Risks and uncertainties
A holistic approach to managing risk
Risk is central to the creation and delivery of our strategy. We have an established risk management and internal controls framework to identify, assess, mitigate and monitor the risks and uncertainties facing our business which enables us to create and protect value. Our approach to risk provides meaningful challenge to our sectors, functions and to our Group Management Committee (GMC) and board, to help them make informed decisions.
The effective management of risk enables Johnson Matthey to:
- Deliver our strategic objectives.
- Improve our decision making, planning and prioritisation.
- Pursue opportunities while continuing to mitigate our risks in a rapidly changing external environment.
- Implement controls to mitigate or prevent risks from materialising.
- Consider risk and reward and implement controls in the areas that matter most to us.
- Comply with UK Corporate Governance Code requirements.
Risk management framework and process
The risk management framework incorporates both a top down approach to identify the company’s principal risks and a bottom up approach to identify operational risks. Our board has overall responsibility for JM’s risk management process. Together with the GMC, they perform a robust assessment of the principal risks facing the business twice a year. The GMC also focuses on selected risks. The risk reviews are embedded within the relevant business and / or functional review to ensure that the risks and our response to them is considered in the context of our strategy, our values and our strategic objectives.
We are developing robust qualitative and quantitative modelling techniques to identify and assess any risks that may impede delivery of our strategic objectives. All risks are described, analysed and reported using a standardised framework across the business. Likelihood of occurrence and the potential impact to the company are considered and scored using impact measures including financial, operational, reputational and people factors. The effectiveness and adequacy of controls are assessed regularly with assigned owners and reported at least twice a year.
We continually strive to improve risk management and have made the following enhancements over the last 12 months:
- To ensure greater transparency in our assessment of emerging risks and in response to the 2018 UK Corporate Governance Code, we conducted specific risk sessions to ensure our GMC and board understood the new requirements, our approach and their role.
- We applied greater scrutiny on defining and assessing the effectiveness of mitigating activity.
- We applied additional analysis on sub sector risks such as root cause and correlation against their likely principal risks to provide additional information as to where our risks are originating from and how we can effectively mitigate them.
- We further embedded the bottom up risk management process to ensure that our sector risks are adequately consolidated and reviewed by sector and group leadership twice a year.
- We continually reviewed internal and external environment changes / movements at the board and GMC to ensure that the top down risk management process is fully informed.
- We identified and considered likely opportunities to leverage and ultimately create value.
- We continued to lead open and honest conversations with the business to drive deeper, more informed and challenging discussions.
We critically assess our principal risks to ensure that we continually reflect on the challenges facing our business and the changes that we need to make in response.
We consider our principal risks and uncertainties alongside our strategic and business plans to ensure our risk coverage and analysis supports decision making, and to inform our audit efforts. This year we sought external advice to ensure we were managing our cyber risk effectively. We also gave specific and detailed consideration as to whether metal liquidity and supply should be considered a principal risk.
Ensuring a reliable supply of platinum group metals remains an area of importance for JM. This includes anticipating our customers’ demands at the same time as having a detailed understanding of metal mining and supply. While the gross risk associated with metal supply, price and liquidity is significant, we concluded that the risk is being adequately mitigated through a number of activities including persistent monitoring of triggers that may cause deviation from our forecasts.
We sought external assurance on our plans to modernise and improve our IT infrastructure, specifically to gain assurance that the modernised estate would have the resilience to respond to the scale, sophistication and impact of future cyber threats.
We have concluded that for the most part, our key areas of risk remain unchanged. In all cases, we continue to review and refine the documented mitigations for each risk. We continue to report whether the risk profile is increasing, decreasing or remaining constant. This provides our board and our shareholders with greater transparency and useful insight into our risks and what we are doing about them.