For each risk identified, the model records the uncontrolled magnitude and likelihood of the risks occurring as well as the controls in place to mitigate those risks before assessing the controlled magnitude.
The Board’s view of acceptable risk is based on a balanced view of all of the risks in the operating environment. It aims to ensure an appropriate balance between risk aversion and opportunities.
The Board sets the tone for risk management within the Group and determines the appropriate risk appetite. The Board monitors the management of fundamental risks and approves major decisions affecting the Group’s risk profile. Senior management implements policies on risk management and internal control.
For NWL, the management team reviews the approach to risk management in detail every year and the Audit Committee considers the outcome. The management team reviews the significant risks every month and a full review of the model for emerging significant risks is carried out quarterly. Any issues that arise from these management team reviews are reported by the CEO to the board.
Apart from NWL, none of the subsidiaries has risks considered to be significant to the Group’s short and long term value.
The system of internal control incorporates risk management. It encompasses a number of elements that together facilitate an effective and efficient operation, enabling the company to respond to a variety of risks. These elements include:
Attached to fundamental risks are a series of policies that underpin the internal control process. Written procedures support the policies where appropriate.
The business planning and budgeting process is used to set objectives, agree action plans and allocate resources. Progress against meeting business plan and budget objectives is monitored regularly.
The risk register identifies key risks, each with a risk owner who is responsible for evaluating the risk on a regular basis. As a way of ensuring that risk management is embedded into the business, the risk owners have the management of these risks as a personal KPI.
Risks that are known but not yet well defined enough for the likelihood and consequence to be reasonably foreseen are included in a strategic risk model.