Risk
management
The Board is collectively responsible for
determining the nature and extent of the
principal risks it is willing to take in
achieving its strategic objectives.
Internal control
The Company does not have a separate Risk Committee; instead the Board as a whole is collectively accountable for determining the nature and extent of the principal risks Auto Trader is willing to take in achieving its strategic objectives.
The Board is also accountable for establishing and maintaining the Group’s system of risk management and internal controls. It receives regular reports from management identifying and evaluating our response to key risks.
Our risk management
process
Effective risk management is critical if we are to achieve our strategic objectives, to achieve sustainable long-term growth, and ultimately to achieve our purpose of Driving Change Together. Responsibly.
A four-step process is used to manage our principal risks. OLT and risk owners within the 1st Line of Defence are delegated the responsibility for identifying, assessing, mitigating, and monitoring risks. OLT and risk owners report to the PLC Board on whether our risks are being managed to an acceptable level through the Governance Structure, illustrated below.
1
A top-down and bottom-up approach is used to identify key risks across the business. Primarily, risks are identified via three key mechanisms:
All new risks are captured on the Group Risk Register which is reviewed by the Board at least half-yearly.
2
All risks are evaluated to establish their root causes, the impact, and the likelihood of occurrence. When assessing risks, consideration is given to the financial, reputational, and regulatory impacts, as well as impacts on customers/consumers, and impacts on day-to-day operations. Risks are then categorised as:
3
Risk owners consider whether existing controls and mitigations reduce the risk to an acceptable level. On an ongoing basis and following identification of a new risk, 2nd Line Functions provide specialist support to ensure that the response is consistent with our Group risk appetite. Additionally, independent challenge on risk response is provided from 2nd Line Functions, Forums, and Committees.
If the residual level of risk after mitigation remains above our risk appetite, then further mitigating actions are implemented.
4
The effectiveness of key controls is monitored via numerous mechanisms within our governance structure. These include:
The Board reviews the outcomes of assurance activities on an as-needed basis. The Board also reviews the Group’s risk register at least half-yearly and assesses the adequacy and effectiveness of mitigating actions in line with our risk appetite.
Our risk management framework
The Group’s principal risks are recorded within a risk register which captures
details of each risk and the root causes; likelihood of the risk occurring; the
impact if it does occur; and details of the actions being taken to manage the risk.
The Board considers whether, given the strategy and risk appetite of the Group,
the mitigations are reducing the risk to an acceptable level.
Our risk
assessment
matrix
The risk landscape has continued to evolve, and we expect changes to
continue, moving forward. Our current view is that the principal risks
we face are:
Accordingly, our strategy is linked intrinsically to our principal risks.
We have taken great strides to manage these risks. Examples include
the launch of Deal Builder and improvements to our core marketplace
products. However, to execute our strategy, it is crucial we protect
ourselves against the threats to achieving our strategic objectives.
Risk appetite
The Board considers the nature and extent of the principal risks that Auto Trader
currently faces, the potential risks we expose ourselves to as we proceed with
our strategy, and the wider market, economy, and business environment,
setting its risk appetite accordingly:
Auto Trader acknowledges that, in some circumstances, fast-paced and innovative development of new products within the technology space presents significant opportunities and taking advantage of these opportunities may result in financial loss. We consider the opportunities can outweigh the downside risks, and therefore, in pursuit of our strategic objectives, we are flexible about taking risks which relate to product innovation, addressing competitive threats, and/or making the most of market opportunities.
As we pursue our strategic objectives, we must remain cognisant of the potential for them to have conflicting impacts on our stakeholders, including employees, suppliers and third parties, and the environment. Owing to the potential for these risks to have significant knock-on impacts across a wide range of categories, we are cautious about taking risks in relation to such areas.
We are averse to taking risks which conflict with our values; risks which could damage our reputation; risks which threaten the security of our systems and technology; risks leading to a breach of laws, regulations or financial covenants; and/or risks which could compromise the organisation’s going concern status. Across these categories we take all reasonable steps to ensure our business activities do not give rise to significant risk of damage to our stakeholders, and in pursuing our strategic objectives we are averse to exposing ourselves to higher levels of risk knowingly.
Understanding what
matters most
Conducting business responsibly, with stakeholders at the heart of our decisions, is core to our strategy and success. Therefore, an understanding of what ESG topics matter most to our key stakeholders is essential. We believe that the issues identified in our materiality assessment remain relevant to our business and stakeholders. Our materiality assessment helps us capture our impact in a non-financial manner and the findings continue to guide the focus areas of our ESG strategy.
To learn more about which material issues are important to our stakeholders, please visit our ESG section:
Corporate governance
Setting out the key features of our governance framework and how it complies with 2018's UK Coporate Governance Code, published by the Financial Reporting Council.
Read MoreEngaging with stakeholders
Maintaining a clear, consistent dialogue with our stakeholders is key to fulfilling our purpose and ensuring the long-term success of our business.
Read MoreSign up to our email alerts service:
Join our news & views mailing list
or submit media-related enquiries: