Annual Report and Accounts 2013

Principal Risks and Uncertainties Introduction to Our Approach to Risk

Risk is an inherent part of doing business. Our approach is to identify and assess all significant risks which could adversely affect the Group’s ability to achieve its business objectives and to identify management actions and internal controls which can mitigate those risks to an acceptable level.

The Board establishes the control environment, sets the risk appetite, approves policies and delegates responsibilities under our risk management framework.

The Group Head of Risk works to establish and implement the risk management policy, independently reviews and challenges risk information throughout the business, compiles and analyses risk profiles and monitors risk management processes within the Group and regularly reports on risks to the oversight bodies including the Board.

our risk management framework

Our risk management framework recognises that the long-term success of our Company relies on the ability to effectively understand, accept and manage risk within our business.

Our risk management framework includes:
  • a risk management policy which is communicated throughout the Group and reviewed annually;
  • a standard set of key risk areas, categories and definitions;
  • a standardised and automated risk assessment and reporting tool, including standard risk assessment criteria, evaluation of “gross” and “net” risks and the determination of risk appetite;
  • consolidation of risk assessments for each business at Group level to identify organisation-wide impacts and trends;
  • a six-monthly risk assessment, action planning and reporting cycle, which includes a review of current and emerging risks and their mitigation by regional, executive management, the Audit Committee and the Board;
  • reporting to the Board on any matters which have arisen from the Audit Committee’s review of risk management and internal control processes and any exceptions to these processes;
  • periodic reviews of business units’ risk mitigation by the Group Head of Risk and by the Group Internal Audit function; and
  • a dedicated Group Head of Risk to lead and work with a network of local and regional management to continuously improve risk management.


The Board is responsible for establishing and maintaining an effective system of internal control. This system of internal control is embedded in all key operations and is designed to provide reasonable assurance that the Group’s business objectives will be achieved. Regular management reporting and annual self-certification provides a balanced assessment of key risks and controls and is an important component of the Board’s assurance. The Board also receives updates from the Audit Committee, which receives regular information from internal and external audit reports on the Group’s risks and internal controls. The Group’s internal audit function is responsible for reporting to the Audit Committee on the effectiveness of the Group’s risk management process and for evaluating the internal control environment to ensure controls are appropriate and operating efficiently and effectively.

The core elements of DP World’s system of internal controls include:

  • Organisational structure: a clearly defined organisational structure that provides clear roles, responsibilities and delegated levels of authority to enable effective decision making across the Group.
  • Code of conduct: a code of conduct that sets out how the Group expects its employees to act.
  • Whistle blowing policy:a whistle blowing programme for employees to report complaints and concerns about conduct which is considered to be contrary to DP World’s values. The programme, monitored by the Audit Committee, makes communication channels available to all employees within the Group.
  • Anti-bribery and corruption policy:an anti-bribery and corruption policy has been implemented by DP World, supported by online training that is directed and proportionate to the identified areas of risk.
  • Strategy and financial management: clear strategy and financial management which is consistent throughout the organisation and can be actively translated into practical measures. Comprehensive reporting systems, including monthly results, annual budgets and periodic forecasts, monitored by the Board.
  • Policies and procedures: documented policies and procedures for all Group functions within the business, which are communicated to all business units.
  • Risk management and performance: risk-profiling for all business units and the Group to identify, monitor and manage significant risks which could affect the achievement of the Group’s objectives.
  • Assurance: assurance activities cover key business risks which contribute to the overall assurance framework, including an internal audit function to review the systems of internal control.