The Chief Executive Officer (CEO) is responsible for ensuring we meet our own standards and the expectations of our stakeholders. He is supported by the Managing Director Operational Governance with guidance and oversight from the Board via the Corporate Responsibility Committee. The performance review process is used to flow down corporate responsibility objectives through the Company.
Our Operational Framework sets out how we do business. We set Group-wide policies, which are enacted at a local level by our businesses, and help business leadership to make informed decisions about the business opportunities we pursue.
Our Code of Conduct defines the expected standard of behaviour for all employees. We revised our Code of Conduct in 2017. Our Code guides employees in making the right decision and helps them decide where they should go with concerns. All employees, in all positions, are encouraged to ask questions in order to resolve issues and make better decisions.
The Operational Assurance Statement (OAS) is a bi-annual process used to monitor compliance with the Operational Framework and policies. The OAS also requires a report showing the key financial and non-financial risks for each business, completed by the line and functional leaders.
The Internal Audit Director owns the OAS Policy, and is responsible for the consolidation and reporting of the OAS submissions from the businesses to the Group Audit Review Board, the Audit Committee and the Corporate Responsibility Committee. The Internal Audit Director reports functionally to the Audit Committee and, for day-to-day operations, to the CEO. The Corporate Responsibility and Audit Committees hold a joint meeting each year to review the OAS and assurance matters as both committees are concerned with both financial and non-financial risk.
The Board has overall responsibility for determining the nature and extent of the risk that the Company is willing to take, and ensuring that risks are managed effectively across the Group. The Board reviews risk as a regular agenda item and as part of its annual strategy review process. The Board carries out assessments of principal risks, including those that would threaten our business model, future performance, solvency and liquidity. Such risks have been identified based on the likelihood of occurrence and the potential impact on the Company. These risks, together with details of how they are mitigated and managed, are detailed in our Annual Report.