Risk management

Understanding, accepting and managing risk are fundamental to Rank’s strategy and success. We have an enterprise-wide risk management approach in place, which is integrated into our organisational management structure and responsibilities. The principal aim is to provide oversight and governance of the key risks we face, as well as monitoring upcoming and emerging risks.

Over the past year we have continued to improve our enterprise risk management framework, and enhance our ability to identify, mitigate, monitor and review these principal risks. For each risk identified, we assessed the likelihood and consequence, and appointed a “risk owner” who is a member of the executive committee. The risk owner is responsible for defining mitigations, which are reviewed for appropriateness and monitored regularly.

Throughout the year the risk management approach is subject to regular review and updated to reflect new and emerging risks, which are themselves reviewed to understand their potential significance to the business. Risks are identified and monitored through risk registers at Group level and within key business units, ensuring both a top-down and bottom‑up approach.

The Board has overall responsibility for the risk management framework and for establishing the Group’s risk appetite, as well as ensuring that the approach is embedded into the operations of the business. The audit committee is responsible for assessing the ongoing effectiveness of the risk management framework and processes, and for undertaking an independent review of the mitigation plans for material risks.

Additional committee working sessions are held with divisional management to ensure that risks are being identified in a timely manner, mitigating controls over identified risks are appropriate and effective and action plans are put into place for emerging risks. This approach ensures that risks are being identified in both a “top-down” and a “bottom-up” manner to give assurance that risk registers are appropriate and comprehensive.

Group internal audit helps to manage risk identification by conducting independent reviews of both the risks to the business and progress in performing mitigation action plans.