Annual Report and Accounts 2018

Further to the release of the Company's preliminary results announcement on 21 February 2019, the Company announces that it has today published its Annual Report and Accounts 2018 (Annual Report 2019).

The Company also announces that today, 8 April 2019, it posted to shareholders the Notice of Annual General Meeting to be held at 11.00am on Monday 13 May 2019 at the QEII Centre, Broad Sanctuary, Westminster, London SW1P 3EE.

In accordance with Listing Rule 9.6.1, copies of the following documents have been submitted to the UK Listing Authority and will shortly be available for inspection from the National Storage Mechanism at

  • Annual Report 2018;
  • Annual Review 2018;
  • Notice of Annual General Meeting 2019; and
  • Proxy Form for the 2019 Annual General Meeting.

The above documents are also available at and

This information should be read in conjunction with the Company’s preliminary results announcement. A condensed set of the Company’s financial statements and information on important events that have occurred during the financial year and their impact on the financial statements, were included in the preliminary results announcement released on 21 February 2019. That information, together with the information set out below, which is extracted from the Annual Report 2018, is provided in accordance with the Disclosure and Transparency Rule (DTR) 6.3.5R, which requires it to be communicated to the media in full unedited text through a Regulatory Information Service. This announcement is not a substitute for reading the full Annual Report 2018.  Page and note references in the text below refer to page numbers and note numbers in the Annual Report 2018.    


Our Principal Risks and Uncertainties

Understanding those risks that impact our strategy and determining how much risk we would like to take

Decentralisation of energy systems, shifting power to the consumer and increasing digitisation, presents both opportunities and risks. Identifying and appropriately managing these risks is critical to the successful delivery of our strategy. Within our System of Risk Management and Internal Control we assess risk in relation to the delivery of Group Priorities and determine the level of risk we are prepared to take:

  • safety, compliance and conduct: Our appetite for taking risk in this area is as low as reasonably practicable in relation to: ensuring the safety of our people, customers and communities; conducting our business operations in compliance with laws and regulations; protecting personal and business data about our customers and employees; and managing our financial reporting risks;
  • customer satisfaction and operational excellence: We have a moderate risk appetite to allow us to pursue innovative opportunities. We are driven to satisfy the changing needs of our customers;
  • cash flow growth and strategic momentum: We have a moderate to high risk appetite for seeking opportunities to deliver cash flow growth and our target return on capital;
  • cost efficiency and simplification: We have a low to moderate risk appetite for failing to implement and manage improvements sustainably and in a rigorous and systematic way; and
  • people and building capability: We accept a moderate level of risk in finding ways to attract, develop and reward people with the diverse capabilities needed to deliver our ambitions.

Strengthening our System of Risk Management and Internal Control

Each business unit and Group function is responsible for identifying and assessing its significant risks. We consider both the potential impact to the Group and the likelihood of occurrence on an inherent and residual basis and aggregate these risks within defined Principal Risk categories. The Executive Committee then considers these perspectives alongside broader external and internal factors to create a Group-wide set of prioritised risks.

We categorise our risks as:

  • Risk Requiring Standards (RRS): Risk with negative impacts that we control through Standards and Management Systems, for example process safety or data security.
  • Risk Requiring Judgement (RRJ): Risk that we choose to take to execute our business strategy, for example new products or business improvement opportunities.
  • External Risk: Risk that requires a focus on scenario and contingency planning with little or no ability to reduce likelihood, for example extreme weather or geopolitical turbulence.

We identify all ‘severe, but plausible’ consequences of our risks, where the realisation is more than remote in likelihood. These consequences are considered in our assessment of viability as described on page 51.

On an annual basis, we evaluate our System of Risk Management and Internal Control, learning from any control incidents that have arisen, to ensure we are mitigating risks in line with our risk appetite. We are evolving our System of Risk Management and Internal Control to ensure it remains appropriate, particularly as we expand into new jurisdictions and develop our business priorities.


Evaluating risks through our Enterprise Risk Framework

Our Enterprise Risk Framework is designed to enable us to identify, evaluate and mitigate our risks appropriately. It comprises six steps:

  1. Identify
  • Identify significant risks to achieving business unit and/or function objectives
  1. Assess & Analyse
  • Assess inherent impact and likelihood using the Centrica risk assessment matrix
  • Identify risk type (RRS, RRJ or External Risk) and determine target risk rating
  • Identify mitigating activity and key risk indicators and assess current risk exposure
  1. Design & Implement Controls
  • Design and implement controls and actions to mitigate the potential impact and likelihood of risks
  1. Manage & Monitor
  • Management of risks and controls to deliver target risk level
  • Monitor through inspection, performance reviews and regular reporting
  • Identify and implement specific remediation actions
  1. Calibrate & Assure
  • Risks are calibrated to ensure consistency and prioritise responses
  • Second line assurance and internal audit activity
  • Assess impact of assurance findings
  1. Report, Evaluate & Improve
  • Report consolidated risk, assurance and control position to the Group Ethics, Risk, Assurance, Control and Compliance Committee (GERACCC), Audit Committee and Safety, Health, Environment, Security and Ethics Committee (SHESEC)
  • Evaluate priority risks within the Group risk profile to identify any corrective actions
  • Evaluate Group-wide severe, but plausible, risks and implications
  • Drive continuous improvement through reviewing the Risk Universe and Group risk appetite

Mitigating Risk through our System of Risk Management and Internal Control

Our System of Risk Management and Internal Control is central to our governance processes and comprises the following elements:

  • What we stand for:
    • Our Purpose: We are an energy and services company. Everything we do is focused on satisfying the changing needs of our customers.
    • Our Values: Our Values of Care, Collaboration, Courage, Delivery and Agility underpin our strategy and Priorities.
    • Our Code: This was launched in early 2018 to replace our Business Principles and provides the foundation for how we operate.
  • Our strategic framework:
    • Strategy: This is aligned throughout the organisation by the five Group Priorities.
    • Financial Framework: Sets out parameters and targets within which we operate to guide our strategic planning and financial decision-making.
    • Enterprise Risk Framework: Incorporates the Principal Risks within the Group Risk Universe.
  • Our governance:
    • Board and Committees: Structured to effectively execute required duties and through which our Principal Risks are monitored.
    • Legal entities: Subsidiary company legal entities with boards of directors required to meet legal and regulatory obligations.
    • Delegations of authority: Accountability is delegated through the organisation to individuals in accordance with risk appetite.
    • Executive and Committees: Oversight to ensure appropriate planning and performance management.
  • How we are organised and managed:
    • Management Systems: The detailed policies, standards and processes establishing the mandatory requirements and which are required for the systematic management of related risks.
  • How we provide assurance:
    • Second line assurance: Ensuring policies and standards are complied with through monitoring and testing activities performed by individuals who are not directly responsible for the operation of the controls relating particularly to Finance, HSES, and Digital Technology Services.
    • Internal Audit: Providing confidence to the Board, via the Audit Committee, that Centrica has appropriate risk management procedures and effective controls in place.

Changes in risk climate and emerging risks

We monitor closely the evolving risk climate in relation to each of our Principal Risks. We consider that our overall risk climate has broadly remained unchanged over the past year. However, within specific Principal Risks there have been movements. Notably the risks related to regulatory intervention declined with the clarity provided on the SVT Price Cap, but the broader political uncertainty counteracts this. We monitor those risks that could impact on the Group in the future, including risks relating to our competitiveness, global energy and services trends, political developments and climate change.

Emerging risks relating to competitiveness result from the need to be agile in delivering growth in gross margin in an environment where there are many new entrants and our competitive landscape is evolving. We focus on serving our customers and have worked in 2018 to strengthen our leadership teams. Quarterly performance reviews are held with all parts of the business to monitor progress against targets and embed continuous improvement.

We are adapting our company to be agile and to embrace the future as a 21st century energy and services company. The shifting of power to the consumer means today’s customers are accustomed to using the Internet of Things (IoT). To stay at the forefront of technology, we are increasing our investment in Connected Homes with innovations to give customers control over their home energy management. Similarly, our Distributed Energy & Power business helps customers gain competitive advantage from energy and allows us to offer end-to-end solutions. Ongoing digitisation will continue to provide opportunities to improve productivity and accessibility of energy systems, and therefore customer satisfaction, and may also improve safety and sustainability. However, digitisation also brings new security and privacy risks. Security operations monitoring teams are developing new ways to detect physical, cyber and insider attacks. We also have a Proactive Cyber Assurance team in place to identify system vulnerabilities before they are exploited.

Risks relating to the global political and economic environment, global disease outbreaks, interstate conflict, trade wars, terrorist attacks and climate change are monitored with a focus on the countries in which we operate. As our Group footprint grows, we need to be increasingly attentive to risks specific to new jurisdictions in which we operate. We manage relationships with multiple stakeholders to understand how global events can impact on our operations and monitor macro-environmental factors to assess the impact on commodity prices.

Climate change presents particular concerns and we are focused on ensuring we can respond to increased weather volatility, with its potential to harm our customer service levels, if we are unable to adapt appropriately to events like the extreme cold weather in the UK during the first few months of 2018. Lessons learnt from such events have helped us to put new measures in place for similar issues in the future.


Brexit risks

Given the UK’s intention to leave the European Union on 29 March 2019, we established a dedicated Brexit project group following the 2016 referendum. During 2018 and into 2019, that group worked intensively with colleagues across Centrica to anticipate and mitigate, as far as possible, any adverse impacts on the Group and our customers. These efforts were strongly focused on the ‘no deal’ risk of leaving the EU without an agreement, addressing both the potential financial consequences and the need to maintain operational business continuity. Particular attention was paid to our pan-European energy trading activities, our Bord Gáis business operating within the Integrated Single Electricity Market (ISEM) on the island of Ireland, the impact of a ‘no deal’ Brexit on cross-border trade in goods (procurement and supply chains) and the need to facilitate continued cross-border transfers of protected personal data. We have completed our business impact assessment and this has been independently assessed through our Internal Audit function and advisors. We have individual working groups with clear accountabilities established for the necessary contingency plans and ‘no deal’ risk mitigation for both the direct and indirect consequences.

Specific and material ‘no deal’ risks considered in February 2019 include the following:

  • our energy trading entities may face additional obligations under EU financial services legislation (particularly, the European Market Infrastructure Regulation) because that legislation will no longer recognise UK energy derivative trades as it does within the EU;
  • we do not yet know whether we have a UK obligation to present EU ETS carbon permits in 2019, making it more difficult manage our carbon position;
  • the future of the ISEM on the island of Ireland may be at risk;
  • efficient day-ahead access to the electricity interconnectors between GB and the Republic of Ireland/Northern Ireland may not be available for some time after Brexit, making it more complex for Bord Gáis to manage its electricity pricing risks;
  • we and/or our customers will face the risks of a weaker pound, WTO import duties and logistical delays at UK ports of entry - putting up the costs of EU-sourced equipment and potentially making it more difficult to manage unplanned outages of energy producing facilities;
  • since the UK will lose blanket EU approval for cross-border transfers of personal data, we are taking steps to include EU-approved ‘model clauses’ within all the relevant contracts; and
  • a weaker pound, lower UK interest rates and higher UK inflation in the wake of a ‘no deal’ Brexit could push up the level of UK corporate pensions deficits, including our own.

Principal Risks

The Group Risk Universe is made up of a holistic framework of Principal Risks, laid out below in the Group’s order of prioritisation. The Board makes a robust assessment of these Principal Risks, considering future performance and our ability to deliver the strategy, including solvency and liquidity risks. For each Principal

Risk, we discuss the nature of the risk and the impact on our Group Priorities. Each Principal Risk is overseen directly by the Board or one of its committees, with the Board retaining overall responsibility for risk across the Group.

Our assessment of risks extends to risks associated with our investments in joint ventures and associates, including our nuclear business. The impact and likelihood of these risks are evaluated and reported using a consistent approach.




Potential impacts



Political and Regulatory Intervention

Risk of political or regulatory intervention and changes, including those resulting from Brexit, or a failure to influence such changes.

External Risk

Governance Oversight:



Cash flow growth and strategic momentum

As described on page 44, Brexit presents risks that are being closely managed in relation to changing policies in the energy market and with regards to carbon emissions. While the results of the Ofgem investigation into Standard Variable Tariffs is now known, there is continued regulatory pressure in the Consumer Energy Supply markets in the UK and North America that could result in the erosion of our profit margins. There is a risk of partial/total regulation of a small number of retail and/or natural gas markets in the US. Operating costs could also increase in the case of further smart meter and/or energy efficiency obligations.

  • We are committed to an open, transparent and competitive UK energy market which provides choice for consumers.
  • Executive Directors and senior management actively engage in discussions with political parties, regulatory authorities and other stakeholders.
  • We have dedicated Corporate Affairs and Regulatory teams which examine upcoming political and regulatory changes and their impact.
  • We have a dedicated Brexit project group which aims to identify and assess the many Brexit-related issues which might impact the Group and our customers.


Financial Market 

Risk of financial loss due to our exposure to market movements, including commodity prices, inflation, interest rates and currency fluctuations. 

External Risk with elements that are Risk Requiring


Governance oversight:

Board and Audit Committee 


Cash flow growth and strategic momentum

Due to our large upstream and downstream business positions, our exposure to adverse price movements in commodity markets could impact profitability and cash flow generation across the business. While increased volatility in commodity prices could provide more opportunities, it could also give rise to higher collateral costs and/or additional credit risk for both Energy Marketing & Trading (EM&T) and North America Business. Further, it would create volatility in asset and contract valuations. An unseasonally warm autumn/winter in the UK and a cooler summer in the US could reduce customer demand significantly.

  • Financial risk is reviewed regularly by the Financial Risk, Assurance and Control Committee, and the Group Ethics, Risk, Assurance, Control and Compliance Committee to assess financial exposures and compliance with risk limits. Regular review is also undertaken by the Audit Committee.
  • Stress testing analysis is presented weekly to the EM&T Risk Committee.
  • As we move into new trading arrangements, we are focused on ensuring that our financial risk policies remain appropriate to the risks we face.
  • We have appropriate hedging strategies in place that are regularly updated to mitigate exposure to commodity and financial market volatility.
  • We are investing in our systems to further automate and strengthen our control environment.


Health, Safety, Environment and Security (HSES)

Risk of failure to protect the health, safety and security of customers, employees and third parties or to take appropriate measures to protect our environment and in response to climate change.

Risk Requiring Standards

Governance Oversight:

Board and Safety, Health, Environment, Security and Ethics Committee


Safety, compliance and conduct

Our operations have the potential to result in personal or environmental harm. Significant HSES events could have regulatory, financial and reputational repercussions that would adversely affect some, or all, of our brands and businesses. We recognize and report on incidents that do occur, as described on page 19.

  • We are restructuring our business to make it less carbon intensive and we engage with climate change bodies and NGOs to offer our perspective, understand the direction of future actions and assess our readiness to respond to change.
  • We engage with regulatory agencies such as the Environment Agency, Oil and Gas Authority and UK HSEx to ensure we comply with legislative/regulatory requirements.
  • HSES Management Systems are established to include the policies, standards and procedures, focusing on areas of concern like process safety, driving and working at heights.
  • We undertake regular reviews and have assurance processes in place with reporting to the HSES Committee on a quarterly basis.
  • Security intelligence operating procedures, crisis management plans and business continuity plans are regularly evaluated and tested.
  • We drive an Incident Free Workplace (IFW) culture across our business.
  • We continue to invest in training to ensure we maintain safe operating practices and require all employees to complete the relevant online HSES courses for their role.


Strategy Delivery

Risk that our strategy is not appropriate to respond to external issues and/or the risk that the strategy is not deliverable due to insufficient capability.

Risk Requiring Judgement

Governance oversight:



Cash flow growth and strategic momentum

Successful delivery of our strategy requires serving customers in a way that satisfies their changing needs in a competitive marketplace. Failure to identify changing trends in customers’ needs, stay ahead of technological and digital advancements, develop appropriate responses to changing markets and competitive environments, and build the necessary capabilities to compete, have the potential to adversely impact our cash flow growth and value goals.

  • The Board sets and reviews the Group’s strategy, determining the strategic direction and confirming the strategic choices made by the business. Regular reviews are conducted considering changes in market trends and the competitive environment, and the business response.
  • The Board and Executive Committee regularly review the capabilities required to deliver on the strategy and address issues as they appear.
  • We have a clear financial framework to ensure capital is allocated in accordance with our strategy and that balance sheet strength and return on capital boundary conditions are met.
  • We have dedicated teams to ensure we continue to develop and innovate in new technologies.
  • Our Digital Technology Services function works in partnership with Change functions to assure and deliver programmes of change.


External Market Environment

Risk that events in the external market or environment could hinder the delivery of our strategy.

External Risk

Governance oversight:



Cash flow growth and strategic momentum

We operate in highly competitive markets, where customer behaviour, needs and demands are evolving due to digitisation, energy efficiency, climate change, government initiatives and the general economic outlook. Failure to react appropriately and rapidly to changes in customer behaviour could result in the erosion of our customer base, leading to reduced revenues and associated margins. In addition, we are subject to global market volatility in our upstream businesses in commodity markets.

  • We focus on understanding consumer segments and their needs, through products and services that are attractive and competitive.
  • We undertake regular analysis of commodity price fundamentals and their potential impact on our business plans and forecasts.
  • Our Market and Competitive Intelligence team monitors movements in markets and provides information to enable appropriate decision-making.
  • We are increasing our investment in areas like Connected Home and Distributed Energy & Power, that help to satisfy the emerging customer needs of having more control over and awareness of their energy usage.
  • We have developed Centrica Innovations and our Technology & Engineering function to keep abreast of technological advances.


Brand, Trust and Reputation

Risk that our competitive position is compromised by poor standards of fairness and transparency, and by failing to protect our brands.

Risk Requiring Judgement

Governance oversight:



Customer satisfaction and operational excellence

Failure to appropriately manage brand perception, media attention and lobbying from pressure groups could impact customer sentiment and could ultimately result in a reduction in overall customer numbers. Failure to be fair and transparent could lead to reputational damage, falling share prices and, in the case of very poor standards, legal action.

  • We aim to deliver a fair, simplified and transparent offering to all our customers.
  • We engage with NGOs, consumer and customer groups, political parties, regulators, charities and other stakeholders to identify solutions to help reduce bills and improve trust in the industry.
  • We review and monitor changes in our customer brand position through Net Promoter Score (NPS).
  • We are transforming our complaints process to lower backlogs and resolution times, and to address root causes.
  • We closely monitor key metrics including broken promises/appointments, grade of service and complaint numbers.


Change Management

Risk of failure in the identification, alignment and execution of change programmes and business restructuring.

Risk Requiring Judgement with elements that are Risks Requiring Standards.

Governance oversight:



Cost efficiency and simplification

If transformation projects are not aligned to our strategic objectives, or not implemented appropriately, the expected benefits may not be realised and resources for other critical projects may be depleted. There are many transformation initiatives that could be disruptive and/or result in compromise to the control environment if not governed appropriately.

  • We have a standardised requirement articulated as Our Approach to Managing Change Impacts.
  • Transformation programmes are approved by the Board via the Group Strategic Planning and capital allocation process.
  • Investment appraisal criteria are defined in Group Investment Committee Guidance.
  • Progress on specific projects is consistently monitored through Steering Groups and reported through to the Board.
  • We have dedicated ch