Skip Links

2.3 Maintaining careful risk management

Systems and procedures are in place across the Group to identify, assess and mitigate major business risks that could impact the delivery of our growth strategy. Monitoring our exposure to risk is an integral part of the MOB process.

Across our regulated businesses, the MOB process is supplemented by formally constituted committees.

At Group level, risk management is independently facilitated and challenged by the Group Risk and Business Assurance function, which reports to the Group Finance Director and independently to the Audit Committee.

Risk management

Risk category Risk mitigation 2008 update

Financial

  
  • Capital expenditure is subject to rigorous budgetary controls and spending above specified levels requires Group sign off
  • Financial performance of each business unit is monitored each month and actual progress against plan is challenged by the Executive Directors
  • Treasury management - the Group’s financial instruments for fundraising are bonds, unsecured loan notes, finance leases and overdrafts. The Group has various other financial instruments such as trade creditors and debtors that arise directly from its operations. Where appropriate, the Group may also use derivatives to hedge its exposure to fluctuations in interest rate and foreign exchange rates. It is the Group’s policy that no trading in financial instruments will be undertaken.
  
  • Ongoing

Operational risk

  
  • Escalated via the MOB process and Risk Committees to Divisional Directors and the Board as appropriate
  • Processes and appropriate multiple operating performance indicators in place across all businesses/contracts
  • Key Group forums in place strengthening operational risk support in the areas of:
    • Information Security
    • Business Continuity
    • Payment Card Industry Compliance.
  
  • Regular security risk assessments are carried out in areas that manage sensitive customer data to ensure the strongest levels of security are in place
  • Continuous review of information security policies and procedures to deal with the evolving threat to data security
  • Working with public and private sector clients to risk assess security measures in place to protect client data.

New contracts

  
  • Board involvement in all major contracts
  • Aligned with core competencies and financial targets
  • Rigorous pricing and risk assessment, separate from sales process
  • Secure appropriate pricing and contract terms to ensure fair risk/reward profile
  • Detailed, tailored transition process to ensure continuity of service and retention of staff.
  
  • Ongoing

Fraud

  
  • Mitigating policies and procedures are published by the Group Risk and Business Assurance function in conjunction with Group Compliance.
  
  • The Group’s online fraud awareness training has been updated and is being rolled out across all business units
  • Fraud benchmarking exercises are regularly carried out in key areas of the Group to constantly assess levels of fraud prevention in place against current best practice
  • Working with clients in the life and pensions market to implement best practice fraud prevention controls.

Financial services regulation

  
  • Monitoring by the Group Compliance function to ensure that regulatory risks are identified, assessed, monitored, managed and controlled
  • Reporting to senior management on a timely, complete and accurate basis
  • Ensuring the business has appropriate policies and procedures in place.
  
  • Monitoring has been undertaken on the control processes on a regular basis and reports made to senior management on the outcomes of these reviews
  • Assessments of additional measures or changes in practices required to comply with financial services regulation were conducted and appropriate action taken to incorporate them into the policies, systems and procedures of the Group.

Acquisitions

  
  • Aligned with core competencies and financial targets
  • Rigorous, risk-based due diligence process
  • Fit with strategy and pricing is subject to consideration and approval by the Board
  • Clear transition process to ensure adoption of Group policies and procedures.
  
  • Ongoing

Reputation

  
  • Robust process for handling and escalating enquiries/complaints from all stakeholders at both a business/contract and Group level - primarily clients, media, public and suppliers.
  
  • Centralised proactive and reactive PR team to promote Group and business units and manage communications regarding issues.

Procurement

  
  • Supplier segmentation and risk categorisation in place
  • Active supplier engagement and management processes.
  
  • Continuing with supplier registration and assessment.
  • Spend analysis tools implemented in 2008
  • A supplier rationalisation programme defined, to commence in 2009.

Attracting and retaining staff

  
  • Investment in training and development
  • Competitive, appropriate incentive schemes
  • Succession planning is a key element of MOB process.
  
  • Continual development of our screening and reference process for all employees.