Risk management

As with all businesses, we are affected by a number of risks and uncertainties

Principal risks and uncertainties

This page shows the principal risks and uncertainties, some of which are beyond our control, that could have a material adverse effect on the Group and have been identified through our risk management framework.

This is not an exhaustive list and there may be risks and uncertainties of which we are currently unaware, or are believed to be immaterial, that could have an adverse effect on the business.

Further information on risk management and our internal control systems can be found in the Nomination Committee report.

Risk management framework
Change in level of risk

 Risk decreased

Why is it important?

We place significant reliance on the networks and IT systems both within our business and in the services we provide to our customers. It is therefore essential that we build security and resilience into the networks and systems to mitigate the risk from attacks.

What are we doing to mitigate the risk?

We continue to monitor closely any attempted attacks and take actions where necessary to ensure we have robust security in place. We have held the ISO 27001 Information Security Management standard since 2007 and comply also with other security standards as required by our customers. We have also made significant investment in our IT infrastructure to improve the resilience of our key systems.

How does this link to our strategy?

  Customers

  Processes and systems

This links directly to our processes and systems, as well as being key to the customer pillar of our strategy as ensuring security of our networks and IT systems is a clear customer need.

Change in level of risk

 No change

Why is it important?

Security of customer data, whether it belongs to a business or an individual, is of paramount importance to us. The risk to data security remains high as a result of the volume of external attacks seen across all industries.

What are we doing to mitigate the risk?

We have run an information security awareness programme throughout the year to regularly remind our people of the importance of information security and their responsibilities in relation to this. We have a clear Data Governance policy in place and in the year have appointed data governance owners across the business to form a virtual team with responsibility for all matters relating to data governance. Any incidents, however minor, are investigated and control improvements are implemented where necessary to ensure that we keep our customer data secure at all times.

How does this link to our strategy?

  Customers

  Processes and systems

This has a direct impact on our customers and also links to our processes and systems pillar of our strategy as our processes and systems play a pivotal role in keeping our data accurate, secure and confidential.

Change in level of risk

 Risk decreased

Why is it important?

Delivering exceptional service to our customers is one of our key strategic aims and therefore the risk of failing to do this is a key risk for us to mitigate.

What are we doing to mitigate the risk?

We have continued to invest in our people and our systems to ensure that we have the right people in the right roles and that they have the right tools to provide an exceptional service. We also work closely with our partners to ensure that they are aligned with us in delivering the best service possible.

How does this link to our strategy?

  Customers

  People

  Partners

  Processes and systems

This links to all aspects of our strategy and is key to the whole of our business.

Change in level of risk

 Risk increased

Why is it important?

Recruiting and retaining the right people is crucial for the success of the Group in meeting our objectives. This applies not only to being able to recruit people who embody our values, but also to recruiting people with specific technical skills where needed, some of which may be in short supply. It also involves developing the skills in-house and creating internal mobility around deploying those skills.

What are we doing to mitigate the risk?

We are focused on creating a workplace that both attracts and retains people with the skills and behaviour that we need. During the year we have created a competency framework which will help us identify skills gaps for recruitment, enable us to create more opportunities for personal growth development. It also links into our performance management to help us ensure we are identifying and rewarding the people that embody the competencies we need to drive the business forward.

How does this link to our strategy?

  Customers

  People

Recruiting and retaining the right people is part of the people pillar of our strategy, whilst also having an impact on our customers and the level of service that they receive.

Change in level of risk

 No change

Why is it important?

Our business model means that we work with several key partners to deliver service to our customers; they include Amazon Web Services, BT, Cisco, ForgeRock, Microsoft.

What are we doing to mitigate the risk?

We have dedicated teams to work alongside our key partners and we monitor all of our partnerships closely to ensure that our partners embody our key values and we can work together to resolve any minor issues before they become significant. We also have multiple partners in key risk areas to mitigate the risk in the event of failure of one partner.

How does this link to our strategy?

  Customers

  Partners

This links directly to the partners pillar of our strategy and also impacts upon our customers.