Risk management continued
Principal risks and uncertainties continued
B. Cyber and information security continued
VR
5. Significant business systems failure
Link to strategy:
Our capabilities
Global delivery
Differentiated brands
Previous risk name N/A
Risk impact Inability to transact, operate and deliver services resulting in loss of customer trust, resulting in loss of revenue and negative impact on share price. Risk impact and movement Increased due to a lot of ongoing transformational change and the general increase in cyber attacks.
Key controls and mitigating factors Deployed an Information Security Management System (ISO 27001). All key locations are certified. IT strategy of continued cloud migration which has greater resilience and availability. Business continuity plans, including crisis management, are in place and tested regularly. A change management process is in place within IT which assists a reduction in incidents caused by human error. Backups are in place and single points of failure are identified and mitigated in the event of prolonged loss of systems. Regular vulnerability assessments (perimeter scanning) and penetration testing are undertaken. Global systems are in place.
Risk owner Guy Ellis, CFO
6. Loss of client/colleague data
Link to strategy:
Our capabilities
Differentiated brands
Previous risk name Merged with intellectual property theft or exposure
Risk impact Data breach leading to fines from regulators and reputational damage. Reputational damage from losing client data and industrial espionage, resulting in loss of revenue and loss of competitive advantage from threat of malicious actors.
Key controls and mitigating factors Deployed an Information Security Management System (ISO 27001). All key locations are certified. Regular compliance training, including data protection, is provided to all colleagues at least annually. Information classification and handling and data privacy policies are in place.
Risk owner Guy Ellis, CFO
Risk impact and movement
VR
7. Insufficient quality, integrity and availability of management information
Link to strategy:
Our clients
Our capabilities
Global delivery
Previous risk name N/A
Risk impact Suboptimal business decision making and performance as key financial performance data is not available or trusted.
Key controls and mitigating factors We are ISO 9001 accredited across key locations. Standardised business process control standards are in place and subject to regular review by the global standards and support team. Increased focus on implementing global systems to support global strategy.
Risk owner Guy Ellis, CFO
Risk impact and movement
Risk movement: Increased
Risk impact: High