Managing risks


Risk management

Given the scale of our businesses, the Board of Directors recognises that the nature, scope and potential impact of our business and strategic risks is subject to constant change. As such, the Board has implemented the necessary framework to ensure that it has sufficient visibility of the principal risks and the opportunity to regularly review the adequacy and effectiveness of our mitigating controls and strategies.

Our approach to risk management

To Identify Our Risks, we start with our strategic pillars and consider what might stop us achieving our ONE Kingfisher plan. The process is therefore looking at the risks we face within our strategic planning period. The approach combines a top-down strategic company-level view and a bottom-up operational view of the risks at Operating Company and functional level. Meetings are held with our Operating Company leadership teams and functional leaders to identify the risks within the operations. To identify our principal risks, discussions are held with the Group Executive and non-executive directors. The information from the operational assessments is also considered to arrive at our principal risks. The table on page 39 of the 2916/17 Annual Report & Accounts shows how the principal risks link to the strategic pillars.

To Assess Our Risks, we consider the potential financial, reputational, regulatory or operational impact and probability that the risk may materialise. This helps us to assess the level of control we need to put in place. For each of the principal risks, we have included an assessment of the change in risk from last year. This assessment is based on the external environment, the company's operations, and the impact of the controls in place. We have considered whether the risk is increasing, decreasing or remains unchanged.

To Manage Our Risks, ownership is assigned at all levels. The Operating Company leadership team owns and is responsible for managing its own risks. Each leadership team is responsible for putting appropriate controls in place and procedures to ensure that the controls are operating effectively. The same procedure is followed for our principal risks.

To ensure we effectively Monitor Our Risks, the principal risks are reviewed by the Group Executive and Board twice a year. Changes to the principal risks and mitigation strategies are considered as part of this review. During the year, the Audit Committee reviews the risk assessment process and receives presentations from some of the Operating Companies.

These presentations include the risk assessment for the Operating Company enabling the Audit Committee to monitor the risks and level of control in place. Internal Audit also considers the risks at Operating Company and Group level when developing the internal audit plan.

This year's update

Having followed the process set out above, and in light of a strategy that remains unchanged, we have made no material changes to our principal risks.

However, as part of this year's risk assessment, we did consider the impact of the result of the EU referendum on our principal risks. We have established a Brexit working group to monitor developments and to keep under review our principal risks and mitigations. Whilst the principal risks currently remain unchanged, we recognise that Brexit may impact the level of risk we face and this has been reflected in the statements made regarding the change in risk.

During the year, the Board has also considered the nature and level of risk that we are prepared to accept to deliver our business strategies, and has reviewed and approved our internal statement of risk appetite. This describes desired levels of acceptable risk, supported by high level qualitative risk statements, ensuring that risks are proactively managed to the level agreed by the Board.

The Corporate Governance report on page 52 of the 2016/17 Annual Report & Accounts gives further details about our governance processes.