The management of risk is fundamental to sound business management and underlying profit performance. Risk management transcends every aspect of the organisation and its activities, affecting policies, employees, assets, customers, suppliers and the wider community. The Group manages risk by a combination of insurance and self-insurance. Self-insurance refers to actions taken internally or in conjunction with other third parties. In broad terms, high risks in financial and operational areas are more dependent on insurance than risks in commercial and personnel areas, which because of their nature are more likely to be managed by self-insurance. In addition to the Audit Committee, which is a mandatory requirement under the Combined Code, the Board has for some time established other Steering Groups with risk management briefs. These include:
- Health & Safety
- Human Resources
- Foreign Currency
- Information Systems
The Board sets appropriate policies on internal control. It seeks regular assurance that processes are functioning effectively. In determining its policies with regard to internal control the Board’s consideration includes the following factors:
- The extent and categories of risk which it regards as acceptable for the Group to bear;
- The likelihood of the risks concerned materialising;
- The nature and extent of the risks facing the Group;
- The Group’s ability to reduce the incidence and impact on the business of risks that do materialise; and
- The costs of operating particular controls relative to the benefit thereby obtained in managing the related risks.
All employees have some responsibility for internal control as part of their accountability for achieving objectives. They, collectively, have the necessary knowledge, skills, information and authority to establish, operate and monitor the systems of internal control. This requires an understanding of the Group, its objectives, the industries and markets in which it operates, and the risks it faces.
The Group does not have an internal audit department. However cross-functional teams regularly carry out Health & Safety and Environmental audits. We work with our external auditors and other specialist consultants to identify risks and weaknesses in internal controls.
The Group’s operational quality processes and environmental and safety management systems are accredited with ISO 9001, ISO 14001 and OHSAS 18001 respectively. Not only does compliance with these standards form the basis of sound internal control but also they are increasingly important in satisfying customers’ aspirations with regard to the management of their supply chains. BSI audits our processes for continuing compliance every six months. TFP is accredited with the Investor in People Award.
Sound internal control is primarily dependent on people understanding the key issues that relate to their area of activity and what they are expected to do in certain circumstances. This understanding stems from the Group’s Goal and its Values. The Goal set the direction. Our Values influence our behaviours. Sound behaviours are critical to the development of successful relationships between people. The Group’s strategic aims are encompassed in a comprehensive financial planning and budgeting process with performance monitored on monthly basis. Through our performance management process the Group’s strategic aims, plans and budgets are translated into objectives at all levels of the organisation. The performance management process is seen as a key vehicle through which individual employee’s performance can be enhanced and developed for the mutual benefit of the individual and organisation as a whole. Training and development increases employees’ competencies and therefore enables them to deal with risks more effectively. Clearly defined policies, processes and procedures (P, P & Ps) provide employees with guidance. There has been considerable effort in recent years to document and revise our P, P & Ps across all areas of activity. These allow employees to understand the relevant practices to be deployed. Our information systems are being extensively modernised to provide faster communications and greater accuracy that will enable the organisation to become more efficient and effective. Throughout our organisation we are working strenuously to eliminate waste. All these initiatives will allow us to become more responsive to the needs of our customers and manage our risk exposure more effectively.