We adopt both a ‘top down strategic’ and ‘bottom up operational’ approach to managing risk in the pursuit of our strategic objectives.
The approach is one of collaboration and we believe this is the most efficient and effective way to identify risks.
The Board of Directors has overall responsibility for ensuring that NCC Group adopts an effective risk management model, which is aligned to our objectives and promotes good risk management practice.
Risk assessments are conducted at both a strategic and operational level and support us to understand the risks that we face and the controls in place to mitigate them. Importantly, they provide a mechanism to identify operational improvements and are vital in our transformation programmes.
Monitoring and review
Ongoing monitoring of risks and related actions is key to the implementation of our risk management model and, therefore, we are committed to making enterprise-wide risk management part of business as usual. Examples of ongoing monitoring of business risks include, but are not limited to:
- Annual review of the external audit strategy and plan by the Audit Committee and Chief Financial Officer to ensure inclusion of key financial risks
- Annual review of the annual internal audit plan to validate that it incorporates key areas of business risk
- A review of internal audit reports issued during the period, including a summary of progress against previously raised management actions
- Annual review of the strategic risk register by the Board to ensure that it includes risks arising in year
Training and communication
Through our strategic and operational risk register, we identify key controls and mitigating factors, which includes any specific training and communication requirements – both in general knowledge, as well as in new operating procedures to manage risk. Underpinning this is the performance management process, and key operating management systems.
The principal risks and uncertainties and our risk model are published in the annual report.