Zero-harm.jpg

Risk management involves the identification and evaluation of risks and is the responsibility of the Group Board. The Group's ability to manage risk is continually improving through the focus on risk management capability to ensure that it remains robust and that emerging risks are identified, assessed and managed effectively.

The risk management process incorporates both top-down and bottom-up elements to the identification, evaluation and management of risks, and all risks evaluated are referenced to the achievement of the Group's Strategic Initiatives. Risks are continually evaluated using consistent measurement criteria. Mitigating controls are identified and opportunities for the enhancement of the Group's control environment are implemented.

Further information on the Group's risk management procedures is included in the Corporate Governance section.

There are a number of potential risks and uncertainties which could have a material impact on SIG's long-term performance. The risk identification, monitoring and reporting framework together with the key risks and uncertainties identified as part of the Group's risk management process are as follows:

RISK IDENTIFICATION, MONITORING AND REPORTING FRAMEWORK

Responsibility for implementing

The Board

  • Sets strategic objectives
  • Approves risk governance structure and agrees risk appetite
  • Sets delegation of authority
  • Receives and reviews Group Risk Register
  • Receives and reviews Audit Committee reports on risk governance and internal controls

Audit Committee

  • Considers adequacy of risk management and internal control framework
  • Receives and reviews reports from the Group Risk Function
  • Receives and reviews reports from independent assurance providers
  • Sets Audit Programme

Group Executive Committee

  • Ensures risk management is embedded into all processes
  • Reviews Group Risk Profile

Operating Company Management

  • Management and employees are responsible for the identification, management and reporting of local risks
  • Maintenance of local risk registers
  • Implementation of control framework and risk mitigation plans

Group Risk Function

  • Conducts continual review of risks and risk controls
  • Concludes on treatment of risks
  • Reviews and reports on risk to the Audit Committee and Board
  • Formulation of strategy & policy
  • Tracks risk management activity in the operating companies

Central Support

  • Provides targeted expertise and support to risk owners
  • Develops and maintains risk specific controls

Independent Assurance

  • Internal audit
  • External audit
  • Quality standards audit
  • Insurer and property risk surveyors
  • Audit Committee and Board

Accountability for monitoring

2015 DEVELOPMENTS

Throughout 2015 SIG has continued to develop an integrated approach to its risk and assurance activities. Specifically, the following improvements have been implemented:

  • continued review of the internal control and risk framework;
  • review of risk management software to help improve risk identification and drive consistency;
  • external review of fraud risk management framework including fraud awareness policies and controls;
  • delivery of risk management and fraud awareness training across the Group to help confirm a consistent approach in embedding risk and fraud awareness practices throughout the business as well as educating employees on the importance of these disciplines;
  • review of self-certification processes;
  • extended participation with external risk and fraud forums;
  • continued development of Group-wide control framework forums to identify and drive best practice; and
  • development of a multifunctional information security council to enhance the Group's cyber security structure in order to ensure that it remains resilient and able to evolve to counter the increasing complexity and volume of information security threats to the wider business community.

PLANNED IMPROVEMENTS FOR 2016

SIG will continue to improve its risk management processes with a number of initiatives:

  • introduction of data warehousing, reporting of financial analysis and other tools which will improve data security, and the control framework, allowing for improved disaster recovery and better quality of reporting;
  • extend scope of risk management and fraud awareness training to help confirm a consistent approach in embedding risk and fraud awareness throughout the business;
  • review of risk management framework to refresh risk architecture, strategy and protocols;
  • enhancement of self-certification processes to ensure they remain consistent with the dynamic risk and fraud environment; and
  • defining a complete cyber strategy framework for the Group with a programme of activity which includes "Cyber Essentials" certification and working closely with KPMG and other third-party security specialists, government and local law enforcement though CISP and UK CERT.

Throughout the year the risks that SIG faces have been critically reviewed and evaluated. The assessment of the most significant risks and uncertainties that could impact SIG's long-term performance are outlined in this section of the report. These risks are not set out in any order or priority and they do not comprise all the risks and the uncertainties that SIG faces. This list has the potential to change as some risks assume greater importance than others during the course of the year.

Links to our Strategic Pillars

1 Outstanding customer service

2 Sales outperformance

3 Gross margin enhancement

4 Operational efficiency

5 Financial returns

6 Exceptional people

Understanding movements in business risk:

Increase Arrow Increase

No Change Arrow No change

Decrease Arrow Decrease

RISK AND LINK TO STRATEGIC PILLARSTRENDKEY MITIGATION ACTIVITIES INCLUDE:OUR FOCUS IN 2015
MARKET CONDITIONS23
The Group is exposed to changes in the level of activity and therefore demand from the building, construction and civil engineering industries. Government policy and expenditure plans, private investor decisions, the general economic climate and both business and (to a lesser extent) consumer confidence are all factors which can influence the level of building activity and therefore the demand for many of the Group's products.
  • Maintain a broad spread of markets, products and customers to limit risks within any given territory
  • The Group Board's portfolio review ensures that the Group's capital is appropriately allocated to the geographies and markets which remain core
  • Continual review of all available indicators of market activity and regular communication with key suppliers and customers to ensure that any change in market demand is anticipated as early as possible
  • Ensure the Group remains structured in a way that enables it to take prompt action in the event of a material change in the trading environment
  • Ensure the Group maintains a strong balance sheet and financial position
  • Restructuring actions
  • Strategic Initiatives
  • Selected ROCE-enhancing acquisitions
  • Further diversification through investment in specialist niche markets
  • Rebranding
COMPETITORS AND MARGIN MANAGEMENT235
Challenging market trading conditions mean that competition pressures from direct specialist competition and the overlap with general suppliers remain high, which in turn results in continued margin pressures being faced by the Group.
  • Strong trading presence and positions in the majority of the markets in which the Group trades
  • Initiatives designed to improve the Group's core competencies surrounding customer service, sales support and training
  • Ongoing pricing and purchasing initiatives, including supplier rebates, designed to improve gross margin
  • Tight control of operating costs
  • Significant investment in the branch network and distribution capability, people, IT infrastructure and product offering
  • Diversified portfolio of products, customers and markets limits the risk from any single competitor
  • Specialist training
  • Investment in IT
  • Professionalising procurement and pricing management
  • Development of category forums
  • Appointment of Group Operations Director, Group Supply Chain Director and Group Procurement Director
COMMERCIAL RELATIONSHIPS 12

Failure to negotiate competitive terms of business with suppliers or failure to satisfy the needs of customers could harm the Group's business.

Customer or supplier consolidation and/or manufacturers dealing directly with customers.

  • Ongoing pricing and purchasing initiatives designed to improve gross margin
  • The Group has extensive and regular dialogue with all commercial partners to maintain strong relationships
  • Key supplier/customer harmonisation and national account strategy planning
  • The Group is not overly reliant on any one supplier and all businesses undergo alternative key supplier scenario planning
  • Strategically important suppliers are reviewed globally to assess their financial health
  • Monitoring of customer behaviour and performance
  • Procurement Initiative
  • Commercial partner relationship and rationalisation
  • Appointment of Group Supply Chain Director and Group Procurement Director
GOVERNMENT LEGISLATION56
SIG operates in a number of countries, each with its own laws and regulations, encompassing environmental, legal, health and safety, employment and tax matters. Changes in these laws and regulations, including a potential "Brexit", could impact on SIG's ability to conduct its business, or make the conduct of such business more expensive. There is also the reputational and financial cost of being penalised for non-compliance.
  • Dedicated resource to monitor compliance with legal and regulatory matters
  • Active monitoring of relevant laws and regulations to ensure that any changes to the legal framework are identified and effects minimised
  • Review of policies and procedures with reference to changing legislative requirements and the provision of associated training
  • Affiliation with regulatory bodies and trade associations
  • Strong internal control framework, policies and culture supported by strong leadership, accountability and commitment throughout the organisation
  • Continuous monitoring of political environment
  • Continuous review of business plans in order to minimise SIG's exposure to potential changes in Government policy
  • 'Zero Harm' programme
  • Training and development programmes
  • Anti-Bribery & Corruption and Competition Policies
  • Data protection audits and training
DEBT 5
Group net debt at 31 December 2015 amounted to £235.9m. The Group has to manage the following risks relating to its net debt:
(1) future availability of funding;
(2) interest rate risk;
(3) foreign currency risk;
(4) compliance with debt covenants; and
(5) counterparty credit risk.
  • Comprehensive Treasury Policy (please see Treasury Risk Management section)
  • Regular monitoring, including sensitivity analysis, to understand the impact of interest rate and exchange rate movements
  • Active hedging programme in place
  • Monitor performance against covenants on the Group's Revolving Credit Facility and private placement notes
  • Regular discussion with banking and private placement partners
  • Regular meetings of the Tax and Treasury Committee
  • Integration of new acquisitions into SIG banking arrangements and cash management processes
  • Introduction of additional modelling and stress testing in relation to the longer-term viability reporting requirements
  • Early consideration of the refinancing of the 2016 private placement maturity of c.£130m (net of associated derivatives)
WORKING CAPITAL AND CASH MANAGEMENT 145
Failure to manage working capital effectively may lead to a significant increase in the Group's net debt, thereby reducing the Group's funding headroom and liquidity.
  • Post-tax Return on Capital Employed is a Key Performance Indicator of the Group
  • Cash flow targets are agreed with each business unit as part of the annual budget process and reviewed on a monthly basis
  • Stringent authorisation procedures to control capital expenditure
  • Proactive credit management systems supported by daily customer monitoring systems
  • Branch reviews
  • Strategic Initiatives
  • Credit management: UK roll out of unique customer finance and customer risk management tools to help customers
  • Investment in IT
IT INFRASTRUCTURE AND CYBERSECURITY 45

SIG uses a range of computer systems across the Group. Outages and interruptions could affect the ability to conduct day-to-day operations, which could result in loss of sales and delays to cash flow.

Key systems are breached causing financial loss, data loss, disruption or damage.

A new ERP system is currently being implemented within the UK distribution businesses.

  • Continual review of IT strategies to ensure they remain appropriate
  • Business continuity framework
  • Dedicated internal IT support team together with external support providers
  • Regular updates to technology, infrastructure, communications and application systems
  • The Group has advanced hardware and software security in place to ensure protection of commercial and sensitive data
  • For new IT projects, external consultants are utilised in conjunction with internal project management teams
  • Collaborative cross-functional risk group in place
  • Roll out of the new ERP system for the UK distribution businesses has continued during the course of 2015 and this will be completed in 2016
  • Group Chief Information Officer ("CIO") appointed
  • Awareness of increased exposure to cyber crime and creation of Information Security Council
  • Appointment of Group IT Service Delivery Director, Group IT Systems Development Director and Group IT Commercial Director
AVAILABILITY AND QUALITY OF KEY RESOURCES 46

Unavailability of key resources (e.g. assets such as property, stock and personnel) will impact on the ability of SIG to operate effectively and efficiently.

Failure to attract and retain key individuals, strong management and technical staff in the future could have an adverse effect upon the Group's business.

  • Strategic and budget reviews ensure all key resource requirements are identified and managed
  • Senior management succession planning
  • Continue to evolve a defined people strategy based on culture and engagement, talent management, training and reward recognition
  • Provision of channels for employees to raise concerns to promote an environment of honesty and trust
  • Employee engagement survey
  • Increased employee communication and engagement
  • Appointed Group Head of Resourcing
  • Implemented detailed succession planning for senior management
  • Increased training through "Raising the Bar" programme for Senior Leadership Team