Email this page

Risk management encompasses the implementation of cost-effective controls and contingency plans with the intent of exceeding goals and objectives, including the minimisation of costs, timescales and liabilities.

Risk management is the responsibility of all managers, who are responsible for implementing the Group's risk management policies and systems, as appropriate, across the business and ensuring that all employees apply these systems.

Risk management is a continuous process.

Pro-active management of risk is an integral part of the normal management and review process -to define future plans and actions, and ensure their satisfactory execution. It also facilitates more cost-effective and efficient purchase of insurance.

Risk budgets are established to fund risk assessment and treatment.

Activities that may affect the company's image or reputation are subject to formal risk management.

3.1 Board
The Board has overall accountability for the Group's Risk Management Policy and for ensuring that the Risk Management System is effective and complies with the Turnbull Committee Guidance in the Combined Code.

The Board reviews an annual report of the Key Risks facing the Group together with an assessment of the effectiveness of the system of risk management, and reports on these matters in the Annual Report to shareholders.

3.2 Risk Committee
The Board has delegated to the Chief Executive responsibility for the implementation of the Group's Risk Management Policy and for submitting the annual Risk Report to the Board.

The Chief Executive has formed a Risk Committee to support him in fulfilling this accountability, the membership of which comprises senior executives from across the Group.

The Risk Committee reviews the Group Risk Register to assess:

• The nature and extent of the risks.

• The extent and category of risks which it regards as acceptable.

• The impact and likelihood of risks occurring.

• The adequacy of risk treatment.

• Actions and contingency plans.

• The adequacy and cost of controls.

• The progress on the implementation of the Risk Management System.

3.3 Business Units and Corporate functions
By implementing the Risk Management Policy, the Business Units and Corporate functions are responsible for:

• Maintenance and update of risk reporting (registers/presentations).

• Managing risk action implementation plans.

• Maintaining and reviewing risk performance and measurement systems.

Risk Registers are compiled and submitted for review twice a year. Risk assessments are also submitted with acquisitions or divestment proposals and capital expenditure requests for over £2m. 

Each Business Unit has appointed a Risk Management Champion to facilitate the Risk Management Policy within their business. A Group Head Office Risk Management Champion fulfils this role for Corporate functions

3.4 Corporate Risk Function
The Corporate Risk Function is responsible for:

• Compilation of the Group Risk Register at least half-yearly for submission to the Risk Committee, including:

  • Consolidation of Business Units and Corporate function Key Risks
    
  • Facilitation of the creation of the Group Risk Register
    
  • Regular reporting on overall progress in implementing the Risk Management System
    
  • Significant risk issues and changes in risk
    
• Facilitation and training support and communication of best practice within the Group.
  
• Continuous improvement of the Risk Management System
  
  

The Smith & Nephew Board is responsible for the maintenance of the Group's systems of risk management and internal control and for reviewing their effectiveness.  An ongoing process is in place for identifying, evaluating and managing key risks through: the Risk Committee which reports to the Board annually; business reviews by the Board; and the review of internal financial controls and the risk management process by the Audit Committee. These systems are reviewed annually by the Board. Whilst not providing absolute assurance against material misstatements or loss, these systems are designed to identify and manage those risks that could adversely impact the achievement of the Group's objectives.

The areas of potential major impact reported to the Risk Committee are detailed on pages 21 to 25 of the Annual Report 2006.

In 2006, the effectiveness of the Business Units systems put in place to identify and manage material risk were evaluated and the findings reported to the Board. No material weaknesses were identified in these systems.

As the Group’s shares are quoted on the New York Stock Exchange in the form of American Depositary Shares, in 2006 in accordance with the requirement in the US under S404 of the Sarbanes-Oxley Act management assessed the effectiveness of the Group’s internal control over financial reporting. Based on its assessment management concluded the Group’s internal control over financial reporting was effective based on the criteria set out by the Committee of Sponsoring Organisations of the Treadway Commission in Internal Control – Integrated Frameworks.