Risk management is an integral part of the Group’s corporate agenda. The Group’s risk strategy statement links value and risk in a concise expression of our objectives, aligned with our corporate purpose.
The Group’s corporate purpose
To generate sustainable, high quality returns for our shareholders.
The Group’s risk strategy
We recognise the need to manage long-term value creation, cash flow and risk in a holistic manner in order to make informed decisions to create and protect value in the Group’s activities.
We are proactive in understanding and managing the risks to our objectives at every level of the Group and ensuring that capital is delivered to areas where most value can be created for the risks taken.
The Group’s Enterprise Risk Management (ERM) framework
We have developed and embedded an ERM framework that enables the risks of the Group to be identified, assessed, controlled and monitored consistently, objectively and holistically.
The strength of the Group’s framework was recognised by Standard & Poor’s in April 2008 when we received an ‘adequate with positive trend’ rating from the agency.
Over the course of 2008, the Group has further enhanced its framework, addressing and strengthening all the key elements and aligning it with external best practice models.
Risk culture
Risk governance structure
The establishment of the Enterprise Risk Management Committee (ERMC) in 2007 represented a significant strengthening of the risk culture of the Group. The ERMC is now well embedded and has proven to be a highly effective and responsive executive forum for the management of risk over the course of a particularly challenging year.
Developments continue to take place to the Group’s governance and committee structure. In 2008, the decision was taken to reconstitute the ERMC. The committee now consists of the members of the Group Executive Committee as well as the Chief Risk Officer and Group Strategy and Corporate Finance Director. The Committee meets at least monthly, and usually in conjunction with the Group Executive.
Three Lines of Defence
The Group has adopted the Three Lines of Defence model, which provides clearly defined roles and responsibilities:
First line: day-to-day risk management is delegated from the Board to the Group Chief Executive and, through a system of delegated authorities and limits, to business managers;
Second line: risk oversight is provided by the Group Chief Risk Officer (CRO) and established risk management committees. These management committees are supported by the specialist risk management and compliance functions across the Group; and
Third line: independent verification of the adequacy and effectiveness of the internal risk and control management systems is provided by the Group Audit, Risk and Compliance Committee. This Board committee is supported by the Group Internal Audit function.
Back to top