The Board has ultimate responsibility for determining the risk appetite of the Group and for the implementation and regular review of policies, processes and controls to mitigate and manage risk.
The Board recognises that not all risks can be eliminated, or sufficiently mitigated at an acceptable cost and that there are some risks which, given the nature of the Group’s business and the growing track record and experience of the team, it is prepared to accept. The Board also recognises that the Group’s insurance programme plays an important part in reducing the impact of certain inherent risks which are neither acceptable nor capable of removal.
The Group Risk Register (“GRR”) is the principal tool used by the Board and senior management team for monitoring the strategic risk profile of the business and the measures in place at an operational level for mitigating and managing risk. The GRR maps the risk profile of the business, with individual risks currently grouped into eight categories, being: markets (M); delivery (D); politics (P); finance (F); people (PP); legal and regulatory (L); governance and internal controls (G); and communications and stakeholder management (C). Those categories remain subject to regular review.
Risks are scored on a “heat map”, from “very low” to “very high”, according to residual risk status (after accounting for mitigation measures already in place) and materiality. Emerging risks are also identified, together with steps that have been identified to mitigate them. The GRR is now reviewed quarterly by both the senior management team and the full Board. Updates are made as necessary, both to the profile of certain risks and, in some cases, risk categories, and to the risk mitigation and management measures undertaken and planned, together with the anticipated impact of such measures to reduce risk exposure.
Quarterly reviews also identify any emerging risks. Those quarterly reviews are informed by both the Board’s high-level assessment of risk and more detailed operational feedback from senior management, following consultation with their respective teams. The risk profile of the business, as reflected in the GRR, is measured against the Board’s risk appetite, which is reviewed annually. The Board’s objective is to maintain, as far as possible, an alignment between its risk appetite and the risk profile of the business.
Download our full report on Managing Risk: