Our approach to risk

When we look at risk, we specifically consider the effects it could have on our business model, our culture and therefore our ability to deliver our long-term strategic purpose.


We consider both short and long-term risks within a timeframe of up to three years. We consider social, operational, technical, governance and environmental risks, as well as financial risks.

Risk appetite

This describes the amount of risk we are willing to tolerate as a business. We have a higher appetite for risks accompanying a clear opportunity to deliver on the strategy of the business.

We have a low appetite for, and tolerance of, risks that have a downside only, particularly when they could adversely impact health and safety or our values, culture or business model.


The COVID-19 pandemic, the associated lockdown and the closure of our business significantly impacted our financial year. The pandemic, as well as the social and macroeconomic impact it brought, has created a risk event for the Group, which has been considered as set out in the Viability statement on page 48 of our annual reports and accounts 2021.

In our initial response phase to COVID-19, our priority was to safeguard the health and wellbeing of our colleagues and customers, and to mitigate the closure of our centres. We moved into a resilience phase early in the lockdown period following extensive modelling of the financial impact of COVID-19. A number of key decisions were made in relation to the pandemic, including the furloughing of colleagues and negotiating payment terms with our suppliers, as well as landlords in regard to rental support. We also received support from our new and existing shareholders through an equity raise in March 2021.

Where the impact of the pandemic has exacerbated a principal risk, we have incorporated commentary on the COVID-19 mitigation being taken, as well as new risks where relevant.

Our risk management process

The Board is ultimately responsible for ensuring that a robust risk management process is in place and that it is being adhered to. The main steps in this process are:

Formally review their risks on a six-monthly basis to compile their department risk register. They consider the impact each risk could have on the department and overall business, as well as the mitigating controls in place. They assess the likelihood and impact of each risk.

Reviews each departmental risk register. Any risks which are deemed to have a level above our appetite are added to/retained on the Group risk register (GRR) which provides an overview of such risks and how they are being managed. The GRR also includes any risks the Executive team is managing at a Group level. The Executive team determines mitigation plans for review by the Board.

Challenges and agrees the Group’s key risk, appetite and mitigation actions twice yearly and uses its findings to finalise the Group’s principal risks.

The principal and emerging risks are taken into account in the Board’s consideration of long-term viability as outlined in the Viability statement on pages 48 and 49 of our annual report and accounts 2021.

We acknowledge that risks and uncertainties of which we are unaware, or which we currently believe are immaterial, may have an adverse effect on the Group.

Risk management activities

Risks are identified through operational reviews by senior management; internal audits; control environments; our whistleblowing helpline; and independent project analysis.

The internal audit team provides independent assessment of the operation and effectiveness of the risk framework and process in centres, including the effectiveness of the controls, reporting of risks and reliability of checks by management.

Since the reopening of our centres on 17 May 2021, we have undertaken a review of the organisation’s risk profile to verify that current and emerging risks have been identified and considered by each head of department.

Each risk has been scaled as shown on the risk heat map.

Financial risks
1 – Economic environment
2 – Covenant breach
3 – Business interruption (finance)

Operational risks
4 – Core systems
5 – Suppliers (non-amusements)
6 – Amusement supplier
7 – Management retention and recruitment
8 – Food safety
9 – Business interruption (operations)

Technical risks
10 – GDPR and cyber security 

Regulatory risks
11 – Compliance