Risk management, audit and assurance

Identification, management and monitoring of sustainability risks (including social, environmental and ethical risks) are fully integrated into the Group’s risk management processes. Paul Richardson provides an annual assessment of sustainability risks and performance to the Nomination and Governance Committee. 


At each Board meeting, the Group chief executive presents a Brand Check review of each of the business’ operations, including an assessment of the risks in each business, providing feedback on the business risks and details of any change in the risk profile since the last Board meeting.


Reviews of sustainability risks such as those relating to employment policies, privacy and data security are included in the scope of selected internal audits. Significant findings are reported to the Audit Committee.


We review potential sustainability-related risks in our due diligence process when we acquire new businesses. For example, our due diligence teams look at risks relating to bribery and corruption or ethical issues associated with client work. We have a process in place to make sure acquired businesses embed our policies and undertake our ethics training. 


See our Annual Report for more detail on our risk management process, our audit process and a list of our principal risks.