Annual report and accounts 2023 - Flipbook - Page 67
Strategic Report
Movement:
Corporate Governance
No change
Increased
Accounts
Decreased
Net risk
impact
Net risk
likelihood
Net risk
rating
The Group offers a broad range of branded products across
a range of flavours, subcategories and markets which offer
choice to the end consumer. Changing consumer attitudes
and behaviours are monitored on an ongoing basis and
inform our brand plans and new product development.
Through investment in innovation across the year we have
adapted our portfolio to align with these changing consumer
needs.
Moderate
Low
Moderate
IT assets within the Group are proactively managed and
procedures exist that support effective and efficient recovery.
Robust business continuity plans and contingency measures
are in place and are regularly tested. Appropriate processes
and controls related to IT systems resilience and recovery
capability are in place.
Moderate
Low
Moderate
Moderate
Low
Moderate
Risk
Impact
Controls and mitigating actions
Changes in consumer
preferences,
perception or
purchasing
behaviour
Consumers may decide
to purchase and consume
alternative brands or spend
less on soft drinks.
Failure of critical IT
systems or a breach
of cyber security
A failure of critical IT systems
could result in a loss of key
systems, business interruption,
lost sales or lost production.
A cyber security breach
could lead to operational
disruption, financial loss and
reputational damage.
New
Movement
The risk of cyber attacks continues to increase on an ongoing
basis, including the risk of a ransomware attack. Appropriate
cyber risk monitoring controls are in place and various actions
have been taken during the year to mitigate cyber security
related risks and facilitate business recovery in the event of an
attack. During the year, a ransomware simulation training
exercise took place for the crisis management team to ensure
the business is as prepared as possible in the event of an attack.
Employee awareness campaigns and training continued
during the year to increase employee cyber risk awareness.
A Digital Governance Group is in place, overseen by the Risk
Committee, the purpose of which is to manage the risks
related to the Group’s externally facing digital properties.
Failure of the
Group’s operational
infrastructure
A catastrophic failure of the
Group’s major production
or distribution facilities could
lead to a sustained loss in
capacity or capability.
Assets within the Group are proactively managed and
maintained. Risk assessments are carried out on a regular
basis and appropriate actions taken. Robust business
continuity plans are in place and are regularly tested.
The business continuity employee training programme
continued during the year.
65
