Professional Documents
Culture Documents
An Introduction To Enterprise Risk Management
An Introduction To Enterprise Risk Management
By James Redmond, BBS, MBS, ACMA: Examiner - Strategic Level, Strategy & Leadership
Introduction
All organisations seek to provide value for their stakeholders, but in doing so, organisations also face
and must try to manage uncertainty. The COSO (2017) suggests that the challenge for management is
to determine how much uncertainty to accept as the organisation attempts to grow stakeholder value.
Enterprise risk management enables management to more effectively deal with uncertainty and the
associated risks and opportunities. It also allows organisations to address all the risks they face
comprehensively and coherently, instead of trying to manage them individually (Bromiley et al, 2014).
Lundqvist (2013) highlights that the increased visibility of enterprise risk management is a result of
pressure on organisations to more effectively and holistically manage its risk profile. She continues,
outlining how organisations face a ‘broader scope of risks arising from globalisation, industry
consolidation, and deregulation.’ Enterprise risk management has become especially important as a
consequence of the financial crisis of 2008, and as repeated by the COSO (2017) the World Economic
Forum has referred to the ‘increasing volatility, complexity and ambiguity of the world.’ A range of
organisations, including rating agencies, professional associations, regulators, and legislative bodies
have urged organisations to adopt enterprise risk management (Bromiley et al, 2014). Therefore while
the understanding of risk and the practice of enterprise risk management have improved, organisations
still face serious challenges in effectively managing risk. Today, stakeholders are more engaged, and
want greater transparency and accountability for managing the impact of risk.
The aim of this article is to discuss some of the key issues in enterprise risk management. In particular,
the article will discuss the following issues:
1. Defining enterprise risk management
2. Benefits of enterprise risk management
3. Types of risk
4. The three lines of defence model
5. The COSO Framework
6. The Risk Management Association Framework
7. Strategic risk management
There are a wide range of definitions of enterprise risk management. For example, the COSO defines
enterprise risk management as, ‘a process, effected by an entity’s board of directors, management and
other personnel, applied in strategy setting and across the enterprise, designed to identify potential
events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable
assurance regarding the achievement of entity objectives.’ While the Risk Management Association
council defines enterprise risk management as ‘the management capability to manage all business risks
in pursuit of acceptable returns.’ Lastly, FERMA refer to the ISO definition of risk, ‘the combination of
the probability of an event and its consequences.’
-1-
Benefits of Enterprise Risk Management
Nocco and Stulz (2006) describe how enterprise risk management creates value in organisations at
both a ‘macro’ and ‘micro’ level. They state that at the macro level enterprise risk management enables
the board of directors and senior management to identify, quantify and manage the risk-return trade-off
facing the entire organisation. On the other hand, at the micro level, enterprise risk management
ensures that all material risks are ‘owned’ by operating managers and employees throughout the
organisation. The enterprise risk management framework becomes part of the ‘way of life’ at operational
levels and an important building block of the organisation’s culture.
Types of Risk
The FERMA report identifies the following as the top five risks within the next twelve months: cyber
threats; uncertain economic growth; availability of key skills; data fraud or theft; and over-regulation.
(These are depicted in the inner circle in the diagram.) On the other hand, the survey identified climate
change and environmental damage, changing customer behaviour and extreme weather events as the
critical risks to be addressed over the next decade. The diagram below, also taken from the FERMA
European Risk Manager Report 2020, contrasts the risks that organisations face in the short term
(twelve months) and the long term (ten years).
Top Risks
Many organisations structure their risk management by having ‘three lines of defence’. In larger
organisations especially, there are frequently a range units and teams to help manage risk: risk officers,
internal auditors, compliance officers, internal control specialists, quality inspectors, and so on.
-2-
However, because their work is dispersed, they need to be coordinated carefully to assure that risk
management processes operate as intended. The coordination will ensure that there are no significant
gaps in risk management, nor is there unnecessary and expensive duplication. Within the organisation’s
risk management structure, each unit and team must have clear responsibilities and boundaries and
each must be aware of how their positions fit into the organisation’s overall risk management structure.
The Institute of Internal Auditors (2013) has outlined the ‘Three Lines of Defence Model’, and the
diagram below illustrates the model. In the model, management control is the first line of defence, the
second line of defence is the different internal controls and compliance functions, while the last line is
independent assurance. Although not specifically ‘a line of defence’ senior management and boards of
directors have responsibility to determine organisational objectives and manage the risks faced in
achieving these objectives.
The Institute of Internal Auditors (2013) outlines how the Three Lines of Defence model identifies three
groups necessary for effective risk management:
• Functions that own and manage risks.
• Functions that oversee risks.
• Functions that provide independent assurance.
-3-
• A compliance function. This monitors specific risks such as noncompliance with applicable laws
and regulations. Organisations may have multiple compliance functions depending on their
industry.
• A controllership function. This monitors financial risks and financial reporting issues.
External Bodies
In addition to the three lines of defence that are internal to the organisation, and again as illustrated in
the diagram above, there are a range of external bodies that may monitor and report on the
organisation’s governance, control and risk management. These bodies may include external auditors,
industry regulators and government agencies. These bodies may set additional requirements intended
to strengthen the controls in an organisation or on occasion, perform an independent evaluation of some
element of the organisation.
Organisational risk management is usually most effective when there are three separate and clearly
identified lines of defence, irrespective of the organisation’s size or complexity. However, it is also
important that activities are coordinated and information is shared among the units and functions
responsible for managing the organisation’s risks.
Appendix One is an excerpt from the CRH Annual Report 2019. It outlines the risk governance within
CRH, including its use of the ‘three lines of defence’ approach.
The diagram illustrates the integrated and comprehensive nature of the COSO ERM Framework.
Identified on the top face of the cube diagram, the Framework addresses risks at strategic and
operational levels, as well as in terms of reporting and compliance. The second face of the cube diagram
illustrates that the framework is useful organisation-wide as well as at organisational subunit level. The
third and front face the cube diagram identifies the eight components of the ERM Framework itself.
These will be outlined in the following paragraphs.
-4-
The COSO’s ‘Enterprise Risk Management Framework’
Internal Environment
The internal environment creates the context for how risk is perceived and establishes the tone of the
organisation (COSO, 2004). The internal environment influences organisational risk appetite, attitudes
towards risk management and ethical values (ACCA). An organisation’s internal environment is
established by the board of directors. The board needs to have strong, independent voices and the
appropriate experience, knowledge and diversity to set the right tone. According to the ACCA, a criticism
of the COSO ERM framework it does not reflect sufficiently the impact of the competitive environment,
regulation and external stakeholders on risk appetite and management and culture.
Objective Setting
Objectives are stepping stones toward the achievement of the organisation’s mission. The organisation
should set objectives that support the organisation’s mission and which are consistent with its risk
appetite (ACCA). The board of directors needs to consider risk appetite and take a high-level view of
how much risk it is willing to accept. There are different levels of risk associated with different objectives,
and the organisation needs to be aware of the risks arising if different objectives are pursued.
Event Identification
The organisation need to identify internal and external events that affect the achievement of its
objectives. The organisation should distinguish between negative events that are risks and positive
events that are opportunities. The organisation needs to also distinguish between strategic and
operational risks. Operational risks may result in a disruption to the organisation’s operations, while
strategic risks may disrupt the achievement of its strategic objectives. The ACCA suggests that a
problem with the COSO ERM Framework is that it has an excessive focus on internal factors and
therefore operational risks. Organisations need to have processes in place to identify potential risks
arising from individual events as well as being able to identify more gradual trends that may result in
changes in risk profile.
Risk Assessment
The organisation must analyse the risks that have been identified; in terms of their likelihood of
occurrence, and their potential impact on the organisation and its operations and objectives. This should
provide the organisation with an understanding of how to manage the risks it faces. The organisation
needs to employ a combination of qualitative and quantitative risk assessment methodologies to analyse
potential risks. The organisation needs to evaluate the inherent risk levels in events and trends but
needs to also evaluate the level of potential residual risk remaining after any risk management
interventions have taken place. Lastly, the organisation needs to consider how individual risks
interrelate and not evaluate them in isolation.
-5-
Risk Response
Once the organisation has identified and evaluated the range of risks it faces, it must then select
appropriate actions to align risks with the organisation’s risk appetite. The COSO emphasises the
importance of taking a portfolio view of risk, otherwise risks may be managed in isolation without
considering the potential collateral impact on the wider organisation. The organisation may use a
combination of four generic management responses to risk: (1) reduce, (2) accept, (3) transfer or (4)
avoid. The organisation must chose a risk response that is realistic and which factors in the cost to the
organisation of any individual risk response in the context of the potential organisational impact of that
risk. The ACCA refers to the ALARP principle, or ‘as low as reasonably practicable’. This idea is
especially important in more regulated industries, such as pharmaceuticals or retail banking.
Control Activities
The organisation must develop and implement a range of policies and procedures to ensure that risk
responses are effectively managed. Once controls and systems are in place they need to operate
effectively. The COSO emphasises that control activities are only a means to an end. The critical factor,
and weakness, in any control system, is people. The main reason why controls fail is because of
problems with how managers and staff utilise controls. There are several reasons for this: the controls
are not taken seriously, people make mistakes, or even management telling staff to ignore or over-ride
controls.
Monitoring
The organisation needs to monitor and manage its entire enterprise risk management framework and
systems. Systems and controls tend to deteriorate over time if they are not effectively monitored and
modified as the need arises. The process of monitoring may involve a regular review, or ongoing
monitoring, and periodic review, where an evaluation exercise is completed on a specific group of control
activities. Irrespective of how they are identified, any weaknesses in controls or their implementation
need to be assessed and rectified.
-6-
COSO Enterprise Risk Management (Updated) Framework
The Principles
The COSO outline the underlying principles as follows:
1 Exercises Board Risk Oversight The board of directors provides oversight of the strategy and carries out
governance responsibilities to support management in achieving strategy and
business objectives
2 Establishes Operating Structures The organisation establishes operating structures in the pursuit of strategy and
business objectives
3 Defines Desired Culture The organisation defines the desired behaviours that characterise the entity’s
desired culture
4 Demonstrates Commitment to Core The organisation demonstrates a commitment to the entity’s core values
Values
5 Attracts, Develops, and Retains The organisation is committed to building human capital in alignment with the
Capable Individuals strategy and business objectives
6 Analyses Business Context The organisation considers potential effects of business context on risk profile
7 Defines Risk Appetite The organisation defines risk appetite in the context of creating, preserving, and
realising value
8 Evaluates Alternative Strategies The organisation evaluates alternative strategies and potential impact on risk
profile
9 Formulates Business Objectives The organisation considers risk while establishing the business objectives at
various levels that align and support strategy
10 Identifies Risk The organisation identifies risk that impacts the performance of strategy and
business objectives
11 Assesses Severity of Risk The organisation assesses the severity of risk
12 Prioritises Risks The organisation prioritises risks as a basis for selecting responses to risks
13 Implements Risk Responses The organisation identifies and selects risk responses
14 Develops Portfolio View The organisation develops and evaluates a portfolio view of risk
15 Assesses Substantial Change The organisation identifies and assesses changes that may substantially affect
strategy and business objectives
16 Reviews Risk and Performance The organisation reviews entity performance and considers risk
17 Pursues Improvement in Enterprise The organisation pursues improvement of enterprise risk management
Risk Management
18 Leverages Information Systems The organisation leverages the entity’s information and technology systems to
support enterprise risk management
19 Communicates Risk Information The organisation uses communication channels to support enterprise risk
management
20 Reports on Risk, Culture, and The organisation reports on risk, culture, and performance at multiple levels and
Performance across the entity
The Risk Management Association (RMA) is a US based, professional association serving the financial
services industry. Its mission is to promote sound risk management principles in the financial services
-7-
industry. According to the RMA, enterprise risk management is designed to support the senior
management team and the board of directors to consider the following questions:
1. What are all the risks to our business strategy and operations (coverage)?
2. How much risk are we willing to take (risk appetite)?
3. How do we govern risk taking (culture, governance, and policies)?
4. How do we capture the information we need to manage these risks (risk data and infrastructure)?
5. How do we control the risks (control environment)?
6. How do we know the size of the various risks (measurement and evaluation)?
7. What are we doing about these risks (response)?
8. What possible scenarios could hurt us (stress testing)?
9. How are various risks interrelated (stress testing)?
The RMA have developed its alternative enterprise risk management framework. The RMA emphasises
that at the centre of the enterprise risk management framework is organisational culture. The RMA
states that without a strong culture and effective strategic leadership, the enterprise risk management
framework cannot work. In other words, organisations must use the framework and absorb it into its
‘way of doing things’, as mechanical compliance with the stages and components is not sufficient to
effectively manage risk. The circular nature of the framework reinforces that the individual components
of the framework are not sequential, but rather they are a dynamic flow in both directions. The RMA
‘Enterprise Risk Management Framework’ is illustrated below.
The various stages of the RMA’s Enterprise Risk Management Framework are outlined below.
Coverage
Enterprise risk management can only be managed and assessed in the context of the organisation’s
business strategy and strategic objectives. The organisation must detail what it wants to achieve in
terms of markets, geographies, products, earnings, and so on. Only by doing this can the organisation
consider the nature and level of risk implied in that strategy, and as a consequence discuss the level of
risk it is willing to accept in pursuit of this strategy and objectives. As identified ante, there are a range
of risks potentially facing an organisation as a result of its strategy, including, strategic risk, operational
risk, compliance risk, as well as financial and liquidity risks.
-8-
Risk Appetite
As discussed above, an organisation’s ‘risk appetite’ is a key element of its enterprise risk management
strategy. The RMA defines risk appetite as ‘the amount of risk (volatility of expected results) an
organisation is willing to accept in pursuit of a desired financial performance (returns).’ A statement of
an organisation’s risk appetite is critical to link the organisation’s strategy, business plans and level and
nature of organisational risk.
Control Environment
The organisation’s internal control environment is a critical element in its management of the various
risks it faces. Over time, organisations develop a wide range of internal controls to help reduce the level
of inherent risk it faces. This system of organisational internal controls is multifaceted, and includes
organisational culture as referred to above, corporate governance, organisational policies and
procedures, internal audit, and so on. The level of inherent risks, as reduced by internal controls, is
referred to as residual risk, and the organisation will want to minimise this; although risk cannot be
eliminated fully. The organisation needs to ensure that its internal controls are both adequate and being
effectively implemented.
-9-
Response
In the last step, the organisation must consider how to respond to the risks that it faces. It may decide
that continued monitoring of the relevant trend or event is sufficient. On the other hand, at the extreme,
the organisation may decide that the risks are significant and imminent, and as a result a change in
strategic objectives or strategic plan is required.
While the article has discussed enterprise risk management, a particularly relevant component of this is
Strategic Risk Management. According to Bromiley et al (2015) the uncertainty associated with strategic
choices poses challenges for enterprise risk management. They go on to state that if organisational
strategic choices strongly influence firm-level risk, then risk management efforts at lower levels may
have limited value. According to Frigo and Anderson (2011) strategic risk management is, ‘a process
for identifying, assessing and managing risks and uncertainties, affected by internal and external events
or scenarios, that could inhibit an organisation’s ability to achieve its strategy and strategic objectives
with the ultimate goal of creating and protecting shareholder and stakeholder value. It is a primary
component and necessary foundation of enterprise risk management.’
Strategic risks are those internal and external events and trends that can inhibit an organisation’s ability
to achieve its strategic objectives. As a result, strategic risk management focuses on the most important
and significant risks to organisations and to stakeholder value. Strategic risk management addresses
senior management’s view on the likelihood, and potential impact on the organisation of the most
significant risks facing the organisation. Although the formalised strategic management process
remains important, many strategic decisions occur outside of this formalised process. Therefore if
enterprise risk management is to have an impact at the strategic level, it needs to ensure that risk
analysis is a core element of any strategic decision and that there is adequate consideration of the risk
management issues involved. Frigo and Anderson (2011) identify the following steps in strategic risk
management:
1. Assess the senior managements and board of director’s understanding of the organisation’s
strategic risks and risk management processes.
2. Assess the maturity of the organisation’s enterprise risk management efforts relative to its strategic
risks.
3. Complete a strategic risk assessment to identify, prioritise and understand the organisation’s
strategic risks.
4. Review the organisation’s process for setting and updating its strategies and strategic objectives
to ensure that the process includes an analysis of the risks embedded in the suggested strategies.
5. Review the organisational processes to measure and monitor key performance indicators to ensure
that they include indicators related to strategic risks.
6. Make the strategic risk assessment process an ongoing one with periodic updating and reporting.
Conclusion
Enterprise risk management enables management to effectively deal with uncertainty and the
associated risks and opportunities. Enterprise risk management has become an important
organisational and management issue, especially in the context of increasing levels of globalisation,
industry consolidation, and deregulation, and the increasing volatility, complexity and ambiguity of the
world. As part of enterprise risk management, strategic risk management looks to respond to the internal
and external events or trends that could limit an organisation’s ability to achieve its strategic objectives.
This article explained the nature and importance of enterprise risk management, and identified the types
of risks that organisations face. The article then outlined the three lines of defence model that most
- 10 -
organisations use in addressing the strategic, financial and operational risks they face. The article then
explained two enterprise risk management frameworks, among the many that are promulgated; one by
the COSO and the second by the Risk Management Association. Lastly, the article outlined the nature
and importance of strategic risk management, and the relationship between it and enterprise risk
management.
- 11 -
Bibliography and References
Bromiley, P., McShane, M., Nair, A. and Rustambekov, E. (2015) ‘Enterprise Risk Management:
Review, Critique, and Research Directions’, Long Range Planning, 48, pp. 265-276.
COSO (2017) ‘Enterprise Risk Management: Integrating with Strategy and Performance’
Frigo, M. and Anderson, R. (2011) ‘What Is Strategic Risk Management?’, Strategic Finance, April 2011.
Lundqvist, S. (2014) ‘An Exploratory Study of Enterprise Risk Management: Pillars of ERM’, Journal of
Accounting, Auditing & Finance, 29(3), pp. 393-429.
Nocco, B. and Stulz, R. (2006) ‘Enterprise Risk Management: Theory and Practice’, Journal of Applied
Corporate Finance, 18(4), pp.8-20.
Paape, L. and Speklé, R. F. (2012) ‘The Adoption and Design of Enterprise Risk Management Practices:
An Empirical Study’, European Accounting Review, 21(3), pp. 533-564. DOI:
10.1080/09638180.2012.661937
The Institute of Internal Auditors (2013) ‘The Three Lines of Defense in Effective Risk Management and
Control’
The International Organisation for Standardisation (nd) ‘ISO 31000:2018(en) Risk Management –
Guidelines, Available at: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en (Accessed 23
July 2021).
The Risk Management Association (nd) Enterprise Risk Management Framework, Available at:
https://www.rmahq.org/erm-framework/?gmssopc=1 (Accessed 23 July 2021).
- 12 -
26 CRH ANNUAL REPORT AND FORM 20-F I 2019
Risk Governance
Appendix One: CRH Risk Governance
Effective risk governance supports the realisation of our strategic objectives and the continued
success of our business. Our ERM framework is a core component of our performance orientated
culture, with leadership guided by a clear line of sight on risks and opportunities across the strategic
planning horizon. Embedding ERM into our business processes creates an environment where
leaders take a disciplined and focused view on risks to inform and hone our strategy.
Adding Value to
Decision-Making Risk Management Framework
ERM in CRH is a forward-looking, strategy-
centric approach to managing the risks inherent
in decision-making. It is a tool readily employed Risk Risk
by the Board and the wider business leadership, Intelligence Process
firstly, when considering and setting strategic Risk Identification Viability
Impact
objectives, and secondly, during strategic
execution to ensure we are dynamic and
responsive to threats and opportunities for the
Reporting
Group.
we realise reward processes which harness the collective risk To reflect the Group’s diverse risk landscape
intelligence of the Group. The maturity of our risk and thoroughly understand potential risks that
when we manage structures has integrated our bottom, middle may materialise over the coming years, the
risk effectively. and top line perspectives, ensuring transparency
of threats, opportunities and controls in the
Group Risk function facilitates risk workshops
and Risk Committee meetings, supplemented,
context of individually and collectively held for example, by seminars and regional risk
strategic objectives. champion forums.
CRH ANNUAL REPORT AND FORM 20-F I 2019 27
2019 Highlights
Robust schedule with executive Redefined five year risk strategy c. 3,000 risks being managed c. 90 Risk Champions appointed
representation, fostering setting a roadmap for improvement through our global ERM framework, at all levels of the Group to support
wide-ranging discussion and in risk management frameworks, enabling full visibility, capability and and coordinate risk management
informing strategy. principles and practices. execution of strategy. activities.
The Risk Committee provides Five key themes have been Our bottom-up reporting process Our networks enhance the maturity
oversight, leadership and challenge identified to achieve our targeted garners comprehensive risk insights of the ERM framework locally and
to the processes in place across maturity, bringing risk closer to to ensure appropriate execution globally by sharing risk profiles,
the Group to identify, assess and our businesses, improving risk of risk management and that mitigation strategies and best
manage risks inherent in strategic governance and delivering value opportunities to leverage scale are practice from around the Group.
decision-making and execution. creation. identified and acted upon. Physical forums and virtual tools
ensure robust supports for this
cooperative community.
Benefits of
Link between Principal Risks Continuous Focused Scale and Developing
and Strategic Objectives Improvement Growth Integration Leaders
Portfolio Management
Strategic
Commodity Products and Substitution
Brexit
People Management
Financial Instruments
Goodwill Impairment
Climate Change and Policy has been created as a separate risk, having previously been disclosed as part of our sustainability risk. Following
Changes detailed analysis and internal assessment carried out by the Risk Committee, and an increased focus on business continuity management,
Operational Continuity has been removed as a principal risk, with the risk being downgraded to a divisional risk.
* EBITDA is defined as earnings before interest, taxes, depreciation, amortisation, asset impairment charges, profit on disposals and the Group’s share of equity accounted investments’ profit after tax.
108 CRH ANNUAL REPORT AND FORM 20-F I 2019
Under Section 327(1)(b) of the Companies Act 2014 and Regulation 5(4)(c)(ii) of the Transparency
(Directive 2004/109/EC) Regulations 2007, the Group is required to give a description of the principal
risks and uncertainties which it faces. These risks and uncertainties reflect the international scope of
the Group’s operations and the Group’s decentralised structure. The risks and uncertainties presented
below, which are supplemented by a broader discussion of Risk Factors set out on pages 233 to 241,
are reviewed on an annual basis and represent the principal risks and uncertainties faced by the Group
at the time of compilation of the 2019 Annual Report and Form 20-F. During the course of 2020, new
risks and uncertainties may materialise attributable to changes in markets, regulatory environments
and other factors and existing risks and uncertainties may become less relevant.
Continuous Improvement Focused Growth Benefits of Scale and Integration Developing Leaders
Risk trend:
Portfolio Management
Description Impact How we Manage the Risk
The Group may engage in acquisition and Failure to identify and execute deals in • Expertise in identifying and evaluating targets, conducting due
divestment activity during the year as part of an efficient manner may limit the diligence and executing integration
the Group’s active portfolio management Group’s growth potential and impact • Many core markets are fragmented and continue to offer growth
which presents risks around due diligence, financial performance. opportunities
execution and integration of assets.
• The Group’s detailed due diligence programmes are supported
Additionally, the Group may be liable for
by external specialists when necessary
liabilities of companies it has acquired or
divested.
Risk trend:
CRH ANNUAL REPORT AND FORM 20-F I 2019 109
GOVERNANCE
market forecasts factored in
Risk trend:
Brexit
Description Impact How we Manage the Risk
Uncertainties resulting from the UK’s withdrawal Failure by the Group to manage the • Executive management receive regular reports on Brexit and
from the European Union could pose uncertainties posed by Brexit could closely monitor the changing economic situation in the UK
challenges with currency devaluations, a fall in result in adverse financial performance • Contingency plans have been put in place within UK operations
construction activity in the UK, challenges in and a fall in the Group’s net worth. to address the range of potential economic, financial and
labour resources accessing the UK, movement operational effects of Brexit
of goods and services and repatriating
• Stress tests and scenario analysis have been conducted to
earnings.
understand potential outcomes and inform contingency plans
Risk trend:
110 CRH ANNUAL REPORT AND FORM 20-F I 2019
GOVERNANCE
regulatory framework and changing societal non-compliance with relevant offering multiple products and building solutions that enhance
expectations. regulations, standards and best the environmental performance of the built environment
practices and lead to adverse • Sustainability performance continues to be subject to rigorous
Risk trend: stakeholder sentiment and reduced external evaluation. The Group’s achievements have been
financial performance. recognised through its inclusion in a variety of leading global
sustainability indices
Risk trend:
GOVERNANCE
exposed pertain to (i) adverse movements in retained earnings. The annual impact portfolio and business mix which has now significantly higher US
reported results when translated into the is reported in the Consolidated Dollar exposure
reporting currency; and (ii) declines in the Statement of Comprehensive Income. • The Group’s activities are conducted primarily in the local
reporting currency value of net investments currency of operation resulting in low levels of foreign currency
which are denominated in a wide basket of transactional risk
currencies other than the reporting currency.
• The Group’s established policy is to spread its net worth across
Risk trend: the currencies of the various operations with the objective of
limiting its exposure to individual currencies and thus promoting
consistency with the geographical balance of its operation
Goodwill Impairment
Description Impact How we Manage the Risk
Significant under-performance in any of the A write-down of goodwill could have a • Economic indicators of goodwill impairment are monitored
Group’s major cash-generating units or the substantial impact on the Group’s closely through the monthly reporting process. Detailed
divestment of businesses in the future may income and equity. impairment testing is undertaken prior to year end
give rise to a material write-down of goodwill. • The goodwill impairment assessment is subject to regular review
by the Audit Committee
Risk trend:
• For further information on how the Group manages the risk
posed by goodwill impairment, please refer to note 16 to the
Consolidated Financial Statements on pages 166 to 168