Our approach to risk
When we look at risk, we specifically consider the effects it could have on our business model, our culture and therefore our ability to deliver our long-term strategic purpose.
We consider both short and long-term risks and split them into the following groups: financial, social, operational, technical, governance and environmental risks.
Risk appetite
This describes the amount of risk we are willing to tolerate as a business. We have a higher appetite for risks accompanying a clear opportunity to deliver on the strategy of the business.
We have a low appetite for, and tolerance of, risks that have a downside only, particularly when they could adversely impact health and safety or our values, culture or business model.
Our risk management process
The Board is ultimately responsible for ensuring that a robust risk management process is in place and that it is being adhered to. The main steps in this process are:
Each functional area of the Group maintains an operational risk register, where senior management identifies and documents the risks that their department faces in the short term, as well as the longer term. A review of these risks is undertaken on at least a bi-annual basis to compile their department risk register. They consider the impact each risk could have on the department and overall business, as well as the mitigating controls in place. They assess the likelihood and impact of each risk.
Reviews each departmental risk register. Any risks which are deemed to have a level above our appetite are added to/retained on the Group risk register (GRR) which provides an overview of such risks and how they are being managed. The GRR also includes any risks the Executive team is managing at a Group level. The Executive team determines mitigation plans for review by the Board.
The Board challenges and agrees the Group’s key risks, appetite and mitigation actions at least twice yearly and uses its findings to finalise the Group’s principal risks. The principal and emerging risks are taken into account in the Board’s consideration of long-term viability as outlined in the Viability statement.
Read more on pages 76 and 77 of our Annual Report and Accounts 2023.
Risk management activities
Risks are identified through operational reviews by senior management; internal audits; control environments; our whistleblowing helpline; and independent project analysis.
The internal audit team provides independent assessment of the operation and effectiveness of the risk framework and process in centres, including the effectiveness of the controls, reporting of risks and reliability of checks by management.
We continually review the organisation’s risk profile to verify that current and emerging risks have been identified and considered by each head of department.
Each risk has been scaled as shown on the risk heat map.
Financial risks
1 – Economic environment
2 – Covenant breach
3 – Expansion and growth
Operational risks
4 – Core systems
5 – Food and drink suppliers
6 – Amusement supplier
7 – Management retention and recruitment
8 – Food safety
Technical risks
9 – Cyber security and GDPR
Regulatory risks
10 – Compliance
11 – Climate change