Risks and uncertainties

Risk management is an essential and integral part of JM’s planning and decision-making. It is fundamental in helping us achieve our objectives, improve outcomes for our stakeholders, enhance the realisation of opportunities and support the growth afforded by our stated aim of being a market leader in energy transition solutions. We continue to refine our principal risks to enhance clarity and reflect our progress. We work with risk owners around the potential exposures identified in our principal risks and, as they evolve, we are working with management to further provide JM’s board with the line of sight in order to plan and take appropriate actions.

Managing risks effectively

Effective risk management is central to JM’s decision-making process as it enables:

  • Planning through the lens of prioritisation to deliver strategic objectives.
  • Consideration of risk and reward in establishing and implementation of the relevant controls in the areas that matter most.

  • Assurance resources to be focused on specific areas of risk and uncertainty.

  • Opportunities to be pursued while continuing to mitigate JM’s risks in a rapidly changing external environment.

  • Compliance with UK Corporate Governance Code requirements.

JM’s Board of Directors has overall responsibility for the risk management process. Together with the GLT (Group Leadership Team) they have performed a robust assessment of the principal and emerging risks facing the business to ensure that the risks align with goals and strategic objectives. The Audit Committee assists the board in monitoring the effectiveness of the risk management and internal control policies, procedures and systems.

The ability to effectively manage the risks that we encounter plays a crucial part in strategic delivery and driving accountability. Risk management stands as a cornerstone of our governance and operations throughout the organisation. We continue to invest in awareness initiatives and the training of our employees to stay ahead of various threats. This intends to cover all areas of risk management, including cyber security and financial risks.

Risk governance and oversight



Risk management framework 

The Board, which is ultimately accountable for risk management and internal controls, evaluates how effective these systems are at mitigating principal and emerging risks at least once every year. The GLT provides support for the Board’s reviews, which ensures the risks we have identified are relevant to our current aims and strategic goals. The Audit Committee supports the Board in assessing the effectiveness of our risk management and internal control systems, processes, and policies.

Our risk management methodology takes a top-down approach to identify our principal risks (i.e., from Board level down) and a bottom-up approach to identify operational risks (i.e., from day-to-day level up). We are constantly looking to improve how connected and aligned these approaches are as they operate in parallel.

Functions, businesses and site teams are responsible for identifying, assessing and prioritising their risks. They also consider how likely it is that a risk will materialise and what effect that would have on our objectives. This includes reviewing whether a risk has changed, how strong the controls we use to manage the risk are and whether mitigating actions are in place. We use self-assessment and management attestation processes to report, at least once a year, on whether the relevant controls are effective. This is a maturing process with several initiatives in progress to improve our controls environment.

We are committed to improve how we address and monitor risks in a number of ways, including:

Our risk management methodology identifies and considers principal risks, including severe yet plausible scenarios.
Its purpose is to reassure stakeholders that we have fully considered and understand a broad range of risks and are managing them in line with defined risk appetites.

  • Making continued enhancements to our risk and compliance platform, JMProtect, which offers a combined and centralised view of our risk universe and controls framework.

  • Developing our Aligned Assurance model that aligns second and third-line assurance activities for easier collaboration and more proportionate risk-based assurance.

  • Working closely with Group Insurance, JM prioritises insurance cover for the most significant areas of risk across the Group, and areas where insurance is a legal or contractual requirement. If insurance is available on commercially reasonable terms, we also utilise it as a risk mitigation tool across our wider business. Where appropriate, we get advice from industry to help us assess risks and develop mitigation plans.