Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

ARM websites use two types of cookie: (1) those that enable the site to function and perform as required; and (2) analytical cookies which anonymously track visitors only while using the site. If you are not happy with this use of these cookies please review our Privacy Policy to learn how they can be disabled. By disabling cookies some features of the site will not work.

Identifying and managing risks

ARM has a robust risk management process in place to identify key risks; assign ownership for each risk at a senior management level; identify both existing and planned management activities against each risk; assess the residual likelihood and impact of each risk; and ensure ongoing monitoring and reporting of each key risk.

At a strategic level, our risk management objectives are to:

  • Identify ARM’s most significant strategic and operational risks
  • Develop plans to manage the risks identified, with a clear owner assigned to each risk
  • Ensure that business growth plans are properly supported by an effective risk management infrastructure
  • Help executives improve the control and
  • co-ordination of risk taking across the business
  • Ensure that ARM’s assurance activities are focused on the organisation’s key risks

Strategic risks are managed through a number of regular forums where key risks are discussed and existing management activities challenged. These include regular sessions with both the Board and senior management.

Operational risks are managed in accordance with the ARM Management System (AMS), which defines key policies and processes across the organisation. ARM has a number of processes in place to provide assurance on compliance with the AMS.

Risk review process

Strategic and operational risks are identified, prioritised and reported on within the Corporate Risk Register (CRR). The CRR includes a description of the overall risk, the risk factors, the risk owner and the risk management activities, including operational and oversight activities as defined in the “three lines of defence” model. Residual risks are assessed in terms of likelihood and impact and mapped onto a Risk Heatmap. Further risk mitigation plans are defined to reduce the residual risk if judged necessary. Risk mitigation plans are managed within the relevant objectives of the Group’s operations and functions. Risks are identified through senior management discussion (top down) and regular reporting from every part of the business (bottom up).

The CRR is monitored by the Risk Review Committee, chaired by Mike Muller, Chief Technology Officer. The Risk Review Committee meets on a quarterly basis to review the CRR. Each risk owner is required to review and demonstrate that risks are being appropriately managed. A more detailed explanation of the Risk Review Committee’s activities is included in the Governance and Financial Report 2014 on pages 25 to 26. The Audit Committee is responsible for overseeing the risk management framework and ensuring that the risk review process is operating effectively. The Executive Committee and the Board review the CRR on a regular basis.

Internal audit assurance

ARM’s internal audit function develops an annual audit plan to provide assurance that the risk management activities identified to mitigate risks are designed and operating effectively and that corrective action is being taken where necessary.

ARM’s principal risks and uncertainties

ARM’s strategy is to develop and deploy energy-efficient technology; to enable innovation through a broad ecosystem of Partners, building on our shared success; and to create superior returns for our shareholders by investing in long-term growth. ARM’s principal risks may impede ARM’s progress in executing this strategy. The table on the next page shows ARM’s principal risks and which element of the strategy each could imp