i Table of contents 164

NCC Group plc annual report and accounts for the year ended…

Risk management Risk is an inherent part of doing business, and risk management is a fundamental aspect of good corporate governance. A successful risk management process balances risk and reward and is underpinned by sound judgement regarding the impact and likelihood of risks. The Board holds overall responsibility for ensuring that NCC Group has an effective risk management framework that aligns with its business objectives.

The Board has established an Enterprise Risk Management policy, which has established protocols, including: • Roles and responsibilities for the risk management framework

g o

Identify risks

Monitor delivery of action plans/ risk universe

Identify inherent risks and likelihood of impact

• A risk scoring framework

Risk management model

• A definition of risk appetite

Develop action plans (treat, transfer, tolerate, terminate)

Assess adequacy and effectiveness of existing controls

The integrated approach to risk management diagram on page 30 summarises the Group’s overall approach to risk management

Evaluate mitigated risks and likelihood of impact

Assign Director-level sponsorship

g

NCC Group’s approach to risk management NCC Group adopts both a “top-down” and “bottom-up” approach to risk, to manage risk exposure across the Group to enable the effective pursuit of strategic objectives. The approach is summarised in the diagram on page 30. The approach is one of collaboration, which supports our comprehensive approach to risk identification, from the “top down” and “bottom up”. The Group believes that this is the most efficient and effective way to identify its business risks. Top down The Board, Audit Committee and Cyber Security Committee review risks on an ongoing basis and are supported by the Executive Committee and subject matter specialists (including Escode, Cyber

Security, information security, data protection and health and safety). The Board considers the Group’s strategic objectives and any barriers to their achievement. Bottom up The Board and senior leadership team engage with colleagues at every level of the Group in recognition of the importance of their expertise, contribution and views. Risk management model The Board has overall responsibility for ensuring that NCC Group adopts an effective risk management model, which is aligned to our objectives and promotes good risk management practice. We have therefore adopted the model described in this section and summarised in the diagram above.

NCC Group plc — Annual report and accounts for the year ended 30 September 2025 29

Made with FlippingBook Online newsletter maker