Capita plc - Annual Financial Report

Our Risk Framework is based around 22 risk categories against which our businesses measure their risk exposure and report on incidents and issues. The ‘critical’ risk exposures from this level are reported directly to the Audit and Risk Committee to provide direct line of sight, even if the risk exposures themselves are not ‘material’ at Group level. To provide more focused detail on the risks that may impact the strategic objectives of Capita, the Board has defined 13 corporate risks (into which are mapped each of the 22 wider risks) and these are reported on at every Executive Risk Committee and then on to the Audit and Risk Committee. These corporate risks represent the principal risks to the objectives of Capita plc. Of these, five Principal Risks are recognised as having the ability to cause significant damage to Capita’s value in the event they crystallise in a severe, rapid and uncontrolled manner. These are:

– a significant failure in systems and controls;

– a lack of financial stability;

– a significant failure in information security controls;

– a major disruption to our operational IT; and

– significant legal/regulatory actions.

The remaining eight Principal Risks tend to cause issues over a longer term and hence may have an impact on profitability. These are:

– a failure to meet financial expectations;

– a failure to innovate;

– the impact of business complexity;

– the impact of political/client strategy risk;

– the impact of reputational risk;

– ineffective talent management;

– inadequate acquisition, contracting and delivery management; and

– a failure to deliver the planned transformation plan.

Our Principal Risk Outlook

Capita is not risk averse, but it seeks to better oversee and manage those Principal Risk exposures which arise in the pursuit of its objectives. During 2017, we have seen emerging risks around the challenges in our diverse IT estate and greater regulatory and legal pressures with the introduction of General Data Protection Regulation (GDPR) and new Tax Evasion legislation. The finalisation of the FCA investigation into the historic operation of the Connaught Fund crystallised a long standing regulatory risk.

In addition, the Audit and Risk Committee has increased its focus on these key operational risks, seeking better information on the levels of risk exposure and, importantly, testing the robustness of management plans to mitigate exposures that are deemed out of tolerance. This includes more in-depth reviews of the level of IT resilience across Capita and the arrangements for managing disruptive events through Business Continuity/Disaster Recovery planning. Further focus was also taken on the arrangements to meet key regulatory changes such as the new EU Anti-Money Laundering Directive and GDPR.

Transformation risk is also identified as one of the principal risks and uncertainties which the Board will focus on in 2018. It is critical that the business successfully delivers the benefits of this plan put in place.

Notwithstanding these steps which we are taking, Capita will continue to have notable residual risk exposures in key risk areas. A number are linked to our recovery plans and will be monitored by the Board closely including:

– Financial stability – until the Rights Issue announced in 2018 is successfully completed, Capita will carry significant financial risk.

– Strategy – the failure to develop and agree on a clear and sustainable strategy could weaken the confidence of investors and threaten the future growth prospects of the Company.

– Transformation plan – the failure to deliver the planned transformation of the business would threaten future growth and success.

– Cost competitiveness – without matching our cost base to match industry peers, our ability to strengthen profitability will be impacted.

In addition to these recovery risks, there are further risks which the Board will continue to assess as to whether the risk/reward profile of the impacted businesses/services is acceptable and in our shareholders’ interest. Where it feels that the residual risk is incompatible with our stated strategy and attractiveness of the returns available, the Board will take action to reduce or remove its exposure accordingly.

The risk areas of notable residual risk which Capita will carry are:

– Business complexity – Capita has grown rapidly through acquisitions and contract wins. Poor integration discipline has created undue complexity and cost as well as less than optimal delivery outcomes in some areas.

– Regulatory risk – the provision of services to and in the regulated Financial Services sector in the UK & Ireland.

– Information security risk – given we are a data-led organisation, we have stewardship over significant amounts of personal and commercial data.

– Operational IT risk – where the pace of change in technology across a diverse estate can lead to complexities, risk and adverse outcomes in any cases of major failure.

– Reputational risk – outsourcing is increasingly facing a more hostile reputational profile, particularly in the public sector.

– Political risk – the changing view of public sector outsourcing and complexities of balancing the transformation challenges in this sector with the contractual requirements being delivered out of government. Also the ongoing uncertainty over the final shape of the UK’s trading relationship with the EU after Brexit.

Operational Risk

1. Significant failures in internal systems of control

Description

A material failure in the control frameworks around our business processes which results in operational incidents, causing unanticipated and significant financial loss or service detriment to our clients or end customers.

2017 Developments and Outlook

Capita operates control frameworks designed to minimise the risk of unanticipated operational failure, financial loss or damage to our reputation. Our overall assessment is that the risk has increased, due to the need to develop further our corporate risk framework (see above), strengthen the business’ own attestation of controls and issues in the consistency of Business Continuity/Disaster Recovery controls identified during the year.

During 2017, we have also experienced two unconnected frauds which, whilst not material in quantum to the Company, have identified control weaknesses in the businesses affected. These are both continuing to be investigated.

2. Failures in information security controls

Description

The appropriate protection of Capita’s customer and corporate data is not only subject to greater legislative scrutiny, it is central to services we provide and any significant failures in this could lead to material costs, damage to our reputation and loss of trust from our clients. A significant breach of security could impact Capita’s ability to operate and deliver against its business objectives.

2017 Developments and Outlook

Capita employs detailed and extensive controls to secure its information assets. These include, but are not limited to, physical and logical access controls, appropriate encryption of data and communications and raising and maintaining employee awareness of the threats. The ‘cyber-threat’ landscape is widening and Capita, like many businesses has been exposed to incidents during 2017 such as the APT10 and ‘wannacry’ ransomware attacks. Whilst neither caused significant impact, this enhanced inherent risk together with a need to continually develop our control framework means this remains an increasing corporate risk.

Board oversight in this area operates through the Group Security Risk Committee which has considered our plans to improve staff training awareness, enhance our threat awareness capability, invest in new technology and manage our data retention effectively during 2017.

We are actively preparing for the introduction of GDPR in May 2018 given this raises our inherent information security risk. Additional investment is planned through 2018 to strengthen our information security control framework in tandem with the GDPR work.

3. Increased business complexity

Description

The opportunity cost of a complex business structure and issues caused by a lack of strategic focus can weaken our ability to exploit market potential. This in turn threatens shareholder returns and value. In addition, any failure to manage multiple complex contract requirements effectively can mean contract benefits may not be fully realised, service delivery costs may increase, or activities do not perform in line with expectations.

2017 Developments and Outlook

Even with our divisional restructure at the start of 2017, Capita had exposure to an overly diverse set of markets and sectors. Jon Lewis has noted this led to the business being potentially too widely spread, making it more challenging to maintain a competitive advantage in every business and to deliver world class services to our clients every time. The CEO review details the plan to address this and bring strategic focus to our services and target markets. Until that is delivered, Capita will continue to have an uncomfortable exposure to a number of markets where we have not or cannot economically achieve scale.

In respect to complex contracts, Capita is not averse to seeking major contracts with inherent complexity. But these come with inherent risk which must be managed and during 2017 the NHS PCSE transformation continued to prove challenging for Capita. In this case, actions have been taken to react to any shortfalls to client expectations, but the work required has been greater than expected at the outset. 2017 has seen the introduction of a new initiative to better assess the levels of complexity and how best to address the ‘unknowns’ in these complex transformation contracts, but the issues with the historic portfolio are receiving remedial action as required.

4. Operational IT risk

Description

Capita is a technology-driven services company in that the majority of our products and services are enabled by a resilient technical infrastructure. A disruptive failure in Capita’s key systems infrastructure could lead to a failure of adequate service to our clients. In turn that means we may not meet contractual obligations, cause detriment for end customers and lead to consequent financial penalties and potential regulatory action.

2017 Developments and Outlook

During 2017, our systems have experienced isolated instances of short but significant impact on IT operational stability. These occurred in one of our legacy datacentres. The Board commissioned a review into this incident, which did disrupt some services to clients over a limited period. It concluded that historic investments to maintain service failed to fully address all of the technical risks this legacy infrastructure contains. This has required increased focus to address throughout 2017 and led this to assume a critical risk in our reporting, but which is now subject to remediation plans which we expect to see the residual risk to reduce through Q2 2018. The Board approved an immediate programme of remedial works and has sought to accelerate its consideration of a new IT strategy for its datacentre estate. Board and Audit and Risk Committee meetings have prioritised reports and reviews on this matter through the second half of 2017.

The conclusion of the strategy work will set a blueprint for the investment Capita will make to deliver a more robust and secure IT infrastructure and data network during 2018, which will support our growth and more resiliently maintain service for existing clients.

5. Failure to effectively manage talent and human resources

Description

Failure to attract or retain the right people would limit Capita’s ability to deliver its business plan commitments and continue to grow.

2017 Developments and Outlook

Capita is a people business. The availability and competency of the right talent is critical to Capita’s ability to meet the needs of its stakeholders and achieve its goals as a business. During 2017, Senior Talent attrition has been uncomfortable given the uncertainty which has arisen during this transitional phase. Organisation restructuring, cost efficiency and productivity initiatives and uncertainty over performance bonuses have impacted this group of employees.

Therefore, supporting future talent development and retention continues to be a Board priority. The Board recruited a senior and experienced Talent Director in 2017 to recognise the investment we see as necessary in this field and they are further bolstering their resource in this area. This new focus offers us the opportunity to validate and endorse our existing initiatives such as our well regarded ‘Lead the Way’ Graduate scheme and introduce our new ‘Talent Hub’. This aims to do a better job of recognising and promoting our talent from within, showcasing roles and opportunities across the business, thus promoting internal mobility and aiding retention. There has also been greater focus on the development of clearly defined Capita ‘Leadership Principles’ which will shape further initiatives during 2018 to strengthen our existing senior management team and offer guiding points for those who aspire to progress to that level.

The new Chief Executive Officer has expressed a priority in providing career opportunities for talented people and plans significant work during 2018 to achieve this. A Chief People Officer has been appointed to lead this work joining Capita in April 2018.

See pages 23-24 of the 2017 Annual Report and Accounts for further information on our people and talent.

6. Weaknesses in acquisition and contracting life cycle

Description

Capita acquisitions and client contracting fail to generate anticipated revenue growth, synergies and/or cost savings.

2017 Developments and Outlook

During the year, we have been able to reflect on the efficacy of our acquisition and integration processes. There have been a few isolated examples where incomplete integration has caused consequent risk around performance and systems and controls in these businesses. We recognise that the speed of integration and desire to derive the full financial benefit of any acquisition has, at times, led to certain steps not being prioritised. Some of these are unavoidable, such as trying to implement our UK-based mandatory policies in differing jurisdictions, others are not, such as moving acquired companies to our core financial platforms in a timely manner.

As mentioned above (Internal business complexity), complex transformations that have come with some new contracts have also proved challenging in 2017.

We have enhanced a number of key processes in this area during the year. First, we have revisited and refreshed our Bids & Acquisition policies to better focus our due diligence processes and will shortly be introducing a new Contract Review Committee. Second, we have created a new approach which sees transformation expertise embedded in the bidding teams earlier on in the process, reporting separately on the robustness of any plans and costs prior to contract signature. Third, we have introduced a new process to guide acquisitions through the first year of Capita ownership, to ensure the accountability and transparency that an effective integration process requires. However, we believe further work will need to be undertaken to embed these and consider other actions to manage this risk.

Compliance Risk

7. Legal/Regulatory risk               

Description

Capita plc is subject to regulation primarily under UK legislation. The regimes which apply to its business include, but are not limited to: financial services, communication services, and energy market. Capita is also subject to generally applicable legislation including, but not limited to: anti-bribery, consumer protection, data protection and taxation. Failure to adhere to any of its legal and regulatory requirements could lead to legal and regulatory sanctions, redress costs, reputational risk and, ultimately, loss of licence or barring from contracts..

2017 Developments and Outlook

During 2017, Capita closed out a number of historical legal and regulatory issues. This included material litigation with The Co-operative Bank and litigation in our Corporate Services business in Capita Asset Services. In November, the Financial Conduct Authority (FCA) announced that it reached final settlement with Capita Financial Managers, a subsidiary of Capita Asset Services, in respect of historical issues arising from the operation of the Connaught Income Series 1 Fund during 2008-2009.

The closure of these material cases and the disposal of the regulated businesses within Capita Asset Services has reduced the risk profile in this area. However, we recognise that our continued ability to operate and compete effectively can be impacted adversely by new legislation, policies or regulations. We work to identify and address our regulatory obligations and to respond to emerging requirements. We see that there continues to be a continued appetite by jurisdictions within which we operate to increase requirements on what we call ‘Corporate Conduct’. These can be loosely defined as developing legal requirements and sanctions that are worded to bring the corporate into an increased risk of action for its conduct and at times open it to criminal proceedings.

For 2017, significant work has been undertaken to position ourselves for the implementation of the GDPR, the Criminal Finances Act (introducing a criminal offence of facilitating tax evasion) and the Prevention of Modern Slavery Act.

Working in highly-regulated sectors does mean a higher level of risk for Capita. The steps outlined above help manage that risk but, as noted in the introduction to this section, the Board will continually review the risks and rewards which each sector and jurisdiction brings to the overall business.

Financial Risk

8.  Failure to meet financial expectations

Description

Adverse performance against our stated business plans undermines investor confidence and impacts the wider corporate position. Lower revenues and profits can also erode our corporate position in the market and weaken our ability to attract and retain the best talent.

2017 Developments and Outlook

The lower than predicted performance in 2016 indicated that the forecasting processes used within the businesses were in need of refresh and the management discipline in their execution required refocusing. There has been much work carried out during 2017 to improve transparency of key financial metrics across the businesses.

However, the update on the trading outlook in January 2018 revealed that further improvements to the existing risk management framework and system are required. The faster than anticipated speed in the crystallisation of financial risks during late 2017 through to January 2018 highlighted that there has been a weakness in the accuracy of forecasting and translation of financial risks in the existing framework. Furthermore, the key strategic decisions made by the Board, particularly around investing in our people, sales and our transformation plan for the long-term benefit of the Group has also contributed to the lower expected Group’s underlying pre-tax profits than initially predicted in December 2017.

An immediate learning point was that not all key financial risks were tracked and measured in a disciplined manner, and more focus was given on strategic and operational risks. Nonetheless, work had already been underway to improve the robustness of the risk management framework and system, which include the upgrade of our financial systems, processes and controls, introduction of Monthly Performance Reviews, clearer financial KPIs at business and divisional levels, a new Contract Review process for new business, more robust delivery governance on critical and complex projects, and a shift to a five-year planning range. We will continue to work on these areas in 2018.

In addition, we will ensure that all risks are equally measured and we will strengthen the financial management controls around the financial risk management process. We will also ensure that more onus is placed on the business unit owners by developing a more formal Risk Control Self-Assessment process and obtaining further assurance on their control effectiveness.

E-Mail-Adresse

Bitte überprüfe deine die E-Mail-Adresse.

Benachrichtigungen von ARIVA.DE
(Mit der Bestellung akzeptierst du die Datenschutzhinweise)

-1

Vielen Dank, dass du dich für unseren Newsletter angemeldet hast. Du erhältst in Kürze eine E-Mail mit einem Aktivierungslink.

Hinweis: ARIVA.DE veröffentlicht in dieser Rubrik Analysen, Kolumnen und Nachrichten aus verschiedenen Quellen. Die ARIVA.DE AG ist nicht verantwortlich für Inhalte, die erkennbar von Dritten in den „News“-Bereich dieser Webseite eingestellt worden sind, und macht sich diese nicht zu Eigen. Diese Inhalte sind insbesondere durch eine entsprechende „von“-Kennzeichnung unterhalb der Artikelüberschrift und/oder durch den Link „Um den vollständigen Artikel zu lesen, klicken Sie bitte hier.“ erkennbar; verantwortlich für diese Inhalte ist allein der genannte Dritte.

Andere Nutzer interessierten sich auch für folgende News

24.04.24 - PR Newswire

Invesco Bond Income Plus Ltd - Issue of Equity

24.04.24 - PR Newswire

Oxford Instruments Plc - Holding(s) in Company