Risk Management and Internal Control

The group has an established risk management methodology which seeks to identify, prioritise and mitigate risks, underpinned by a ‘three lines of defence’ model comprising of an internal control framework, monitoring and independent assurance processes. the Board considers that risk management and internal control are fundamental to achieving the group aim of creating long-term sustainable shareholder value.

Risks are identified both ‘top down’ by the Board and executive Committee, and ‘site up’ through the group’s businesses, and are quantified by assessing their inherent impact and mitigated probability to ensure that residual risk exposures are understood and prioritised for control throughout the group. Senior executives are responsible for the strategic management of the group’s principal risks, including related policy, guidelines and process, subject to Board oversight. 

Further information on Risk Management is available on pages 26-29 of the 2017 Annual Report.