Risk management and internal controls
The CFO maintains a risk register for the group that identifies key risks in the areas of corporate strategy, financial, clients, staff, environmental and the investment community. Within each of these areas the risks are rated as to likelihood and impact, who is responsible for managing and identifies the controls and mitigations in respect of each. All members of the board are provided with a copy of the register. The register is reviewed in detail at least annually and is updated as and when necessary in consideration of the nature of risks and the sufficiency of controls in respect of them.
Within the scope of the annual audit, specific financial risks are evaluated in detail, including in relation to foreign currency, interest rates, liquidity and credit.
Staff are reminded on a monthly basis to report, anonymously or otherwise, any security risks or threat they perceive in the operations of the business. On receipt of any such notification, a security incident team is assembled to assess and take remedial action as appropriate in the circumstances.
Staff are reminded on a monthly basis that they should seek approval from the CFO if they, or their families, plan to trade in the group’s equities.