Top down Strategic risk management
Bottom up Operational risk management
• Establishing guidance on the Group’s approach to risk management and establishing the parameters for risk appetite and associated decision making • Identification, review and management of identified Group strategic risks and associated actions • Ongoing consideration of: – IT and cyber-centric risk – Environmental risk • Implementing and embedding the Group’s Risk Management Policy and approach • Directing the delivery of the Group’s identified actions associated with managing/mitigating risk • Identification of key risk indicators, monitoring and taking timely action where appropriate • Instrumental in developing the risk management framework adopted by the Board • Providing governance and control over the IRMS • Conduit between the Board and the business units – providing training and support where appropriate • Developing and executing a risk-based internal audit plan to assess the management of risks • Execution of the delivery of the Group’s identified actions associated with managing risk • Timely reporting on the implementation and progress of agreed action plans • Provision of key risk indicator updates
• Periodically assessing the effectiveness of the embedded Group risk management process • Challenging the content of the strategic risk register to support a comprehensive and balanced assessment of risk • Reporting on the principal risks and uncertainties of the Group • Responsible for reviewing the operational risks across the business units and Group • Challenging the appropriateness and adequacy of proposed action plans to mitigate risk • Giving due consideration to the aggregation of risk across the Group • Provisioning suitable cross-functional/business unit resource to effectively manage risk where appropriate • Ongoing monitoring and reporting to the Board in relation to the progress being made by the business units in implementing agreed action plans to mitigate strategic risk • CISO dedicated to the identification, management, monitoring and reporting of data security risks • Identification and reporting of strategic risk to the Board • Provision of reports and data relating to significant emerging risks to the Group (internal and external) • Implementation of risk management approach which promotes the ongoing identification, evaluation, prioritisation, mitigation and monitoring of operational risk
Board Audit Committee Cyber Security Committee
Executive Board and leadership team
Global governance function, incl. dedicated CISO
Business units
Effective pursuit of strategic objectives
NCC Group plc — Annual report and accounts for the year ended 31 May 2022
65
Made with FlippingBook Online newsletter maker