Share

Our approach to risk management

The delivery of our strategic objectives, sustainable growth and long-term shareholder value is dependent on effective risk management. The diversified nature of our operations, geographical reach, physical and technological assets and currencies are important factors in mitigating the risk of us missing our strategic goals.

As with any business, risks and uncertainties are inherent in our business activities and these risks may have a financial, operational, environmental and reputational impact. It is through a structured approach to risk management that we are able to mitigate and manage risks and embrace opportunities when they arise.

The Board is accountable for effective risk management, for agreeing the principal, including emerging, risks facing the Group and ensuring that these are successfully managed. The Board undertakes a robust annual assessment of the principal risks that would threaten the business model, future performance, solvency or liquidity. The Board also monitors the Group’s exposure to risks as part of the business performance reviews conducted at each Board meeting, providing the Board with an opportunity to discuss risk mitigation actions with divisional senior management.

Our decentralised business model empowers the management of our businesses to identify, evaluate and manage the risks they face to ensure each business’s compliance with relevant legislation, our business principles and Group policies. Their risk assessments are wide-ranging and consider operational, environmental and other external risks, in the context of the overall materiality, key controls and relevance to the markets in which they operate. The divisional chief executives individually present their division’s consolidated risks to the Director of Financial Control and the Finance Director on an annual basis, who review and challenge them.

Emerging risks are identified and considered at both a Group and business unit level, as part of the overall risk management process. They are identified through a variety of horizon-scanning methods including: geopolitical insights; ongoing assessments of competitor activity and market factors; workshops and management meetings focused on risk identification; analysis of existing risks using industry knowledge and experience to understand how these risks may affect us in the future; and representation and participation in key industry associations.

Group functional heads including Legal, Treasury, Tax, IT, Pensions, HR, Procurement and Insurance also assess the key risks in their functional area, together with the controls that are in place or planned to mitigate them. The Director of Financial Control takes these perspectives and combines them with the business risk assessments to create a consolidated view of the Group’s risk profile. A summary of these risk assessments is then shared and discussed with the Finance Director and Chief Executive at least annually.

The Director of Financial Control holds meetings with each of the non-executive directors seeking their feedback on the reviews performed and discussing the key risks and mitigating activities identified through the risk assessment exercise. Once all non-executive directors have been consulted, a Board report is prepared summarising the full process and providing an assessment of the status of risk management across the Group. The key risks, mitigating controls and relevant policies are then summarised and the Board confirms the Group’s principal risks. These are the risks which could prevent ABF from delivering our strategic objectives. This report also details when formal updates relating to the key risks will be provided to the Board.

Key areas of focus this year

Effective risk management processes and internal controls

We continued to seek improvements in our risk management processes to ensure the quality and integrity of information and the ability to respond swiftly to direct risks. During the year, the Audit Committee on behalf of the Board conducted reviews on the effectiveness of the Group’s risk management processes and material internal controls in accordance with the 2018 UK Corporate Governance Code. 

Our approach to risk management and systems of internal control is in line with the recommendations in the Financial Reporting Council’s (FRC) revised guidance ‘Risk management, internal control and related financial and business reporting’.

The Board is satisfied that internal controls were properly maintained, and that principal and emerging risks are being appropriately identified and managed.

Consumer confidence

Household budgets continue to face real pressures and consumer confidence remains low in a number of key markets. Primark’s cost leadership position continues to be attractive to the customer. In the food businesses, there is continued demand for private label products.

All of our businesses have developed strategies considering the potential changes in both end consumer and our customer behaviours and demands, the implications for the business and where investment or changes to business models may be appropriate.

Regulatory changes

Our businesses continue to face a large number of regulatory changes with ever-increasing complexity and variations in requirements across the markets in which we operate. For example, the EU Corporate Sustainability Reporting Directive (CSRD) requiring companies operating in the EU to disclose and report on environmental, social affairs and governance issues, the new German Supply Chain Due Diligence Act (LkSG), and changes to data privacy laws.

The extent of change will have an impact on the capacity of management at a time when they are dealing with the ongoing challenges resulting from economic uncertainty, alongside the day-to-day growth of our businesses.

UK Corporate Governance Code 2024

In January 2024, the FRC issued a revised version of the UK Corporate Governance Code. Upon its release, we undertook a detailed review to evaluate the impact that the new Code will have on our governance and risk management arrangements. We have concluded that the key change impacting risk management and controls at ABF relates to Provision 29. 

Provision 29 will require companies to make a declaration of the effectiveness of the Group’s material controls as at the balance sheet date in the annual report. The new Code will apply to the Group for its financial year 2025/26, except for Provision 29 which will apply to the Group for its financial year 2026/27.

Whilst this revised provision clarifies the Board’s responsibilities and requires explicit confirmation on the effectiveness of material controls, we believe that our existing risk management and control monitoring and validation processes mean that we are well-placed to meet the new requirements.

Risk appetite

Our approach to risk management gives the authority to our business leaders to make decisions that enable them to deliver our strategy of delivering long-term value for our shareholders and other stakeholders as detailed on pages 8 to 11 of the Annual Report 2024. They achieve this by identifying and managing their risks within acceptable levels through our devolved operating model and our people, culture and values. These principles underline how we manage the Group within the Board’s risk appetite.

Divisional risks and their impact on business performance are reported during the year and are considered as part of the monthly and quarterly management review process.

Our principal risks and uncertainties

The directors have carried out an assessment of the principal risks facing ABF, including emerging risks, that would threaten our business model, future performance, solvency or liquidity.

ABF is exposed to a variety of other risks related to a range of issues such as human resources, commodity prices, community relations, the regulatory environment and competition. These are managed as part of the risk process and a number of these are referred to in the Responsibility section of our Annual Report 2024 at pages 54 to 65 and in the Responsibility section of our website. 

The Group’s principal risks and uncertainties and the key mitigating activities in place to address them are outlined on pages 78 to 86 of the Annual Report 2024. These are the principal risks of the Group as a whole and are not in any order of priority.

Our risks are grouped into external risks, which may occur in the markets or environment in which we operate, and operational risks, which are related to internal activity linked to our own operations and internal controls.

Our use of cookies

We use necessary cookies to make our site work. We’d also like to set optional analytics cookies to help us improve it. We won’t set optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie policy


Analytics cookies

We’d like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

For more detailed information about the cookies we use, see our Cookie policy

: