Managing risk and uncertainty Principal Risks The principal risks identified in the Group risk register are: • Strategy - future business and brand management risks • External market factors including market shocks • Programme and project delivery risks, including major contracts such as FSS • People: recruitment and retention • People: health and safety, wellbeing • Physical and data security risks • Technical assurance • Long-term liabilities: defined benefit pension commitments • Technology transformation - including new systems, digitalisation, innovation, and potential market disruptors Risk environment High government debt levels, persistent inflation, and general global market uncertainties can affect customer spending patterns. National elections in core markets may impact the timing, nature, and value of new contracts or lead to changes to existing contracts. Key mitigations include maintaining our critical supplier status and increasing our agility to respond to our customer needs through adapting our service offerings. A solid order book of long-term contracts acts as a hedge to short-term demand shocks while the depth and breadth of our pipeline insulates against longer-term sector downturns. The transformation of our delivery organisation, a new ERP system (UK), and a Global PMO function are among the initiatives introduced to reduce programme delivery risks. These changes will enable faster and better capacity management and resource allocation decisions. Although debt free, we maintain careful cashflow management and adopt proactive funding policies to meet our long-term liabilities. We work closely with the Trustees to manage the DB Pension Scheme deficit, with funding plans agreed based on actuarial reviews. System and data security risks remain high due to the increasingly sophisticated cybersecurity threats, many using Artificial Intelligence (AI). We continue to build defences and resilience through the roll out of regional IT networks and the deployment of a suite of tools for active deterrence, detection, and remediation under approved IT, data and digital strategies. Other principal risks include people recruitment and retention, with certain markets more vulnerable to employee turnover. The company takes various actions, including better resource scheduling, including global mobility opportunities and providing careers mapping to facilitate employee development. Health, safety and wellbeing risks always remain a high priority for the business. Emerging Risks Emerging risks and opportunities are those that are developing or are changing, with the full impact being evaluated. Regional conflicts and geopolitics will underpin spending decisions on core areas of national security, including in cyber defences and energy resilience. We believe the introduction of AI tools will transform how companies operate and are investing in our AI capabilities to unlock potential whilst managing the downside risks. The urgency of the climate emergency and need for environmental sustainability presents new opportunities to support our customers as well as new risks to the business. We continue to invest in the management and reporting of ESG risks, working to reduce our carbon footprint and to ensure that our supply chain meets global ethical standards. Risk Appetite We take a balanced approach to risk. In areas including pipeline growth, organisational and digital transformation, and innovation we are willing to accept a higher level of risk and return. In matters of compliance, ethics, cybersecurity, financial management, and safety – our risk appetite remains low, with a cautious approach to management. Regional conflicts and geopolitics will underpin spending decisions on core areas of national security, including in cyber defences and energy resilience. 31
RkJQdWJsaXNoZXIy NTcyOTY=