We recognise that risk management is an important part of our business and continually seek to improve our process

Evolution of our framework

We have built on our existing process by:

  • Reviewing and updating our guidance for the group's businesses and functional areas
  • Continuing to roll out risk management training
  • Working with the senior leadership team, sectors, business and functional areas to strengthen risk definition, ownership, assessment and reporting
  • Developing an in house software solution to allow for thematic analysis of risk and aggregation.

Our risk process

Our risk process is designed to support everyone, at all levels of the business, in identifying and managing risks.

All risks, whether they are identified at the most senior level or throughout the business, are described, analysed and reported using a standard framework. The central Corporate Assurance and Risk team acts as an advisory function and provides independent challenge and review. Each of our business functions also participates in the process, identifying any risks that may prevent them achieving their objectives and describing these in terms of cause and consequence. These are scored using a variety of impact measures, including financial, operational, reputational and people factors.

Controls for each risk are described and assessed. Each risk, at every level, has a designated owner who is responsible for ensuring the described controls are effective and efficient. We continually review the level of risk throughout the business and complete a formal submission every six months for reporting purposes (as illustrated in our risk framework).

Risk methodology.png