Risk committee report
Membership of the risk committee
Risk committee attendance 2010
| Meetings eligible to attend | Meetings attended | |
|---|---|---|
| Sir John Rose (chairman) | 2 | 2 |
| James Guyette | 2 | 2 |
| Andrew Shilston | 2 | 2 |
| Colin Smith | 2 | 2 |
| Mike Terrett | 2 | 2 |
The risk committee, chaired by the Chief Executive, and comprising all of the executive directors, meets at least twice a year and is attended by the sector presidents, the Director of Risk and the General Counsel and Company Secretary.
Responsibilities
The Group has established and implemented a sound risk management structure throughout the business that supports programme execution, informs decision-making and, ultimately, helps to deliver better business performance.
The risk committee has accountability for the system of risk management and reports annually to the Board on the policy, process and operation of the risk management system and the principal risks facing the Group, including the treatment plans in place to manage them. The risk committee has responsibility for implementing the Board’s policies on risk and internal control and reviews the results of the risk management process, which operates at all levels of the Group.
Specific committees have accountability for reviewing certain categories of risk. The financial risk committee reviews credit, market or liquidity risks. The ethics committee reviews those risks with a significant ethical dimension.
The risk committee has developed a risk policy which states that risk management is a part of every manager’s responsibility and is to be embedded within the day-to-day activity.
The work of the committee in 2010
During the year, the committee agreed additions and retirements to the Group risk register and reviewed mitigation plans. The committee received reports on business continuity and crisis management and on the Anti-Bribery and Corruption programme. It also reviewed the tools and processes used for risk management and reviewed the Group’s insurance portfolio.
Risk profile
The Group’s risk profile has increased over the past five years which, in part, can be attributed to the increasing maturity of the processes to recognise and formally communicate risks.
The significant risks arising from economic downturn and financial market disruption in that period have been or are being addressed by comprehensive mitigation strategies and plans. The external business environment is challenging and whilst competitive pressures remain high there are some early signs of recovery across all sectors.
Had the Group remained so strongly dependent upon the civil aerospace business, then its exposure to the cyclical downturn in the economy affecting the global demand for air travel would have been much more severe. While it is still possible that there may be a ‘double dip’ recession, the Group has performed well to date in the recessionary environment. The benefits of a strong aftermarket business, a broad portfolio of products across all businesses and the growing influence of geographical diversification have all been factors in maintaining a strong financial performance. Continued development of the portfolio in areas such as marine, energy and civil nuclear will further mitigate the risk.
Low probability/high impact events that are beyond the range of normal expectations have attracted a substantial degree of focus in 2010. The European sovereign debt crisis threatening the euro, the April eruption of the Eyjafjallajökull volcano in Iceland, which shut down Europe’s airspace for six days, and the oil spill in the Gulf of Mexico have together resulted in a much deeper consideration of the risks to organisational resilience.
The reliability of our products remains a significant exposure and recent events have highlighted the negative impact that any deficiencies could have on the Group’s reputation. Management attention is on the ‘safety first’ culture and there is continuing engineering focus on product reliability and service lives.
Principal risks and uncertainties
The ‘Principal risks and uncertainties’, described within the Business review section, are among those that may have an impact on the Group’s performance. This is notwithstanding other risks and uncertainties that are currently unknown to the Group, or which the Group does not presently consider to be material. The principal risks reflect the global nature of the business and the competitive and challenging business environment in which it operates. Risks, including those to the Group’s reputation, are considered under four broad headings:
- business environment risks;
- strategic risks;
- financial risks; and
- operational risks.
Risk management process
Rolls-Royce takes a proactive approach to the management of risk and recognises the risk management process as fundamental in achieving its business objectives. Throughout the Group, risks are identified, assessed and managed through an established structured approach. The Board has reviewed the risk management process and confirms that ongoing processes and systems ensure that Rolls-Royce continues to be compliant with the Turnbull guidance as contained in ‘Internal Control: Guidance for Directors on the Combined Code’.
Risks are defined as threats to the achievement of business objectives or to the continuing reputation of the Group. As part of the business cycle, each part of the Group is required to identify and record key risks together with appropriate treatment activities. Risks are documented in a framework of risk registers and are regularly reviewed and updated by management.
The process provides methods for escalation and aggregation at every level of the business; delegation to the appropriate levels within the organisation ensures that risk and treatment actions are owned, defined, resourced and effective. The top-level corporate risk register is an aggregation of lower-level risk registers from where risks are escalated to be reviewed by the Board. The Board also considers these risks in the context of the Group’s business strategy.
This ongoing process has been in place during 2010, up to and including the date of approval of this Annual report contained within it.
Management has continued to perform comprehensive risk reviews for all major programmes, including business change plans. Independent gated reviews are conducted where key risks and mitigating actions are identified and reported to management for incorporation into programme plans. The risk management process places significant emphasis on learning from and sharing prior experience.
Continuous improvement of the risk management process
Development, implementation and maintenance of the standard global process is the responsibility of a dedicated Enterprise Risk Management team, part of the Risk function, led by the Director of Risk. The team has created a comprehensive framework for the assessment of risk management process maturity that enables focused improvement actions and drives consistent application of the risk management process throughout all levels of the Group.
An integrated range of tools and training supports the risk process. Implementation of an enterprise-wide risk database application enables the recording, analysis, communication and management of risks across the Group.
A global network of risk champions, mentors and facilitators drives the application of the standard process in each part of the business and helps to develop, embed and share best practice throughout the Group.
The risk management process is subject to continuous improvement. Over the past year, training material has been enhanced for all risk roles to ensure consistency of risk management capability for all levels of the organisation. The global uptake of risk training has more than doubled in comparison to 2009.
As the Group broadens its portfolio and enters new territories through organic growth and acquisition, it places increased emphasis on the need to understand the geopolitical risks inherent in the business. Initiatives are underway to formalise, corroborate and respond to these risks.