The Board has ultimate responsibility for risk management and internal control, with a particular focus on defining the Group’s risk appetite, regularly assessing and monitoring the Group’s principal risks and reviewing reports produced by internal auditors on internal controls and risk reports from the EMC and business unit Subcommittees.
The Audit Committee reviews the adequacy and effectiveness of the Group’s financial and non-financial internal controls and risk management systems on behalf of the Board and sets the internal audit work programme. The Audit Committee also monitors and reviews the external audit, including the auditor’s report. The work undertaken by the Audit Committee in relation to risk during the year and its expected 2020/21 programme of work are further set out in the Audit Committee report.
The Executive Directors, with the assistance of the EMC, design and manage the internal controls and risk management systems, ensuring that risk registers and risk reporting are maintained throughout the year. The EMC further relies on the various Subcommittees to help fulfil its risk reporting responsibilities by maintaining live operational risk registers. These procedures give the Executive Directors the ability to provide assurance to the Board that the Group’s internal controls are appropriate, in place and functioning.
Key features of our risk management framework
- Clear and well communicated risk management framework and structure (including roles and responsibilities).
- Regular reviews of risk (including appetite and registers – including emerging risks) and internal controls by the Board, Audit Committee and EMC.
- Immediate communications to the Board and Audit Committee of material risk events. These events are then investigated by the Executive Directors and EMC, with lessons learnt fed back into the risk management framework.
- Open door policy to all employees, which aids early identification and resolution of issues.
- Clear reporting lines and delegated authorities.
- Formal and informal opportunities for intra-group debate and communication.
- Sensibly paced systems evolution – avoids shocks to the control framework.
- Maintenance of a stable senior management team.
- Robust and regular reporting systems (operational and financial as well as risk).
- Appropriate training (including induction for new employees so they understand the Group’s risk appetite).
- Ensure employees understand and have confidence in the Group’s whistleblowing policy. Details of this policy are communicated through an employee handbook.
Risk management framework components
The principal components of the Group’s risk management framework, which the Board, Audit Committee and EMC use to monitor and manage risk, comprise:
- Risk appetite table.
- Risk heatmap
- Risk summary table – which highlights the principal risks across the Group and the changing risk profiles and emerging risks over time.
- Risk registers (and associated scoring matrices) – encompassing key risk registers, detailed top-down risk registers, business unit risk registers and corporate risk registers (including a separate health and safety risk register).
- Risk assurance map – which outlines the Group’s key controls and processes attaching to the Group’s key risks as well as an evaluation of these key controls and processes.
|Risk description||Risk appetite||Risk behaviour|
|External environment||High||The Group is prepared to operate in a volatile environment, but only when enhanced returns compensate for increased risk. Long-term viability is a key override.|
|Operational strategy||Moderate/high||The Group undertakes planning and development activities, both of which have elevated risk profiles.|
|Operations||Low||The Board seeks to deliver developments effectively; complying with all
legislation and avoiding actions that could adversely impact reputation and/or stakeholder returns.
|Finance||Low||The Group seeks to put in place non or limited recourse funding lines, with
non-onerous covenants (on a flexed basis) and does not seek to borrow against serviced land (except through infrastructure loans provided by Homes England
|People||Low||The Group cannot function without a motivated and well trained workforce and aims to recruit, train, promote and retain staff, ensuring a succession plan is in place.|
The Group’s appetite across the key risk descriptions (into which all risks are classified) remains unchanged since last year, which given the Group’s long-dated model, is in line with our expectations. The Board recognises however, that the current volatile economic and political environment which may or may not impact the Group in 20 to 30 years (the time horizon of our strategic land sites) certainly has shorter term consequences.
Risk after mitigation
- Movement in the year
- R.1Market risk
- R.2Strategic risk
- R.3Competition risk
- R.4Legal and regulatory risk
- R.5People risk
- R.6Cyber risk
- R.7Planning risk
- R.8Health and safety risk
- R.11Climate change