Urenco Annual Report 2022

44 Urenco Annual report and accounts 2022 Proactive risk management and mitigation is a key area of focus for Urenco and essential to our long-term success. We constantly strive to increase risk awareness and encourage accountability for managing risks at all levels within the organisation. Risks and risk management Strategic report 01 We enhanced our enterprise riskmanagement framework and strengthened our processes to identify,manage andmitigate potential risks and exploit opportunities that may impact our business and the achievement of our strategic objectives as we seek to grow. Our riskmanagement framework employs a‘top-down and bottom-up’approach. It is a rigorousmethod that ensures ownership and responsibility for the identification and management of key risks and opportunities takes place throughout the business. The safety and security of our personnel, assets, and technology continue to remain our top priority. As part of our Governance, Risk and Control framework, we follow best practice and ensure we comply with the rigorous legal and regulatory requirements under which we operate. We operate a hybrid riskmanagement approach where our Group Risk function oversees and guides the organisation in risk identification, analysis andmonitoring, supporting our operational areas in developing their riskmitigation plans. We identify and manage risk at operational, functional, site and strategic level. Oversight and challenge are provided by the Executive Committee and the Board. Our Group Internal Audit function provides independent and objective assurance to theAudit Committee over the effectiveness of Urenco’s systems of governance, riskmanagement and internal control by establishing, undertaking and reporting on an approved audit plan each year. Group Internal Audit is aligned with Risk Management and ensures that our governance processes help identify opportunities for process and control improvement. Our approach to Enterprise Risk Management We adopt a ‘Three Lines of Defence’ approach Our risk management, internal control and assurance approach has been revised and updated in line with the Institute of Internal Auditors Three Lines of Defence Model for adoption across the Group. In addition, our External Auditor provides further assurance to the Audit Committee and the Board in relation to the Group’s financial statements. To coordinate assurance across the organisation, Internal Audit, Risk and Control functions have instigated a forum of Global Assurance Providers under the Three Lines of Defence Model with the governance structure as follows: Audit Committee of the Board Executive Committee Sites, Site Functions, Site management and all Urenco staff External Assurance Providers / External Audit (Deloitte etc.) Risk, Compliance, Group Functions, Global Process Owners and Operational & Site Assurance Internal Audit First Line Deliver company objectives. Identify, manage, control, and report risk Second Line Set Policies and Standards, oversight and challenge, support andmonitor Third Line Independent and objective assurance and advice on risk management activities Global Assurance Providers (GAP) Forum