Managing risk

The Board recognises that the appropriate management of risk is key to the delivery of the Group’s strategic objectives.

Download risk management in full

As a leading international transport company, the Group is exposed to an evolving landscape of risks, whether industry-wide or more specific to the Group, which could potentially impact performance or reputation negatively as well as positively.

The Board remains ultimately responsible for the effective management of risk in the Group, and is committed to driving continuous improvement and adopting best practice in this crucial area. In addition to the broad strategic responsibilities of the Board, it:

  • reviews the principal risks faced by the Group and approves the Group Risk Register;
  • approves the Group Risk Appetite Statement; and 
  • reviews and approves the Group Emerging Risk Register.

The Audit Committee reinforces the process further by conducting ‘deep dive’ reviews, either on specific risks such as cyber security, or through discussions with divisional leadership teams to challenge their divisional risk registers.

Principle risk matrix

Principle risk matrix

Risk management framework

The effective management of risk is embedded in many ways in day-to-day management activities, for example the usage of very granular, detailed KPI tracking in monthly divisional reports, or robust due diligence on acquisitions. This is the ‘first line’ of the Group’s risk management structure where internal control and risk management processes are based on the ‘Three Lines Model’, summarised below.

Defence Responsibility Actions
Oversight Board
  •  Sets strategic objectives 
  • Determines overall risk culture and appetite 
  • Establishes delegated authorities and clear operating processes 
  • Reviews and approves Group Risk Register, Risk Appetite Statement and Emerging Risk Register
Audit Committee
  • Conducts ‘deep dive’ reviews of divisional risk registers, or specific Group risks
Third line Group internal audit
  • Provides reasonable assurance that systems of risk management, internal control and governance are effective
Second line

Group Executive Committee

Group functions including Risk

  • Support divisions with ‘first line’ responsibilities 
  • Coordinate and report on Group-level risks 
  • Build risk capability and understanding
First line

Divisional Executive Committees

Divisional management

  • Identify, assess and report key risks
  • Regularly review and update divisional risk registers
  • Implement risk mitigation plans