Risk management and internal controls
The Board is ultimately responsible for the management of risk in the Group.
James Fisher's internal control and risk management framework is regularly monitored and reviewed by the Board and the Audit Committee and comprises a series of policies, processes, procedures and organisational structures which are designed to ensure that the level of risk to which the Group is exposed is consistent with the Board’s risk appetite and the Company’s strategic objectives.
The Board determines the Group’s policies on risk, appetite for risk and levels of risk tolerance and specifically approves: risk management policies and plans; significant insurance and/or legal claims and/or settlements; acquisitions, disposals and capital expenditures; and the Group budget, forecast and three year plan. The Board has put in place a documented organisational structure with strictly defined limits of authority from the Board to operating units that have been communicated throughout the businesses and are well understood by the Executive Directors, functional and business leaders who have delegated authority and specific responsibility for ensuring compliance with and implementing policies at corporate, divisional and business unit level. Group functions and operating units are each required to operate within this control environment and in accordance with the established policies and procedures covering areas including ethical, anti-bribery and corruption, conflicts, treasury, employment, slavery and human trafficking, whistleblowing, data protection, health and safety and environment.
The Group’s trading companies are supported by Group functions for finance, treasury, taxation, internal audit, insurance, legal and company secretarial, human resource and payroll and information systems functions: the functional heads report to a nominated Executive Director. The Board retains an oversight role, receives regular reports on key issues and has a schedule of matters specifically reserved to it for decision designed to ensure that it maintains full and effective control over appropriate strategic, investment, financial, organisational and compliance issues. This schedule is subject to review by the Board on an annual basis.
The Board also operates a Group Risk Committee (GRC), which meets quarterly and is chaired by Nick Henry with representation from functional heads including finance, human resources, legal and company secretarial, information services, insurance and internal audit. The main responsibilities of the GRC are to identify and monitor operational risks and ensure that those risks are being actively managed throughout the Group; to support the Group’s Internal Control and Risk Management strategy and policy and to review reports on Key Risks and Risk Maps prepared by trading companies in order to monitor and report on the types of risk within the Group and report on how effectively risk management is performed/monitored within each business unit/trading company. The minutes of the GRC are reported to the Board.
Principal risks and uncertainties
The most significant risks that the Board considers may affect our business (based on the risk evaluation process described above) are listed below. On the basis that the Board considers that the Group’s principal risks have not materially changed, the categories of risks listed below are similar to last year. The Group’s decentralised business model and geographical spread helps to mitigate the impact of each principal risk.
- Project delivery
- Contractual risk
- Recruitment and retention of key staff
- Health, safety and environment
- Financial risk
- Energy markets
- Operating in emerging markets
- Cyber security
List of principal risks and uncertainties, as included in the 2017 Annual Report and Accounts.