The Board and Audit Committee
The Board of Directors, via the Audit Committee, oversees the establishment and implementation of the risk management system and annually reviews the effectiveness of the system. The Committee considers on an ongoing basis whether:
- The ongoing program identifies material areas of risk and business opportunities
- Adequate risk mitigation strategies have been designed and implemented to manage all identified material risks
- A strong risk management culture is imbedded in the Company across business levels and functions
- The program is compliant with the requirements of the UK Corporate Governance Code (Guidance on Risk Management, Internal Control and Related Financial and Business Reporting).
Operating Committee
The Operating Committee (OPCO) has overall responsibility for risk management at CCHBC including:
- Strategic risk
- Operational and business risk
- Project risk
- Financial risk
They are provided specialist support in this regard by the Group Chief Risk Officer (CRO).
Group Risk Function
The Group Risk Management function, led by the Group CRO, resides within the Company’s Business Resilience function. The team is responsible for:
- Promoting and facilitating a standardised approach to effective risk management
- Reviewing, updating and maintaining the ERM Framework
- Assisting the business to understand and manage risks and facilitate the integration of the approved ERM Framework and Processes for managing risks across the operations
- Supporting the business in identifying and implementing risk management improvement processes
- Coordinating the functions of the Group Risk Forum in analysing operational and strategic risks
- Developing and implementing strategies to strengthen risk management awareness and cultural acceptance
- Monitoring factors in the internal and external environments that may affect our ability to achieve strategic objectives and/or operating targets
- Reporting to the OPCO at regular intervals on material risks, opportunities and emerging issues
- Reporting to the Audit Committee on a half yearly basis on risks, mitigations, program maturity and compliance with the UK Corporate Governance Code (Guidance on Risk Management,Internal Control and Related Financial and Business Reporting).
Group Risk Forum
The Group Risk Forum (GRF) comprises senior managers from the business and acts as both a strategic risk ‘think tank’ and independent review mechanism for risks and opportunities escalated by the country operations and functions. The forum specifically:
- Reviews the aggregated and escalated risks and opportunities and considers their relevance against the broader Group operations and objectives
- Evaluates and discusses these risks and opportunities, together with identified aggregated or strategic risks observed by the GFC members across countries and functions, within the context of the broader Company risk universe and strategic/operational objectives
- Evaluates the risks and opportunities for escalation to the OPCO, the Audit Committee and the Board
- Monitors that clearly articulated and adequate mitigation and response plans are in place.
Internal Audit Department
CCHBC’s Internal Audit Department is separate from the Group Risk Management function. It provides assurance over the effective operation of risk management processes, methodologies, internal controls and compliance with the required elements of the UK Corporate Governance Code (Guidance on Risk Management, Internal Control and Related Financial and Business Reporting). It independently evaluates the maturity of the ERM program against industry best practice.
External Audit
External Audit, as part of their audit processes, review CCHBC’s controls in the area of risk management and will report on them in line with annual reporting procedures.
Management
Every manager is responsible for:
- Promoting the risk management policy, framework and expectations for the management of risk
- Provision and support of appropriate resources to manage risk in accordance with the framework
- Escalating risks and opportunities in accordance with the requirements of the ERM Framework
- The implementation of cost effective risk management and internal control systems in accordance with guidelines, in order to manage risk, encourage efficiencies and take advantage of opportunities
- Continuous monitoring and reporting of the effectiveness of risk controls.
Employees
Every employee is responsible for looking for opportunities to improve operational efficiencies and optimise outcomes. They must also report immediately to management any real or perceived risks that become apparent and may significantly impact our:
- Commercial viability
- Profitability
- Assets
- Customers
- Consumer or employee safety
- Regulatory or Legal obligations
- Environment
- Sustainability Programs
- Community
Risk management obligations
- Countries and key functions are accountable for managing their risks and must maintain a register of risks to their business objectives
- Risk registers will be created through a thorough risk identification and assessment process following the CCHBC ERM Framework
- Key markets and functions will participate in annual facilitated risk review sessions
- Strategic Risk Review sessions will be conducted with the OPCO and the Audit Committee on an annual basis
- Risks and key mitigations will be documented by country and functions as part of the Annual Business Planning Process
- Reviews of risk registers are to be conducted quarterly by the Group Risk function and key risks and trends are reported by the Group CRO to the Audit Committee in June and December.