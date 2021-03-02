trialled and assessed before wider deployment. Although this approach is lighter on formal project management and governance in the earlier stages, we have implemented robust gateways to manage the risks of wider deployment. ESG Impact Risk description Risk mitigation Our operations are impacted by, and impact upon, A Group Code of Conduct is in place, underpinned by the environment, society and the economy and we policies, which cover our ESG and ethical are committed to the promotion of sustainable, requirements. ethical and inclusive business practices amongst our customers, suppliers and colleagues. This commitment promotes a sustainable and ? Adverse value-generating business model, underpinning our Our Head of Sustainability undertakes regular effect on strategy, and more fundamentally recognises our materiality assessments, consulting with broad reputation responsibility to take action and influence the stakeholder groups, to determine the most material ? Competitive wider industry now, to mitigate the significant ESG risks and opportunities facing the Group. These disadvantage threats to the planet posed by climate change. are agreed by the Group Leadership Team and the ? Adverse Board. We have determined accountabilities effect on throughout our businesses to manage ESG material financial focus areas, including Group Leadership Team and Growing risks in relation to Environmental, sponsorship of each topic. A suite of Minimum operational Social and Governance ("ESG") matters require us Standards is being implemented to maintain a strong performance to regularly identify our most material core. ? Less responsibilities and challenges in order to attractive target investment and manage them well. This as an includes investment in the decarbonisation of the investment fleet and estate, and engagement with the wider We have set commitments for each focus area proposition construction products industry to reduce including an industry-leading commitment on carbon ? Potential supply-chain and product carbon, taking action to reduction. We allocate budget to meet the stated legal prevent the worst impacts of climate change. commitments and progress on key strategic action, initiatives is regularly monitored by the Group fines and Leadership Team. penalties In addition, ESG matters are increasingly of interest to our customers, investors and other stakeholders, driving changes to demand and We have put in place a programme of independent expectations, which we must identify and respond audits to assure compliance with our most to. significant regulatory requirements in relation to ESG matters. IT systems and infrastructure Impact Risk description Risk mitigation Whilst we are currently reliant on older infrastructure and applications, adequate resources and processes are in place to keep the current state well maintained and operational. In our day-to-day operations we are dependent on a wide range of IT systems and supporting infrastructure and technology plays a significant role in our strategic ambitions. To mitigate the risk of disruption in the event of a system failure, an IT disaster recovery plan is in place, together with broader business continuity plans. Arrangements are in place for alternative Our current IT landscape is complex and includes data sites. Off-site back-up routines are in place. legacy systems that lack the functionality of Plans are regularly tested and the results assessed modern software and where expertise is to drive further improvements. Our incident diminishing. management process is designed to prioritise and respond to any incident quickly and effectively, ? Adverse with escalation and communication protocols. effect on Recovery targets are in place and are designed to financial Whilst older systems present an increasing risk minimise the operational and customer impact. and of failures or outages and require more effort to operational maintain, of greater significance is the risk performance that our current systems hinder the delivery of ? Adverse the strategy, whether technologically or in We have an evolving modernisation plan that will effect on diverting resources. drive business benefits and lead to the replacement delivery of of a number of legacy systems. This will bring strategy greater capability and longevity to our systems and ? Competitive infrastructure. disadvantage In adopting a more agile, incremental approach to business change, enabled by technology, we will need to manage an extended period of change where old and new technologies must successfully A governance structure is in place for IT change co-exist. There is significant risk associated programmes from idea generation through to with IT-enabled business change programmes deployment. This includes protocols, to ensure that including risks in relation to prioritisation and upgrades and improvements are delivered to the sequencing, resource allocation, cost and time business in a controlled manner that limits the overruns, testing and business acceptance. These potential for disruption. The Group Leadership Team risks, alone or in combination, could impact our receives regular progress reports and larger short-term performance and achievement of our programmes are reported to the Board. longer-term strategy. Every programme is assessed at completion as to the lessons learned. Insights are rolled into future change programmes. Cyber threat & data security Impact Risk description Risk mitigation We take our responsibilities and legal obligations Incidents of sophisticated cyber-crime represent in respect of data security and protection seriously a significant and increasing threat to all and continue to focus on a combination of people, businesses including the Group. As we seek to process and technology to help minimise the meet our customers' increasing digital likelihood and impact of cyber incidents. expectations and drive competitive advantage in this area, the underlying data is attractive to external attackers whose methods and global footprint are rapidly evolving. There is Alongside user awareness and education, best of therefore a balance to be struck between breed security controls and technologies are key to increased digitisation and availability of data reducing the likelihood of an attack and are against the risks that such activities introduce. regularly tested. These include firewalls, virus protection, email threat protection, intrusion detection and vulnerability scanning. All changes to technology solutions require Information Security Incidents impacting the confidentiality, review and approval. integrity and availability of our data and ? Operational systems could result in disruption to disruption customer-facing, supplier-facing and financial

(MORE TO FOLLOW) Dow Jones Newswires

March 02, 2021 14:55 ET (19:55 GMT)