Risk management process
We identify and monitor the full range of financial and non-financial risks facing the business. By regularly reviewing the risk appetite of the business, the Board ensures that our risk exposure is well matched to the cycle. Overall responsibility for the risk management framework rests with the Board, but the management of risk is embedded in our everyday business activities and culture, with all our employees having an important role to play.
The Group has a risk management and internal audit function which reports to the Audit Committee and works under the day-to-day supervision of the Director of Risk Management and Internal Audit. A Risk Management and Internal Audit Charter governs its remit. The Committee, in consultation with management, agrees the annual plan of activity aligned to the needs of the business. Both parts of the function work closely together to ensure that the outputs of one inform the future activities of the other.
The Audit Committee reviews the Group’s arrangements, incorporated within a specific policy, which allow employees to report concerns in confidence, and anonymously if preferred, about suspected impropriety or wrongdoing. These include an independent third-party reporting facility comprising a telephone hotline and a recently introduced online process.