Risk management process
Our robust risk framework is both top down and bottom up, ensuring that we identify, review and escalate, where appropriate, any risks arising from our business activities.
The Board is ultimately responsible for the Group’s risk management and internal control systems, and for reviewing their effectiveness. The Board defines the Group’s risk appetite and monitors risk exposure to ensure that the nature and extent of the significant risks facing the company are managed in alignment with our goals and objectives.
While responsibility for overseeing these processes rests with the Audit & Risk Committee, the Board as a whole is informed of outcomes and all significant issues.
- Regular risk assessments within markets and corporate office support functions to assess progress with risk management strategies. The regular review process, supported by annual sessions facilitated by the Chief Risk Officer, together with quarterly feedback meetings, ensures that business units focus on all risk categories including the areas of human rights, modern slavery, sustainability and climate change.
- Risks are aggregated to the group which provides a snapshot of our risk environment. They are analysed and significant operational risks and actions are escalated to the Region Directors and the Business Resilience function
- Review of identified risks by the Group Risk Forum, our independent risk review forum and strategic think-tank comprising senior leaders in the business, which then presents issues relating to critical exposure to the Operating Committee (OPCO)
- Review of critical risk exposures by OPCO, which reports material changes and mitigating actions to the Audit & Risk Committee
A cross-functional approach to risk
The Group Risk Forum is Coca‑Cola HBC’s risk think tank and independent risk review mechanism. Its members, recruited from the most senior business leaders across all functions, contribute their experience and insight to the evaluation of the company’s risk and opportunities.
Roles and responsibilities
- Country level: identifies and evaluates risks and mitigation plan; monitors monthly as part of management meeting; submits plan to the Business Resilience function for review quarterly; evaluates and aligns risks to strategy
- Regional level: aggregates quarterly risk submissions bi-annually (these are reviewed by Regional Directors, Regional Chief Financial Officers and Chief Risk Officer); ensures independent assessment of country risks and mitigation plans
- Group Risk Forum: meets bi-annually; reviews aggregated and escalated risks against broader Group objectives and ensures effective risk mitigation strategies are in place; prepares a bi-annual strategic risk opportunity summary for OPCO and the Audit & Risk Committee and formulates principal risks
- Operating Committee (OPCO): has overall responsibility for enterprise risk management; assigns risks against our strategic pillars; assigns accountable risk owners against our risk universe
- Board: establishes risk appetite; oversees risk management systems, strategies and culture to ensure principal risks and opportunities are identified and managed; Audit & Risk Committee receives quarterly updates on strategic and emergent risks
This process ensures risks and opportunities are understood and visible across our business. The business context determines the level of acceptable risk and the controls required for management. We seek to continually improve by sharing best practice throughout the company, with The Coca‑Cola Company and other bottlers.