Policy summaries

Risk Management
The policy applies to BAE Systems plc, its wholly owned subsidiaries and their respective employees. All other companies and entities controlled by BAE Systems plc have a substantially equivalent policy applicable to their respective employees.
The objective of risk management is to remove or reduce the likelihood and effect of risks before they occur, and deal effectively with actual problems if they do.
BAE Systems sets out clear requirements for the management and reporting of risk to support the delivery of the Company’s objectives and to meet the requirements of good corporate governance.
Our Risk Management policy has particular focus on business risk (including non-financial risks), being all risks that normally sit outside of projects. Project Risk is dealt with in accordance with the Group’s Lifecycle Management Framework.
Our line leaders must ensure that their businesses have a comprehensive risk and opportunity management plan to cover the risks and opportunities to their business. Risks are recorded in controlled register(s) and are allocated an owner who has authority and responsibility for assessing and managing the risk.
For those risks that are identified as being unacceptable, steps shall be taken to produce a clear cost effective strategy and implement action plans to manage the risks and to reduce them to a tolerable and acceptable level.