Principal risks and uncertainties
Our approach to risk management
The delivery of our strategic objectives and the sustainable growth (or long-term shareholder value) of our business, is dependent on effective risk management. We regularly face business uncertainties and it is through a structured approach to risk management that we are able to mitigate and manage these risks and embrace opportunities when they arise. These disciplines have proved to be effective as we navigate our way through the challenges resulting from the COVID-19 pandemic.
The diversified nature of our operations, geographical reach, assets and currencies are important factors in mitigating the risk of a material threat to the group’s sustainable growth and long-term shareholder value. However, as with any business, risks and uncertainties are inherent in our business activities. These risks may have a financial, operational or reputational impact.
The Board is accountable for effective risk management, for agreeing the principal risks facing the group and ensuring they are successfully managed. The board undertakes an annual assessment of the principal risks, including emerging risks, that would threaten the business model, future performance, solvency or liquidity. The Board also monitors the group’s exposure to risks as part of the performance reviews conducted at each board meeting. Financial risks are specifically reviewed by the Audit Committee.
Our decentralised business model empowers the management of our businesses to identify, evaluate and manage the risks they face, on a timely basis, to ensure compliance with relevant legislation, our business principles and group policies.
Our businesses perform risk assessments which consider materiality, risk controls and specific local risks relevant to the markets in which they operate. The collated risks from each business are shared with the respective divisional chief executives who present their divisional risks to the group executive.
The group’s Director of Financial Control receives the risk assessments on an annual basis and, with the Group Finance Director, reviews and challenges them with the divisional chief executives, on an individual basis.
These discussions are wide ranging and consider operational, environmental and other external risks. These risks and their impact on business performance are reported during the year and are considered as part of the monthly management review process.
Group functional heads including Legal, Treasury, Tax, IT, Pensions, HR, Procurement and Insurance also provide input to this process, sharing with the Director of Financial Control their view of key risks and what activities are in place or planned to mitigate them. A combination of these perspectives with the business risk assessments creates a consolidated view of the group’s risk profile. A summary of these risk assessments is then shared and discussed with the Group Finance Director and Chief Executive at least annually.
The Director of Financial Control holds meetings with each of the non-executive directors seeking their feedback on the reviews performed and discussing the key risks and mitigating activities. Once all non-executive directors have been consulted, a Board report is prepared summarising the full process and providing an assessment of the status of risk management across the group. The key risks, mitigating controls and relevant policies are summarised and the board confirms the group’s principal risks. These are the risks which could prevent Associated British Foods from delivering its strategic objectives. This report also details when formal updates relating to the key risks will be provided to the board throughout the year.
Key areas of focus this year
Effective risk management processes and internal controls
We continued to seek improvements in our risk management processes to ensure the quality and integrity of information and the ability to respond swiftly to direct risks. During the year, the Audit Committee on behalf of the Board conducted reviews on the effectiveness of the group’s risk management processes and internal controls in accordance with the UK Corporate Governance Code. Our approach to risk management and systems of internal control is in line with the recommendations in the Financial Reporting Council’s (FRC) revised guidance ‘Risk management, internal control and related financial and business reporting’ (the Risk Guidance).
The Board is satisfied that internal controls were properly reviewed and key risks are being appropriately identified and managed.
The COVID-19 pandemic continues to be a worldwide crisis and the situation is still uncertain. Authorities continue to impose restrictions on both a regional and local basis. Since March, when the pandemic became apparent, the Audit Committee, on behalf of the Board have provided ongoing support and challenge of management’s processes and internal controls.
Whilst our businesses had not planned for a global pandemic, under extraordinary circumstances, our teams reacted with immediacy to adapt to the evolving situation. Effective communication both within the divisions and across the group has ensured that appropriate actions were taken to enable our food businesses to operate fully, providing safe, nutritious, affordable food to customers and meeting increased demand. Primark stores were able to reopen safely as restrictions were lifted.
Many lessons have been learnt over the past six months and we have developed a flexible set of possible responses that are ready to be deployed in the event of further restrictions being imposed, whether that be locally, regionally or globally.
When this virus was first identified, our initial concern was the supply of goods for Primark and, to a lesser extent, some food ingredients sourced from China. As the pandemic progressed, the most significant challenges we faced were maintaining the production of essential food and food ingredients and the cash flow impact arising from the closure of all Primark stores between March and their reopening, in line with local market regulations, throughout May, June and July. We took immediate steps to ensure adequate cash liquidity.
Whilst Primark stores were closed, we paid for in full, and took delivery of, very large amounts of completed stock. A fund was established to ensure everyone in a vulnerable country who worked on a Primark garment, whether completed or not, is paid for that work. In July, we committed to pay our garment suppliers in full for all outstanding finished garments and to utilise or pay for any finished fabric liabilities.
A significant number of our employees continue to work from home. To support seamless homeworking we modified our IT infrastructure, increased bandwidth with our telecommunications partners and deployed collaboration tools.
The extent of remote working has increased the risk of users falling victim to phishing attacks because users rely primarily on email communication. We have an ongoing phishing testing regime and there is regular communication with all users to remind them of the risks.
We have raised the level of monitoring for phishing attempts and other security threats. In addition, we have issued security awareness advice on secure home-working best practices. We have also increased disciplines to ensure that user devices are regularly patched and upgraded to reflect changing IT security threats. Revised guidance for laptop and desktop patching has been issued to all businesses to ensure that systems are up to date and secure.
Following the UK’s referendum decision to leave the EU in 2016, the group established an EU Exit Steering Committee which consists of a small dedicated team. This Steering Committee worked with all the businesses to assess the risks and opportunities arising from the UK’s decision to leave the EU. Primark operates largely discrete supply chains for its stores in each of the UK, US and Europe and the group’s food production is largely aligned with the end market. As a result, there is relatively little group cross-border trading between the UK and the EU. We therefore quickly concluded that the overall impact of EU exit on the group was relatively minor.
We recognise that the outcome of the negotiations between the UK and the EU remains uncertain. While we would prefer a negotiated free trade agreement, we are prepared for any of the potential outcomes.
Over the last year the group and the individual businesses have taken steps to mitigate possible impacts of the transitional period ending without a negotiated free trade agreement. The key risks identified, and the actions taken are as follows:
- Imports to the UK – The UK government has indicated the tariffs on imports in the absence of a free trade agreement. We expect these to have only a minor net impact on the group. All necessary registrations have been completed. Where goods are imported into the UK by third parties on behalf of the businesses, assurances have been sought that these will be available when required.
- Disruption to EU-UK logistics – The businesses that could be impacted by this have reviewed their exposure and where appropriate have plans to increase inventory levels to partially mitigate the risk. The ability to do this is constrained by warehouse availability and the shelf life of the goods.
- Data – Where necessary, the businesses have agreed Standard Contractual Terms to enable certain personal data to be transferred from the EU to the UK.
- People –The businesses have publicised the UK government’s Settled Status Scheme and where appropriate have assisted employees with the application process.
Our principal risks and uncertainties
The directors have carried out a robust assessment of the principal risks facing Associated British Foods, including emerging risks, that would threaten its business model, future performance, solvency or liquidity. Outlined here are the group’s principal risks and uncertainties and the key mitigating activities in place to address them. These are the principal risks of the group as a whole and are not in any order of priority.
Associated British Foods is exposed to a variety of other risks related to a range of issues such as human resources and talent, community relations, the regulatory environment and competition. These are managed as part of the risk process and a number of these are referred to in our 2020 Responsibility Update. Here, we report the principal risks which we believe are likely to have the greatest current or near-term impact on our strategic and operational plans and reputation.
They are grouped into external risks, which may occur in the markets or environment in which we operate, and operational risks, which are related to internal activity linked to our own operations and internal controls.
The ‘Changes since 2019’ included on pages 86 to 90 of the 2020 annual report describe our experience and activity over the last year.