trialled and assessed before wider deployment.
Although this approach is lighter on formal project
management and governance in the earlier stages, we
have implemented robust gateways to manage the risks
of wider deployment.
ESG
Impact Risk description Risk mitigation
Our operations are impacted by, and impact upon, A Group Code of Conduct is in place, underpinned by
the environment, society and the economy and we policies, which cover our ESG and ethical
are committed to the promotion of sustainable, requirements.
ethical and inclusive business practices amongst
our customers, suppliers and colleagues. This
commitment promotes a sustainable and
? Adverse value-generating business model, underpinning our Our Head of Sustainability undertakes regular
effect on strategy, and more fundamentally recognises our materiality assessments, consulting with broad
reputation responsibility to take action and influence the stakeholder groups, to determine the most material
? Competitive wider industry now, to mitigate the significant ESG risks and opportunities facing the Group. These
disadvantage threats to the planet posed by climate change. are agreed by the Group Leadership Team and the
? Adverse Board. We have determined accountabilities
effect on throughout our businesses to manage ESG material
financial focus areas, including Group Leadership Team
and Growing risks in relation to Environmental, sponsorship of each topic. A suite of Minimum
operational Social and Governance ("ESG") matters require us Standards is being implemented to maintain a strong
performance to regularly identify our most material core.
? Less responsibilities and challenges in order to
attractive target investment and manage them well. This
as an includes investment in the decarbonisation of the
investment fleet and estate, and engagement with the wider We have set commitments for each focus area
proposition construction products industry to reduce including an industry-leading commitment on carbon
? Potential supply-chain and product carbon, taking action to reduction. We allocate budget to meet the stated
legal prevent the worst impacts of climate change. commitments and progress on key strategic
action, initiatives is regularly monitored by the Group
fines and Leadership Team.
penalties
In addition, ESG matters are increasingly of
interest to our customers, investors and other
stakeholders, driving changes to demand and We have put in place a programme of independent
expectations, which we must identify and respond audits to assure compliance with our most
to. significant regulatory requirements in relation to
ESG matters.
IT systems and infrastructure
Impact Risk description Risk mitigation
Whilst we are currently reliant on older
infrastructure and applications, adequate resources
and processes are in place to keep the current state
well maintained and operational.
In our day-to-day operations we are dependent on
a wide range of IT systems and supporting
infrastructure and technology plays a significant
role in our strategic ambitions. To mitigate the risk of disruption in the event of a
system failure, an IT disaster recovery plan is in
place, together with broader business continuity
plans. Arrangements are in place for alternative
Our current IT landscape is complex and includes data sites. Off-site back-up routines are in place.
legacy systems that lack the functionality of Plans are regularly tested and the results assessed
modern software and where expertise is to drive further improvements. Our incident
diminishing. management process is designed to prioritise and
respond to any incident quickly and effectively,
? Adverse with escalation and communication protocols.
effect on Recovery targets are in place and are designed to
financial Whilst older systems present an increasing risk minimise the operational and customer impact.
and of failures or outages and require more effort to
operational maintain, of greater significance is the risk
performance that our current systems hinder the delivery of
? Adverse the strategy, whether technologically or in We have an evolving modernisation plan that will
effect on diverting resources. drive business benefits and lead to the replacement
delivery of of a number of legacy systems. This will bring
strategy greater capability and longevity to our systems and
? Competitive infrastructure.
disadvantage In adopting a more agile, incremental approach to
business change, enabled by technology, we will
need to manage an extended period of change where
old and new technologies must successfully A governance structure is in place for IT change
co-exist. There is significant risk associated programmes from idea generation through to
with IT-enabled business change programmes deployment. This includes protocols, to ensure that
including risks in relation to prioritisation and upgrades and improvements are delivered to the
sequencing, resource allocation, cost and time business in a controlled manner that limits the
overruns, testing and business acceptance. These potential for disruption. The Group Leadership Team
risks, alone or in combination, could impact our receives regular progress reports and larger
short-term performance and achievement of our programmes are reported to the Board.
longer-term strategy.
Every programme is assessed at completion as to the
lessons learned. Insights are rolled into future
change programmes.
Cyber threat & data security
Impact Risk description Risk mitigation
We take our responsibilities and legal obligations
Incidents of sophisticated cyber-crime represent in respect of data security and protection seriously
a significant and increasing threat to all and continue to focus on a combination of people,
businesses including the Group. As we seek to process and technology to help minimise the
meet our customers' increasing digital likelihood and impact of cyber incidents.
expectations and drive competitive advantage in
this area, the underlying data is attractive to
external attackers whose methods and global
footprint are rapidly evolving. There is Alongside user awareness and education, best of
therefore a balance to be struck between breed security controls and technologies are key to
increased digitisation and availability of data reducing the likelihood of an attack and are
against the risks that such activities introduce. regularly tested. These include firewalls, virus
protection, email threat protection, intrusion
detection and vulnerability scanning. All changes to
technology solutions require Information Security
Incidents impacting the confidentiality, review and approval.
integrity and availability of our data and
? Operational systems could result in disruption to
disruption customer-facing, supplier-facing and financial
(MORE TO FOLLOW) Dow Jones Newswires
March 02, 2021 14:55 ET (19:55 GMT)