We use cookies to track usage and preferences.

Risk management

There is an on-going process for identifying, evaluating and managing the significant risks faced by the Group, which is regularly reviewed by the Board. An overview of this process, and its part in the directors’ consideration of the Group’s viability, is given in Section A4 of the Annual Report

The directors are responsible for the system of internal control throughout the Group, including the system of internal control over financial reporting, and for reviewing its effectiveness. The system of internal control includes documented procedures covering accounting, compliance, risk management, personnel matters and operations, clear reporting lines, delegation of authority through a formal structure of mandates, a formalised budgeting, management reporting and review process, the use of key performance indicators throughout the Group and regular meetings of the relevant executive committees.

The Board receives regular reports setting out key performance and risk indicators. In addition, the Board operates a formal risk management process, described in more detail in Section B7 of the Annual Report, from which the key risks facing the business are identified. The process results in reports to the Board, through its Risk and Compliance Committee, on how these risks are being managed. The Board has a programme of regular presentations from senior management to enable it to review the operation of internal controls in relation to the risks associated with their specific areas.

The establishment of the Executive Risk Committee during 2020 has provided an additional layer of governance that is crucial in ensuring that the Risk and Compliance Committee maintains its focus on the key material and strategic risk issues that the Group faces. This will enable the Risk and Compliance Committee to spend more time pro-actively identifying and assessing new and emerging risks.

The system of internal control is monitored by management and by an internal audit function that concentrates on the areas of greater risk and reports its conclusions regularly to management and the Audit Committee. The internal audit work plan is approved annually by the Audit Committee, which reviews the effectiveness of the system of internal control annually and reports its conclusions to the Board. The Risk and Compliance Committee reviews the effectiveness of the risk management systems and internal controls (other than internal financial controls) annually and reports its conclusions to the Board. Further details of the role and activities of the Audit Committee and Risk and Compliance Committee and its relationship with the internal and external auditors are set out in Section B5 of the Annual Report with more information on our committee structure here.

Risk Management