Corporate Responsibility

Risk Management

The Board attaches great importance to having an effective system of risk management and recognizes that it is fundamental to achieving Mecom's business goals, protecting company assets, rewarding shareholder investment and ensuring compliance with applicable regulatory and legal requirements. Risk management is therefore deemed to be a core management competence.

The Group has in place a practical framework that provides a consistent method for identifying, evaluating and managing risk across the Group. It ensures that significant risks are clearly understood by operational management and through quarterly reporting enables the Board to form a view on whether they are being managed effectively.

Business risks are defined as those that would prevent Mecom from achieving its goals and ambitions and may be strategic, operational, financial or hazardous in nature. They can be both internally and externally driven and those of compliance and reputation will cut across all categories of risk. The management of each business or corporate function is directly responsible for routinely identifying all significant risks facing their unit and implementing cost effective controls to manage those risks.

Key features of the Group's system of risk management are:

• Supports the achievement of clear business objectives and business principles
• A formalised risk policy that is effectively communicated
• An ongoing and flexible approach to the early identification and evaluation of significant risks that is designed to manage risk in a cost effective way rather than eliminate it
• A process that is embedded into the business decisions that we make and initiatives and projects that we set up
• Clearly established management responsibility to mitigate significant risks to an acceptable level
• Routine monitoring of significant risks with quarterly reporting to the Board.

Group Audit provides an independent review and challenge of our risks registers and supports and coaches management as required. It incorporates the results of the risk management process into its annual audit plan.