Managing Risk

Mitigating risk

How we manage risk

As with all businesses, Persimmon as a Group is exposed to various risks and uncertainties in the delivery of its strategic objectives. Many of these risks are driven by external factors, with the housebuilding industry being particularly sensitive to both the economic conditions and the political, regulatory and legislative environment within the UK, for example. Other risks derive from the Group’s operational activities. To manage these challenges, the Group has a well-established and robust framework in place for the management of risk. This framework is designed to ensure that risks are identified and assessed promptly, with appropriate risk mitigation strategies established and monitored through the deployment of the ‘three lines’ model. The effectiveness of this risk management framework is critical to the Group’s ability to create and sustain value over the long-term.

Risk Management Framework

Open

Close

Board

The Board has overall responsibility for the determining the Group’s strategy, including the identification and management of risks that could disrupt the delivery of the strategy and the Group’s five key priorities. This is achieved through:
  • defining the Group’s overall risk appetite and ensuring risks are managed within this framework; 
  • conducting reviews of principal and emerging risks, including feedback from senior management within the Group; 
  • monitoring of a range of indicators of risk performance in order to inform strategic decision making;
  
  • ensuring an effective system of internal controls is in place to manage risks to acceptable levels; and
  • obtaining assurance on the performance of risk management and internal control processes in the Group’s operations.

 
⮝             ⮝             ⮝                ⮝
Audit & Risk Committee
  • Monitors the integrity of the Group’s financial and non-financial reporting processes.
  • Approves the Director of Internal Audit’s risk-based audit plan and monitors the overall effectiveness and independence of internal audit. 
  • Monitors the external audit provision, ensuring a high quality of audit is delivered.
  
  • Receives reporting from management and external providers of assurance on the effectiveness of risk management and internal control. 
  • Reviews routine risk indicator reports assessing the Group’s performance against risk appetite and target risk levels.
Executive Committee   Management Risk Committee   Disclosure Committee   Sustainability Committee
  • Supports the implementation of the Group’s strategy and delivery of key priorities.
  • Reviews the Group’s operational performance including the routine management of risk.
  
  • Supports the Board in development and oversight of the risk management framework.
  • Reviews risk indicator reports and feedback on risk from operational teams.
  • Reviews the operational effectiveness of control activities.
  
  • Provides oversight and challenge on external reporting.
  • Reviews financial and non-financial reporting ahead of Board and Audit & Risk Committee reviews.
  
  • Provides oversight on all climate and sustainability-related matters.
  • Reviews disclosures associated with climate and sustainability, obtaining appropriate assurance where required.
Management oversight

First line

Second line

Third line

 ‘First line’ functions within the Group’s operating companies contribute to effective risk management by:

  • managing the day-to-day operational performance of the business, including identification of any changes in key risks affecting operations;
  • ensuring the effective implementation of internal controls set by the Board and Group functions within the business;
  • addressing Group level priorities as cascaded through regional and Group-wide management meetings; and
  • reporting routine operational risks and issues through management forums such as the Land Committee and Regional Boards.

The Group’s ‘second line’ comprises a range of functions with a Group-wide remit, which play a key role in mitigating risk through:

  • formulation of Group policies, procedures and control mechanisms designed to mitigate risks;
  • conducting routine monitoring and assurance on the implementation of controls within the Group’s operations;
  • promoting awareness of key areas of focus in the management of risk to achieve operational objectives;
  • supporting steering groups on key risk areas including the Group’s Security Council and GDPR Steering Group; and
  • ownership of functional risk registers in key areas of operations.

The Group Internal Audit department is the Group’s independent third line function. Its role includes:

  • delivery of a risk-based audit plan to provide assurance on key areas of risk and compliance; 
  • administrative maintenance of the Group’s risk registers, including the annual review process with risk owners and relevant subject matter experts; 
  • facilitation of the annual principal and emerging risk survey of the Board and senior management;
  • Producing routine principal risk reporting for the Board; and
  • provision of an annual summary report on the effectiveness of risk management and internal control.

Key risk management activities within the year

Open

Close

The Group’s risk management framework is well established, benefiting from extensive operational experience from across the ‘three lines’, supported by structures to ensure appropriate scrutiny and challenge on the identification, assessment and mitigation of risk. The framework has operated in this way successfully for several years. Nonetheless, it remains subject to continuous improvement to enhance its maturity and align with evolving legal and regulatory requirements, such as those within the revised UK Corporate Governance Code. In this spirit of continuous improvement, several material enhancements have been delivered within the year. These include the establishment of the Management Risk Committee (MRC) to bring together subject matter experts from across the Group to review and improve various elements of the risk management framework, including work to define our key mitigations relevant to the Group’s principal risks and other key activities. With the support of the MRC, the Board has also refined its approach to establishing and classifying risk appetite within the year, developing an overall categorisation as follows:

  • Averse: Aim to minimise exposure as far as is practically possible, with a low tolerance for potential adverse outcomes. This category is applied to risks that could have severe consequences in areas such as HS&E, compliance, or reputation.
  • Cautious: Acceptance of low to moderate levels of risk in areas that are necessary to achieve operational efficiency and strategic initiatives. Risks are carefully managed to avoid significant negative impacts on the organisation.
  • Enterprising: Openness to accepting moderate to higher levels of calculated risks when pursuing strategic opportunities that could drive the Group’s growth or enhance operational performance.

Alongside this revised approach to classifying risk appetite, the mechanisms for reporting on principal risks have been strengthened, with target risk levels established and greater detail on control activities included to enable an informed assessment of assurance over each risk. Lastly, at a more granular level, the Group’s fraud risk assessment was subject to a comprehensive refresh with the support of the Group Internal Audit department, the results of which were presented to the Board via the Audit & Risk Committee.

Overall assessment of principal and emerging risks

Open

Close

In line with the requirements of the UK Corporate Governance Code, the Board has completed its comprehensive assessment of the Group’s principal and emerging risks. From this assessment, it has been determined that 12 risk areas meet the criteria for consideration as principal risks, due to their potential to materially impact on the Group’s strategy and business model, future performance, solvency, liquidity and reputation.

The principal risks faced by the Group remain largely consistent with prior years, reflecting the Group’s continued sensitivity to external risks such as those posed by economic and market conditions, Government policy and political risk. Key changes from the Group’s 2023 assessment have included the merger of the ‘UK economic conditions’ and ‘mortgage availability’ risks into a combined ‘economic and market conditions’ risk, while our ‘climate change’ risk has been broadened to consider wider sustainability issues. The 2024 assessment has also noted marginally increased ratings of our ‘supply chain’ and ‘cyber and data’ risks, while the rating of our ‘HS&E’ and ‘legacy buildings’ risks have both decreased slightly.

The overall assessment of the Group’s current principal risks is that all are subject to controls or other mitigations which bring them within the tolerance range defined within the Group’s risk appetite. The Group remains confident in its ability to manage these risks effectively. Nonetheless, it is recognised that should various risk scenarios materialise together, conditions could arise which might materially impact on the Group’s operations and financial performance. A range of sensitivity analyses against such conditions, including the likely responses of the Board, have informed the broader assessment of the resilience of the Group’s business model.

Emerging risks

Open

Close

The emerging risks facing the Group have also been considered by the Board. These are defined as risks which are known but cannot be assessed in detail at present and could, under certain conditions, evolve to pose a threat to the delivery of our strategic objectives as a principal risk. Emerging risks were reviewed through the normal operation of our risk management framework, notably the annual survey of the Board and senior management, the results of which were presented for review and challenge through the Audit & Risk Committee.

The Group’s 2024 assessment has determined that the previously reported ‘planning uncertainty’ emerging risk should be a into the ‘land’ principal risk as a combined ‘land and planning’ risk (rated as high), recognising the intrinsic link between land and planning issues. The ‘market competition’ emerging risk has been amended to a broader risk of ‘market disruption’, reflecting the potential threats to the Group’s business model from disruptions such as market consolidation or technological advances in areas including modular construction or artificial intelligence. This risk will be monitored by the Board and, operationally, by the Executive Committee and Management Risk Committee. Mitigation strategies will be kept under review as the risk evolves.

Principal risks

Open

Close

The Group’s Principal Risks are:

  1. UK economic and market conditions
  2. Government policy and political risk
  3. Climate change and sustainability
  4. Health, Safety & Environment event
  5. Legacy buildings
  6. Land and planning
  7. Supply chain
  8. Finance and liquidity
  9. Skilled workforce, retention and succession
  10. Cyber and data
  11. Reputation
  12. Regulatory compliance

Read more about our Principal Risks in our latest Annual report.