The Board is responsible for setting the Group’s risk appetite and ensuring that appropriate risk management systems are in place
The Board reviews the Group’s principal risks throughout the year as part of its normal agenda, adopting an integrated approach to risk management by regularly discussing principal risks. In addition, in the middle and at the end of each year, the Board assesses the Group’s principal risks through our enterprise risk management (ERM) programme described opposite, taking the strength of the Group’s control systems and our appetite for risk into account. We have a risk matrix which ensures that, between the Board and its committees, all of the Group’s principal risks are reviewed during the course of the year. The Board delegates responsibility for day-to-day risk management to the Executive Committee, including the identi cation, evaluation and monitoring of key risks facing the Group and the implementation of Group-wide risk management processes and controls. The Executive Committee is supported in this by its Sub-Committee on Governance and Risk. The Audit & Risk Committee keeps the e ectiveness of the Group’s risk management systems under review and reports to the Board on the results of its review. The occurrence of any material control issues, serious accidents or major commercial, nancial or reputational issues, or the identi cation of new risks, are reported to the Board and/or Audit & Risk Committee as appropriate. In response to the changes in the UK Corporate Governance Code, in 2014 we reviewed our approach to risk management at Board level and, in 2015, increased the level of oversight for certain principal risks while continuing to strengthen the independent assurance provided in respect of some risks. While overall we are happy with our risk management processes, our philosophy, as in all areas of the business, is one of continuous improvement.
How GKN manages risk
The Group has four levels of defence through which it manages signi cant risks.
Level 1: Risk ownership and control
Our businesses are responsible for maintaining an e ective risk and control environment as part of day-to-day operations under the direction of the Chief Executive and the Executive Committee. This includes implementation and regular monitoring and review by divisional management of processes and controls which are designed to ensure compliance with the Board’s appetite for risk, Group policies and delegated authority levels, and the GKN Code. These front line controls are regularly updated to respond to the Group’s changing risk pro le.
Level 2: Monitoring and compliance
Group functions monitor adherence to the procedures set out by the Executive Committee and provide guidance to the businesses on their application. This includes ongoing reviews by our health and safety audit team and Group IT and nancial control functions. Representatives of these functions report their ndings to the Executive Sub-Committee on Governance and Risk or directly to the Executive Committee. The Sub-Committee reports twice a year to the Executive Committee on matters relating to the Group’s governance, risk management and assurance framework, including areas of concern or proposals for improvement.
Level 3: Independent assurance
Independent assurance over the Group’s risk management, control and governance processes is provided by the Group’s Corporate Audit team, the Head of Risk and external assurance providers.
Level 4: Oversight
The Board, Executive Committee and Audit & Risk Committee provide oversight and direction in accordance with their respective responsibilities, more information on which is set out in the governance section of this annual report.
Level 4: Oversight
Level 3: nt assura pende nce e Ind Level 2: g and comp lia orin nc nit o Level 1: Risk ownership and control
GKN plc Annual Report and Accounts