Risk Management

Risk management is the responsibility of the Board, supported by the Audit and Risk Committee. The Board is responsible for the Group’s risk appetite, the effectiveness of the risk management strategy and framework, and internal controls systems. Oversight of risk management is undertaken by the Audit and Risk Committee.

Risk management framework

Managing risk effectively is a requirement for achieving our strategic objectives. Our risk management approach is embedded in the normal course of business with a set of global principles of risk management with local implementation.

We apply the Enterprise Risk Management framework to identify, assess, and manage risks.
The risk management framework consists of a number of discrete steps, which are carried out twice a year.

Enterprise Risk Management pdf

Risk Management Process

  • A top-down review of the Group Risk Register by the Group Risk team, Divisional Management, and the Group Sustainability Team
  • A bottom-up review of emerging and existing risks by the management team of each business with support from the Group Risk Team
  • Compare the results of the top-down and bottom-up risk identification processes
  • Assess any differences identified and update Group Risk Register as appropriate
  • Group Risk Register reviewed by the Group Management Committee, focusing on the materiality of each risk, prioritising and allocating resources and clarifying ownership for each risk
  • Group Risk Register updated as appropriate and summarised into a list of principal risks and uncertainties
  • Reviewed by the Audit and Risk Committee, including: the Group’s risk management framework
  • the Group Risk Register
  • identification of other potential risks
  • the list of principal risks and uncertainties
  • challenging actual or potential control weaknesses
  • the effectiveness of the Group’s internal controls and risk management systems

How we identify and prioritise climate-related risks

To assess transition risks, we engaged with each operating business to better understand the preferences of our customers, suppliers and employees and the challenges they face in tackling climate change. The outcome was factored in during the risk identification process. Each risk was discussed and scored based on the probability and magnitude of potential financial impact, and the multiplication of the two scores determined the materiality of the risk. Through this process, the most material risks were identified. Those risks that were deemed to be quantifiable were included in the financial modelling. Existing mitigations and progress made were also factored in during the quantification process. Cost and benefit analysis for the mitigations of each quantifiable risk was carried out. A 10-year discounted cashflow forecast was modelled for both 2DS and BAU scenarios, using a discount rate equalling the Group’s weighted average cost of capital. .

For physical risks, we used the WTW Climate Diagnostic Analytical Tool to help us with scenario analysis. We assessed our resilience in a time horizon between 10-80 years for relatability with asset lifespan, as recommended for TCFD. The WTW Climate Diagnostic Analytical Tool considered insured asset value and combined exposure to extreme weather events (acute risks) and to gradual changes in weather patterns (chronic risks) for each of our 82 facilities globally, including warehouses and offices. Based on the insured asset value and risk exposure, each site scored between 1 and 5 (5 being the highest risk). For those with the highest scores, mitigation plans were drawn up, and associated costs were assessed and factored into the scenario financial models.

Once the climate-related risks were identified and prioritised, the financial impact of the key risks up to 2030 was modelled and assessed for both '2 degree' and 'business as usual' scenarios. The key climate risks, mitigation plans, and the net financial impact in both scenarios were presented and discussed at the Group Management Committee (GMC) before being reviewed by the Sustainability Committee, which also included the Chairs of the Audit Committee and Remuneration Committee.

How we manage climate-related risks

We use the scenario analysis to inform our decision-making in the following areas:

  • Strategic and financial planning
  • Capital investment
  • Acquisition suitability assessment
  • Goodwill impairment assessment
  • Insurance
  • Lease renewals and procurement of new leases

Climate-related risks are managed as part of the Group risk management process, alongside other strategic and operational risks and, as with all matters in the Group Risk Register, these risks are reviewed annually. Action plans to mitigate such risks are managed and reported at Group level, whereas the responsibility for implementing the plans is delegated to the management of the operating businesses.

The GST conducts annual reviews with operating business management at the end of each financial year regarding progress against their ESG objectives. This is then reported to and discussed with the GMC and Sustainability Committee. The operating businesses report on ESG progress, including carbon reduction actions, in quarterly business reviews chaired by the divisional heads. The GST also provides progress updates to the Sustainability Committee at each Committee meeting.

Climate-related risks and mitigation progress are monitored by the Risk and Internal Audit team on an ongoing basis, which updates the Audit and Risk Committee at each meeting.