Urenco Annual Report 2022

45 Urenco Annual report and accounts 2022 Strategic report 01 Three Lines of Defence Model First Line of Defence Sites, Site Functions and Management Deliver company & site objectives. Risk identification,management, control and reporting Identify, manage, control Identifying, assessing, controlling/ mitigating risks to Urenco’s objectives; seeking business opportunities; compliance with polices and external regulations; incident management; learning lessons and continuous improvement. Report & Support Functions engage in policy and local external regulation support and implementation, ensuring local standards are set; incidents are reported and escalated, and controls aremonitored or self-assessed. Second Line of Defence Risk, Compliance, Group Functions, Global Process Owners and Operational & Site Assurance Providers Set Policies and Standards, oversight and challenge, support andmonitor Third Line of Defence Internal Audit Provide independent and objective assurance and advice on risk management & control Oversight and challenge Group and functional oversight, including challenge andmonitoring of risk management andmitigation practices by the First Line of Defence. Provides a view and assessment on sufficiency of riskmanagement and control. Seeks and encourages continuous improvement. Standard setting, monitoring and reporting Setting the Risk Management and Assurance framework for the Group and Sites for effective riskmanagement and assurance practices. Providing guidance, support and challenge to the First Line of Defence and assurance,monitoring, and reporting to respective Committees. Independent assurance Examine, evaluate and report on the adequacy, effectiveness and efficiency of Urenco’s governance, riskmanagement and internal control processes with a view to continuous business improvement and in relation to Urenco’s objectives and risk appetite. Assurance is provided through a risk based internal audit programme. Principal risks and uncertainties Our principal risks are sponsored by members of our Executive Committee, who appoint a senior manager who is responsible for identifying the potential causal factors and consequences. Each risk is evaluated in terms of its present impact and likelihood, and compared against the level of target risk for which we have an appetite. Comparing these positions, we evaluate the strength of our existing controls and consider the further actions that are needed to reduce the risk to an acceptable level. Pages 45 to 49 provide an overview of our principal risks and the actions we are taking to control andmitigate our risk exposure. Delivering our capacity programme Description Impact How we are managing the risk As we prepare for growth in themarket, Urenco is embarking on a number of high value and complex projects. Failure tomanage the programme or individual projects could result in design, construction or technological challenges, whichmight delay the programme and result in cost overrun or inability to fulfil customer obligations. • We are upscaling our existing control frameworks and adapting our management structure • We have conducted key contract negotiations with our ECPM (Engineering, Procurement & ConstructionManagement) suppliers • We are performing gap analysis of the additional controls and systems and reviewing our processes and systems to ensure that they are robust and scalable to deliver our additional capacity requirements • We are carefullymanaging supply and demand, acquiringmore UF 6 and borrowingmaterial where necessary to deliver increased customer requirements