ARM has a robust risk management process in place to identify key risks; assign ownership for each risk at a senior management level; identify both existing and planned management activities against each risk; assess the residual likelihood and impact of each risk; and ensure ongoing monitoring and reporting of each key risk.
At a strategic level, our risk management objectives are to:
Strategic risks are managed through a number of regular forums where key risks are discussed and existing management activities challenged. These include regular sessions with both the Board and senior management.
Operational risks are managed in accordance with the ARM Management System (AMS), which defines key policies and processes across the organisation. ARM has a number of processes in place to provide assurance on compliance with the AMS.
Strategic and operational risks are identified, prioritised and reported on within the Corporate Risk Register (CRR). The CRR includes a description of the overall risk, the risk factors, the risk owner and the risk management activities, including operational and oversight activities as defined in the “three lines of defence” model. Residual risks are assessed in terms of likelihood and impact and mapped onto a Risk Heatmap. Further risk mitigation plans are defined to reduce the residual risk if judged necessary. Risk mitigation plans are managed within the relevant objectives of the Group’s operations and functions. Risks are identified through senior management discussion (top down) and regular reporting from every part of the business (bottom up).
The CRR is monitored by the Risk Review Committee, chaired by Mike Muller, Chief Technology Officer. The Risk Review Committee meets on a quarterly basis to review the CRR. Each risk owner is required to review and demonstrate that risks are being appropriately managed. A more detailed explanation of the Risk Review Committee’s activities is included in the Governance and Financial Report 2014 on pages 25 to 26. The Audit Committee is responsible for overseeing the risk management framework and ensuring that the risk review process is operating effectively. The Executive Committee and the Board review the CRR on a regular basis.
ARM’s internal audit function develops an annual audit plan to provide assurance that the risk management activities identified to mitigate risks are designed and operating effectively and that corrective action is being taken where necessary.
ARM’s strategy is to develop and deploy energy-efficient technology; to enable innovation through a broad ecosystem of Partners, building on our shared success; and to create superior returns for our shareholders by investing in long-term growth. ARM’s principal risks may impede ARM’s progress in executing this strategy. The table on the next page shows ARM’s principal risks and which element of the strategy each could imp