Risk Management

Responsibility

The Board of Directors has overall responsibility for ensuring that NCC Group adopts an effective risk management model, which is aligned to our objectives and promotes good risk management practice.

Risk assessment

Risk assessments are conducted at both a strategic and operational level and support us to understand the risks that we face and the controls in place to mitigate them. Importantly, they provide a mechanism to identify operational improvements and are vital in our transformation programmes.

Monitoring and review

Ongoing monitoring of risks and related actions is key to the implementation of our risk management model and, therefore, we are committed to making enterprise-wide risk management part of business as usual. Examples of ongoing monitoring of business risks include, but are not limited to:

• Annual review of the external audit strategy and plan by the Audit Committee and Chief Financial Officer to ensure inclusion of key financial risks
• Annual review of the annual internal audit plan to validate that it incorporates key areas of business risk
• A review of internal audit reports issued during the period, including a summary of progress against previously raised management actions
• Annual review of the strategic risk register by the Board to ensure that it includes risks arising in year

Training and communication

Through our strategic and operational risk register, we identify key controls and mitigating factors, which includes any specific training and communication requirements – both in general knowledge, as well as in new operating procedures to manage risk. Underpinning this is the performance management process, and key operating management systems.

The principal risks and uncertainties and our risk model are published in the annual report.