RISK MANAGEMENT / PRINCIPAL RISKS AND UNCERTAINTIES con nued
Health and safety
Risk trend Description Mitigation
Safety is our number one priority. We manage safety carefully through extensive Group-wide processes, yet we recognise we can never be complacent. Therefore we continue to include this as a principal risk and an area which will always be a priority for GKN.
A serious accident in the workplace could have a major impact on employees as well as their families, colleagues and communities. Such an incident could also result in legal claims, reputational damage and nancial loss.
• Consistent Group-wide application of health and safety programmes. • Regular reporting and monitoring of health and safety performance. • Health and safety audits to ensure adherence to Group policies and procedures. • A focus on process and behavioural safety through a number of Group-wide risk assessment and training programmes. • Maintenance of insurance for costs associated with injuryrelated actions or claims against the Group.
The Group’s AFR and ASR again improved during the year and we continued to focus on near-miss reporting as a key leading indicator of our health and safety performance. Hazard awareness and risk assessment programmes continued with a particular focus on identifying and addressing potential catastrophic hazards.
Read more about health and safety on pages 50 and 51
Information systems resilience
Risk trend Description Mitigation
The Group could be impacted negatively by information technology security threats including unauthorised access to intellectual property or other controlled information. Interruptions to the Group’s information systems could also adversely a ect its day-to-day operations. The inherent security threat is considered highest in GKN Aerospace where data is held in relation to civil aerospace technology and controlled military contracts.
A major disruption to information systems could have a signi cant adverse impact on the Group’s operations or its ability to trade. The loss of con dential information, intellectual property or controlled data could result in nes and damage to the Group’s reputation, and could adversely a ect its ability to win future contracts.
• Formal risk-based governance framework including dedicated IT security policies and related compliance processes, ongoing risk reviews, IT security awareness training and robust systems and processes to manage access, information assets, threats and vulnerabilities. • External support and benchmarking of best practice information systems security and resilience. • Ongoing development of appropriate incident detection and response plans and capabilities. • Disaster recovery contingency plans which are regularly tested including data centres where the risk is deemed to be the greatest. • Executive Committee oversight of IT security and assurance matters.
The security of our information systems has continued to improve to address potential threats impacting both our business and our industries more generally. We increased the number of penetration tests completed on our systems and continued to improve security standards across the Group. In December, a senior former British security and intelligence o cer briefed the Chief Executive’s Council on the increasingly global perspective of the cyber security threat.
GKN plc Annual Report and Accounts