Our approach to risk
When we look at risk, we specifically consider the effects it could have on our business model, our culture and therefore our ability to deliver our long-term strategic purpose.
We consider both short and long-term risks within a timeframe of up to three years. We consider social, operational, technical, governance and environmental risks, as well as financial risks.
This describes the amount of risk we are willing to tolerate as a business. We have a higher appetite for risks accompanying a clear opportunity to deliver on the strategy of the business.
We have a low appetite for, and tolerance of, risks that have a downside only, particularly when they could adversely impact health and safety or our values, culture or business model.
Our risk management process
The Board is ultimately responsible for ensuring that a robust risk management process is in place and that it is being adhered to. The main steps in this process are:
Each functional area of the Group maintains an operational risk register, where senior management identifies and documents the risks that their department faces in the short term, as well as the longer term. A review of these risks is undertaken on at least a bi-annual basis to compile their department risk register. They consider the impact each risk could have on the department and overall business, as well as the mitigating controls in place. They assess the likelihood and impact of each risk.
Reviews each departmental risk register. Any risks which are deemed to have a level above our appetite are added to/retained on the Group risk register (GRR) which provides an overview of such risks and how they are being managed. The GRR also includes any risks the Executive team is managing at a Group level. The Executive team determines mitigation plans for review by the Board.
Challenges and agrees the Group’s key risk, appetite and mitigation actions twice yearly and uses its findings to finalise the Group’s principal risks.
The principal and emerging risks are taken into account in the Board’s consideration of long-term viability as outlined in the Viability statement on pages 74 and 75 of our Annual Report and Accounts 2022.
We acknowledge that risks and uncertainties of which we are unaware, or which we currently believe are immaterial, may have an adverse effect on the Group.
Risk management activities
Risks are identified through operational reviews by senior management; internal audits; control environments; our whistleblowing helpline; and independent project analysis.
The internal audit team provides independent assessment of the operation and effectiveness of the risk framework and process in centres, including the effectiveness of the controls, reporting of risks and reliability of checks by management.
We continually review the organisation’s risk profile to verify that current and emerging risks have been identified and considered by each head of department.
Each risk has been scaled as shown on the risk heat map.
1 – Economic environment
2 – Covenant breach
3 – Expansion / growth (NEW)
4 – Core systems
5 – Suppliers (non‑amusements)
6 – Amusement supplier
7 – Management retention and recruitment
8 – Food safety
9 – GDPR and cyber security
10 – Targeted IT threat / attack (NEW)
11 – Compliance
12 – Climate change (NEW)