Successful and sustainable implementation of our strategy requires strong corporate governance and effective risk management. We deliver this through a comprehensive framework of business policies, systems and procedures that enable us to assess and manage risk effectively.
Managing business risks
Managing risks and opportunities is essential to our long-term success and sustainability. All investment opportunities expose the Group to political, commercial and technical risk and the Group maintains exposure to these risks at an acceptable level in accordance with the Group’s appetite for risk.
The Group’s risk management framework provides a systematic process for the identification and management of the key risks and opportunities which may impact the delivery of the Group’s strategic objectives. KPIs are set annually and determining the level of risk the Group is willing to accept in the pursuit of these objectives is a fundamental component of the Group’s risk management framework. As outlined below, this integrated approach to the management of risk and opportunity plays a key role in the successful delivery of the Group’s strategy.
Our system for identifying and managing risks is embedded from the top down in its organisational structure, operations and management systems and accords with the risk management guidelines and principles set out in ISO 31000, the International Standard for Risk Management. The Group’s risk management structure is set out below. This framework for risk assessment applies to all risk types including operational, health and safety, environmental, climate change, financial and reputational.
Overall responsibility for the system of risk management and internal control and reviewing the effectiveness of such systems rests with the Board. Principal risks, as well as progress against key projects, are reviewed at each Board meeting and at least once a year the Board undertakes a risk workshop to review the Group’s principal risks.
The Group’s framework for risk management promotes a bottom-up approach to risk management with top-down support and challenge. The risks associated with the delivery of the strategy and work programmes and the associated mitigation measures and action plans are maintained in a series of risk registers at Group, asset, function and project level. Reporting of these risks within the organisation is structured so that risks are escalated through various internal management, Board committees and to the Board itself.