Risk Management and Internal Control
We have an established risk management methodology which seeks to identify, prioritise and mitigate risks, underpinned by a ‘three lines of defence’ model comprising an internal control framework, internal monitoring and independent assurance processes.
The Board considers that risk management and internal control are fundamental to achieving the Group aim of delivering long-term sustainable growth in shareholder value. Principal and emerging risks are identified both ‘top down’ by the Board and the Executive Committee and ‘bottom up’ through the Group’s global business units (GBUs).
The severity of each risk is quantified by assessing its inherent impact and mitigated probability, to ensure that the residual risk exposure is understood and prioritised for control throughout the Group. Senior executives are responsible for the strategic management of the Group’s principal and emerging risks, including related policy, guidelines and processes, subject to Board oversight.
Further information on risk management is available on pages 40 to 47 of the 2022 Annual Report.