Principal risks and uncertainties
Embedded risk management systems
Embedded risk management systems have supported the Group in pursuing its strategy for sustainable and profitable growth.
Risk management Risk is an inherent part of doing business and risk management is a fundamental part of good corporate governance. A successful risk management process balances risk and reward and is underpinned by sound judgement of their impact and likelihood. The Board has overall responsibility for ensuring that NCC Group has an effective risk management framework, which is aligned to our business objectives. The Board has established a Risk Management Policy, which has established protocols, including: • Roles and responsibilities for the risk management framework • Risk scoring framework • A definition of risk appetite The integrated approach to risk management diagram summarises the Group’s overall approach to risk management, which is supported by a web-based tool – the Integrated Risk Management System (IRMS). The tool is designed to follow the risk management model described in the next section and records both strategic and operational risk registers and tracks risk mitigation action plans, helping embed ownership of risks and treatment actions while also providing access to live management information, which is used at both a Board and operational management level.
NCC Group’s approach to risk management NCC Group adopts both a “top down” and “bottom up” approach to risk, to manage risk exposure across the Group to enable the effective pursuit of strategic objectives. The approach is summarised in the diagram on page 41. The approach is one of collaboration, which supports our comprehensive approach to risk identification, from the “top down” and “bottom up”. The Group believes that this is the most efficient and effective way to identify its business risks. Top down The Board, Audit Committee and Cyber Security Committee review risks on an ongoing basis and are supported by the Executive Committee and subject matter specialists (including Software Resilience, Assurance, information security, data protection and health and safety). The Board gives consideration to the Group’s strategic objectives and any barriers to their achievement. Bottom up The Board and senior leadership team engage with colleagues at every level of the Group in recognition of the importance of their expertise, contribution and views. In relation to matters of wrongdoing, or risks not being recognised and adequately managed, the Group has a robust and effective whistleblowing procedure, which is supported by the Safecall reporting line.
40
NCC Group plc — Annual report and accounts for the year ended 31 May 2021
Made with FlippingBook Converter PDF to HTML5