RISK MANAGEMENT

The Board recognises risk management as a key business tool to assess the balance between risk and reward in current and new businesses. Risk management also aims to protect the Group against hazards and uncertainties which might prevent the achievement of business goals.

The Board is responsible for the risk management process and is assisted in its responsibilities by the Audit and Risk Committee. The day-to-day responsibilities for risk management and the design and implementation of appropriate processes to manage risk reside with management.

The risk management process is designed to ensure that:

• all relevant risks are identified and evaluated, based on their potential impact and their likelihood of occurrence;
• risks and the required processes and controls to manage these risks are assessed in line with the Board's risk appetite; and
• appropriate management information and monitoring processes are in place to manage the exposure to each of the key risks so that, where required, necessary corrective action can be taken.

During the year, each operating business updated its business risk profile and identified key risks and the controls required to mitigate those risks. A similar process was then carried out to identify those risks and related controls which are important for the Group as a whole. The Group risk assessment was debated and approved by the Board and forms the focus of the internal audit programme for the next financial year. The key risks and their status are reported to the Audit and Risk Committee four times a year.