Exposure to risk is an inherent element to carrying out the business activities of the Group; the operation of ships and provision of related services. Effective risk management and internal control systems have therefore been designed to protect the Group from exposure to unnecessary risks and ensure the sustainability of the Group’s business.
The Board has overall responsibility for establishing procedures to manage risk, oversight of the internal control framework and determining the nature and extent of the principal risks the Group is willing to take in order to achieve its long term objectives. The Board has created a culture of risk awareness throughout the organisation whereby risk consideration is built into decision making processes.
Risk Management Framework
The Group has adopted a three lines of defence framework to provide assurance that appropriate control and mitigation measures are in place for identified risks.
Internal Control Measures
The first line of defence rests with management acting through their staffs who are responsible for the design, implementation and monitoring of internal control measures within their respective business areas.
The second line of defence comprises of oversight functions such as Group Finance and Group Marine and Safety. These functions are involved in policy setting and provide assurance over first line activities.
The third line of defence consists of the Group Internal Audit function, which performs independent oversight of the first two lines and reports directly to the Audit Committee on matters of internal control, compliance and governance.
The Risk Management Process
The risk management process adopted by the Group provides for a systematic approach to managing risks encompassing both risk identification and monitoring. The Risk Register is the central repository for documenting, assessing and prioritising risks and for documenting and prescribing control measures. Principal risks are categorised as strategic, operational, financial or information technology and cyber. Risk monitoring is an ongoing process to reflect the dynamic nature of our operating environment to enable identification of new and emerging risk threats.
The Group has established a Risk Management Committee which is tasked with driving the Group’s risk management process in a co-ordinated manner across all the Group’s businesses. The Risk Management Committee acts as facilitator but it is the business owners who are responsible for conducting risk identification in their area of responsibility.
Risk Management Report
Read more about our risk management process and principle risks identified in the 2019 Risk Management Report.