Risk Management

Risk management

Risk management overview

The dynamic management of risk and opportunity is at the heart of our business planning and value creation processes. We have adopted a strategic enterprise-wide risk management approach that provides a common, integrated framework to manage risks and leverage opportunities across the Group.

We believe that enterprise risk management is a strategic advantage for our company – we selectively seize opportunities because of our enhanced opportunity to exploit risks. We’re building enterprise risk management into our company’s culture and social fabric.

We continuously identify, assess, manage and escalate risks and opportunities, following a rigorous cyclical process that we evaluate against the risk universe in which we operate. We seek to minimise our exposure to unforeseen events and identified risks and create a stable environment for delivering on our strategic objectives.

In addition, we actively review our environment to identify emerging risks that may not be impacting our business now but have the potential to do so in the future. Identifying and evaluating emerging risks early enables us to make more informed decisions and to turn potentially negative events into opportunities.

Our risk management system

The key features of our enterprise-wide risk management system are:

  • Group statements on strategic direction, ethics and values
  • Clear business objectives and business principles
  • A formalised risk management policy
  • A clearly defined risk universe aligned to our strategic growth pillars:
    1.   Leverage our unique 24/7 Portfolio
    2.   Win in the marketplace
    3.   Fuel Growth through Competitiveness and Investment
    4.   Cultivate the Potential of Our People, and
    5.   Earn our Licence to Operate
  • Integration of risk management into our business planning processes, including project management and new product development
  • A structured and continuous process to identify and evaluate significant risks to the achievement of business objectives
  • Implementation and oversight of management processes to mitigate significant risks to an acceptable level
  • Implementation of strategies to further embed risk management into the cultural fabric of the business
  • Continual monitoring of our internal and external environment for factors that may change our risk profile
  • Identification, evaluation and monitoring of emerging risks
  • Integration of risk management into our third-party management processes, which includes a comprehensive due diligence process for compliance matters in connection with mergers, acquisitions, JVs, partnerships and other investments, aimed at reviewing policies and procedures, including relevant monitoring and enforcement activities, current and past, which the target entity has in place. This concerns any legislation relating to:
    • Anti-bribery and Corruption,
    • Sanctions and Export Controls,
    • Anti-money laundering,
    • Supply chain due diligence,
    • Human rights including modern slavery, human trafficking and child labour 
  • A regular review of both the type and the amount of external insurance we purchase and the role of our captive insurance entity, with reference to the availability of cover and cost (this is measured against the likelihood and magnitude of the identified risks)

Risk management process

Our robust risk framework is both top down and bottom up, ensuring that we identify, review and escalate, where appropriate, any risks arising from or impacting on our business activities.

The Board is ultimately responsible for the Group’s risk management and internal control systems, and for reviewing their effectiveness. The Board defines the Group’s risk appetite and monitors risk exposure to ensure that the nature and extent of the significant risks facing the company are managed in alignment with our goals and objectives.

While responsibility for overseeing these processes rests with the Audit & Risk Committee, the Board as a whole is informed of outcomes and all significant issues.

Process overview

Monthly risk discussions and reviews are an established part of senior leadership routines in all of our business units. The outcome of these discussions is reflected in a central risk register that is maintained and reviewed by the Group Business Resilience Team. The Group Chief Risk Officer (CRO) regularly sits in on these monthly meetings to support the process and to ensure management teams are reviewing and assessing a sufficiently broad range of risks, including emerging risks.

Risks are aggregated and analysed by the Group Business Resilience Team and significant operational risks and actions as well as trends and emerging risks are discussed at bi-annual reviews conducted by the CRO with the Regional Directors and their teams and the Chief Operating Officer.

In addition, the CRO conducts quarterly risk reviews with Group function heads to update strategic risks and identify and evaluate emerging risks. These are aggregated and discussed at quarterly meetings of our Group Risk and Compliance Committee (GRCC), our independent risk review forum and strategic think-tank on risk and compliance comprising senior leaders in the business. This ensures a cross-functional perspective on our strategic risks.

It also ensures appropriate attention is given to the assessment and management of strategic risks that may not have an immediate operational impact but may have a longer-term impact on our business including sustainability and climate change, human rights and modern slavery as well as consumer and commercial trends and emerging risks.

The outcome of the GRCC meetings are presented by the CRO in a biannual strategic and principal risk report to the Operating Committee (OPCO) and the Audit & Risk Committee.

A cross-functional approach to risk

The Group Risk and Compliance Committee is our risk think tank and independent risk review mechanism. Its members, recruited from the most senior business leaders across all functions, contribute their experience and insight to the evaluation of the company’s risk and opportunities.

Roles and responsibilities

Business Unit level: identifies and evaluates risks and mitigation plans; monitors monthly as part of management meeting; updates risk register for Group Business Resilience review quarterly; evaluates and aligns risks to strategy

Regions: Business Unit risks aggregated and reviewed bi-annually by Regional leadership team and Chief Risk Officer; Regional reviews and key market (Nigeria, Russia, Italy) risk assessments reviewed with COO. This ensures independent assessment of country risks and mitigation plans

Group Risk and Compliance Committee: meets quarterly; reviews aggregated and escalated risks against broader Group objectives and ensures effective risk mitigation strategies are in place; identifies and evaluates emerging risks, prepares a bi-annual strategic risk opportunity summary for OPCO and the Audit & Risk Committee and formulates principal risks

Operating Committee (OPCO): has overall responsibility for enterprise risk management; assigns risks against our strategic pillars; assigns accountable risk owners against our risk universe

Board: establishes risk appetite; oversees risk management systems, strategies and culture to ensure principal risks and opportunities are identified and managed; Audit & Risk Committee receives quarterly updates on strategic and emerging risks

This process ensures risks and opportunities are understood and visible across our business. The business context determines the level of acceptable risk and the controls required for management. We seek to continually improve by sharing best practice throughout the company, with The Coca‑Cola Company and other bottlers.

Principal risks and mitigations

Our strategic pillars - Leverage our unique 24/7 portfolio, Win in the marketplace, Fuel Growth through competitiveness & investment, Cultivate the potential of our people and Earn our license to operate - provide the context for guiding us in the management of the risks faced by our business.

We continuously validate our principal risks and update and report them regularly including in our Annual Report. This is achieved through our ongoing ability to aggregate and analyse risk, our functional collaboration and the think tank approach of the company's Group Risk and Compliance Committee.

Our Principal risks for the period ending December 2020 are:

a. Consumer health and wellbeing
b. Geopolitical and Macroeconomic
c. Strategic stakeholder relationships

a. Channel mix

b. Geopolitical and Macroeconomic

a. Sustainability: Plastics and packaging waste

b. Cyber incidents

c. Foreign exchange and commodity costs

d. Geopolitical and Macroeconomic

e. Quality

a. Health and safety

b. Geopolitical and Macroeconomic

c. People

a. Sustainability: Plastics and packaging waste

b. Sustainability: Climate change

c. Sustainability: Water availability and usage

d. Ethics and Compliance

smart-risk-programme-in-action smart-risk-programme-in-action

Emerging Risks

There are some risks that we are not yet aware of, or about which there is a great deal of uncertainty. There may be some indicators that suggest changes are occurring and we may be able to identify what impact those changes may have.

Even risks that we know about may have unforeseen consequences. A good example is Covid-19. While pandemics have been on the risk register and included in the business continuity program of many large companies for at least 20 years, no-one thought that a pandemic would have the global impact that Covid-19 has had.

While identifying, assessing and mitigating the risks we know about as best we can remains critical for our business, we also recognize that we must continually review our environment and identify risks that may impact us in the future.

Emerging risks are those that may have an impact on us in the future or over time but may not be having an impact on us now. To the extent we can identify, evaluate and prepare our business for these risks, the better we are able to prevent them from having a significant impact on us. We may even be able to turn them into an opportunity if we identify them early enough and develop action plans to take advantage of them.

CCHBC has incorporated the consideration of emerging risks into our established ERM process. We have done this by:

  • Encouraging all business units to include a discussion on emerging risks in their monthly management reviews. This is supported by regular involvement of the Group CRO in BU management meetings. The outcome of these discussions are included in the Regional Reviews with the Region Directors and their teams, and with the COO.
  • Including discussion on emerging risks into the Group CRO risk reviews with the Group Functions.
  • The creation of an emerging risk register to complement our strategic risk register
  • The outcome of these discussions is the identification of 3 emerging risks for discussion in our Group Risk and Compliance Committee meetings. The possible outcomes of these discussions include:
    • creation of a project team to conduct a deeper assessment,
    • identification of signals and agreement on monitoring for changes associated with the risk,
    • inclusion in our strategic risk register
  • Addition of emerging risk discussion in Group CRO’s reports to the Executive Leadership Team and the Audit & Risk Committee of the Board

In 2020, we identified the following key emerging risks:


COVID-19 has accelerated the acceptance and popularity of e-commerce and the development of new technologies that support that growth. For example, 70% of online shoppers in the 2nd and 3rd quarter of 2020 were new to online shopping. We expect that growth to continue well after the current COVID-19 influenced environment.

Our products are available on many e-commerce platforms. However, e-commerce is changing the path to purchase from traditional retailers – where we have well established relationships and highly developed capabilities in route to market, to online retailers.

Through the use of technology and access to consumer data, online platforms have significant capability to build direct relationships with consumers and influence their purchasing decisions.

E-commerce provides significant opportunities for our business in both enhancing our B2B services as well as direct to consumer. It also creates new risks. Technology and business models supporting e-commerce are relatively new and changing rapidly. We expect some degree of obsolescence and potential failures as e-commerce continues to evolve.  

Although sales of our products over online platforms are relatively small, it is growing fast. If we fail to take advantage of engaging with consumers online, we may not meet our growth targets and leave ourselves at a competitive disadvantage.

In 2020 we developed and evolved a range of digital solutions for customer service such as our Hybris platform and ePartnershop, an exclusive selling platform providing home delivery for our wholesaler customers. We also grew our direct-to-consumer platform in Switzerland – Qwell, offering a web-based ordering system.

Changes in technology

Changes in technology are contributing to disruption in many industries. Traditional barriers to entry that have provided our business with a competitive advantage – such as investment in research and development, manufacturing scale and capability, distribution networks, marketing capabilities, access to finance and retailer relationships – are still critical to our business but are increasingly less of a barrier to new, smaller entrants and existing competitors.

This reduction in traditional barriers to entry means that more small manufacturers, niche products and private label products continue to appear on retailer shelves or offered over online platforms as they can increasingly compete successfully against large established manufacturers.

Small, niche brands and private label products while still individually small, have collectively captured a significant amount of growth in many food and beverage categories, outstripping the growth of large manufacturers in many areas. Over time if this growth continues in product lines that we choose to offer, it could impact our sales and we may not meet our growth targets.

We mitigate these changes in technology by continually assessing and investing in new technologies to leverage the strength of our portfolio, enhance the capabilities of our people, improve the efficiency of our manufacturing and distribution and innovate in all aspects of our business.

In collaboration with The Coca-Cola Company and other key partners, we are enhancing our ability to understand what consumers want and how and where they wish to consume our products so that we continue to deliver high-quality beverages that consumers love.

Supply chain integrity

Consumers, investors and other stakeholders are increasingly interested in knowing the origin and sustainability of our products and all ingredients used in them. Natural resource management is critical for the environment and the long-term sustainability of our business. The growing expectation of transparency leads to greater scrutiny of the integrity of our entire value chain.

Our Company has a well-established supply chain management system and robust set of Supplier Guiding Principles that all suppliers are expected to comply with to meet our high-quality standards and our expectations for the ways they operate. This includes adherence to stringent human rights and sustainable agricultural practices. As we deepen the assessment of our supply chain practices, we may uncover practices that need to change either gradually or at a faster pace. Such changes may generate costs to our business as well as generate reputation risks.

To assess and monitor changes in transparency expectations, we support and participate in a number of reporting frameworks. We will include additional consideration of this key area in our assessment of strategic risks in the first half of 2021. 

Changes to working arrangements

Like many companies, CCHBC has been exploring options for providing our people with more flexible working arrangements and opportunities for enhancing work-life balance. 

With the onset of the Covid-19 pandemic however, many of our people have been forced to work from home. This has led to many of our people having to make significant adjustments to their work and family lives in a very short time.

As we emerge from Covid related restrictions, some of these changes are likely to remain in place with many of our people reporting positive experiences and wanting to continue to work from home, at least in part.

We are also aware of some of the negative aspects of working from home such as feelings of isolation and difficulties with appropriate working conditions. This raises mental health issues for our people as well as potential productivity issues.

The company has and will continue to provide additional support to our staff on mental health through our Employee Assistance Program (EAP).

The company is working on plans for gradual introduction of longer-term changes to working arrangements post-pandemic that will include support for safe, productive working arrangements.