Policies on Risk & Control
The Board acknowledges its overall responsibility for Encipient's system of internal control and for reviewing its effectiveness, whilst the role of Executive Management is to implement Board policies on risk and control.
Executive Management has implemented an internal control system designed to facilitate the effective and efficient operation of Encipient™ and its business units and aimed at enabling management to respond appropriately to significant risks to achieving Encipient's business objectives. It should be noted that the system is designed to manage, rather than eliminate, the risk of failure to achieve Encipient's business objectives, and can only provide reasonable, and not absolute, assurance against material misstatement or loss. This system of internal control helps to ensure the quality of internal and external reporting, compliance with applicable laws and regulations, and internal policies with respect to the conduct of business.
The Board is of the view that there is a sufficient on-going process for identifying, evaluating, and managing the significant risks faced by Encipient™. The Board is responsible for the total process of risk management and the system of internal control. Executive Management is responsible for identifying risks and implementing appropriate mitigation and controls within their businesses. An independent Group Risk Management department, which is directly accountable to the Board Risk Committee and has unrestricted access to the Chairman of the Committee, is responsible for designing and reviewing the process of risk management.
Approach to risk management
Encipient™ derives its approach to risk management and control from a perspective of enhancing value. As a result, the risk management process takes a holistic approach to managing risks on an enterprise-wide basis. This involves focusing on the identification of the key risks that affect the achievement of Encipient's objectives. Such risks are firstly understood on an inherent basis, which involves understanding the main drivers of such risks in the absence of any controls. Thereafter there is an assessment of the residual level of risks, taking into account the controls that are in place to manage such risks. Where the residual level is outside the acceptable limits, further controls and action are defined to bring the risks within the limits. An important aspect of this approach is the recognition that risk management is not limited solely to the downside or risk avoidance, but is about taking risk knowingly.