Our approach to risk
Our review of risk considers the potential effects on our business model, our organisational culture and our capacity to deliver our long-term strategic purpose.
We consider both short-term and longerterm risks, and we organise them into the following broad categories: financial, social, operational, technical, governance and environmental.
Risk appetite
This describes the amount of risk we are willing to accept in pursuit of our strategic aims. We have a higher appetite for risks that accompany clear opportunities to execute our strategy and deliver value.
Conversely, we maintain a low tolerance for risks that are purely downside or which could adversely impact health and safety, our core values, our culture or our business model.
Our risk management process
The Board has overall responsibility for ensuring that a robust risk management process is in place, and that it is consistently applied throughout the business. The main steps in our process are as follows:
Every functional area of the Group maintains an operational risk register. Senior management in that area identify and document the key risks facing the department — both in the short term and over the longer term. Each register is reviewed at least bi-annually. For each risk we assess:
- The potential impact on the department and on the Group as a whole;
- The mitigating controls in place; and
- The estimated likelihood and impact of the risk, and whether additional mitigation is required.
The Executive Team reviews all departmental risk registers. Those risks which exceed our defined risk appetite are escalated to the Group Risk Register (GRR). The GRR also includes strategic, cross-Group and emerging risks identified at the Group level. The Executive Team proposes mitigation plans for these escalated risks which are then submitted to the Board for review.
At least twice a year the Board formally reviews and challenges:
- All of the Group’s key risks;
- Our risk appetite and tolerance levels;
- The progress of mitigation actions; and
- Emerging risks and changes in the business environment.
These reviews feed into the Board’s consideration of the Group’s long-term viability and are reflected in the Viability Statement. Furthermore, the principal risks are presented by Department Heads / Directors at Board meetings as outlined on page 73 of our Annual Report and Accounts 2025.
Risk management activities
Risks are identified through a range of activities including: operational reviews by senior management; internal audit programmes; controls self-assessments; our whistle-blowing helpline; and independent project reviews.
The internal audit team provides independent assessment of the operation and effectiveness of the risk framework and process in centres, including the effectiveness of the controls, reporting of risks and reliability of checks by management.
We continually review the organisation’s risk profile to ensure that current and emerging risks are identified, evaluated and considered by each head of department.
Each risk is scaled and visualised through our risk-heat-map framework, enabling clear prioritisation of risks by severity (impact × likelihood) and monitoring of whether these are increasing or decreasing over time.
Financial risks
1. Economic environment
2. Covenant breach
3. Expansion and growth
Operational risks
4. Core systems
5. Food and drink services
6. Amusement services
7. Management retention and recruitment
8. Health and safety
Technical risks
9. Cyber security
10. GDPR
Regulatory risks
11. Compliance
12. Climate change
