Close

Search the glossary

Enter a phrase to see a short definition.

Loading content

Close

Make a new note

Notes

A note on cookies

We use cookies to store your notes.

Therefore, it is only available from this computer. If it is a shared computer others may be able to view them.

We do not use cookies to store personal information.

Loading content

Close

Saved pages tool

No saved pages

A note on cookies

We use cookies to store your page list.

Therefore, it is only available from this computer. If it is a shared computer others may be able to see the list.

We do not use cookies to store personal information.

Loading content

Risk management and internal control

The Board regards the identification, assessment and prioritisation of risks, together with the implementation of effective mitigating controls, to be fundamental to achieving the Group’s strategic objectives and supporting the creation of long-term, sustainable returns for shareholders.

Our approach

The Board, supported by the Centrica Executive Committee (CEC), sets our strategic direction, which includes objectives, performance targets and policies for the management of material risks and opportunities. The system is intended to manage rather than eliminate the risk of failure to achieve business objectives and can provide only reasonable, and not absolute, assurance against material misstatement or loss.

Across the Group, each business has a Risk Management Committee that seeks to identify, assess and advise on material risks to the business and consider the adequacy of controls and the actions planned to mitigate those risks. These assessments are reported to the Group Risk Management Committee to develop the Company’s overall risk profile including those risks that might affect the Company at Group level. Where significant risks have been identified, a control infrastructure is present to ensure day-to-day monitoring and management of risks.

The CEC reviews the risks identified by the Group Risk Management Committee at its monthly meetings to assure itself that the significant risks facing the Group are being managed appropriately.

At each of its four meetings in 2009, the Audit Committee of Non-Executive Directors received a Group Risk Report that provided an assessment of the material risks facing the company including the adequacy of the associated controls. The Audit Committee also received the results of internal audit reviews that enabled the Committee to track issues, monitor performance and ensure actions are taken to remedy weaknesses or failings identified in the report. The Chairman of the Audit Committee reported on the issues discussed and conclusions reached at the subsequent Board meeting.

Identifying CR risks

The Corporate Responsibility (CR) Committee is authorised by the Board to review the effectiveness of the Group’s internal processes and controls for identifying and managing CR risks and opportunities that could materially affect the Group’s business performance. In line with this, the CR Committee sets objectives, performance targets and policies, which are monitored by the Board.

Material CR risks affecting the Group are currently recorded on our risk registers and managed through our Business Risk Management Committees, Group Risk Management Committee and Audit Committee process. Current examples include health, safety and environment; new technologies like smart meters and smart grids; reputation management; and outsourcing.

Business unit managing directors have responsibility for reporting to the CR Committee on CR risks and how they are being addressed. Views on potential risks from external stakeholders are also incorporated at CR Committee meetings.

Each risk is assessed against both financial and non-financial criteria, together with the likelihood of the risk materialising. Non-financial risks are assessed according to their impact on:

  • Brand and reputation
  • Legal and regulatory compliance
  • Customers and employees
  • Health, safety and security
  • The environment

Our assessment method uses a 1-5 rating for impact and likelihood. The overall rating (risk severity definition) is calculated from impact x likelihood and classified from minor to fundamental.

Our annual report describes in detail the Principal Risks and Uncertainties for the business, covering the impact and mitigation for these risks

Internal audit

There is a strong link between our risk management and internal audit processes. Our internal audit programme assesses the effectiveness of management controls in relation to CR risks. Conclusions from the audit process feed back into the risk assessments. In addition, the Audit Committee receives quarterly updates on the material findings and actions from the internal audits.

Understanding our business

Interactive map

CR Committee

04 May 2010