In this section

Maintaining careful risk management

Systems and procedures are in place across the Group to identify, assess and mitigate major business risks that could impact the delivery of our growth strategy.

Monitoring our exposure to risk is an integral part of the MOB process, described in Maintaining strong structure and control. Across a number of our businesses, including all the regulated businesses, the MOB process is supplemented by formally constituted risk committees and a “Black Hat” process to monitor and seek Board approval regarding acquisitions and major bids.

At Group level, risk management is independently facilitated and challenged by the Group Risk and Business Assurance function, which reports to the Group Finance Director and independently to the Audit Committee. See Maintaining strong structure and control.

Risk management & Governance

View textual description

Risk management
Risk category	Risk mitigation
Financial	Financial performance of each business unit is monitored each month and actual progress against plan is challenged by the Executive Directors Capital expenditure is subject to rigorous budgetary controls and spending above specified levels requires Group sign-off.	Treasury management: the Group’s financial instruments for fundraising are bonds, term debt, unsecured loan notes, finance leases and overdrafts. The Group has various other financial instruments such as trade creditors and debtors that arise directly from its operations. Where appropriate, the Group may also use derivatives to hedge its exposure to fluctuations in interest rate and foreign exchange rates. It is the Group’s policy that no speculative trading in financial instruments will be undertaken.
Delegates / Counterparties	Ongoing risk-based oversight and performance monitoring of all key operational delegates / suppliers and other key counterparties.	Rigorous risk-based due diligence processes for the selection of key delegates and wider counterparties, and significant re-assessment exercise conducted in current economic environment.
Operational risk	Escalated via the MOB process and risk committees to Divisional Directors and the Board as appropriate Operating performance indicators in place across all businesses/contracts Key Group forums in place providing operational risk support in the areas of: Information Security Business Continuity Payment Card Industry Compliance	Continuous cycle of learning and improvement actions across the business Risk-based independent assurance programmes focused on key areas of operational risk.
New contracts	Rigorous, risk-based due diligence process Fit with strategy and pricing is subject to consideration and approval by the Board Aligned with core competencies and financial targets	Secure appropriate pricing and contract terms to ensure fair risk/reward profile Transition process to ensure maximisation of continuity of service and retention of staff.
Acquisitions	Aligned with core competencies and financial targets Rigorous, risk-based due diligence process Fit with strategy and pricing is subject to consideration and approval by the Board	Integration process to ensure adoption of Group policies and procedures Continuous improvement approach to the take-on and integration of new businesses.
Fraud	Mitigating policies and procedures are published by the Group Risk and Business Assurance function in conjunction with Group Compliance	Zero tolerance to fraud and financial crime Computer based anti-fraud and fraud management training deployed across operations.
Financial services regulation	Monitoring by the Group Compliance function to ensure that regulatory risks are identified, assessed, monitored, managed and controlled Reporting to senior management, subsidiary boards and Risk Committees	Ensuring the business has appropriate policies and procedures in place Risk based monitoring and reporting of findings continues to be undertaken in accordance with entity level compliance plans approved by senior management. Independent reporting to the Audit Committee.
Reputation	Robust process for handling and escalating enquiries/complaints from all stakeholders at both a business/contract and Group level primarily clients, media, public and suppliers	Centralised proactive and reactive PR team to promote Group and business units and manage communications regarding issues.
Procurement	Group Procurement prepares and manages the generic procurement risk register which is produced annually and owned by the Group Procurement Director. This Risk Register identifies the key supply chain risks across Group contracts and suppliers, and identifies actions to prevent occurrences	Individual contract or category Risk Registers are produced by procurement managers for all high value or high-risk (Group) contracts, and when assessing or reviewing Tier 1 suppliers.
Attracting and retaining staff	Investment in training and development Competitive, appropriate incentive schemes	Succession planning is a key element of MOB process Continual development of our screening and reference process for all employees.