Managing Risk

Mitigating risk

Principal and emerging risks overview

The Group defines its principal risks in line with the UK Corporate Governance Code 2018, as those risks which it has considered could have a potentially material impact on its strategy and business model, including its future performance, solvency, liquidity and reputation. Emerging risks are defined as those which are evolving in ways that are not yet clear, and where the full impact and potential timing of risk realisation remain uncertain.

Overall assessment

In line with the requirements of the UK Corporate Governance Code 2018, the Board has completed its assessment of the Group’s principal and emerging risks. This has included an assessment of each risk and the movement in both likelihood and potential impact against the prior year assessment. The results of the assessment are set out below. The overall assessment, along with a range of sensitivity analyses against various risk scenarios materialising together, and the likely responses of the Board, have informed the broader assessment of the resilience of the Group’s business model, as detailed within the Viability Statement in the Annual Report 2023.

Material issues and key priorities

The Board continues to recognise the value of stakeholder engagement in ensuring the Group’s ability to create and protect value over the long-term. A materiality assessment has previously been performed to identify the most important issues for our stakeholders. The results of this assessment are closely linked to the Group’s principal risks, as detailed within the Annual Report 2023. The principal risks also align closely with the Group’s key priorities:

  1. Build quality and safety
  2. Reinforce trust: customers at the heart of our business
  3. Disciplined growth: high quality land investment
  4. Industry‑leading financial performance
  5. Supporting sustainable communities

Risk Management Framework

Open

Close

Risk management framework

The Board determines the Group’s overall strategy and has responsibility for the identification and management of risks that could disrupt the delivery of the strategy, including threats to the Group’s five key priorities. To do so, the Board:

  • conducts reviews of principal and emerging risks;
  • monitors a range of indicators of risk performance in order
    to inform strategic decision making;
  • periodically reviews the Group’s risk registers in their entirety;
 
  • ensures an effective system of internal controls is in place
    to manage risks to acceptable levels; and
  • obtains assurance on the performance of internal controls
    and risk management processes.

 

⮝             ⮝             ⮝                ⮝
Risk identification, mitigation and monitoring
Audit & Risk Committee   Management oversight   Group Internal
Audit department
Operational Management   Group Functions
  First line of defence   Second line of defence   Third line of defence
  • Monitors the integrity of the Group’s corporate reporting processes.
  • Approves the Director of Internal Audit’s risk-based annual audit plan and monitors the effectiveness of internal audit.
  • Monitors the external audit and reviews its effectiveness.
  • Receives reporting from management and external providers of assurance on the effectiveness of risk management and internal control.
 
  • Responsible for managing the day-to-day operational performance of the business, including identification of any changes in key risks affecting operations.
  • Ensure the effective implementation of internal controls set by the Board and Group functions within the business.
  • Routinely interact with management at regional and Group levels and the Board.
 
  • Provide ownership of individual operational level risk registers for each function, with regular updates to ensure accurate capture and assessment of functional risks.
  • Contribute to the formulation of Group policies, procedures and control mechanisms designed to mitigate risks.
  • Conduct routine monitoring and assurance on the implementation of controls at operational level.
  • Support steering groups on key risk areas including the Group’s Security Council and General Data Protection Regulation (GDPR) Steering Group.
 
  • Delivers a risk-based annual internal audit plan to provide assurance on key areas of risk and compliance.
  • Administratively maintains the Group’s risk registers and oversees the annual review process with risk owners and relevant subject matter experts.
  • Facilitates the annual principal and emerging risk survey of the Board and senior management.
  • Produces lead indicator reporting on the Group’s principal risks for the Board.
  • Provides an annual summary report on the effectiveness of risk management and internal control.

Emerging risks

Open

Close

The emerging risks facing the Group are identified through a detailed survey of the Board and senior management, the results of which are presented for review and challenge through the Audit & Risk Committee. The Group’s 2023 assessment has identified ‘market competition’ as an emerging risk which could evolve over time to meet the criteria of a principal risk. The Group also continues to assess ‘planning uncertainty’ as an emerging risk area, distinct from the principal risks around land and Government policy. This reflects continued uncertainty in planning regimes and the potential impact this could have over time on the Group’s overall strategy and business model.

Principal risks

Open

Close

Following the Group’s comprehensive appraisal of its principal risks, it has been determined that 12 risk areas meet its criteria for consideration as principal risks. These risks are detailed further in the Annual Report 2023.

The principal risks faced by the Group remain largely consistent with prior years, reflecting the Group’s continued sensitivity to external risks such as economic conditions, mortgage availability and Government policy and political risk. The key change from the Group’s 2023 assessment has been to separate the previously reported ‘materials and land’ principal risk into discrete ‘land’ and ‘supply chain’ risks, rated as high and medium respectively. This better reflects the different nature of each risk, including the controls deployed to mitigate them. The 2023 assessment has also noted movements in the likelihood and impact of legacy buildings, skilled workforce and cyber and data risks.

Principal risk movements 2022-2023

Open

Close

The heat map illustrates movements from the 2022 assessment of the Group’s principal risks through to 2023. The most pronounced movements include an increase in Government policy and political risk, reflecting policy uncertainty and the point of the electoral cycle. Regulatory compliance risk has also increased, reflecting the continued expansion of regulatory considerations, including those specific to our sector.

Principal risks – heat map

Open

Close