LucyGroup-ARA2024_spreads web ready_FINAL

RISK MANAGEMENT

BUSINESS OVERVIEW STRATEGIC REPORT CORPORATE GOVERNANCE FINANCIAL STATEMENTS SHAREHOLDER INFORMATION

Improving risk management to enhance stability and growth within the business Risk management philosophy Risk and its management are fundamental to the success of our business. All employees are responsible for assessing and managing risk appropriately, within a control framework, as well as highlighting and responding to emerging risks within our businesses. Continuous improvement in risk management practices The Group continues to embed risk management processes across our businesses, to ensure there is a good understanding of potential positives and negatives of key factors that may affect both individual businesses and the Group as a whole. This helps to ensure suitable decision making, supported by the necessary controls and processes, to achieve our strategic objectives. We review and measure our strategic risks, determining the likelihood and impact of key risks to the business, using a variety of measurements to ensure that a range of factors are considered as part of the assessment.

Empowering our businesses to enhance their risk management frameworks The management teams of individual entities are responsible for defining and embedding the risk culture into their own areas. They are responsible for ensuring that they understand the risks affecting their businesses, and that their employees can identify and deal with these risks appropriately. In addition, they are responsible for creating a culture of openness to allow varied and difficult discussion over the risks the businesses may face.

Assessment of risk We consider a wide range of factors within risk

We concentrate on the residual risk and proportionate actions that could be taken to manage the identified risks. We have also recently revised and reissued our Group risk policy. Embedding risk culture across the Group The Group’s Board owns the risk management processes and ensures that they are embedded and working effectively across the Group. The Board has a good understanding of the significant risks facing the Group and considers the implications of the Board’s decisions. The Executive Directors are responsible for overseeing the risk management of the Group. They meet quarterly to discuss the risk activities within the Group to ensure that the risk culture is firmly embedded across all businesses. They review the individual business entities and the core Group activities to ensure these teams are managing their risks effectively. The Executive Directors also ensure that they consider risk and implications within their own decision making. The Audit Committee is responsible for ensuring that there is an effective risk management process in place, and for reporting to the Board on its adequacy.

management processes, from micro strategic points through to operational risks within each business. We assess each identified risk for likelihood and impact against a variety of measures, including: • damage to the financial performance of the business;

• damage to reputation; • production downtime; • information security; • employee morale; and • management time.

Principal risks and uncertainties Key business risks are currently identified as shown in the figure below. The results are aggregated into the ten principal risks affecting the Group, which are set out on pages 52 to 55. We will continue to seek to improve the process and produce information in a more intuitive manner.

1

Strategic

2

Business continuity

Minor Moderate Major Critical 1

3

People

6

8

9

4

Financial

Identify risk

5

Product design

Assess risk

5

10

3

6

IT systems and cybersecurity Regulatory and compliance Economic and political instability

Impact

7

2

7

4

8

9

Safety

Review controls

Insignificant Rare

Unlikely

Credible

Likely

Almost Certain

Control risk

10 Supply chain

Likelihood

50

|

Lucy Group Ltd Annual Report & Accounts 2024

LUCYGROUP.COM

|

51