Corporate Governance
Risk management
Understanding and managing risks is integral to the way we run our business. We have a well established enterprise-wide risk management process that ensures risks are consistently assessed, recorded and reported in a visible, structured and continuous manner, the outputs of which are primarily used as a management tool. A secondary and natural output from this process is information that provides assurance to management at all levels and thus helps safeguard our assets and reputation. It is designed to manage rather than eliminate material risks to the achievement of our strategic and business objectives while also recognising that any such process can provide only reasonable, and not absolute, assurance against material misstatement or loss. This process complies with the Turnbull working party guidance (revised October 2005) and, in addition, contributes toward our compliance with our obligations under the Sarbanes-Oxley Act as well as other internal assurance activities.
Risk management in National Grid has become further embedded over time and our experience of this has enabled us to identify a number of key success criteria linked to both the risk management framework and process that, if in place, will help ensure the process continues to remain embedded. Understanding this in the context of a Company that continues to change size and geographic coverage has been invaluable in helping to identify strategies to enable the effective and timely integration of processes. A current example is the ongoing dialogue with KeySpan to identify how its respective enterprise-wide and energy trading risk functions are best integrated into National Grid going forward.
Within existing businesses the risk management process continues to be based on both bottom-up and top-down assessments of operational, financial and other business or project risks. From the bottom up, business units and Corporate Centre functions prepare and maintain risk registers that capture their key risks and the actions being taken to manage them. The key element in the top-down assessment of our enterprise-wide risk profile is the involvement of the Executive Directors and other senior management at critical stages in the review process. Their review of the bottom-up assessment produces an overall evaluation of the risks that are faced by National Grid. Graphics that set out the Company's risk profile and any significant changes to this between reporting periods have been designed to aid debate by the Executive Committee, the Risk & Responsibility Committee and the Audit Committee twice a year. The Audit Committee also reviews the risk management process at least once during each year and reports on this to the Board.
During the year we have continued to derive benefits from this process through further coordination with the Insurance team and ongoing interaction with the Internal Audit function and Sarbanes-Oxley teams. The external benchmarking exercise has continued with other FTSE 100 companies and public sector organisations to measure the effectiveness of our own approach and exchange ideas on best practice. With the move to a line of business operating model, the opportunity is being taken to restructure risk and compliance management services to ensure approaches are consistent across geographies and continue to provide value to business operations, including major projects.
Our risk management process has identified the risk factors set out later in the report.