How we manage risk
Risk management is the responsibility of the Board, supported by the Risk Committee which comprises members of our Executive Leadership Team (ELT) and is attended by the Group Director of Security, HSE and Risk. The Risk Committee is accountable for identifying, mitigating and managing risk. Our formal risk identification process evaluates and manages our significant risks in accordance with the requirements of the UK Corporate Governance Code. Our Group risk register identifies the risks, their potential impact and likelihood of occurrence, the key controls and management processes we have established to mitigate these risks, and the investment and timescales agreed to reduce the risk to an acceptable level within the Board’s risk appetite.
The Risk Committee meets three times a year to review risk management and monitor the status of key risks as well as the actions we have taken to address these at both Group and functional level. It also examines possible emerging risks by considering both internal and external indicators and challenges whether it has identified the principal risks that could impact the business in the context of the environment in which we operate.
The Board receives regular updates on risk management and material changes to risk, while the Audit Committee also reviews the Group’s risk report.
Management is responsible for implementing and maintaining controls, which have been designed to manage rather than eliminate risk. These controls can only provide reasonable but not absolute assurance against material misstatement or loss.