The management of risk is embedded in the day-to-day operations of divisional management teams.
A key element of this is the regular review and update of detailed ‘risk registers’ in each division, in which risks are identified and assessed in terms of both the probability of the risk occurring, and its potential impact.
Group-level risks are either derived from a ‘top down’ review, or from the divisional risk registers, either because the risk affects multiple divisions, or is of a materiality in itself that is considered of Group significance.
Each of these Group-level risks is then assessed by the Board in terms of its potential impact on the Group and its key stakeholders. The Group prioritises risk mitigation actions by considering risk likelihood and potential severity, coupled with our ability to effectively intervene to reduce the risk profile – for example, reducing the risk of a safety failure through the implementation of technology and new Group safety standards.
In 2018, in addition to considering current principal risks, the Board has established a process to identify and monitor emerging risks. This has led to the development of an emerging risk register which will be reviewed regularly by the Board.