Internal Control and Risk Management

Risk management strategy and framework

The objectives of the Board and Melrose senior management include safeguarding and increasing the value of the business and assets of the Group for stakeholders as a whole. Achievement of these objectives requires the development of policies and appropriate internal control frameworks to ensure the Group’s resources are managed properly, and for key risks to be identified and mitigated where possible.

The Board recognises that it is ultimately responsible for determining the nature and extent of the principal risks it is willing to take in the pursuit of its strategic objectives. It also recognises the need to define a risk appetite for the Group, to maintain sound risk management and internal control systems, and to monitor its risk exposures and mitigation measures to ensure that the nature and extent of risks taken by the Group are aligned with, and proportionate to, its strategic objectives.

The Board has established an organisational structure with clear reporting procedures, lines of responsibility and delegated authority. Consistent with this, the Group operates a top-down, bottom-up approach to risk management, comprising Board and Melrose senior management oversight coupled with bottom-up risk management embedded in the day-to-day activities of the business.

The Board confirms that there is an ongoing process for identifying, evaluating, tracking and managing the principal risks faced by the Group and that these systems are subject to regular monitoring and review. The Board further confirms that the systems, processes and controls that are in place accord with the guidance contained in the Financial Reporting Council’s “Guidance on Risk Management, Internal Control and Related Financial and Business Reporting” and the UK Corporate Governance Code (the “Code”).

The Audit Committee monitors, oversees and reviews the effectiveness of the risk management and internal control processes implemented across the Group, through regular updates and discussions with management and a review of the key findings presented by the external and internal auditors. The Board is responsible for considering the Audit Committee’s recommendations and ensuring implementation by senior management of those recommendations it deems appropriate for the business. A description of the Audit Committee’s activities during the year on risk management can be found on the Audit Committee page or on page 121 of the 2023 Annual Report.

The divisional management teams are responsible for monitoring business-level risk and implementing and maintaining an effective risk and control environment as part of day-to-day operations, in line with the Group risk management framework and internal control systems determined by the Board. They are also responsible for specific and ongoing risks related to the business, which are reported into senior management and in turn formally to the Audit Committee on an interim and annual basis. The Audit Committee receives a formal risk management report on a biannual basis, in addition to their regular receipt of updates from the senior management team on material items that arise relating to principal Group risks.

Management, with support from Ernst & Young, continued to utilise a third party hosted interactive dashboard during 2023 which has been tailored to the requirements of the Group in order to consolidate the Group’s risk reporting. The dashboard includes data from GKN Aerospace’s risk register, which was reviewed and approved during 2023 by GKN Aerospace’s senior management key risk owners. The dashboard has supported the continued enhancement of the Group’s risk management processes, with in depth reporting and data collection. This has bolstered the Audit Committee’s oversight of risk areas, mitigations, controls and trends. The risk management process also involved objective trend analysis and independent insight from Ernst & Young, and this year included an analysis of the Group’s principal risk profile against other aerospace and defence companies based on public disclosures.

The Audit Committee reviewed and challenged the Group’s risk management process, and also reviewed and challenged the interim and annual reports prepared by Melrose senior management relating to the Group’s principal risk profile. These reports guided the Board and Audit Committee on relevant updates to the Group’s principal risks (including the identification of new principal Group risks and emerging risks), as reported in the Risks and uncertainties section on pages 31 to 36 of the 2023 Annual Report. They also aided the Audit Committee’s discussions with the Board on risk appetite, as detailed further below. During the year under review, in accordance with provisions 28 and 29 of the Code, the Board continued to monitor the effectiveness of the Group’s risk management and internal control systems. The Board concluded that the Group’s risk management and internal control systems and processes were operating effectively. Follow up actions in respect of progress and improvement in relation to financial controls are further discussed in the Audit Committee report on pages 116 to 123 of the 2023 Annual Report.

Risk appetite

The Board has undertaken an exercise to consider its risk appetite across a number of key business risk areas by assessing their current and optimal level of risk appetite for each of the Group’s principal risks. The results of this review indicate the relative appetite of the Board across the Group’s principal risk areas at a specific point in time. Any material changes in risk factors will impact the Board’s assessment of its risk appetite.

The results of the risk appetite review demonstrated that the Board has an open risk appetite towards operational and commercial risk, with a cautious appetite towards economic and political, loss of key management and capabilities, legal and regulatory, climate change and treasury risks. The Board seeks to minimise all health and safety and information security and cyber threats risks.

The results of the risk appetite review supports the Board’s decision-making processes. The Board undertakes a review of its risk appetite at least annually.

Internal financial controls and reporting

The Group has a comprehensive and robust system for assessing the effectiveness of internal controls, including strategic business planning and regular monitoring and reporting of ESG data alongside financial and operational performance. The identification and oversight of material controls over the ESG data of the business is the responsibility of the GKN Aerospace sustainability function, which runs an established yet evolving programme of regular monitoring and review (at least quarterly) processes that are consistently robust across the Group. This is complemented by reporting protocols to ensure the business lines’ management are accountable for achieving progress on sustainability and climate-related matters. The quality and accuracy of ESG data is continually improved against relevant guidance from prominent international regulatory frameworks and as tailored for our chosen metrics and targets. In 2023, we commenced a sustainability data pre assurance project in preparation for formal limited assurance in the coming years. Horizon-scanning of applicable external reporting requirements is conducted regularly to identify the opportunities to strengthen data management systems and controls and ensure data driven compliance mechanisms.The Audit Committee also monitors the effectiveness of the internal control process implemented across the Group through a review of the key findings presented by the external and internal auditors.

Ethics and compliance

Our Code of Ethics reinforces our values and provides guidance for all employees, contractors and business associates so that they are fully aware of what is expected of them, their responsibilities and the consequences of non-compliance. The principles outlined in our Code of Ethics are embedded within the Group, and mechanisms and policies are in place for anyone to whom the Code of Ethics applies to seek guidance on interpreting its principles, where required.

The Code of Ethics is supported by Group compliance policies covering best practice with respect to anti-bribery and corruption, anti-money laundering, anti-facilitation of tax evasion, competition, conflict minerals, trade compliance, data privacy, whistleblowing, treasury and financial controls, anti-slavery and human trafficking, document retention, joint ventures, diversity and inclusion, environmental, human rights, supply chain, biodiversity and water.

The implementation of the Code of Ethics and Group compliance policies is supported by a combination of risk assessment requirements, training and ongoing monitoring to ensure their effectiveness for the Group. Taken together, these initiatives have enhanced our business’s effectiveness at identifying and managing risks and have promoted and embedded a more risk-aware culture. Further details on the Group’s management of risk can be found in the Risk management section on pages 28 to 30 of the 2023 Annual Report.

Melrose’s reputation for acting responsibly plays a critical role in its success as a business and its ability to generate shareholder value. We maintain high standards of ethical conduct and take a zero-tolerance approach to bribery, corruption, modern slavery and human trafficking and any other unethical or illegal practice. We are committed to acting professionally, fairly and with integrity in all business dealings and relationships, within all jurisdictions in which we operate. Further details of the Group’s stance and focus on ensuring effective stewardship in respect of key environmental, social and governance matters are set out in the Sustainability review on pages 43 to 93 of the 2023 Annual Report. Supporting our compliance policies are a comprehensive online training platform, an industry-leading whistleblowing reporting facility and a data-driven risk reporting dashboard providing increased risk management visibility and trend analysis to senior management and the Audit Committee. The integrity of the compliance framework is further reinforced by the use of independent compliance reviews where required.

Download our Tax strategy