Risk management

Risk management overview

We have adopted a comprehensive enterprise risk management framework to manage risks and leverage opportunities across the Group.

The dynamic management of risk and opportunity is at the heart of our business planning and value creation processes. We have adopted a strategic enterprise-wide risk management approach that provides a common, integrated framework to manage risks and leverage opportunities across the Group.

We believe that enterprise risk management is a strategic advantage for our company – we selectively seize opportunities because of our enhanced opportunity to exploit risks. We’re building enterprise risk management into our company’s culture and social fabric.

We continuously identify, assess, manage and escalate risks and opportunities, following a rigorous cyclical process that we evaluate against the risk universe in which we operate. We seek to minimise our exposure to unforeseen events and identified risks and create a stable environment for delivering on our strategic objectives.

Our risk management system

The key features of our enterprise-wide risk management system are:

  • Group statements on strategic direction, ethics and values
  • Clear business objectives and business principles
  • A formalised risk management policy
  • A clearly defined risk universe aligned to our strategic priorities: community trust, consumer relevance, customer preference and cost leadership
  • Integration of risk management into our business planning processes
  • A continuous process to identify and evaluate significant risks to the achievement of business objectives
  • Implementation of management processes to mitigate significant risks to an acceptable level
  • Implementation of strategies to further embed risk management into the cultural fabric of the business
  • Continual monitoring of our internal and external environment for factors that may change our risk profile
  • A regular review of both the type and the amount of external insurance we purchase and the role of our captive insurance entity, with reference to the availability of cover and cost (this is measured against the likelihood and magnitude of the identified risks)

Risk management process

Our robust risk framework is both top down and bottom up, ensuring that we identify, review and escalate, where appropriate, any risks arising from our business activities.

The Board is ultimately responsible for the Group’s risk management and internal control systems, and for reviewing their effectiveness. The Board defines the Group’s risk appetite and monitors risk exposure to ensure that the nature and extent of the significant risks facing the company are managed in alignment with our goals and objectives.

While responsibility for overseeing these processes rests with the Audit & Risk Committee, the Board as a whole is informed of outcomes and all significant issues.

Process overview

  • Monthly risk discussions within markets and bi-annual reviews with functions to assess progress with risk management strategies. The regular review process, supported by annual sessions facilitated by the Chief Risk Officer, together with quarterly feedback meetings, ensures that business units focus on all risk categories including the areas of human rights, modern slavery, sustainability and climate change.
  • Risks are aggregated to the group which provides a snapshot of our risk environment. They are analysed and significant operational risks and actions are escalated to the Region Directors and the Business Resilience function
  • Review of identified risks by the Group Risk and Compliance Committee, our independent risk review forum and strategic think-tank on risk and compliance comprising senior leaders in the business, which then presents issues relating to critical exposure to the Operating Committee (OPCO)
  • Review of critical risk exposures by OPCO, which reports material changes and mitigating actions to the Audit & Risk Committee

A cross-functional approach to risk

The Group Risk and Compliance Committee is our risk think tank and independent risk review mechanism. Its members, recruited from the most senior business leaders across all functions, contribute their experience and insight to the evaluation of the company’s risk and opportunities.

Roles and responsibilities

  • Business Unit level: identifies and evaluates risks and mitigation plan; monitors monthly as part of management meeting; submits plan to the Business Resilience function for review quarterly; evaluates and aligns risks to strategy
  • Regional level: aggregates quarterly risk submissions bi-annually (these are reviewed by Regional Directors, Regional Chief Financial Officers and Chief Risk Officer); ensures independent assessment of country risks and mitigation plans
  • Group Risk and Compliance Committee: meets bi-annually; reviews aggregated and escalated risks against broader Group objectives and ensures effective risk mitigation strategies are in place; prepares a bi-annual strategic risk opportunity summary for OPCO and the Audit & Risk Committee and formulates principal risks
  • Operating Committee (OPCO): has overall responsibility for enterprise risk management; assigns risks against our strategic pillars; assigns accountable risk owners against our risk universe
  • Board: establishes risk appetite; oversees risk management systems, strategies and culture to ensure principal risks and opportunities are identified and managed; Audit & Risk Committee receives quarterly updates on strategic and emergent risks

This process ensures risks and opportunities are understood and visible across our business. The business context determines the level of acceptable risk and the controls required for management. We seek to continually improve by sharing best practice throughout the company, with The Coca‑Cola Company and other bottlers.

Principal risks and mitigations

Our strategic pillars - Leverage our unique 24/7 portfolio, Win in the marketplace, Fuel Growth through competitiveness & investment, Cultivate the potential of our people, Earn our license to operate.  leadership - provide the context for guiding us in the management of the risks faced by our business.

This overview of our most important risks, involving an assessment of the likelihood of occurrence and potential consequences, does not include all the risks that may ultimately affect our company. Some risks not yet known to us, or currently believed to be immaterial, could ultimately have an impact on our business or financial performance. We remain constantly vigilant to changes to our economic and regulatory operating environments, to ensure we proactively identify and evaluate new risks and understand threats to our business viability.  

For the reporting period to December 2019, we validated the continued importance of our 17 identified principal risks. This was done through our ongoing ability to aggregate and analyse risk, our functional collaboration and the think tank approach of the company's Group Risk Forum.

Please note, these are our principal risks for 2019. These will be updated annually in line with our Integrated Annual Report.

a. Consumer health and wellbeing

b. Geopolitical and macroeconomic

c. Strategic shareholder relationships

a. Channel mix

b. Geopolitical and macroeconomic

c. Quality

a. Cyber incidents

b. Foreign exchange and commodity costs

c. Geopolitical and macroeconomic

d. Ethics and compliance

a. People

b. Geopolitical and macroeconomic

c. Health and Safety

a. Sustainability: Plastics and packaging waste

b. Sustainability: Climate and carbon

c. Sustainability: Water

d. Geopolitical and macroeconomic

risk management pic risk management pic