The Risk Management Framework
Ocado's risk management process is designed to improve the likelihood of delivering our business objectives, protect the interests of our key stakeholders, enhance the quality of our decision making, and assist in the safeguarding of our assets, including people, finances, property and reputation.
The Board is responsible for the identification of Ocado's key strategic and emerging risks, and for the review and approval of the risk management framework. The Audit Committee, delegated by the Board, is responsible for the independent review of the effectiveness of risk management, the system of internal control, and the monitoring of the quality of financial statements and consideration of any findings reported by the auditors, PricewaterhouseCoopers ("PwC"), in relation to Ocado's control environment and its financial reporting procedures.
The key features of our system of internal control and risk management, including those relating to the financial reporting process, are:
- an organisational structure with clear segregation of duties, control and authority, and a framework of policies covering all key areas;
- a system of financial reporting, business planning and forecasting processes;
- a capital approval policy that controls Ocado's capital expenditure and a post-completion review process for significant projects;
- monitoring the progress of major projects by management, the Executive Directors and the Board;
- a Risk Committee which monitors Ocado's risk control processes;
- an Information Security Committee which monitors Ocado's information security;
- an Internal Audit & Risk function that provides independent assurance on key programmes and controls;
- a treasury policy overseen by a Treasury Committee that manages Ocado's cash and deposits, investments, foreign exchange and interest rates, so as to ensure liquidity and minimise financial risk;
- a food and product technology department, responsible for designing and monitoring compliance with Ocado's processes for the procurement and handling of foods and other goods for resale; and
- other control measures outlined elsewhere in this Annual Report including legal and regulatory compliance and health and safety.
What We Addressed in 2015
The process described on this page for identifying, evaluating and managing the principal risks faced by the Group operated during the period and up to the date of this Annual Report. Such a system can only provide reasonable, and not absolute, assurance, as it is designed to manage rather than eliminate the risk of failure to achieve business objectives.
During 2015, Ocado continued to enhance its approach to risk management. This included the introduction of a revised risk management policy at the start of the year, implementation of working practices to support this policy, and the enhancement of our capability for information security and business continuity.
During 2015, we continued to implement the Corporate Responsibility strategy across the business with integration of our four pillars strategy across the relevant departments. We established a Corporate Responsibility Committee to provide a governance structure for all corporate responsibility risks. This is comprised of senior management personnel from areas of the business impacted by or able to influence corporate responsibility, including Management Committee members.
The Audit Committee, on behalf of the Board, undertook an annual review of the effectiveness of risk management and the system of internal control, covering all significant controls including financial, operational, compliance controls, and risk management systems.
For further information on the review of financial reporting, refer to the Audit Committee report.
What We will be Looking at in 2016
Activities to improve our strategic, programme and operational risk management capabilities, including business continuity and information security, will continue in 2016. Our trading strategy is reviewed and amended as necessary to reflect the increasingly competitive grocery trading environment.
2016 will see corporate responsibility publish a standalone report, providing more detailed content on issues of continued interest to stakeholders.
The Internal Audit & Risk function will continue to provide independent and objective assurance and advisory services designed to add value and improve the operations of the business. Its scope encompasses the examination and evaluation of the adequacy and effectiveness of Ocado's governance, risk management and internal control processes.
- Our strategy informs the setting of objectives across the business and is widely communicated.
- Executive Directors evaluate the most significant strategic risks for the Group. In addition, each divisional Director prepares a risk register for their respective division, highlighting their significant risks. The Risk Committee oversees risk control processes and risk analysis from each part of the business, and reviews these top down and bottom up representations to ensure that no significant risks have been omitted.
- Divisional directors identify how they will manage or mitigate their significant risks. These actions are then summarised into a description of the Group-wide mitigation process for each risk.
- Group-wide risks and mitigation processes are regularly reviewed by the Risk Committee and by the Audit Committee.
Assessment of the Group's Prospects
The Directors have assessed the Group's prospects, both as a going concern and its viability longer term. This assessment informs the following distinct statements:
- The Directors considered it appropriate to adopt the going concern basis of accounting in the preparation of the Company's and Group's financial statements.
- The Directors have a reasonable expectation that the Company and the Group will be able to continue in operation and meet its liabilities as they fall due over the period of their assessment.
Both assessments are closely linked to the Directors' robust assessment of the principal risks facing the Group (including those that would threaten its business model, future performance, solvency or liquidity), which is outlined in How We Manage Our Risks.
Going concern statement
Accounting standards require that the directors satisfy themselves that it is reasonable for them to conclude whether it is appropriate to prepare financial statements on a going concern basis. There has been no material uncertainty identified which would cast significant doubt upon the Group's ability to continue using the going concern basis of accounting for the 12 months following the approval of this Annual Report.
In assessing going concern, the Directors take into account the Group's cash flows, solvency and liquidity positions and borrowing facilities. At period end, the Group had cash and cash equivalents of £45.8 million, external gross debt (excluding finance leases payable to MHE JVCo) of £53.3 million) and net current liabilities of £(59.5) million. The Group has a mix of short and medium term finance arrangements and has an unutilised £210 million revolving credit facility which contains typical financial covenants and runs until July 2019. The Group forecasts its liquidity requirements, working capital position and the maintenance of sufficient headroom against the financial covenants in its borrowing facilities (see below). The financial position of the Group, including information on cash flow, can be found in Our Financials. In determining whether there are material uncertainties, the Directors consider the Group's business activities, together with factors that are likely to affect its future development and position (see Our Strategy) and the Group's principal risks and the likely effectiveness of any mitigating actions and controls available to the Directors (see the table below).
In addition to the going concern assessment, the Directors have considered the viability of the business.
The Code requires that the Directors assess the prospects of the Group over an appropriate period of time selected by them. The Directors have considered whether the Group will be able to continue in operation and meet its liabilities as they fall due over the three year period from approval of this Annual Report. Although the Group's strategic plan forecasts beyond three years, the Directors took into account the impact on forecast outcomes of the rapid growth of the business and its changing strategic opportunities (among other factors) in concluding that three years was the most appropriate period for assessing the Group's prospects.
The Directors rely on a number of existing processes to justify their viability assessment. The annual budget, which provides a greater level of certainty of outcome than the longer-term plans, is used to set targets for the Group and is used by the Remuneration Committee to set performance targets for the annual incentive plan. A longer term business model provides less certainty of outcome, but provides a sensible planning tool against which strategic decisions can be made. This plan contemplates the input of a number of different strategic initiatives, including possible Ocado Smart Platform transactions, possible trials of new technology, possible participation of Morrisons in new CFCs and potential increases in CFC capacity. The plans make assumptions about the business including projected capital expenditure, financing requirements, available finance and compliance with any financial covenants.
To assist the Directors' assessment, the financial projections in the longer term business model were subject to severe but plausible stress tests whereby certain key assumptions were adjusted downwards, notably a material decline in the rate of sales growth and lower gross margins or increase in operating costs and a combination thereof. The tests were intended to show various outcomes including the impact on the Group's net debt and cash flow over the three years and an assessment on the impact on the financial covenants in the revolving credit facility, all of which are relevant to assessing the solvency and liquidity of the Group in this context. A decline in sales growth or margins or increase in operating costs can result from a range of principal risks in the retail business including failure by the Group to maintain a competitive pricing position, a decline in customer service levels and a delay in implementing new capacity. The Directors assessment also took into account the other principal risks that could have an impact on the future performance of the Group and those that would threaten its business model, solvency or liquidity and also the likely effectiveness of any proposed mitigating actions (see table below).
The above considerations form the basis of the Board's reasonable expectations that the Group will be able to continue in operation and meet its liabilities as they fall due over the three year period from approval of this Annual Report.
The external auditors have reviewed these statements and have nothing to report (see the Independent Auditors' report).
For more information see the
Audit Committee Report
|Risks||Mitigation Action/Control||Change during |
|Failure to maintain competitive pricing position|
- Continuation of our LPP basket matching price comparison
- Maintaining a competitive number of promotional offers and increased availability of free delivery slots for price sensitive customers
- Creation of a choice of tiered price points within each category
Due to increased competition in the market
|Risk of decline in high service levels|
- Weekly monitoring of the key indicators and the underlying drivers against published targets
|Failure to develop retail proposition to appeal to broader customer base and sustain growth rates|
- Growth of the Ocado own-label range alongside continued provision of the Waitrose range
- Growth of branded ranges and expansion of supplier base
- Alternative sourcing scenarios considered in the event that the Waitrose sourcing relationship terminates
- Continuation of investment and optimisation of the marketing channels to acquire new customers
- Continued improvement of webshop and apps
|Failure to develop sufficient management and technology capability or bandwidth to deliver on all our strategic priorities|
- Second and third overseas technology centres opened
- Improved IT prioritisation process
|Risk of not signing multiple OSP deals in the medium term|
- Investment in our platform which enables OSP is also required for Ocado's expanding Retail business. Initial deployment will be in CFC Andover and CFC Erith
- Impact of not signing multiple OSP deals in the medium term is restricted to the lost opportunity to increase our earnings from our Platform business
- The amount of capital invested in our platform is carefully controlled and we have the ability to reduce costs by scaling back the speed of the development
|A risk of delays in the implementation of new capacity for both Ocado and Morrisons|
- Dedication of resources to the modularisation of technology and logistics systems to enable faster replication
- New capacity in development at CFC Andover and CFC Erith
- Regular Executive Board steering and full Board reporting of new technology projects
Future new capacity is reliant on new, unproven technology
|Technological innovation supersedes our own and offers improved methods of food distribution to consumers|
- Engagement with a wide number of international grocers to understand market needs
- Experienced teams in place who understand the current solutions and are aware of global alternatives used in other industries
|Failure to protect our IP|
- Processes to identify patentable inventions and to apply for patents
- Established Ocado Innovation Committee to review our patent portfolio and discuss other IP issues
Multiple patents now filed although the value of IP has increased, so increasing the value to others
|Failure to ensure that our technology can be freely operated without infringing a third party's IP|
- Conducting "freedom to operate" searches on selected technologies
|Operational||A risk of a food safety or product safety incident|
- Experienced legal, food and product technology professionals monitor compliance against policies and procedures
- Supplier approval and certification process
- Food and product safety policies and quality management with appropriate operational procedures
Supplier and product numbers have increased and the market has become more sensitive to food and product safety issues
|A risk of changes in regulations impacting our retail business model or the viability of OSP deals|
- Regular monitoring of regulatory developments to ensure that changes are identified
- Monitoring operational performance to minimise environmental impact
- Regulatory due diligence carried out at appropriate stages in the OSP process
|Risk of major cyber-attack or data loss|
- IT systems are structured to operate reliably and securely
- Denial of service protection service is in place
- The security of our IT systems is regularly tested by third parties
- No customer payment card data is held in Ocado's databases
- Access to customer personal data is restricted to those who need this information as part of their job
- IT systems are structured to operate reliably and securely
- Dedicated engineering teams on site with daily maintenance programmes to support the continued operation of equipment
- Insurers advise on engineering and risk management in the design and operation of the CFCs
- High level of protection for CFCs and equipment
|A risk of unintentional infringement of competition|
- Issued a revised competition compliance policy in 2014
- Tailored learning tools rolled out (with annual refresher) for all personnel involved in accessing Morrisons data or providing services to Morrisons
- Physical and technical firewalls installed to ensure Ocado's Retail business is protected and kept separate from the operational teams providing services to Morrisons
For further information on the financial risks, see note 4.8 in the notes to the financial statements.
See the KPIs that measure the success of our strategyKPIs