Responsible risk management

Risk Appetite

The Board's ambition is to minimise exposure to reputational, financial and operational risk, whilst accepting and recognising a risk/reward trade-off in the pursuit of its strategic and commercial objectives.

The provision of solutions primarily to the Governance, Risk and Compliance market, means that the integrity of the business and its brands is crucial and cannot be put at risk, and accordingly the Board has zero tolerance for risks relating to non-adherence to laws and regulations.

As the group considers financial and operational investments in pursuit of growth objectives, it accepts the risk that the anticipated benefits from these investments may not always be fully realised. Its acceptance of risk is subject to ensuring that potential benefits and risks are fully understood and sensible measures to mitigate risk are established.

Risk Governance

Responsibility for the Group’s system of risk management and internal controls ultimately lies with the Board. Risk identification, assessment and management is a key aspect of the Group’s internal control environment and risk management is recognised as an integral element of the Group’s operating activities. Our risk assessment process provides a clear framework for identifying and managing risk, both at an operational and strategic level, and has been designed to be appropriate to the ever-changing environments in which we operate.

The Executive Committee coordinates and facilitates the risk assessment process on behalf of the Board. The Executive Committee reports directly to the Board using a combination of structured formal interviews, monthly operational updates, site visits, ‘bottom up’ reporting and registers. The Risk Assessment covers both external and internal factors and the potential impact and likelihood of those risks occurring. Twice per annum the Audit Committee discusses the report received from the external auditors regarding their audit; which includes comments on their findings on internal control and risks.

Once identified, risks are reviewed and then incorporated into formal risk registers held at both a Group and entity level, which evolve to reflect any reduction/increase in identified risks and the emergence of any new risks. Where it is considered that a risk can be mitigated further to the benefit of the business, responsibilities are assigned, and action plans are agreed.

As well as assessing ongoing risks the Executive Committee considers how the business could be affected by any emerging risks over the long term. Emerging risks are those which may develop but have a greater uncertainty attached to them. Twice per annum Managing Directors and Heads of Group Functions are asked to highlight any new or emerging new risks, which are then reported to the Audit Committee and monitored on an ongoing basis.

For more information on the Group's risk management process, and its principal risks and uncertainties, see the latest Annual Report.