Managing Risk

How we manage risk

Protecting long-term value creation

The robust management of risk is central to the Group’s strategy and ability to create value over the long-term. The UK housing market is cyclical in nature and subject to fluctuations in economic conditions and changes in the political, regulatory and legislative environment 

To manage these specific challenges, the Group has a well-established framework in place for risk management, designed to enable the effective and timely identification and assessment of risks, and ensure ongoing risk mitigation.

The Board has overall responsibility for the assessment and effective management of the Group’s risks. The Group’s risk management framework supports the Board in performing these duties and ensuring an appropriate focus on principal, strategic and emerging risk areas. Comprehensive supporting processes are in place to identify, monitor, mitigate and control risks, through the work of of the Audit & Risk Committee, Group Internal Audit and operational management teams. This includes a wide-ranging annual survey of Board and senior management assessments of key risk issues and emerging risks. Collectively, these processes provide an additional ‘bottom up’ approach, ensuring the Board has visibility of the Group’s full risk landscape, while remaining focused on the most significant threats and trends.

Risk Management Framework



Board ownership and oversight

Strategy and risk identification

The Board determines the Group strategy and has overall responsibility for identifying and effectively managing the risks to the strategy. This focuses on principal risks, including those that would threaten the Group’s business model, future performance, solvency or liquidity.


The Board has well-established processes to monitor the Group’s risk landscape. In addition to routine KPI reporting against principal risks, the Board reviews the Principal and Strategic Risk Register in full on a regular basis. This provides the latest assessment of a range of criteria for each of the Group’s key risks, including:  

  • Risk appetite.
  • Gross risk impact and likelihood assessment.
  • Net risk impact and likelihood (adjustment of the gross assessment post the impact of mitigating controls).
  • Overall risk assessment. 
  • Commentary on action plans for further mitigation, and links to the Group’s operational Risk Registers.

The Board also routinely monitors feedback and assessments of changes in strategic and emerging risks with the potential to develop into future principal risks. This includes reviewing the results of a detailed annual risk survey.


⮝             ⮝             ⮝                ⮝
Risk identification, mitigation and monitoring
Audit Committee   Risk Committee   Group Internal Audit
  Management oversight
Group Functions   Operational Management
  • Monitors the integrity of the Group’s financial reporting processes. 
  • Approves the Group Internal Audit Manager’s annual audit plan and monitors the effectiveness of internal audit. 
  • Monitors the external audit and reviews its effectiveness.
  • Ensures appropriate controls and procedures are in place.
  • Reviews operational risk performance.
  • Reviews the work of the Group Internal Audit department.
  • Performs a full review of all Group Risk Registers annually
  • Delivers a risk-based annual internal audit plan. 
  • Performs testing on key areas of compliance and assurance. 
  • Produces KPI data on the Group’s principal risks. 
  • Maintains the Group’s Risk Registers and oversees the update process. 
  • Supports the annual risk survey of the Board and senior management.
  • Support steering groups on key risk areas including GDPR, Information Security, and Internal Controls over Financial Reporting. 
  • Contribute to the formulation of Group policies, procedures and control mechanisms. 
  • Monitor implementation of Group risk management and internal control processes. 
  • Have ownership of individual operational level Risk Registers for each function.
  • Monitors operational performance and identifies changes in key risks affecting the business. 
  • Continual interaction with and reporting to senior management and the Board. 
  • Ensures the implementation of internal controls set by the Board and Group functions within the business.

Our principal risks

In line with the UK Corporate Governance Code, the Group defines its principal risks as those considered to have a potentially material impact on its strategy and business model, including its future performance, solvency, liquidity and reputation. The Group’s strategy focuses on minimising financial risk and deploying capital at the right time in the housing market cycle, recognising the inherent risks and cyclical nature of the housing market. This, together with an agile, experienced and responsive management team, and robust risk management framework, has established a highly resilient business able to address a range of future economic scenarios.

Material Issues



The Group recognises the value of stakeholder engagement in ensuring the creation and protection of long-term value. A materiality assessment was performed in 2020 in order to identify important issues for our stakeholders, which were likely to have an impact on our business in the short to medium term. This assessment links to the Group’s risk management framework, and contributes directly to the identification, management and mitigation processes, as illustrated.

Our purpose, strategy and business model
is protected by a 
Risk management framework

which is enhanced by 

Material risk management diagram

which delivers

Sustainable value for all stakeholders

Aligning material issues and principal risks



Material issues Principle risk  

Number 1Strategy

1Pandemic risk


2Social value/ enhancing communities



3Health and safety

3National and regional economic conditions


4Talent attraction, development, diversity and engagement

4Government policy


5Helping customers live sustainably

5Health, safety and the environment


6Climate change action & resilience

6Labour and resources: skilled workforce, retention and succession


7Build quality and safety

7Labour and resources: materials and land purchasing



8Climate change


9Customer satisfaction



10Cyber security and protection

10Regulatory compliance


11Cyber and data risk


12Mortgage availability



Principal Risks - Heat Map

Principal risks heat map