Travis Perkins (TPK)
Travis Perkins: Publication of 2020 Annual Report
02-March-2021 / 19:55 GMT/BST Dissemination of a Regulatory Announcement, transmitted by EQS Group. The issuer is solely responsible for the content of this announcement.
Publication of the Annual Report 2020
Further to the release of its results announcement this morning, Travis Perkins plc (the "Company") announces that it has today published its Annual Report for the year ended 31 December 2020. The Company's Annual Report 2020 can be viewed on the Company's website - https://www.travisperkinsplc.co.uk/investors/results-reports-and-presentations/year/2021
In accordance with rule 9.6.1 of the Listing Rules, copies of the following documents have been submitted to the National Storage Mechanism and will shortly be available for inspection at https://data.fca.org.uk/#/nsm/nationalstoragemechanism
- Annual Report and Accounts 2020;
A condensed set of the Company's financial statements and information on important events that have occurred during the year and their impact on the financial statements were included in the Company's announcement. That information together with the information set out below which is extracted from the Annual Report constitute the requirements of Disclosure and Transparency Rule ("DTR") 6.3.5 which is to be communicated via a Regulatory Information Service in unedited full text. This announcement is not a substitute for reading the full Annual Report. Page and note references in the text below refer to page numbers in the Annual Report. To view the preliminary announcement, visit the Company's website: www.travisperkinsplc.co.uk
Enquiries:
Matt Worster
Matt.worster@travisperkins.co.uk
+44 (0) 7990 088548
Robin Miller
Robin.miller@travisperkins.co.uk
+44 (0) 1604 592533
STATEMENT OF PRINCIPAL RISKS AND UNCERTAINTIES
For the year ended 31 December 2020
In an exceptional year dominated by the global pandemic, we have demonstrated a clear understanding of the risks we face and taken a proactive approach to risk management to identify and pursue opportunities, drive better decision making and, most importantly, prioritise the safety and well-being of the Group's colleagues and customers.
The pandemic has required an ongoing and agile assessment of risks, challenges and issues, adjusting to the development of Covid-19 in real time. The pandemic and its wider economic effects continue to bring uncertainty to our operations and the delivery of our strategic objectives. Even with a mass vaccination programme, this uncertainty is likely to persist.
Risk management framework
We operate in an industry and markets which, by their nature, are subject to a number of inherent risks. In common with most large organisations we are also subject to general commercial, political and economic risks. We are able to mitigate those risks by adopting different strategies and by maintaining a strong system of internal control which is routinely tested and assured.
Our risk management framework has three pillars:
* Top down - activities at the Board and Group Leadership Team levels, focused on material risks to the strategy and operations.
* Bottom up - activities across the Group that capture risk perspectives that are significant at a business unit, programme or functional level.
* Emerging risk - new and emerging risks are considered through the regular risk activities above, the results of assurance activities, and, at least twice a year, through a process that assesses our risk set against external benchmarks.
The output from each pillar informs the process to determine our principal risks.
Responsibility and oversight
The Board has overall responsibility for risk management and internal controls, and for reviewing their effectiveness at least annually. The Board is supported in its assessment by the work of the Audit Committee, which regularly assesses the risk framework and the results of key assurance processes, including the work of Internal Audit, to provide assurance to the Board that risk is being effectively managed throughout the Group. Further details on risk management responsibilities and oversight are given in the Corporate Governance Report on page 79.
Risk appetite
The Board accepts that, in order to achieve its strategic objectives, and generate suitable returns for shareholders, it must accept, and manage, a certain level of risk. It undertakes an exercise, at least annually, to consider the nature and level of risk it is prepared to accept to deliver the strategy. Risk appetite is set across a suite of risk categories directly relevant to the Group, supported by high-level risk statements which set out the expectations for the management and control of each category of risk. The resulting assessment of risk appetite has been set to balance opportunities for growth and business development in areas of potentially higher risk and return, whilst prioritising safety and maintaining the Group's reputation, legal and regulatory compliance and the desired high levels of customer service and satisfaction.
In addition to its annual review in September, earlier in the year the Board also assessed whether the level of change prompted by Covid-19 might lead it to revise its risk appetite.
This review concluded that the Group's response to Covid-19 had not sought to take additional risk and that its risk appetite in related risk categories was already, and remained, one of low risk.
Risk assessment and reporting
Our risk management processes aim to identify and assess risks before they impact on activities, position the businesses and support functions to effectively manage those risks and leverage related opportunities.
The Board has developed a risk reporting framework that ensures it has visibility of key risks, the potential impacts on the Group and how and to what extent those risks are mitigated.
Our risk management activities continue to be developed to support management's assessments of threats and opportunities that could materially impact strategic delivery, performance, compliance and reputation. Whilst Covid-19 has dominated risk activities for much of 2020, there has also been a focus on developing and delivering the risk assessments required by the newly developed minimum standards that underpin our 12 material ESG focus areas. This work will continue into 2021. In addition, a plan has been developed to further embed risk assessment into key strategic and performance reviews in 2021, bringing an increased and regular focus on risk and opportunity management at key decision points.
Risk assurance
We operate a "three lines of defence" model to obtain assurance that major risks are adequately mitigated and controlled, as set out below. Oversight is provided by the Group Leadership Team and the Audit and Stay Safe Committees, which includes review of progress against agreed improvement actions. Regular updates on assurance activities are provided to the Board.
Line of defence
|
Source of assurance
|
Nature of assurance
|
1st
|
Business operations & operational management
Branches & distribution centres
|
Direct assurance - execution of policies and procedures, training completion, management controls and monitoring, key performance indicators and self-assessments
|
2nd
|
Central functions
Includes Safety, Fleet, Legal, Finance, IT
and HR
|
Management assurance - risk management programme, compliance and monitoring activities, central governance processes (including the setting of policies, procedures and training)
|
3rd
|
Independent reviews
Internal audit,
external audit and
other third parties
|
Independent assurance - internal audit activities and third party audits and reviews that objectively assess the adequacy and effectiveness of governance, risk management and controls and support continuous improvement
|
Principal risks
The Board and Group Leadership Team robustly assesses the Group's principal and emerging risks at least twice a year. During 2020 the Board has considered principal risks at four meetings, including detailed assessments of the impact of Covid-19 on the risk set. The principal risks that we consider to have a potentially material impact on the Group's operations and the achievement of its strategic objectives are set out below. They are ordered by risk category rather than relative size of risk. The inherent risk (before the operation of mitigating controls) is stated for each risk together with an indication of the current trend for that risk and strategic objectives that are potentially impacted. Further detail in respect of the potential impact of these risks and the mitigating actions taken are explored on the following pages. The scope and potential impact of risks will change over time. As such the risks set out below should not be regarded as a comprehensive statement of all potential risks and uncertainties that may manifest in the future. Additional risks and uncertainties that are not presently known to us, or which are currently deemed immaterial, could also have an adverse effect on the Group's future operating results, financial condition or prospects.
Risk category objective
|
Principal risks
|
Strategic objective
|
Risk trend - 2020
|
Risk trend - 2019
|
Inherent risk
|
External
|
Market conditions Pandemic NEW
Changing customer & competitor landscape Supplier risks
|
ABC AE ABC ABDE
|
N
|
|
High High High Medium
|
Strategic
|
Portfolio management Change management ESG NEW
|
BCDE ACDE ABCE
|
N
|
|
Medium
High High
|
Technological
|
IT systems and infrastructure Cyber threat and data security
|
AD AE
|
|
|
High High
|
Operational
|
People
Health, safety & well-being Legal compliance
|
ABC AE ABCDE
|
|
|
Medium Medium Medium
|
Key
- Best-in-class services
- Focus on trade
- Advantaged businesses
- Simplify the Group
- Financial strength
N New
Increasing
Decreasing
Limited change year-on-year
Key disruptive risks that may impact the viability of a strategy or business model are also identified and managed. Whilst several principal risks, including market conditions, supplier risks and the changing customer and competitor landscape, include elements that are considered disruptive in nature, they are categorised above according to the primary driver of the risk.
Key changes in the year
The risk environment in which we operate does not remain static and the Board has made the following changes to the principal risk set in 2020:
* Covid-19 was identified as an emerging risk in the 2019 report and has been the dominant area of focus for our risk management activities throughout 2020. Pandemic risk, specifically in relation to Covid-19, is now recognised as a new principal risk due to the inherent uncertainty associated with it. A pandemic is one of the very few risks that could result in the complete shutdown of our operations. Covid-19 has the potential to amplify or accelerate the onset of certain of our other principal risks and this potential for risk interdependencies has been kept under review during 2020, alongside the additional mitigation measures implemented.
* Brexit risk assessment and contingency planning remained a focus in 2020. In preparation for the end of the transition period, to offset potential disruption to the flow of goods in the event of "no deal", the business units again built targeted contingency stocks in the categories deemed most at risk, to ensure stock remained available to customers. To date, there has been little Brexit-related impact to the flow of goods although Covid-19 related disruption at certain ports has impacted us in a limited way. The Board no longer considers Brexit to be a principal risk.
Management have prepared for, and will continue to implement, the required changes to customs procedures, product standards and the recruitment of EU citizens, which remain the more significant areas of Brexit impact for the Group. Where relevant, Brexit-related risks have been incorporated into our other principal risks, and the underlying "bottom up" risk management processes.
* ESG is an area of increasing importance, as we recognise our impact and potential influence on the environment, the construction industry and wider society. We are seeking to take a leading position on ESG matters, which both addresses our responsibilities and an increasing level of interest and expectations from our customers, investors and other stakeholders. Accordingly ESG matters have been added as a principal risk.
* The risks in relation to Portfolio Management and Capital Allocation have been combined.
* In relation to principal risks brought forward from 2019, the Board considers that the market conditions risk, supplier risks and the changing customer and competitor landscape risk are increasing. All other risk trends are unchanged.
Emerging risks
As part of the overall risk assessment process, and in line with the requirements of the UK Corporate Governance Code, we capture and monitor areas of uncertainty that do not currently present a significant risk but which have the potential to adversely impact the Group in the future. These emerging risks are identified from regular reviews of risk research and other publications, alongside perspectives on emerging risks collated from assessments made by the business unit and functional leadership teams and the results of assurance activities. The emerging risks considered by the Board during 2020 included sustainability and climate change matters, digital technologies and, as a result of the pandemic, the impacts of changes to working locations and ways of working.
Market conditions
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial results
- Loss of market share
|
Our markets are highly fragmented and cyclical in nature and performance is affected by general economic conditions and a number of specific drivers of construction, repairs, maintenance and improvement and DIY activity. These include the volume of housing transactions, driven by mortgage availability and affordability, house- price inflation, the timing and nature of government activity to stimulate activity, net disposable income, consumer confidence, interest rates and unemployment levels.
The fundamental long-term market drivers remain robust despite Covid-19 related uncertainty in the short-term. Whilst a number of longer-term themes are beginning to impact the industry, these present us with both opportunities and risks in responding to the changes:
- Traditional ways of working in the industry will change, driven by technology and an increasing move to modern methods of construction.
- There is a need to address a growing productivity challenge in the construction sector alongside an increasing scarcity of technical knowledge, which will hinder industry growth if unaddressed.
- There is a drive for greater digitisation, which has accelerated as a result of the pandemic.
- The ability to deliver and measure social value will become fundamental to long-term success.
We must also manage the impacts of changing building standards and the UK Government's future framework for heat in buildings through the products and services that we offer.
|
Our businesses all hold #1 or #2 positions in their chosen markets.
We maintain a comprehensive tracking system for lead indicators that influence the market for the consumption of building materials in the UK.
The Board conducts an annual review of strategy, which includes an assessment of likely competitor activity, market forecasts and possible future trends in products, channels of distribution and customer behaviour.
Significant events that may affect the Group are monitored by the Group Leadership Team and reported to the Board monthly by the Group CEO. Should market conditions deteriorate then the Board has a range of options dependent upon the severity of the change. Historically these have included amending the Group's trading stance, cost reduction, changing the focus or lowering capital investment and reducing the dividend.
We have established a number of partnerships to explore opportunities to work with companies involved in modern methods of construction.
|
Pandemic
|
Impact
|
Risk description
|
Risk mitigation
|
- Detrimental impact to health and well-being
- Adverse effect on operations, financial condition and results
|
The Covid-19 pandemic has significantly impacted our operations and results in 2020. It is not clear how long the pandemic will last, how much more extensive it may yet become, what impact further virus variants could have, how quickly approved vaccines will be distributed and how effective they prove to be, or what further measures may be introduced by governments to mitigate the associated health, economic and societal impacts.
Central UK Government, and the devolved authorities in other parts of the UK, have deemed the Group to be an essential provider to ensure critical national infrastructure remains operational and homes remain warm and dry. Any change to this status would significantly impact our operations and results.
The pandemic may lead to a significant and prolonged impact for the Group in respect of:
- Operational disruption resulting from high levels of colleague absence, attempts to contain an outbreak at a Group location or further measures taken to contain virus peaks, whether localised or national. This could impact our ability to operate our branch and distribution network, or provide functional support to the business, if this cannot be delivered remotely.
- Pressure on colleagues to adapt to rapidly changing circumstances, ways of working and resourcing levels, which may impact their health and well-being.
- Disruption to our supply chain, which operates across multiple territories. In addition to the proximate disruptive effects of the pandemic, the supply chain may also be impacted by business closures and consolidation activity.
Levels of consumer confidence in an uncertain economic environment, which may adversely impact demand for our products and services.
|
We acted quickly to respond to the challenges posed by Covid-19 with the safety and well-being of colleagues and customers our overriding priority in our continued response to the pandemic.
Tiered crisis response teams were mobilised before the first UK lockdown to coordinate activity. These teams continue to monitor the situation closely, with regular oversight from the Board, and update measures, advice and communications as required.
Colleagues have been regularly consulted with throughout the pandemic and are empowered to call out unsafe practices. Several incidents in recent months suggest that Covid-19 has been an influencing factor both in terms of the physical and mental impacts to colleagues of adapting to changed ways of working, and as a necessary area of focus which may divert attention from more typical operational hazards. Organisation-wide safety stand down briefings were run in 2020 for colleagues to reflect and consider individual and collective actions that can be undertaken to take responsibility for their own and each other's safety. Other major response measures include:
- Rapid changes to the network to enable contactless collections and socially distanced service.
- Enhanced hygiene routines and provision of PPE.
- Supporting all colleagues able to work from home to do so, which will continue for the foreseeable future.
- Active, detailed management of cost and cash flow, including the suspension of the 2019 final dividend, a 20% reduction in Board and Executive pay for three months and the deferral of rates and VAT payments.
Regular communications to colleagues including a weekly pulse survey and extended well-being support.
|
Changing customer & competitor landscape
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial results
- Loss of market share
|
The evolution of customer behaviours has accelerated through the pandemic and this is expected to continue. Forced to move to more remote transactions, customers looked for digitally-enabled solutions. Whilst this drove an immediate focus on our digital transaction capabilities, the ability of these platforms to meet customer demand and keep pace with competitor developments will impact longer-term growth and delivery of our strategy.
The process of digitisation introduces alternatives beyond our traditional competitors and, through the move to more online purchasing, there is increasing price transparency. This puts pressure on the margin that can be achieved on distributed products in some instances.
The balance of delivered sales has moved significantly during the pandemic and our ability to develop this area and provide innovative fulfilment solutions will be a key differentiator. Customers also increasingly value the ability to procure services that complement their project, presenting us with both an opportunity and risk to meet that expectation.
Increased focus on delivery and fulfilment may draw other new entrants into the market who operate business models which differ significantly from the traditional merchanting, retail and online formats from which we currently operate. There is also an ongoing level of portfolio change among our more established competitors. Both present potential threats to the leading market share positions of our businesses.
These changes in the customer and competitor landscape, individually or in combination, may adversely impact the profitability of branch-based operations, impact pricing perceptions and, as a result, negatively impact our overall performance.
|
The Board is cognisant of the risks presented by the changing customer and competitor landscape and evaluates developments both in terms of threats and opportunities for the Group. Competitor activity is closely monitored, including potential consolidation activity.
We have made significant progress in 2020 towards digitising key customer journeys and building tools that complement our existing operations and enable customers to transact with us through channels that best suit their needs. Initially focused on the General Merchant business, these tools build on the existing high levels of digital engagement enjoyed by the Wickes and Toolstation businesses.
High quality fulfilment of customer orders remains the main service differentiator across Trade businesses. This is an area of ongoing focus for us and will combine with the digital enablement initiatives to give better visibility and more choice to customers. The Group appointed a Fulfilment Director in 2020 to focus these efforts.
We are able to use our sites flexibly to respond to changes. Alternative space utilisation models are possible, including maintaining smaller stores and implanting additional services into existing branches. The programme of restructuring announced in June 2020 progressed our existing strategy to operate from fewer, larger branches with a greater breadth and depth of product range.
Pricing strategies across the Group are regularly reviewed and refined to ensure they remain competitive.
|
Supplier risks
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial results
- Adverse effect on reputation
|
We face a number of risks in relation to key supplier dependencies and relationships, overseas sourcing and disintermediation, all of which could adversely impact upon ranging and price.
We are the largest customer to a number of our suppliers. In some cases, those suppliers are large enough to cause us significant difficulties and disruption if they are unable to meet their supply obligations, whether due to economic or operational factors.
Alternative sourcing may be available, but the volumes required and the time it may take those suppliers to increase production could result in significant and prolonged stock-outs, adversely impacting customer service and, potentially, leading customers to switch to a competitor in the short- or long-term.
We source a number of products from overseas factories, which increases our exposure to quality, warranty, ethical and currency issues. This again may adversely impact customer service and choice.
Manufacturers of the materials and products that we sell may also look to sell directly to end customers in the future, diminishing the role of distributors.
|
Making decent returns is one of our cornerstones and drives us to treat both customers and suppliers fairly. We have established strong relationships with our key suppliers and work closely with them to agree contracts that are mutually beneficial. We conduct due diligence in line with our commitment to responsible sourcing, and to ensure a continuous supply of quality materials.
Where possible, contracts exist with more than one supplier for key products, to reduce the risks of dependency on a sole supplier.
Activities undertaken in preparation for Brexit and the end of the transition period, including increased supplier liaison, mapping in-bound supply chains to identify potential exposures and holding buffer stocks in certain categories, has assisted in the understanding and mitigation of our supplier risks.
We have made a significant investment in our Far East infrastructure to support our direct sourcing operation. This allows the development of own brand products, thereby reducing the reliance on branded suppliers. We have also adopted a conservative hedging policy to reduce our exposure to currency fluctuations.
Independent checks are undertaken on the factories producing products for the Group, including the ethical, safety and environmental performance of the site and the quality and suitability of products before they are shipped to the UK. The results of these checks are kept under review with action taken as necessary to address any concerns.
|
Portfolio management
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial results
- Adverse effect on shareholder value
- Adverse effect on reputation
|
We manage a number of businesses in the UK which operate in different, but complementary sectors. As the markets we serve continue to develop, we are investing to enhance our existing businesses and also to develop new propositions to better serve our customers.
We undertake acquisition and disposal activity to optimise our portfolio of businesses and drive shareholder returns. In December 2018, we announced a strategy to simplify the Group and concentrate on our trade-focused businesses. Although the
Covid-19 pandemic led us to pause the planned demerger of Wickes during 2020, we completed the disposal of the Tile Giant retail business in September 2020.
Programmes to separate and prepare businesses for sale or demerger can be complex given the many linkages to our systems and processes. More generally, the projected benefits, costs and timescale for portfolio management activities may deviate from those originally planned, which could in turn impact the progression of the process and the value realised or price paid.
Although we operate a disciplined capital allocation process, there is a risk that we over-invest in channels which may decline or are non-core. It is also possible that we may not allocate sufficient capital to new propositions and advantaged businesses resulting in suboptimal returns on capital.
|
All merger, acquisition and disposal activities are subject to a detailed appraisal process and ultimate approval by the Board.
We put in place a formal programme of work, with dedicated resources, for larger-scale transactions. External expertise and advisors are involved as required to support the programme teams.
All activity of this kind is supported by robust governance and monitoring. The largest programmes are closely monitored by a programme Steering Committee, with sponsorship and representation from members of the Group Leadership Team and, when appropriate based on the significance of a transaction, the Board. Both the Group Leadership Team and the Board receive regular updates on all portfolio management activities.
Responsibility for identifying and implementing opportunities to expand, improve or modify our operations rests with each of the business unit leadership teams. We deploy or redeploy capital through a Group-level forum to strategically-aligned projects expected to achieve the best return on capital. Projects are required to present a comprehensive business case and, for the largest investments, Board approval is sought.
Major projects are reviewed monthly by the Group Leadership Team.
Post implementation reviews are undertaken of all major projects and returns are monitored on an on-going basis to ensure that the expected returns are achieved, but also to allow us to modify the allocation of capital when appropriate.
|
Change management
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial results
- Adverse effect on shareholder value
- Adverse effect on colleague engagement.
|
We undertake a variety of projects throughout our businesses in order to generate returns for our shareholders. These projects include the modernisation of the Group's core IT systems and infrastructure and, in direct response to the challenges of the pandemic, changes to methods of customer fulfilment and a drive for process simplification in relation to rebates and simplified pricing templates.
By their nature, major change programmes are often complicated, interlinked and may require considerable resource or specialist expertise to deliver. As a result, the expected benefits, timescale for delivery and the costs of implementation of each project may deviate from those anticipated at the outset. Colleague engagement may be impacted during a period of significant change and cost-focus.
|
All potentially significant projects are subject to detailed investigation, assessment and approval prior to commencement.
We allocate dedicated teams, including finance colleagues, to each project, with additional expertise being brought in to supplement existing resources when necessary. Regular communications are undertaken to keep colleagues informed.
All major programmes are supported by an appropriate governance structure and are closely monitored through the Group Leadership Team's monthly programme review with regular reporting to the Board. When projects do not deliver against expectations, we undertake exercises to capture the 'lessons learned' which are fed into future projects.
Recent enhancements of the Group's digital capabilities have been delivered using a more agile, incremental approach to change.
Whilst we continue to embed the approach, it has been successful in supporting a more rapid development of solutions which can be ring-fenced, trialled and assessed before wider deployment.
Although this approach is lighter on formal project management and governance in the earlier stages, we have implemented robust gateways to manage the risks of wider deployment.
|
ESG
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on reputation
- Competitive disadvantage
- Adverse effect on financial and operational performance
- Less attractive as an investment proposition
- Potential legal action, fines and penalties
|
Our operations are impacted by, and impact upon, the environment, society and the economy and we are committed to the promotion of sustainable, ethical and inclusive business practices amongst our customers, suppliers and colleagues. This commitment promotes a sustainable and value-generating business model, underpinning our strategy, and more fundamentally recognises our responsibility to take action and influence the wider industry now, to mitigate the significant threats to the planet posed by climate change.
Growing risks in relation to Environmental, Social and Governance ("ESG'') matters require us to regularly identify our most material responsibilities and challenges in order to target investment and manage them well. This includes investment in the decarbonisation of the fleet and estate, and engagement with the wider construction products industry to reduce supply-chain and product carbon, taking action to prevent the worst impacts of climate change.
In addition, ESG matters are increasingly of interest to our customers, investors and other stakeholders, driving changes to demand and expectations, which we must identify and respond to.
|
A Group Code of Conduct is in place, underpinned by policies, which cover our ESG and ethical requirements.
Our Head of Sustainability undertakes regular materiality assessments, consulting with broad stakeholder groups, to determine the most material ESG risks and opportunities facing the Group. These are agreed by the Group Leadership Team and the Board. We have determined accountabilities throughout our businesses to manage ESG material focus areas, including Group Leadership Team sponsorship of each topic. A suite of Minimum Standards is being implemented to maintain a strong core.
We have set commitments for each focus area including an industry-leading commitment on carbon reduction. We allocate budget to meet the stated commitments and progress on key strategic initiatives is regularly monitored by the Group Leadership Team.
We have put in place a programme of independent audits to assure compliance with our most significant regulatory requirements in relation to ESG matters.
|
IT systems and infrastructure
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on financial and operational performance
- Adverse effect on delivery of strategy
- Competitive disadvantage
|
In our day-to-day operations we are dependent on a wide range of IT systems and supporting infrastructure and technology plays a significant role in our strategic ambitions.
Our current IT landscape is complex and includes legacy systems that lack the functionality of modern software and where expertise is diminishing.
Whilst older systems present an increasing risk of failures or outages and require more effort to maintain, of greater significance is the risk that our current systems hinder the delivery of the strategy, whether technologically or in diverting resources.
In adopting a more agile, incremental approach to business change, enabled by technology, we will need to manage an extended period of change where old and new technologies must successfully co-exist. There is significant risk associated with IT-enabled business change programmes including risks in relation to prioritisation and sequencing, resource allocation, cost and time overruns, testing and business acceptance. These risks, alone or in combination, could impact our short-term performance and achievement of our longer-term strategy.
|
Whilst we are currently reliant on older infrastructure and applications, adequate resources and processes are in place to keep the current state well maintained and operational.
To mitigate the risk of disruption in the event of a system failure, an IT disaster recovery plan is in place, together with broader business continuity plans. Arrangements are in place for alternative data sites. Off-site back-up routines are in place. Plans are regularly tested and the results assessed to drive further improvements. Our incident management process is designed to prioritise and respond to any incident quickly and effectively, with escalation and communication protocols. Recovery targets are in place and are designed to minimise the operational and customer impact.
We have an evolving modernisation plan that will drive business benefits and lead to the replacement of a number of legacy systems. This will bring greater capability and longevity to our systems and infrastructure.
A governance structure is in place for IT change programmes from idea generation through to deployment. This includes protocols, to ensure that upgrades and improvements are delivered to the business in a controlled manner that limits the potential for disruption. The Group Leadership Team receives regular progress reports and larger programmes are reported to the Board.
Every programme is assessed at completion as to the lessons learned. Insights are rolled into future change programmes.
|
Cyber threat & data security
|
Impact
|
Risk description
|
Risk mitigation
|
- Operational disruption
- Adverse effect on reputation
- Potential legal action, fines and penalties
|
Incidents of sophisticated cyber-crime represent a significant and increasing threat to all businesses including the Group. As we seek to meet our customers' increasing digital expectations and drive competitive advantage in this area, the underlying data is attractive to external attackers whose methods and global footprint are rapidly evolving. There is therefore a balance to be struck between increased digitisation and availability of data against the risks that such activities introduce.
Incidents impacting the confidentiality, integrity and availability of our data and systems could result in disruption to customer-facing, supplier-facing and financial systems through theft and misuse of confidential data, damage to or manipulation of operationally critical data or interruption to our IT services, any of which may have serious consequential impacts on our reputation, ability to trade and compliance with regulations including GDPR.
We assess our main risk of attack to be from opportunistic criminals seeking financial gain from the theft and sale of personal data.
During 2020, the Covid-19 pandemic appears to have heightened this risk and we have seen an increase in the volume, frequency and sophistication of attempted cyber-attacks during this period, which is expected to continue. We also face internal risks of data loss or leakage as a result of actions taken by colleagues, whether accidental or deliberate. Our strategy to modernise and digitise capabilities also presents a further dimension to cyber and data security risk.
|
We take our responsibilities and legal obligations in respect of data security and protection seriously and continue to focus on a combination of people, process and technology to help minimise the likelihood and impact of cyber incidents.
Alongside user awareness and education, best of breed security controls and technologies are key to reducing the likelihood of an attack and are regularly tested. These include firewalls, virus protection, email threat protection, intrusion detection and vulnerability scanning. All changes to technology solutions require Information Security review and approval.
Action was taken this year to further develop our security profile and maturity against the internationally recognised National Institute of Standards and Technology - Cyber Security Framework. During 2020 we successfully introduced a 24/7 security operations centre capability to monitor for suspicious activity and behaviours and work with resolver teams as required.
We have a cyber-incident response protocol, which is updated with lessons learned from responses to attempted attacks on the Group and external cases. Third party forensic capability is in place, should it be needed, to support our ability to respond rapidly and effectively to an incident, restore systems and demonstrate compliance.
We will prioritise a number of security focused programmes in 2021 to further minimise the risk profile. This includes programmes focused on maintaining GDPR compliance and the optimisation of security technology.
|
People
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on delivery of strategy
- Competitive disadvantage
- Adverse effect on reputation
|
People are key to our success. Our ability to recruit, develop, retain and motivate suitably qualified and experienced staff is an important driver of our overall performance.
The strength of our customer proposition is underpinned by the quality of our people, particularly those in branch and other customer facing roles. Many colleagues have worked for us for many years, during which time they have amassed valuable product and customer knowledge and expertise. Retaining those colleagues is key to continuing high levels of customer service and maintaining our competitive advantage.
Ensuring the retention and development of our employees, and that robust succession plans exist for key positions, is important for us to ensure that we have the right skills and experience to deliver on our strategic objectives.
We are exposed to skills shortages in certain areas which can result in salary cost pressures. In particular, the availability of suitably qualified commercial drivers remains an area of ongoing focus, which is critical to the operation of our fleet to meet customer delivery expectations.
We recognise the benefits of a diverse workforce and an inclusive workplace, to ensure that everyone feels welcome, valued for their contribution and able to perform at their best. Making progress in this area will take time and there is a risk that we are unable to move quickly enough to capture the benefits or meet colleague and customer expectations.
|
Strategic initiatives are in place in relation to diversity and inclusion and knowledge management. Further information on progress made during the year can be found in the Diversity and inclusion report on page 62.
The Group's employment policies and practices are kept under regular review.
Staff engagement and turnover by job type is reported regularly to the Group Leadership Team and the Board.
An established talent and succession process is in place, which will be reviewed and refreshed in 2021. The process is run annually with plans for the most senior and critical roles reviewed by the Board.
The Group's reward and recognition systems are actively managed to ensure high levels of employee engagement. Salaries and other benefits are benchmarked regularly to ensure that the Group offering remains competitive and the Group operates incentive structures to ensure that high performing colleagues are adequately rewarded and encouraged to remain with the Group.
A wide range of training programmes are in place to encourage staff development. Management development programmes are available to those identified for more senior positions. The Group's award-winning "Learn and Earn" Apprenticeship Programme ("LEAP") has been in place for a number of years and has a track record of successful delivery of apprenticeships in both branch- based and functional roles.
|
Health, safety & well-being
|
Impact
|
Risk description
|
Risk mitigation
|
- Harm to our colleagues, customers or the public
- Potential legal action, fines and penalties
- Adverse effect on reputation
|
Keeping our colleagues, customers, suppliers and the public safe is a cornerstone of the business and at the heart of how we operate. We expect everyone to go home to their families safely every day.
We operate a large estate, with many sites running complex and busy yards. We also operate one of the largest vehicle fleets in the UK, distributing heavy and bulky materials. Certain products that we sell pose health and safety risks. Poorly implemented safety practices on site, on the road and at delivery locations could result in significant harm to our colleagues, customers and the wider community.
The Covid-19 pandemic has had a profound impact on the Group and presents new risks to the health and well-being of our colleagues and the safe operation of our businesses. The tactical steps we have taken to respond to the challenges of the pandemic are set out in the separate Pandemic risk.
|
Health, safety and well-being is one of our fundamental values. We continue to challenge our thinking and approach to improving safety performance through our well established "Stay Safe" brand. Steps have been taken in 2020 to build on our reporting programme and empower colleagues to "Call It Out" if they see anything that they consider to be unsafe. Guidance has been issued to support colleagues through difficult customer conversations. Regular communications highlight examples where "calling it out" has avoided a safety issue, which is helping to generate an even more open reporting culture around safety.
Governance of Stay Safe is well established and designed to promote a continual focus on health and safety. Stay Safe performance is reviewed at all Board meetings, by the Group Leadership Team, by every business leadership team and by the dedicated Stay Safe Committee, which is chaired by a Non-executive Director. In these forums we also monitor the
achievement of transport compliance requirements. The Fleet team has recently been restructured and is in the process of delivering improvements against a Fleet and Driver roadmap, continuing into 2021.
Incidents are monitored, investigated and corrective action taken to address the root cause. For more significant incidents, an Incident Review Board is held, with the lessons shared across the Group.
We have increased our focus on mental health and well-being in 2020, introducing a range of resources to colleagues and supporting the wider construction industry's "Stop. Make a Change" campaign in October.
De-risking our operations and improving health, safety and
well-being awareness are at the forefront of our activities. Further information on progress made during the year can be found in the Safety and well-being Report on pages 56 to 57
|
Legal compliance
|
Impact
|
Risk description
|
Risk mitigation
|
- Adverse effect on reputation
- Adverse effect on financial and operational performance
- Potential legal action, fines and penalties
|
We are subject to a broad range of existing and evolving governance requirements, environmental, health and safety and other laws, regulations, standards and best practices which affect the way that we operate and give rise to significant compliance costs, potential legal liability exposure for non-compliance and potential limitations on the development of our operations and strategy.
|
The General Counsel's Office is responsible for monitoring changes to laws and regulations that affect the business and is supported by external advisors. The Group Leadership Team and the Board regularly monitor compliance with laws and regulations.
We have implemented a new Code of Conduct that sets out our requirements for doing business in the right way. This is underpinned by a comprehensive framework of policies. Those expectations are disseminated using a range of methods to ensure that our colleagues understand their responsibilities to comply with the law and other regulations affecting the Group at all times. We share Supplier Commitments with our suppliers to articulate our expectations and higher risk suppliers are assessed against these requirements using an Online Risk Assessment.
We appointed a Corporate & Regulatory Risk Business Partner in late 2019 to support the business in meeting new requirements and to continue to develop and improve the existing framework.
Our new Code of Conduct is the first phase in our strategy to deliver an enhanced assurance framework to further support regulatory compliance across the Group. Areas of initial focus include Money Laundering, Competition Law, Anti-Bribery and Corruption and Corporate Criminal Offences. The second phase, already underway, is to implement a suite of Minimum Standards that support policy adherence. Crucially this will also assist in our assessment of the maturity of Group-wide processes and controls across the 12
ESG material focus areas identified by the Board, of which Legal Compliance is one.
We provide online training to colleagues in key areas of legal and regulatory compliance, including mandatory modules for those joining the Group.
We operate a speaking up process that allows anonymous reporting, through an independent hotline, of any suspected wrongdoing, unethical behaviour or instances of non-compliance with laws and regulations. All reported cases are investigated. This is being updated following the implementation of our new Code of Conduct in order to further improve awareness and access across our businesses and supply chain in all relevant countries.
|
|