The Board is responsible for setting the Group’s risk appetite and ensuring that appropriate risk management systems are in place. The Board reviews the Group’s principal risks throughout the year as part of its normal agenda, adopting an integrated approach to risk management by regularly discussing the principal risks as a part of key agenda items. In addition, once a year the Board formally assesses the Group’s principal risks, taking the strength of the Group’s control systems and our appetite for risk into account.
The Board delegates responsibility for day-to-day risk management to the Executive Committee, including the identification, evaluation and monitoring of key risks facing the Group and the implementation of Group-wide risk management processes and controls.
The Audit Committee keeps the effectiveness of the Group’s risk management systems under review and reports to the Board on the results of its review. The occurrence of any material control issues, serious accidents or major commercial, financial or reputational issues, or the identification of new significant risks, are reported to the Board and/or Audit Committee as appropriate.
The Board is aware that the effectiveness of risk management is dependent on behaviours. In 2016 we launched a refreshed Code of Business Conduct across our group to provide a common and consistent framework for responsible business practices. It reinforces the standards that we expect our people to follow in their day-to-day activities, no matter where they work in the world, and tells others that they can rely on our integrity. The Code is just one element of the Group’s widereaching Ethics and Compliance programme, which aims to ensure compliance with our ethical standards.
How we identify risk
Our risk management process has been built to identify, evaluate, analyse and mitigate significant risks to the achievement of our strategy. Our risk identification processes seek to identify risks from both a top down strategic perspective and a bottom up local operating company perspective.
The Board has overall responsibility for risk management, the setting of risk appetite and the implementation of the risk management policy. The Board reviews and challenges the Group’s principal risks and uncertainties on an ongoing basis.
The Audit Committee
The Audit Committee ensures adequate assurance is obtained over the risks that are identified as the Group’s principal risks. The Audit Committee is also responsible for the independent review and challenge of the adequacy and effectiveness of the risk management approach.
The Executive Committee is responsible for the identification, reporting and ongoing management of risks and for the stewardship of the risk management approach. The Executive Committee reviews and assesses the key strategic risks to the Group and the outputs of the assessment are sent to the Divisional Presidents for inclusion in their local risk assessment exercises.
Divisional Presidents are responsible for the identification, reporting and ongoing management of risks in their respective regions. The outputs of these assessment exercises are reviewed and challenged by the Executive Committee as part of their assessment of the key strategic risks facing the Group.
Our risk appetite
We use an assessment of the level of risk and our associated risk appetite to ensure the appropriate focus is placed on the correct risks.
Risk identification and impact
The Group’s principal risks are analysed on a gross (premitigation) and net (postmitigation) basis.
The ongoing review of the Group’s principal risks focuses on how these risks may evolve. Since the publication of last year’s Annual Report, our principal risks have changed as follows:
Increased risks - Risk 1 Market risk: a rapid downturn in our markets
With further European elections, a new US president and the UK’s negotiated exit from Europe, we expect more short term volatility in the markets. We have seen market conditions in South East Asia, Australia and Canada become increasingly more challenging.
Developing the viability statement
In developing the viability statement, it was determined that a three-year period should be used, consistent with the period of the Group’s business planning processes and reflecting a reasonable approximation of the maximum time taken from procuring a project to completion.
Management reviewed the principal risks, and considered which of these risks might threaten the Group’s viability. It was determined that none of the individual risks would in isolation compromise the Group’s viability, and so a number of different severe but plausible principal risk combinations were considered.
A downside sensitivity analysis, as well as a consideration of any mitigating actions available to the Group, were applied to the Group’s three year cash flows forecasted as part of the business planning process and presented to the Board for discussion, further to review by the Audit Committee. The Board discussed the process undertaken by management, and also reviewed the results of stress testing performed to provide an illustration of the reduction in cash flows that would be required to break the Group’s covenants or exhaust all available borrowing facilities, to ensure that the sensitivity analysis was sufficiently rigorous.
In accordance with provision C.2.2 of the 2016 revision of the Code, the Directors have assessed the prospects of the Group over a three-year period.
- i) The Board selected the three-year period as:
- a. the Group’s business planning and budget processes are carried out over a three-year period which provides the relevant estimates; and
- b. three years is a reasonable approximation of the maximum time taken from procuring a project to completion and therefore reflects our current revenue earning cycle.
- ii) The review included cash flows and other key financial ratios over the three-year period. These metrics were subject to sensitivity analysis which involves flexing a number of the main assumptions underlying the forecast both individually and in unison. This downside sensitivity analysis was carried out to evaluate the potential impact on the Group if both the effects of the global financial crisis were to be repeated and there was a substantial charge arising from a contract dispute. The review also made certain assumptions about the normal level of capital recycling likely to occur and considered whether additional financing facilities would be required.
The Directors’ assessment has been made with reference to the Group’s current position and prospects, the Group’s strategy, the Board’s risk appetite and the Group’s principal risks and how these are managed, as detailed in the Strategic report.
On the basis of the above and other matters considered and reviewed by the Board during the year, the Board has reasonable expectations that the Group will be able to continue in operation and meet its liabilities as they fall due over the next three years. In doing so, it is recognised that such future assessments are subject to a level of uncertainty that increases with time and, therefore, future outcomes cannot be guaranteed or predicted with certainty.