likelihood of those risks.
Risk management processes are embedded throughout the Group, at all levels, and form an integral part of day-to-day business activity. They help to management to identify and understand the risks they face in delivering business objectives and the status of the key controls in place for managing those risks.
Risk management process
Our risk management policy requires that all divisions and those operating companies within them identify and assess the risks to which they are exposed and which could impact their ability to deliver their and the Group’s objectives.
Identified risk events, their causes and possible consequences are recorded in risk registers. Their likelihood and potential business impact and the control systems that are in place to manage them are analysed and, if required, additional actions are developed and put in place to mitigate or eliminate unwanted exposures. Individuals are allocated responsibility for evaluating and managing these risks to an agreed timescale.
Risk registers and relevant action plans are reviewed regularly, at various levels throughout the business, to identify emerging risks, remove expired risks and update mitigation plans.
Reporting structures ensure that risks are monitored continually, mitigation plans are reviewed and significant exposures are escalated – from project level to operating company management to senior management.
All divisions and operating companies must have assurance mechanisms to ensure that the internal controls and actions designed to mitigate and eliminate risks are operating effectively. A range of procedures is used to monitor the effectiveness of internal controls, including management assurance, risk management processes and independent assurance provided by internal audit and other specialist third party reviews.
The Board has concluded that the Group maintained sound risk management and internal control systems throughout the year and has reviewed their effectiveness.