Principal risks and uncertainties

The Board is ultimately responsible for the management of risk in the Group.

The Group's risk management framework

The Board is responsible for the management of risk in the Group. Our internal control and risk management framework is regularly monitored and reviewed by the Board and the Audit Committee, and comprises a series of policies, processes, procedures and organisational structures which are designed to ensure that the level of risk to which the Group is exposed is consistent with the Group's risk appetite and strategic objectives, as defined by the Board.

Board oversight

The Board specifically approves: risk management policies and plans; significant insurance claims, legal claims or settlements; acquisitions, disposals and capital expenditures; and the Group budget, forecast and three-year plan. The Board has put in place a documented organisational structure with strictly defined limits of authority. These have been communicated throughout the businesses and are well understood by the Executive Directors, and by functional and business leaders who have delegated authority and specific responsibility for ensuring compliance with and implementing policies at corporate, divisional and business unit level. Group functions and operating units are each required to operate within this control environment and in accordance with the established policies and procedures. This includes ethics, anti-bribery and corruption, conflicts, treasury, employment, slavery and human trafficking, whistleblowing, data protection, health and safety and environment.

Group functions

The Group's trading companies are supported by Group functions. Each functional head reports to an Executive Director. The Board retains an oversight role and receives regular reports on key issues: on financial, tax and treasury matters from the Group Finance Director, on people and HR matters from the Group Head of Human Resources Director, and on legal and regulatory matters from the Group General Counsel and Company Secretary. The Board has a schedule of matters specifically reserved to it for decision, designed to ensure that it maintains full and effective control over appropriate strategic, investment, financial organisational and compliance issues. This schedule is subject to review by the Board on an annual basis.

Internal audit

The Group's Internal Audit function is supported by a co-sourcing arrangement with a major international firm, and undertakes regular reviews of the individual businesses' operations and their systems of internal controls. It makes recommendations to improve controls and follows up to ensure that management implements the recommendations made. The annual Internal Audit plan is determined on a risk assessment basis and is reviewed and approved by the Audit Committee. Internal Audit's findings are reported to the individual management team, the Executive management team, the functional heads, and the chairman of the Audit Committee. The head of Internal Audit attends all Audit Committee meetings and twice annually presents a summary of the Internal Audit findings, recommendations, and implementation progress. Internal Audit also implements the annual risk evaluation process and the internal control and risk management review questionnaire process with the individual businesses, before their presentation to the Board.

Group Risk Committee

The Board also operates a Group Risk Committee (GRC), which meets quarterly and is attended by the Executive Directors and the heads of the functional teams. The minutes of the GRC are reported to the Board, and any key issues raised are discussed at meetings of the Board. The main responsibilities of the GRC are: to identify and monitor operational risks and to ensure that those risks are being actively managed throughout the Group; to support the Group's Internal Control and Risk Management strategy and policy; and to review reports on key risks and risk maps prepared by trading companies in order to monitor and report on the types of risk within the Group and report on how effectively risk management is performed / monitored within each business unit / trading company. Each of the functional teams provides a report at each GRC meeting which identifies any matters in their functional area which relates to the Group's principal risks and uncertainties, or to the individual businesses' own risk registers. During the year 2019, the GRC has undertaken specific reviews of the Group's approach in the following principal risk areas:

  • development of project management best practice and training
  • on-going development of Group-wide processes and training for contract risk management
  • review of the Group's cyber security risks to the Group's own systems and the Group's key IT suppliers

Principal risks and uncertainties

Risk description  Potential impact  Management / Mitigation  Change in risk 
Group businesses may fail to meet customer expectations on project delivery.
  • Significant adverse financial and reputational consequences.
  • Increased cost and management time resulting from management of disputes and litigation. 
  • Projects and contracts are subject to on-going review at levels and frequencies appropriate to performance and potential risks.
  • Our businesses employ industry experts to help ensure effective project delivery and performance. 
The successful management and delivery of projects continues to grow in importance with the ongoing increase in large project work across the Group. Group-wide project management training, best practice development and targeted recruitment has sought to mitigate this risk through 2019. While the Group has suffered two project delivery issues, the overall risk level remains consistent.
Risk description Potential impact Management / Mitigation Change in risk
The Group may be exposed to increased contractual risks as it continues to grow, wins larger contracts and operates in more geographies.
  • Financial impact caused by late payment, or cost overruns.
  • Increased claims and litigation.
  • Exposure to non-UK legal jurisdictional uncertainty.
  • The Group utilises internal and external professional expertise to minimise risk in contract negotiation with customers and partners.
  • All material tenders, contracts and joint ventures are referred to their trading company board.
  • All contracts are subject to appropriate limits of authority and defined approval processes to ensure that contracts are reviewed and approved at appropriate levels prior to commitment.
Whilst the risk has increased, the Group has implemented a number of mitigating activities including improved stage gate process adoption and contract management training.
Risk description Potential impact Management / Mitigation Change in risk
 The Group may fail to attract, retain and develop personnel of the requisite calibre and to plan for succession in key leadership positions.
  • The Group may not be able to maintain its existing strong and experienced management teams in its operational businesses.
  • The Group's delivery of its strategic objectives depends on recruiting and retaining the right people in all areas of our business. 
  • Maintenance and development of formal programmes for graduate recruitment, identifying and developing talent and future leaders, management development, appraisals, formal and informal training plans.
  • Appropriate remuneration incentives, including the extension of share schemes to key individuals.
  • Succession and talent development is regularly discussed at Board and trading company level. There are several management development programmes in place for individuals who have been indentified as potential senior managers. These programmes are defined to help develop and grow the capabilities and behaviours required of senior managers so that we have potential successors for key business roles. 
 2019 has seen some key management changes within the businesses as long-standing MDs retire. These transitions have been managed well as part of succession planning, and brought fresh impetus to affected businesses. This remains a key risk for the Group, but has not increased in the year.
Risk description Potential impact Management / Mitigation Change in risk
 Group trading companies may experience an adverse operational incident or failure to maintain appropriate levels of service delivery.
  • The health and safety of our workforce and others could be impacted by our operations.
  • An incident may impact on business and reputation of the Group and the affected businesses which rely on ensuring that a good reputation is maintained in the market with their customers.
  • Claims and regulatory action may be taken against the Company or the affected business. 
  • The Group places a particular emphasis on operational excellence including the health, safety and security of its operations and the quality of its services provided.
  • These key areas are continually monitored and reported to the Board. Health and safety and environment are the first items discussed at each trading company board meeting and each meeting of the Board.
  • The Group maintains policies and processes to manage safely and compliantly our operations, to protect our workforce, to react appropriately to operational incidents and to deal quickly and effectively with any safety or service failings.


 While the level of risk has not changed, there were two major incidents on customer vessels during 2019 including the fatality of a contractor in the Netherlands. This has resulted in a renewed push raising the level of focus on HSE.
Risk description Potential impact Management / Mitigation Change in risk
 The Group is exposed to interest rate, foreign exchange and credit risk.
  • An increase in interest rates or credit restriction would have a financial impact on the Group. 
  • The Group maintains relationships with a small group of banks and enters into bilateral revolving credit facilities which spread its maturity profile and provide flexible funding.
  • The Board discusses macro-economic issues and their potential impact on each of these risks.
  • The Group's centralised finance function oversees all key strategic finance matters including day-to-day management of the Group's liquidity, interest rate and foreign exchange rate risks.
  • Forward currency contracts and interest rate swaps are entered into to mitigate the risks of adverse currency or interest rate movements. 
 Uncertainty surrounding Brexit continues, impacting the GBP:USD exchange rate which continues to be mitigated through the Group's hedging activities. The impact of Brexit remains under review although the Board continues to consider this to be a limited risk for the Group. A more detailed review of the Board's view of the risks in relation to Brexit is set out on page 21 of the 2019 Annual Report.

Risk description Potential impact Management / Mitigation Change in risk
 The Group's increasing activities in overseas emerging markets and key growth economies with fluctuating legislative restrictions, embargoes, sanctions and exchange controls, often undertaken in association with local joint venture partners, may expose the Group to increased risk of governance and compliance issues.
  • Any significant failure to comply with laws or regulations could lead to penalties and other financial liabilities, as well as reputational issues.
  • Where there is a jurisdictional requirement for local investment, the Group's ability to continue business in that jurisdiction could be adversely impacted. 
  • Risk and internal control of overseas joint ventures is a key area of management's focus.
  • As businesses develop we monitor and review the structure of, and reporting lines for, our overseas operations and the relations with third parties to ensure an appropriate form of command and control is maintained, dependent on the particular operating environment and the nature and the size of the business.
  • The Group allocates additional resource to areas of higher risk and has enhanced its internal audit reviews for overseas businesses which are supported by external audit companies, where appropriate.
  • Processes are in place that are designed to ensure that all businesses operate in accordance with legislative restrictions, embargoes, sanctions and exchange controls and the Group's policies and applicable laws. 
Operating in challenging conditions in developing markets including in South America, the Middle East, Asia and Africa remains a key part of the Group's strategy. Increasing revenues from emerging markets indicates that overseas operations remain as a significant risk. 2019 saw increased focus on controls and resource allocated to mitigate risks in this area.
Risk description Potential impact Management / Mitigation Change in risk
 Third parties could cause harm to the Group and its trading businesses via digital channels.
  • Cyber-attacks could result in financial and reputational damage by way of significant interruption to business systems.
  • Phishing could result in financial and reputational damage by way of theft or fraud. 
  • The Group's IT systems are defended through the use of software protection and processes which are regularly reviewed and tested. These defences include gateways, firewalls and threat detectors.
  • IT security information and updates are reviewed on a regular basis.
  • Accounting and banking controls are regularly appraised to ensure they are appropriate, up-to-date and comply with recommended practice.

 The Group suffered a cyber security incident in November which was reported to shareholders. Full investigations were carried out and system weaknesses identified. Lessons learned and potential improvements have been identified and are being implemented along with other planned IT improvements.

Cyber security has been a growing issue worldwide and in view of the incident in 2019, we conclude that the risk has increased.