Overview of risk management responsibilities The table below sets out how responsibility for risk management is allocated and how that responsibility is discharged: BOARD Collectively responsible for managing risk • Sets the Board’s risk appetite. • Regular discussions of ‘What keeps us • Ensures Executive Directors have line • Conducts formal reviews of principal awake at night?’. responsibility for managing specific risks. risks (including emerging risks) and the • Monitors KPIs which measure the • Assesses the coverage and adequacy of risk KPIs twice a year – one of which is effectiveness of risk mitigations through independent assurance. in connection with consideration of the Board reports. viability statement(see pages 80 to 91). • Ensures strategic investment and • Risk topics reviewed in depth through manages risk prioritisation. regular timetabled presentations or papers. AUDIT AND RISK COMMITTEE Oversees risk management process • Receives a formal review of the • Conducts formal reviews of the risk • Holds the relationship with the principal risks and risk KPIs and the risk management process twice a year – independent Internal Auditor, approves management process twice yearly. one of which is in connection with the rolling internal audit programme, and consideration of the viability statement receives internal audit reviews of selected (see pages 89 to 91). risks. • Receives a report from the Executive Risk • Selects and proposes topics for and Resilience Committee at each meeting. ‘key risk’ reviews by the Board. EXECUTIVE BOARD Reviews principal risks • Members responsible for managing risk • Reviews risk topics through regular • Delegates line responsibility for within their areas of accountability. timetabled presentations or papers. managing individual risks within their area • Conducts formal reviews of principal risks • Monitors KPIs which measure the of accountability to individual Executive (including emerging risks) twice a year. effectiveness of risk mitigations. Board members, and oversight of these to the Risk and Resilience Committee. RISK AND RESILIENCE COMMITTEE (MEETS MONTHLY – NEW FOR FY21) Oversight of principal and operational risks • Oversight and review of the principal and • Monthly review of the KPIs (including • Regular cross-functional ‘deep dive’ of operational risk registers and the process those relating to cyber security) which each of the principal risks and associated by which they are compiled. measure the effectiveness of the operational risks. • Reviews the risk landscape, ranks the mitigations for principal risks, and • Reports monthly to the Executive Board principal risks and identifies emerging requires explanation from relevant and to the Audit and Risk Committee at risks. management where the indicator is each meeting. outside the tolerance range. • Conducts a formal review of the principal risks (including emerging risks) twice a year in advance of submission to the Executive Board and the Group Board. CHIEF FINANCIAL OFFICER Ensures that risk management processes are adhered to • Chairs the Risk and Resilience • Presents the outcome of the risk review to • With the Company Secretary, ensures Committee. the Executive Board, the Audit and Risk that principal risk topics are scheduled Committee and the Group Board twice for regular review by the Executive Board a year. and the Group Board. DUNELM GROUP PLCANNUAL REPORT & ACCOUNTS 2021 77 STRATEGIC REPORTGOVERNANCEFINANCIAL STATEMENTSOTHER INFORMATION >> >> >> >>