Principal risks and uncertainties
Philip Hudson
Director of Corporate Affairs and Company Secretary
The effective management of risks within the Group underpins the delivery of our key priorities. The Group has a comprehensive structure of governance controls in place to manage risks. Policies have been established in key areas of the business such as trading, treasury, production and health and safety to ensure that these risks are managed in a controlled manner and in accordance with the Board’s appetite for risk.
Internal control and risk management
The Board is responsible for the Group’s system of internal control and for reviewing its effectiveness. A process has been established for identifying, evaluating and managing the significant risks faced by the Group and this has been in place for the year under review up to the date of approval of the 2011 Annual report and accounts. The process is designed to manage rather than eliminate the risk of failure to achieve business objectives, and can only provide reasonable, not absolute, assurance against material misstatement or loss.
Risk management committees
There are five risk management committees:
- Treasury and commodity risk management committee
- Safety, health, environmental and production integrity committee
- New business risk management committee
- Corporate risk management committee
- Haven Power risk management committee
Each Committee is responsible for ensuring that all risks associated with their specific area of the business are identified, analysed and managed systematically and appropriately. Each Committee has terms of reference that requires it to ensure that systems and controls are approved, implemented and monitored to ensure that activities are commensurate with the risk appetite established by the Board, are adequately resourced and comply with applicable legal and regulatory requirements. Each risk committee contains at least one member of the Executive Committee.
Risk management process
The key elements of the risk management process are as follows:
Risk identification –
risks faced by the Group are identified during the formulation of the Business Plan. Senior management and risk owners, with the assistance of the risk management committees, periodically review the risks to ensure that the risk management processes and controls in their area are appropriate and effective, and that new risks are identified.
Risk analysis –
the basic causes of each risk are considered, and the impact and likelihood of its materialising is assessed. Risk registers are used to document the risks identified, level of severity and probability, ownership and mitigation measures for each risk. The risk registers are reviewed by the risk management committees on a quarterly basis.
Risks are then logged with reference to impact and probability as follows:
Risk appetite is identified by reference to the same criteria. The analysis enables decisions to be taken as to how that risk should be managed by applying mitigation measures to align the risk with the identified risk appetite.
–
the Board is ultimately responsible for this system of risk management and internal control. The Audit Committee reviews financial information and the suitability of internal controls on behalf of the Board. Risk management committees assist the executive directors in the operation and implementation of the risk management process, and provide a source of assurance to the Audit Committee that the process is operating effectively.