Risk Management

Risk management is the responsibility of the Board, supported by the Audit and Risk Committee. The Board is responsible for the Group’s risk appetite, the effectiveness of the risk management strategy and framework, and internal controls systems. Oversight of risk management is undertaken by the Audit and Risk Committee.

Risk management framework

Managing risk effectively is a requirement for achieving our strategic objectives. Our risk management approach is embedded in the normal course of business with a set of global principles of risk management with local implementation.

We apply the Enterprise Risk Management framework to identify, assess, and manage risks.
The risk management framework consists of a number of discrete steps, which are carried out twice a year.

Enterprise Risk Management pdf

Risk Management Process

  • A top-down review of the Group Risk Register by the Group Risk team, Divisional Management, and the Group Sustainability Team
  • A bottom-up review of emerging and existing risks by the management team of each business with support from the Group Risk Team
  • Compare the results of the top-down and bottom-up risk identification processes
  • Assess any differences identified and update Group Risk Register as appropriate
  • Group Risk Register reviewed by the Group Executive Committee, focusing on the materiality of each risk, prioritising and allocating resources and clarifying ownership for each risk
  • Group Risk Register updated as appropriate and summarised into a list of principal risks and uncertainties
  • Reviewed by the Audit and Risk Committee, including: the Group’s risk management framework
  • the Group Risk Register
  • identification of other potential risks
  • the list of principal risks and uncertainties
  • challenging actual or potential control weaknesses
  • the effectiveness of the Group’s internal controls and risk management systems

Risk appetite

One of the Group’s core principles is to deliver its strategic priorities in a sustainable and responsible manner. This requires that the Board gives careful consideration to the nature and level of risks that the Group should accept.

The Group draws a clear distinction between those risks that it is more willing to take, typically relating to advancing business prospects, and those that it is less willing to accept, e.g. safety, reputational, regulatory or compliance risks. A summary of the Group’s risk appetite can be found here.

Risk Management pdf

Principal risks and uncertainties

A key element in assessing the Group’s principal risks and uncertainties is considering likelihood and potential magnitude of impact, over a range of time horizons, as well as whether the risks are new or emerging, or have changed in importance during the year. The map below shows the assessment of the Group’s principal risks and uncertainties. A full list of the principal risks and uncertainties can be found here.

Principal Risks and Uncertainties pdf

Principal risks and uncertainties