The effective understanding, acceptance and management of risk is fundamental to the strategy and success of Rank. An enterprise-wide Group risk management methodology is in place. This is integrated into the organisation management structure and responsibilities, with the principal aim of providing oversight and governance of the key and principal risks to the Group, as well as ongoing monitoring of any upcoming and emerging risks.
During the year ended 30 June 2018, Rank has sought to improve its enterprise risk management capabilities and to enhance its ability to identify, mitigate, monitor and review these principal risks. For each risk identified within the impact areas the likelihood, consequence and risk owner (executive committee member) are identified. The risk owner is responsible for defining the risk mitigations, which are reviewed for appropriateness and monitored regularly.
Throughout the year ended 30 June 2018, the risk management approach will be subject to continuous review and updated to reflect new and emerging issues, which are themselves reviewed to understand the significance to the business. Risks are identified and monitored through risk registers at the Group level and within key business units, ensuring both a top-down and bottom-up approach.
The board has overall responsibility for the operation of the risk management framework and for establishing the Group’s risk appetite, as well as ensuring that the above approach is embedded into the operations of its business. The audit committee holds responsibility for assessing the ongoing effectiveness of the risk management framework and processes, and for undertaking an independent review of the risk mitigation plans for material risks.
Additional committee working sessions are held with departmental and divisional management to ensure that risks are being identified in a timely manner, mitigating controls over identified risks are appropriate and effective, and action plans are put into place for emerging risks. This approach ensures that organisational risks are being identified in both a ‘top-down’ and a ‘bottom-up’ manner to give assurance that risk registers are appropriate and comprehensive.
Internal audit helps manage risk identification through conducting independent reviews of both the business risk and its progress in performing the mitigating action plans agreed for any relevant risks, the status of which is reported to the risk committee.