Managing risk
The Board recognises that the appropriate management of risk is key to the delivery of the Group’s strategic objectives.
As a leading international transport company, the Group is exposed to an evolving landscape of risks, whether industry-wide or more specific to the Group, which could potentially impact performance or reputation negatively as well as positively.
The Board remains ultimately responsible for the effective management of risk in the Group, and is committed to driving continuous improvement and adopting best practice in this crucial area. In addition to the broad strategic responsibilities of the Board, it:
- reviews the principal risks faced by the Group and approves the Group Risk Register;
- approves the Group Risk Appetite Statement; and
- reviews and approves the Group Emerging Risk Register.
The Audit Committee reinforces the process further by conducting ‘deep dive’ reviews, either on specific risks such as cyber security, or through discussions with divisional leadership teams to challenge their divisional risk registers.
Principle risk matrix
Risk management framework
The effective management of risk is embedded in many ways in day-to-day management activities, for example the usage of very granular, detailed KPI tracking in monthly divisional reports, or robust due diligence on acquisitions. This is the ‘first line’ of the Group’s risk management structure where internal control and risk management processes are based on the ‘Three Lines Model’, summarised below.
| Defence | Responsibility | Actions |
| Oversight | Board |
|
| Audit Committee |
|
|
| Third line | Group internal audit |
|
| Second line |
Group Executive Committee Group functions including Risk |
|
| First line |
Divisional Executive Committees Divisional management |
|