Risk and assurance
Enterprise Risk Management
Our Enterprise Risk Management process, as illustrated above, continues to be used for the identification and assessment of risks to significant business objectives. The process ensures clear ownership for risks, mitigating controls and improvement actions by assigning accountability to relevant line management. Risks are reported to the Executive Committee and Audit Committee every six months. Notwithstanding this, risks are normally reviewed within the business on a quarterly basis to ensure they remain at the forefront of the management’s agenda, that no significant risks have been overlooked, that controls continue to be effective and mitigating actions are being addressed in a timely manner.
Having established our approach to risk management over the previous 18 months, this year we have started to implement further improvements to our process regarding the risk of non-compliance with critical legal and regulatory obligations. In particular, we are looking to increase the visibility of measures in place across the company to help demonstrate compliance. We are doing this for a number of reasons, including:
- to improve our understanding of key compliance obligations and compliance control awareness generally;
- to ensure that as specific processes are redesigned and improved as part of our Safer Better Faster initiative, compliance is ‘built in’ such that by following the process, compliance will be achieved; and
- to provide transparency over compliance management to our executive and any interested external third parties.
In addition to this work we have continued to further embed our Enterprise Risk Management process within all areas of the business, including significant change programmes and with steps now being taken to roll out in our capital programmes.
Principal risks
Our principal risks are described in the table in this section of the report. These and other risks have been monitored by the Executive Committee and Audit Committee during the past year.
Assurance framework
Severn Trent has made solid progress in implementing the key components of its governance framework which are based on clear organisational structures and decision making, sound policies and standards, and assurance of the outcomes. The board and other key stakeholders need a transparent methodology which delivers and validates the outcome of activities.
The company expects roles to be performed in line with specific annual job objectives. Employees performing their roles properly, preparing and reporting outcomes on time and to the required standard is a key component in our Assurance Framework.
The company continues to embed the compliance, verification and performance management activities in Severn Trent. These are within business areas and sometimes within discrete functions. These confirm that operational activities have been performed properly in the line.
Lastly, the company maintains an independent perspective on the overall framework by obtaining confirmation that the components of the governance structure are working properly. In Severn Trent, this is obtained from our assurance providers including Internal Audit.
In order to provide an appropriate understanding of how these responsibilities come together for Severn Trent, the company has developed a description of the key elements over which assurance is required by the board. This is maintained by the Director of Internal Audit on behalf of the board.
A map details the areas over which Severn Trent has decided to gain specific assurance. These may vary from year to year. The criteria by which each area for assurance is selected are:
- potentially damaging to reputation;
- material financial impact; and
- linked to the corporate KPIs.
Internal Audit will confirm the details of the assurance provision to cover:
- who is responsible;
- what is the activity; and
- how is this recorded.
Internal Audit will confirm the details of the assurance provision to cover:
- who is responsible;
- what is the activity; and
- how is this recorded.
Internal Audit deliver an audit plan to confirm that key business risks are being mitigated.