Successful and sustainable implementation of our strategy requires strong corporate governance and effective risk management. We deliver this through a comprehensive framework of business policies, systems and procedures that enable us to assess and manage risk effectively.
Managing business risks
Managing existing and emerging risks and opportunities is essential to Capricorn’s long-term success and sustainability. All investment opportunities expose the Group to political, commercial and technical risk and Capricorn maintains exposure to these risks at an acceptable level in accordance with its appetite for risk.
Capricorn’s risk management process is based on a holistic approach and provides a systematic process for the identification and management of the key risks and opportunities which may impact the delivery of the Group’s strategic objectives. As set out below, KPIs are set annually and determining the level of risk the Group is willing to accept in the pursuit of these objectives is a fundamental component of Capricorn’s risk management process.
Managing risks to deliver performance |
|||||
| Outline the strategy | Define strategic objectives | Define risk appetite | Identify key risks | Apply risk assessment process | Deliver strategic objectives |
| Set a sustainable strategy to achieve Capricorn's near-and long-term goals. | Set clear strategic objectives in the form of KPIs. | Determine the level of risk the Group is willing to accept in the pursuit of its strategic objectives and document this in the Group Risk Appetite Statement. | Identify key risks to the achievement of strategic objectives and associated opportunities, through discussions at Board, Risk Management Committee, Management Team, Regional and functional levels. | Apply the Group risk assessment to ensure the ongoing management of key risks to our objectives. | Delivery of strategic objectives through informed risk-based decision making. |
Risk governance
Capricorn’s system for identifying and managing risks is embedded from the top down in its organisational structure, operations and management systems and accords with the risk management guidelines and principles set out in ISO 31000, the International Standard for Risk Management. The Group’s risk management structure is set out in the Annual Report and Accounts 2022. The structure below outlines the governance and risk assessment framework and applies to all risk types including operational, health and safety, environmental, climate change, financial and reputational.
Risk governance framework |
|||
| Top-down: Oversight, accountability, monitoring and assurance | |||
| The Board | |||
| Holds overall responsibility for the Group's risk management and internal controls system | Sets strategic objectives and defines risk appetite | Sets the tone and influences the culture of risk management | Completes robust assesment of principal risks |
| Risk Management Committee (RMC) | Audit Committee | Management Team | |
|
|
|
|
| Asset/Project/Function level | |||
| Risk identification, assessment and mitigation completed at asset, project and functional level | Risk management system embedded and integrated throughout the Group | Risk culture influencing all business activities | |
| Bottom-up: Identification of risks and mitigating actions for assets, projects and functions | |||
Overall responsibility for the system of risk management rests with the Board. The Board set the risk appetite each year and is responsible for reviewing and monitoring the application of the risk framework. Principal risks and opportunities, as well as progress against key projects, are reviewed at each Board meeting and at least once a year the Board undertakes a risk workshop to review the Group’s principal risks.
The Group’s framework for risk management promotes a bottom-up approach to risk management with top-down support and challenge. The risks associated with the delivery of the strategy and work programmes and the associated mitigation measures and action plans are maintained in a series of risk registers at Group, asset, function and project level. Reporting of these risks within the organisation is structured so that risks are escalated through various internal management and Board committees, and to the Board itself.
The Board carried out a robust assessment of the Group’s principal and emerging risks in 2022.