Jump to page contentJump to site servicesHome  |  Contacts  |  Site Map
About The GroupInvestor RelationsMediaOur ResponsibilitiesCareers
Our Responsibilities Our People Access for All Safety Community Environment Case Studies Stakeholders Corporate Governance The Board Board Committees Directors' Remuneration Relations with Shareholders Risk Management Internal Control External Auditors Compliance with the Combined Code Pension Schemes
 

Risk Management

Jump to top navigationJump to site services

The Group has an ongoing process for identifying, evaluating and managing the significant risks that it faces. The Board regularly reviews the process, and the Board considers that the process accords with the Turnbull Guidance on internal control.

The Board considers acceptance of appropriate risks to be an integral part of business and unacceptable levels of risk are avoided or reduced and, in some cases, transferred to third parties. Internal controls are used to identify and manage risk.

The Directors acknowledge their responsibility for establishing and maintaining the Group’s system of internal control, and for reviewing its effectiveness. Although the system can provide only reasonable and not absolute assurance of material misstatement or loss, the Group’s system is designed to provide the Directors with reasonable assurance that any risks or problems are identified on a timely basis and dealt with appropriately. The Group has established an ongoing process of risk review and certification by the business heads of each operating unit.

Certain of the Group’s businesses are subject to significant risk. Each identified business risk is assessed for its probability of occurrence and its potential severity of occurrence. Where necessary, the Board considers whether it is appropriate to accept certain risks that cannot be fully controlled or mitigated by the Group.

The Group’s risk management process is embedded throughout the businesses. The Board has carried out a review of the effectiveness of the Group’s internal control environment and such reviews are supported on an ongoing basis by the work of the Audit Committee. The Board is satisfied that processes are in place to ensure that risks are appropriately managed.

The Board has designated specific individuals to oversee the internal control and risk management processes, while recognising that it retains ultimate responsibility for these. The Board believes that it is important that these processes remain rooted throughout the business and the managing director of each operating unit is responsible for the internal control framework within that unit.

Self-assessment of risk conducted by the Directors and senior management is ongoing and has been considered at several levels, with each division maintaining a separate risk profile.

The Group Risk Assurance (or internal audit) function, which is outsourced to and managed by Deloitte, reports to the Audit Committee and is utilised in monitoring risk management processes to determine whether internal controls are effectively designed and properly implemented. A risk-based approach is applied to the implementation and monitoring of controls. The monitoring process also forms the basis for maintaining the integrity and improving where possible the Group’s risk management process in the context of the Group’s overall goals.

The Audit Committee reviews Group Risk Assurance plans, as well as external audit plans and any business improvement opportunities that are recommended by the external auditors.

Virgin Rail Group has its own audit committee and internal audit function. The Group’s risk management process does not specifically cover Virgin Rail Group, but the Group maintains an overview of Virgin Rail Group’s business risk management process through representation on the board and audit committee. Stagecoach management representatives also meet regularly with representatives of Virgin Rail Group to ensure that the joint venture follows appropriate risk management procedures.

Top of page