The Board continues to have ultimate responsibility for risk management and internal control, with a particular focus on defining the Group’s risk appetite, regularly assessing and monitoring the Group’s principal risks and reviewing reports produced by internal auditors on internal controls and risk reports from the EMC and business segment subcommittees.
The Audit Committee reviews the adequacy and effectiveness of the Group’s financial and non-financial internal controls and risk management systems on behalf of the Board. The Audit Committee also monitors and reviews the external audit, including the auditor's report. The work undertaken by the Audit Committee in relation to risk during the year and its anticipated 2019/20 work programme are further set out in the Audit Committee report in our Annual Report.
The Executive Directors, with the assistance of the EMC, design and manage the internal controls and risk management systems, ensuring that risk registers and risk reporting are maintained throughout the year. The EMC further relies on business segment subcommittees to help fulfil its risk reporting responsibilities by maintaining live operational risk registers.
Key features of our risk management framework
- Clear and well-communicated risk management framework and structure (including roles and responsibilities).
- Regular reviews of risk (including appetite and registers – including emerging risks) and internal controls by the Board, Audit Committee and EMC.
- Immediate communications to the Board and Audit Committee of material risk events. These events are then investigated by the Executive Directors and EMC, with lessons learnt fed back into the risk management framework.
- Open door policy to all employees, which aids early identification and resolution of issues.
- Clear reporting lines and delegated authorities.
- Formal and informal opportunities for intra-group debate and communication.
- Sensibly paced systems evolution – avoids shocks to the control framework.
- Maintenance of a stable senior management team.
- Robust and regular reporting systems (operational and financial as well as risk).
- Appropriate training (including induction for new employees so they understand the Group’s risk appetite).
- Ensure employees understand and have confidence in the Group’s whistleblowing policy. Details of this policy are communicated through an employee handbook.
Risk management framework components
The principal components of the Group’s risk management framework, which the Board, Audit Committee and EMC use to monitor and manage risk, comprise:
- Risk appetite table.
- Risk summary table – which highlights the principal risks across the Group and the changing risk profiles and emerging risks over time.
- Risk registers (and associated scoring matrices) – encompassing key risk registers, detailed top-down risk registers, business unit risk registers and corporate risk registers.
|Risk description||Risk appetite||Risk behaviour|
|External environment||High||The Group is prepared to operate in a volatile environment, but only when enhanced returns compensate for increased risk. Long-term viability is a key override.|
|Operational strategy||Moderate/high||The Group undertakes planning and development activities, both of which have elevated risk profiles.|
|Operations||Low||The Board seeks to deliver developments effectively, complying with all legislation and avoiding action that could adversely impact reputation and/or stakeholder returns.|
|Finance||Low||The Group seeks to put in place non or limited recourse funding lines, with non-onerous covenants (on a flexed basis) and does not seek to borrow against serviced land (except through infrastructure loans provided by Homes England).|
|People||Low||The Group cannot function without a motivated and well-trained workforce and aims to recruit, train, promote and retain staff, ensuring a succession plan is in place.|
You will note that the Group’s appetite across the key risk descriptions (into which all risks are classified) has not changed since last year, which given the Group’s long-dated model is in line with our expectations. However, the Board recognises that the current volatile political environment which may or may not impact the Group in say 20 or 30 years (the time horizon of our strategic land sites) certainly has shorter-term consequences.
Risk after mitigation
- Movement in the year
- R.1Market risk
- R.2Strategic risk
- R.3Competition risk
- R.4Legal and regulatory risk
- R.5People risk
- R.6Cyber risk
- R.7Planning risk
- R.8Health and safety risk
- R.11Climate change