Risk management

We operate in a challenging environment  but we recognise that, with careful management, risks can offer opportunities as well as challenges.

We understand that risks are an inherent part of our business. Risk management is an integral part of how we work and it is built into our day to day activities. Identifying and managing risks and opportunities is key to the successful delivery of our strategy.

Review our key risk register

Risk governance

Our Board is responsible for reviewing the effectiveness of our risk management and internal control systems, including financial, operational, and compliance controls. The work undertaken by our Committees is a vital component of the way we effectively review, identify, and manage risk.

Our risk management approach is based upon the principles and guidelines of BS ISO 31000:2018 and on our Internal Control Framework. Our risk framework has continued to mature as we learn from  the challenges we have faced in the past. We have continued to improve our risk management processes  and believe our framework provides us with the structure to identify the risks that may affect our business.

Read more about our approach to risk governance.

Risk management framework

Our risk management framework is designed to underpin our sustainability and helps our Board fulfil its responsibilities. The framework includes the policies, culture, organisation, behaviours, processes and systems that, taken together, facilitate its effective and efficient operation.

The Framework supports the Board in exercising its overall responsibilities and to:

  • Regulate the addition of appropriate opportunities and risks into the Group
  • Develop our understanding of the most significant threats and opportunities
  • Promote active management of risk exposures down to acceptable levels
  • Assist us to achieve our business plan objectives and maintain our high standards of operational performance

2017 review

In 2017 we continued to enhance our processes and controls to improve the consistency and transparency of our approach to risk management, with a particular focus on strengthening the Group’s compliance framework.

We have taken several actions over the year, including:

  • Formation of the Compliance and Ethics Committee
  • Establishment of the Third Party Risk Committee
  • Development of a compliance charter
  • Enhancement of our compliance e-learning programme
  • Completion of the transformation of our internal audit programme
  • Launch of a finance controls improvement programme
  • Conducted regular reviews across our E&C projects to help identify potential risks
  • Revised our organisational structure and carried out significant work on succession planning and talent development
  • Expanded our intrusion detection monitoring of cyber-security threats
  • Published new HSSEIA standards, and circulated a driving safety policy video globally
  • Considered the potential impact of the EU referendum result, and the triggering of Article 50 in March 2017

Risk Appetite

Our risk appetite is governed through the Delegated Authorities and Risk Review Committees, which are embedded across the Group, and managed by limits and parameters which are regularly monitored in each of our businesses, and aggregated for review at Group level.

In 2018 the Board will assess the risk appetite for each of our principal risks.


Our Board is assisted by four committees - the Audit, Compliance and Ethics, Nominations and Remuneration committees