Business review Risk management
Operational risks
The Group is exposed to a range of operational risks which can arise from inadequate or failed processes, people and systems or from external factors affecting these. These include operational events such as human resources risks, legal and regulatory risks, information technology systems failures, business disruption and shortcomings in internal controls. Line management at all levels is responsible for identifying, assessing, controlling and reporting operational risks. This is supported by a framework of core values, standards and controls, a code of business conduct and delegated authorities. There is also an independent internal audit function which carries out periodic reviews.
People
The ability to recruit, develop and retain capable people is of fundamental importance to achieving the Group's strategy. The Group operates in a competitive industry and aims to remunerate staff in line with market practice and to provide superior development opportunities. The Group has human resources policies and procedures covering recruitment, vetting and performance management, and appropriate processes in place to monitor their application. Staff engagement is also regularly evaluated and reported to the Board.
Business processes
The Group's information technology and treasury systems, as well as its business processes and procedures, support its operations and business performance. The Group has policies and procedures covering information security, change management, business continuity and disaster recovery. These are subject to periodic testing.
Legal and regulatory
In order to conform to necessary legal and regulatory requirements across multiple jurisdictions, the Group operates a complex legal and corporate structure. This requires appropriate internal processes and procedures to be developed and followed, supported by professional teams with appropriate skills, drawing upon external resources where appropriate. There is also a Legal and Regulatory Risk Forum which meets at least four times a year to review and plan for forthcoming legal and regulatory changes which could impact the Group.