Business risk

Definition
Business risk is defined as the risk to economic profit in the Group’s budget and over the medium term plan arising from a sub optimal business strategy, or the sub optimal implementation of the plan as agreed by the board of directors. In assessing business risk consideration is given to internal and external factors.

Risk appetite
Business risk appetite is encapsulated in the Group’s budget and medium-term plan, which are sanctioned by the board on an annual basis. Divisions and business units subsequently align their plans to the Group’s overall business risk appetite.

Exposures
The Group’s portfolio of businesses exposes it to a number of internal and external factors:

• internal factors: resource capability and availability, customer treatment, service level agreements, products and funding and the risk appetite of other risk categories; and
• external factors: economic, technological, political, social and ethical, environmental, legal and regulatory, market expectations, reputation and competitive behaviour.

Measurement
An annual business planning process is conducted at group and business unit level which includes a quantitative and qualitative assessment of the risks that could impact the Group’s plans. Within the planning round, the Group conducts both scenario analysis and stress tests to assess risks to future earning streams. Over the last few years, the Group has made significant progress with embedding stress testing and scenario analysis into its risk management practice with the dual objectives of adding value to the business whilst also meeting regulatory requirements. The Group assesses a wide array of scenarios including economic recessions, regulatory action scenarios, pandemics and scenarios specific to the operations of each part of the business.

A common approach is applied across the Group to assess the creation of shareholder value. This is measured by economic profit (the profit attributable to shareholders, less a notional charge for the equity invested in the business). The focus on economic profit allows the Group to compare the returns being made on capital employed in each business on a consistent basis.

Mitigation
As part of the annual business planning process, the Group develops a set of management actions to prevent or mitigate the impact on earnings in the event that business risks materialise. Additionally, business risk monitoring, through regular reports and oversight, results in corrective actions to plans and reductions in exposures where necessary.

Revenue and capital investment decisions require additional formal assessment and approval. Formal risk assessment is conducted as part of the financial approval process. Significant mergers and acquisitions by business units require specific approval by the board. In addition to the standard due diligence conducted during a merger or acquisition, group risk conducts, where appropriate, an independent risk assessment of the target company and its proposed integration into the Group.

Monitoring
The Group’s strategy is reviewed and approved by the board. Regular reports are provided to the group executive committee and the board on the progress of the Group’s key strategies and plans. Group risk conducts oversight to seek to ensure that business plans remain consistent with the Group’s strategy.