Experian 2016 Annual Report Download - page 15

Download and view the complete annual report

Please find page 15 of the 2016 Experian annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 188

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188

13
Tone at the top
Business strategy
Consumers at the
heart of what we do
A culture of
winning together
Disciplined capital
allocation
A powerful
brand
Great client
outcomes
Leading, innovative
products
Risk management
Our risk management framework
The Board is responsible for maintaining
and reviewing the effectiveness of
our risk management activities from
a financial, operational and strategic
perspective. These activities are
designed to identify and manage,
rather than eliminate, the risk of failure
to achieve business objectives or to
successfully deliver our business
strategy. Our risk management
framework supports the successful
running of the business, by identifying
and where possible managing risks
to an acceptable level and delivering
assurance on these.
The risk management framework has
been built to identify, evaluate, analyse,
mitigate and monitor those risks that
threaten the successful achievement of
our business strategy and objectives,
within our risk appetite. More detail
regarding the specific actions and
processes underlying each element of
the risk management process can be
found in the Governance section.
Risks are owned and managed within the
business, and formally reviewed at least
every quarter. To supplement business
self-assessments, global governance
teams form a second line of defence,
executing information security, regulatory
compliance and business continuity
risk and control reviews. Internal Audit
provides a third line of defence, by
executing independent and objective risk
and control assessments. The results
of these reviews feed into the quarterly
reporting cycle. Risks are overseen and
supervised through the Executive and
regional risk management committees.
Our risk identification processes follow
a dual approach, seeking to identify
risks using:
A bottom-up approach at a
business unit or country level.
This approach identifies those risks
which threaten an individual business
unit activity and are managed
by the business unit. To provide
visibility of wider issues within the
business, these are consolidated
at the regional and global level.
Higher rated risks are escalated
to the regional and Executive risk
management committees.
A top-down approach at the
global level. This approach
identifies those principal risks which
threaten delivery of our strategy
and objectives. The diagram above
summarises our principal risk profile.
During the year under review, we began
deployment of a global issue tracking
system that consolidates the monitoring
and reporting of active risk remediation
action plans. Action items are prioritised,
monitored, reported and escalated
based upon standard criteria.
Principal risk profile
Loss or inappropriate
use of data and systems
New legislation or changes in
regulatory enforcement
Increasing competition
Failure to comply with laws
and regulations
Adverse and unpredictable
financial markets or fiscal
developments
Business conduct risk
Non-resilient IT/business
environment
Undesirable investment
outcomes
Dependency on highly
skilled personnel
Data ownership,
access and integrity
IMPACT
LIKELIHOOD
Sustaining a
culture
of integrity and
ethical values
Commitment
to maintaining a
strong risk and
control culture
Commitment
to competency
Risk management
Evaluate
AnalyseMitigate
IdentifyMonitor
Risk
appetite
Strategic report Principal risks – identifying and managing risk