What we mean

We believe that the world’s leading companies must set and achieve high standards of performance and behaviours.  We are clear about what we believe in and the ethics and business standards and procedures we will operate to.

Group policy and procedures

Business Conduct and Ethics

Policy statement supported by Group procedures relating to:

• Personal and organizational conflicts of interest

• Gifts and hospitality

• Speak up issues handling

• Incident and fraud reporting and management

• Mandated essentials training

• Third party due diligence

Also see mycode: Doing it right

Strategic alignment and direction

Ethics and compliance Strategy

Group principal risk

Failure to act with integrity

As a people-based business employing over 50,000 employees there is an inherent risk of rogue employees engaging in significant corrupt or dishonest acts including bribery, fraud, misreporting, cheating or lying. If this risk occurred, it would lead to reputation and brand damage and customers being reluctant to do business with us. Such behaviours might arise through the actions of rogue employees or as a result of pressures individuals may feel they are being placed under to deliver financial or operational performance and might lead to: the loss of existing business; restrictions on our ability to bid or win new business; a reduction in our ability to attract high-quality people or partners; or may impact shareholder, investor and financial institutions’ confidence in Serco. We have an averse risk appetite to behaviours and actions that may compromise our integrity.

Governance overview

• Our Corporate Responsibility Committee (CRC) provides formal oversight of our Ethics and Compliance strategy and its effective delivery against agreed objectives and targets. The CRC, Executive Committee and Divisional Executive Management Teams (EMTs) review quarterly operational and strategic performance reports.

• The CRC, at the end of each meeting, meets separately without management present, one of the Divisional Ethics Leads. The Committee Chair also meets privately with the Group Director of Business Compliance and Ethics.

• Our Group Director of Business Compliance and Ethics is responsible for Ethics and Compliance strategy design, management and execution and the development and maintenance of associated policy and governance. The Group Director of Business Compliance and Ethics also chairs the Group Ethics and Compliance Oversight Group (including Divisional Ethics Leads), which meets regularly to discuss strategic and operational performance and share best practice.

• Divisional EMTs are responsible for appropriate Divisional adherence to policy and standards and managing associated risks, while Divisional Ethics and Compliance Leads are responsible for implementing policy, strategy and governance across the Division.

• Depending on the context and scale of any ethical dilemmas, our position will be determined by Divisional EMTs, the Executive Committee, Investment Committee or plc Board.

• Our Business Lifecycle governance process seeks to enable due diligence, review and oversight of related risks throughout bidding and operations.

• Our global ethics helpline and investigation process, known as Speak Up, is available to all employees and third parties, supported by an online case management system provided by an independent third party.

• Our Divisional Legal Representatives advise on and record competition and anti-trust matters, using external legal advisers in accordance with local practice to provide additional advice and guidance on issues relating to competition and anti-trust law and their application.

Oversight – Board

Corporate Responsibility Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Ethics and compliance Oversight Group

Executive Sponsor

Group General Counsel and Company Secretary

Subject Matter Expert

Director Business Compliance and Ethics

What we mean

We recognise our success reflects of our people, so being a great business depends on us having great people who are engaged, reflect the communities they serve, are healthy and have opportunities to develop in their chosen field.

Group policy and procedures

People

Policy statement supported by Group procedures relating to:

• Employee lifecycle

• Employee wellbeing

• Recruitment

• Procurement of contractors and temporary workers

• Business travel risk

Also see mycode: Looking after each other

Strategic alignment and direction

People strategy including wellbeing, diversity, engagement and development strategies

Group principal risk

Failure to attract, engage and retain key talent

It is our ambition to be regarded as the best-managed company in the sector and, notwithstanding our framework of people processes, systems and controls, there is a risk that we are unable to attract, engage and retain an appropriately sized, qualified and competent workforce and management team. The impact of this risk materialising would restrict Serco’s ability to deliver on its customer obligations, execute its strategy and achieve its business objectives whilst driving employee pride in the organisation. We have a cautious risk appetite and take a pragmatic approach to the attraction, retention and development of key talent. We ensure that robust contingency plans are in place for business-critical roles but recognise that an element of churn is healthy for any business meaning that we are not averse to change.

Governance overview

• Our Group Chief Executive is ultimately responsible for our people strategy objectives and ensuring our people strategy is reviewed annually. The plc Board validates the people strategy and receives quarterly reports on delivery across the Group.

• Our Corporate Responsibility Committee (CRC) provides formal review and oversight of strategy and effective delivery against agreed objectives and targets.

• The CRC hosts our approach to Employee Voice on behalf of the plc Board, assisted by our Non-Executive Director for Employee Voice.

• Our Group Chief Operating Officer is responsible for people strategy design, management and execution – including Employee Voice – supported by our Global HR Leadership Team, comprising Divisional Human Resources Directors (HRDs), Group HR Centre of Expertise Directors and HR Share Services leadership.

• Our Group HR Centres of Expertise are responsible for policy, strategy and governance across the employee lifecycle.

• Our Employee Relations Centre of Expertise, led by our Group Director of Employee Relations, is responsible for EHW and our trade unions policy, strategy and governance.

  • Reporting to the Group Director of Employee Relations, our Group Head of Workplace Health and Wellbeing is responsible for delivering our approach to EHW.

  • Our Group Director of Employee Relations is responsible for managing relationships with our recognised trade unions in the UK and maintaining oversight of trade union relationships in all regions through close contact with our Divisional HRDs/Employee Relations leads.

• Our Colleague Experience Centre of Expertise, led by our Group Director of Colleague Experience, is responsible for employee engagement, Employee Voice and Diversity & Inclusion (D&I).

  • Reporting to the Group Director of Colleague Experience, our Group Colleague Communications Manager is responsible for delivering our approach to Employee Voice and managing contact and communication between the plc Board and our workforce.

  • Reporting to the Group Director of Colleague Experience, our Group Head of D&I is responsible for delivering our approach to D&I.

• Our Talent & Capability Centre of Expertise, led by our Group Heads of Talent Acquisition and Development, is responsible for employee development.

  • Role-related training is managed at appropriate Divisional or Functional levels.

• All Group HR Centres of Expertise chair global oversight group (including Divisional leads), which meet regularly to discuss strategic and operational performance and share best practice.

• Divisional Executive Management Teams are responsible for appropriate Divisional adherence to policy and standards, while Divisional HRDs are responsible for implementing policy, strategy and governance across the Division, supported by their Divisional leads.

Oversight – Board

Corporate Responsibility Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Global People Forum
Global People Risk Community of Practice

Executive Sponsor

Group Chief Operating Officer

Subject Matter Expert

Head Organisational Effectiveness
Colleague Experience Director
Group Director Talent and Organisational Capability

What we mean

We respect and protect the dignity and human rights of our colleagues and everyone we deal with in our work. This includes those in our care, who use our services or work for our business partners or suppliers.

Group policy and procedures

Human rights

Policy statement supported by Group procedures relating to:

• Human rights assessment and management

• Modern slavery response and remediation

• Third party due diligence manual

• Speak Up Issues Handling

• Serco Mandated Training

Also see mycode: Respecting human rights and preventing modern slavery

Strategic alignment and direction

Ethics and Compliance Strategy

Group principal risk

Failure to attract, engage and retain key talent

It is our ambition to be regarded as the best-managed company in the sector and, notwithstanding our framework of people processes, systems and controls, there is a risk that we are unable to attract, engage and retain an appropriately sized, qualified and competent workforce and management team. The impact of this risk materialising would restrict Serco’s ability to deliver on its customer obligations, execute its strategy and achieve its business objectives whilst driving employee pride in the organisation. We have a cautious risk appetite and take a pragmatic approach to the attraction, retention and development of key talent. We ensure that robust contingency plans are in place for business-critical roles but recognise that an element of churn is healthy for any business meaning that we are not averse to change.

Whilst Serco delivers under contract services to governments and other institutions who serve the public or protect vital national interest, the markets we work in are diverse: defence, justice and immigration, transport, health and citizen services. We recognise that each presents different risks. From a human rights perspective the principal risks relate to our justice and immigration operations, mainly relating to those who use the range of facilities or services we manage.  We do however, recognise that human rights risks exist across our operations. We expect employees, business partners and related third parties to remain vigilant for adverse human rights impacts in respect of these, with appropriate reporting and mitigation actions taken should they be discovered.

Governance overview

• Our Corporate Responsibility Committee (CRC) provides formal oversight of our Ethics and Compliance strategy, including our approach and commitment to human rights, and its effective delivery against agreed objectives and targets. The CRC, Executive Committee and Divisional Executive Management Teams (EMTs) review quarterly operational and strategic performance reports.

• Our Group Director of Business Compliance and Ethics is responsible for Ethics and Compliance strategy design, management and execution and the development and maintenance of associated policy and governance. This includes human rights, modern slavery and human trafficking. The Group Director of Business Compliance and Ethics also chairs the Group Ethics and Speak Up Oversight Group (including Divisional Ethics Leads), which meets regularly to discuss strategic and operational performance and share best practice.

• The Head of Business Ethics and Regulatory Compliance chairs the modern slavery oversight group which has representation from all divisions and monitors our approach to modern slavery and human trafficking.  See our modern slavery statement.

• Divisional EMTs are responsible for appropriate Divisional adherence to policy and standards and managing associated human rights risks, while Divisional Ethics Leads are responsible for implementing human rights policy, strategy and governance across the Division.

• Depending on the context and scale of any suspected AHRIs, our position will be determined by Divisional EMTs, the Executive Committee, Investment Committee or plc Board.

• Our Business Lifecycle governance process seeks to enable due diligence, review and oversight of related human rights risks throughout bidding and operations.

• Our Human Rights Assessment and Decision Tree enables us to evaluate any adverse human rights impacts caused or contributed to by our operations or linked to them through our business partners and related third parties.

• Our global ethics helpline and investigation process, Speak Up, is available to all employees, supported by an online case management system provided by an independent third party.

Oversight – Board

Corporate Responsibility Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Ethics and Compliance Oversight Group
Modern Slavery Oversight Group

Executive Sponsor

Group General Counsel and Company Secretary

Subject Matter Expert

Director Business compliance and Ethics

What we mean

We are committed to delivering services that reflect our customers’ business needs, have a positive impact on the public we serve and support, strengthen, and contribute to the social and economic wellbeing of those communities in which we work.

Group policy and procedures

Customer and contract
Quality

Policy statement supported by Group procedures relating to:

• Charitable donations, sponsorships and other contributions

• Political donations and activity

Also see mycode:
Working with communities
Political activities and payments

Strategic alignment and direction

Community activities in line with strategic themes

Group principal risk

Failure to grow profitably

Integral to our Strategy Review process, this risk considers the potential impact of failure to win material bids or renew material contracts profitably, or a lack of opportunities in our chosen markets, restricting revenue growth which may in turn have an adverse impact on Serco’s profitability. We have a cautious appetite for this risk recognising that we will take reasonable and considered risks to generate profitable growth.

Contract non-compliance, non-performance or misreporting

With more than 50,000 employees directly or indirectly delivering services under 700 services contracts signed with over 500 customers worldwide, there is considerable scope for missed contract obligations or performance thresholds or inaccurately compiled performance reports. In the normal course of service provision, these failures are minor, fixable and allowed for in the contracts we sign via defined tolerance levels and penalties. This risk is concerned with levels of failure that are unacceptable to Serco and its customers, especially deliberate misreporting of contractual performance or material contracts being taken away from Serco due to non-performance or non-compliance.

Governance overview

• Our Corporate Responsibility Committee (CRC) provides formal oversight of public and community strategy and its effective delivery against agreed objectives and targets. The CRC, Executive Committee and Divisional Executive Management Teams (EMTs) review quarterly operational and strategic performance reports.

• Under the direction of the Group Strategy and Communications Director the Group Public Policy Manager is responsible for design, management and execution and the development and maintenance of associated contract, public impact and community policy and governance.

• Divisional EMTs are responsible for appropriate Divisional adherence to policy and standards and managing associated risks.

• Divisional VEO appoint a Divisional Lead with responsibility for implementing policy, strategy and governance across the Division.

• The Serco Foundations is a registered charity with a dedicated Board responsible for good governance and sound judgment in the deployment of Foundation funds.

• The Serco People Fund is a registered charity in the jurisdiction it supports with a dedicated Board responsible for good governance and sound judgment in the deployment of Foundation funds.

Oversight – Board

Corporate Responsibility Committee
Serco Foundation
Serco People Fund

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team

Executive Sponsor

Group Strategy and Communications Director

Subject Matter Expert

Group Public Policy Manager

What we mean

Alongside our customers and other stakeholders, we recognise that environmental sustainability is a critical factor in the wellbeing of society, we are therefore committed to doing what we can to address the environmental and climate emergencies and support the net zero ambitions of our clients and wider society.  We support and contribute to customer objectives, helping them meet climate and environmental challenges by reducing our emissions and decarbonising our services in line with global climate science and net zero ambitions.  We also deliver sustainable procurement improvements and implement operational efficiencies to avoid and minimise resource use, supporting the transition to a circular economy. We strive to ensure our operations prevent pollution and protect, value and enhance biodiversity and the natural world which sustains us.

Our impact and opportunity to make a positive difference from an environmental perspective varies in each market and is dependent on the nature of services we deliver and the level of operational and financial control we hold at any given contract. 

Group policy and procedures

Environment and climate change

Policy statement supported by Group procedures relating to:

• Carbon management

• Incident and fraud reporting and management

Also see mycode: Looking after our environment and climate

Strategic alignment and direction

Environment strategy

Group principal risk

Material legal and regulatory failure

Serco operates in complex legal and regulatory environments across multiple industries and geographies and there is a risk that we might not comply with all relevant laws and regulations, including environmental regulations. Failure to comply with laws and regulations may cause significant loss and damage to the Group and its people including exposure to regulatory prosecution and fines, reputational damage and the potential loss of licenses and authorisations, all of which may prejudice the prospects for future bids. Defending legal proceedings may be costly and may also divert management attention away from running the business for a prolonged period. Uninsured losses or financial penalties resulting from any current or threatened legal actions may also have a material adverse effect on the Group. We are averse to risks which may result in legal and regulatory non-compliance and demand processes that seek to minimise regulatory fines and legal action, as well as targeted and selected assurance activity.

Governance overview

• The Serco plc Board has ultimate responsibility for Environment, assisted by our Corporate Responsibility Committee (CRC) – which provides formal review and oversight of Environment strategies and effective delivery against agreed objectives and targets – and Group Chief Operating Officer, Group Executive Sponsor for HSE;

• The CRC, Executive Committee and Divisional Executive Management Teams (EMTs) review quarterly operational and strategic Environmental performance reports. HSE data is also included in

  • quarterly Business Performance Reviews by Divisional Chief Executive Officers (CEOs) and Business Unit Managing Directors; and

  • Divisional Performance Reviews by the Group CEO, Group Chief Financial Officer and Divisional CEOs.

• Our Group Head Environment, Energy and Sustainability is responsible for Environment strategy design, management and execution and the development and maintenance of associated policy and governance.

• The Director of Group HSE chairs our global HSE Oversight Group (including Divisional HSE Leads), which meets regularly to discuss strategic and operational performance and share best practice.

• The Group Head of Environment, Energy and Sustainability chairs the TCFD Climate Risk Steering Group, leading the continuous development of the Environmental agenda.

• Divisional EMTs are responsible for appropriate Divisional adherence to strategy, policy and standards and managing associated risks, while Divisional HSE Leads are responsible for designing and delivering Divisional Strategy and implementing policy and governance across the Division.

• Our first, second and third line inspections, plus independent compliance assurance reviews and internal audit programmes, provide comprehensive coverage of environmental issues.

• We gain external independent review of performance via certification to the ISO14001:2015 standard on Environmental Management in pertinent areas of our operations. We are also audited globally to the ISO14064-3:2006 standard on validation and verification of Greenhouse Gas assertions, providing assurance on our annual carbon reporting.

Oversight – Board

Corporate Responsibility Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Group Health, Safety and Environment Forum
TCFD Climate Risk Steering Group

Executive Sponsor

Group Chief Operating Officer

Subject Matter Expert

Group Head Environment, Energy and Sustainability

What we mean

We are committed to sustainable third party relationships and procurement practices that provide goods and services in a way that achieves value for money over the entire life cycle, generating benefits not only to Serco, but also to society and the local economy, whilst minimising damage to the environment.

Group policy and procedures

Procurement and supply chain

Policy statement supported by Group procedures relating to:

• Procurement

• Sourcing

• Contract creation, amendments and termination

Also see supplier code of conduct

Strategic alignment and direction

Procurement strategy and Sustainable Procurement Charter

Group principal risk

Significant failure in supply chain

As a result of a significant failure in Serco’s end to end supply chain to perform to the required standard, Serco may be exposed to risks that mean Serco is unable to meet its customer obligations, perform critical business operations or win new business. Serco uses thousands of suppliers globally each year and we accept that it is not feasible to monitor and manage the performance of every supplier. This risk also includes risks to Serco from non-business critical suppliers and from the suppliers of our suppliers.  Consequently, we take a proportionate approach to management of these third parties and have a moderate risk appetite for using them. 

Governance overview

• Our Corporate Responsibility Committee (CRC) provides formal oversight of our procurement strategy and its effective delivery against agreed objectives and targets. The CRC, Executive Committee and Divisional Executive Management Teams (EMTs) review quarterly operational and strategic performance reports.

• Our Director of Procurement with support from Risk and Sustainability Director (Procurement) is responsible for procurement strategy design, management and execution and the development and maintenance of associated policy and governance. The Director of Procurement chairs the Global Procurement Leadership Forum (including Divisional Procurement Leads), which meets regularly to discuss strategic and operational performance and share best practice.

• Divisional EMTs are responsible for appropriate Divisional adherence to procurement policy and standards and managing associated risks, while Divisional Procurement Leads are responsible for implementing policy, strategy and governance across the Division.

• Our Investment Committee provides formal oversight and approval of contractual structures and arrangements for partner/ strategic relationships, whilst Divisional Executive Management Teams are responsible for managing these relationships, including regular strategy and performance review meetings with partners, supported by members of the Executive Committee and plc Board as appropriate.

• Divisional Legal Representatives manage contractual arrangements with customers, partners and suppliers.

• Our Procurement and Supply Chain Function delivers consistent procurement processes in the selection and management of suppliers, ensuring compliance with laws and regulations, our ethical standards, mycode and human rights throughout our supply chain.

• Our Supplier Code of Conduct clarifies our requirements and expectations regarding our suppliers and their facilities, wherever they are located.

Oversight – Board

Corporate Responsibility Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Global Procurement Leadership Team
Divisional Procurement Boards

Executive Sponsor

Group Chief Operating Officer

Subject Matter Expert

Risk and Sustainability Director (Procurement)

What we mean

We are committed to protecting the organisation and data subjects against attack resulting in loss of service or a data breach (including personal or customer data).

Group policy and procedures

Privacy
Security and Information Technology

Policy statement supported by Group procedures relating to:

• Group Security Controls Manual

• Acceptable use of information systems

• Incident and fraud reporting and management

• Data protection

• Electronic searches

Also see mycode: Keeping it safe - our information and privacy

Strategic alignment and direction

DPO and IT Security strategies overseen by Group DPO, Group CIO and Group CISO

Group principal risk

Information security breach (including Cyber-Attack and Data Protection risks)

We recognise the importance of protecting Serco’s information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction to ensure the integrity, confidentiality, and availability of the data entrusted with us is maintained.  Information security breaches, cyber-attacks, willful damage or data privacy and governance failings represent a key risk for us. Such incidents could result in the loss or compromise of sensitive information (including personal or customer), a loss of service, and the corresponding impact on data subjects causing significant reputational damage, financial penalties and loss of customer confidence. We have an averse risk appetite to any information security breach. We accept that due to the nature of the services we provide that we face threats from both internal and external factors but will always do our utmost to mitigate the impact of any breach and carry out immediate remedial actions.  We have a low tolerance to breaches and require that each Serco region can demonstrate compliance with their most appropriate Government security framework (where published) and data protection laws.

Governance overview

• The Serco plc Board has ultimate responsibility for data privacy and information security, assisted by the Risk and Audit committees – which provide formal review and oversight of strategies and effective delivery against agreed objectives and targets.

• Group Chief Executive sponsors information security with sponsorship for data privacy by Group General Counsel and Company Secretary.  They ensure that data protection and information security processes and resources are available to support the business, ensuring appropriate training is available and provided, complete data protection impact assessments (DPIAs), implement a management assurance framework to provide confidence that key controls are being implemented effectively, and monitor compliance of Serco with applicable data protection/privacy/information security laws and regulations

• The Risk and Audit Committees, Executive Committee and Divisional Executive Management Teams (EMTs) periodically review operational and strategic data protection and information security reports covering risk, strategy, performance and incidents. Information on data privacy and information security relevant to the periods reported is also included in

  • monthly Business Performance Reviews by Divisional Chief Executive Officers (CEOs) and Business Unit Managing Directors; and

  • Divisional Performance Reviews by the Group CEO, Group CFO and Divisional CEOs.

• Information Technology and Security is under the direction of the Group CIO and Group CISO who are responsible for the strategy, management, governance and alignment associated policies.  The Group CIO chairs the Global IT and Security Leadership forums which both meet monthly and have representatives from each division.

• A lead is identified in each division with responsibility for Information Security.  They set and deliver divisional strategy and are accountable for the operations and reporting performance within their division and to the Group CIO.

• Data privacy is under the direction of the Data Protection Officer with responsibility for the development and maintenance of policy and governance and oversight of divisional strategies designed to meet local regulations whilst maintaining minimum group standards.  This role is responsible for: ensuring there is alignment across the global business for data protection; working with (Divisional) Data Protection Officers (DPOs) to set strategy and ensure data related policy is properly executed operationally; and informing and advising Serco of its obligations relating to the processing of personal data in accordance with applicable data protection/privacy laws and regulations.  The Data Protection Officer chairs the Global Data Protection Governance Group.

• Each division has a data privacy lead established to ensure the division has in place appropriate processes to meet local regulatory requirements and maintain group minimum standards.  They report to the Divisional Executive Management Team on performance and incidents and to the Group Data Protection Officer.  They form part of the Global Data Protection Governance Group.

• Our annual compliance assurance and internal audit programmes cover d privacy and information security, whilst regulatory audit and external certifications provide independent review and assurance.

Oversight – Board

Audit Committee
Risk Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Group Information Technology Leadership forum
Group Security Leadership Forum
Global Data Protection Governance Group

Executive Sponsor

Information Security – Group Chief Executive
Data Privacy - Group General Counsel and Company Secretary

Subject Matter Expert

Information Technology – Group Chief Information Officer
Information Security – Group Chief Information Security Officer
Data Privacy – Data Protection Officer

What we mean

We maintain a system of internal controls including financial, operational and compliance controls, risk management and internal audit.

Group policy and procedures

Risk Management and Insurance

Policy statement supported by Group procedures relating to:

• Risk management lifecycle

• Risk manager responsibilities and access

• Insurance

• Compliance assurance

• Investment Committee

• Delegated authorities

Also see mycode

Strategic alignment and direction

Enterprise Risk Management (ERM)

Group principal risk

Material legal and regulatory failure

Serco operates in complex legal and regulatory environments across multiple industries and geographies and there is a risk that we might not comply with all relevant laws and regulations, including environmental regulations. Failure to comply with laws and regulations may cause significant loss and damage to the Group and its people including exposure to regulatory prosecution and fines, reputational damage and the potential loss of licenses and authorisations, all of which may prejudice the prospects for future bids. Defending legal proceedings may be costly and may also divert management attention away from running the business for a prolonged period. Uninsured losses or financial penalties resulting from any current or threatened legal actions may also have a material adverse effect on the Group. We are averse to risks which may result in legal and regulatory non-compliance and demand processes that seek to minimise regulatory fines and legal action, as well as targeted and selected assurance activity.

Governance overview

Group governance

We have a comprehensive corporate governance framework, with clearly defined responsibilities and accountabilities. Below this our overarching management framework, the Serco Management System (SMS), describes what needs to be done, and by whom, through a range of policies, standards and procedures while our Code of Conduct ‘mycode’ defines how we expect our operations to be delivered and the behaviours we expect across our organisation.

• The Board has delegated certain of its responsibilities to the Audit, Corporate Responsibility, Group Risk, Nomination and Remuneration Committees. The terms of reference for each are available at www.serco.com.

• In addition, there is a Disclosure Group which meets to consider the disclosure of information to meet legal and regulatory obligations under the Market Abuse Regulations.

• The Executive Committee is chaired by the Group Chief Executive and additionally comprises the Group Chief Financial Officer, Divisional Chief Executives, the Group General Counsel and Company Secretary, the Group HR Director and the Group Director of Strategy and Communications. The Committee has delegated responsibility from the Board to ensure the effective direction and control of the business and to deliver the Group’s long-term strategy and goals.

• The Investment Committee comprises the Group Chief Executive, the Group Chief Financial Officer, the Group General Counsel and Company Secretary, and other members of the management team. It acts on behalf of the Board to review, monitor and approve bids, mergers, acquisitions and disposals and other corporate activity within specific authority limits delegated by the Board.

• The Approvals and Allotment Committee comprises the Group Chief Executive, the Group Chief Financial Officer and the Group General Counsel and Company Secretary. This Committee acts on behalf of the Board between Board meetings in respect of matters not specifically reserved to the Board.

• Each Division is under the direction and control of its Divisional Chief Executive Officer (CEO), whose responsibilities include: Divisional strategy and structure; large bids and major capital expenditures; Divisional business plans, operating plans and targets; financial statements; adoption of the SMS; Divisional operating procedures; Divisional statements on internal controls and audit; health, safety, environment and security strategy, objectives and targets; and the Division’s position on significant ethical issues.

• Divisional CEOs will define the management structure required in their Divisions to ensure that the appropriate decision- making takes place, within defined delegated authorities, and that there is an acceptable line of sight and reporting of risk, issues and performance from the contract base, bids and within functions to Business Units and to Division.

• Each Division maintains a Divisional Executive Management Team (EMT) to oversee and assess all aspects of operational, financial and strategic performance.

• Each Divisional EMT will establish Business Unit management teams to oversee and assess all aspects of operational, financial and strategic performance of contracts belonging to their Business Units.

• Each Business Unit Managing Director will appoint a Contract Manager or Director to manage the performance of a contract on a day-to-day basis, including managing employees, the customer, subcontractors and other relevant stakeholders, managing and reporting on operational and financial performance, and developing organic growth opportunities.

Serco Management System (SMS)

• The SMS is our overarching management framework. It describes what needs to be done, and by whom, through a range of policies and procedures that define the rules governing all our operations. It provides direction on compliance with relevant laws and regulatory requirements.

• The MD, Group Operations is responsible for maintaining and reviewing the SMS.

• Group Policies are owned by Group Functional Leads, signed by the Group Chief Executive and approved by the plc Board. They define our strategic commitments and apply across the Group.

• Group, Country, Divisional and Local Operating Procedures (GSOPs, CSOPs, DSOPs and LSOPs), provide direction and guidance on how to achieve mandatory requirements and comply with relevant laws and regulations in the countries where we operate. Standard Operating Procedures are sensitive to local customs, traditions and cultures.

• All elements of the SMS and mycode are subject to a schedule of regular review to ensure they are up-to-date, relevant, appropriate and effective.

• Employee and manager responsibilities regarding SMS compliance are clearly defined and all employees complete appropriate SMS, mycode and Values training on joining Serco and annually during their employment. Our Group Consequence Management Standard defines how instances of non-compliance are managed.

mycode

• Based on our Values, mycode clearly and concisely defines how we expect our operations to be delivered and the behaviours we expect across our organisation. It provides direction to ensure we are sensitive to local customs, traditions and cultures.

• mycode applies to everyone who works for and on behalf of Serco, regardless of role, location and background, and confirms what they can expect of us as well as what we expect of them.

Three Lines of Defence

• To provide management assurance, a ‘three lines of defence’ model has been implemented to test business compliance. Each level of assurance informs our risk management process and the delivery of local, regional and Group improvements.

  • 1st line of defence: At an operational level, local controls are implemented to seek to ensure customer, legal and regulatory requirements are met. An annual SMS self-assessment process is undertaken by all Contracts and support functions across the Group which helps managers increase their understanding of SMS requirements and improve compliance with SMS controls.

  • 2nd line of defence: A programme of Division-led compliance assurance reviews test compliance with SMS controls and risk mitigations. These are selected based on Group and Divisional risks and other priorities determined by risk owners and self-assessment results. These reviews are carried out at Contract, Business Unit and Divisional levels.

  • 3rd line of defence: Internal Audit provides independent reviews (sometimes delivered with support from external parties working under Internal Audit’s direction) of the design and operating effectiveness of our processes and controls. External Audit is also used to test control effectiveness in areas of the business where there is a customer or legal requirement.

• The Director Enterprise Risk is responsible for assessing compliance with the Serco Management System and our approach and programme of compliance assurance.

• The Group Financial Controller is responsible for Financial Assurance, reporting to the Audit Committee.

• The Head Internal Audit develops the annual internal audit plan which is delivered through the independent internal audit team or an external third party.  The Head of Internal Audit reports to the Chair of the Audit Committee

Risk management

• Serco is exposed to a wide range of risks that, should they materialise, could have a detrimental impact on our financial performance, reputation and operational resilience.

• We take risk management extremely seriously and invest significant effort into identifying and managing risks.

• The Board oversees the Company’s risk management and internal control processes within an Enterprise Risk Management (“ERM") framework, discharging its oversight responsibilities through the Group Risk Committee, supported by the Corporate Responsibility Committee and the Audit Committee.

• Our key risks are agreed through an annual review with the Executive Committee and through quarterly challenge and review at either the Group Risk Committee, Corporate Responsibility Committee, Audit Committee or Board supported by Divisional level quarterly reviews with the Executive Management teams.

• Group General Counsel and Company Secretary sponsors risk managed effective controls with the Director Enterprise Risk is responsible for design, management and execution our Enterprise Risk Management approach and the development, maintenance and assurance of associated policy and governance.

• The Group General Counsel and Company Secretary chairs the Global Enterprise Risk Management Forum (including Divisional Leads), which meets regularly to discuss emerging risks, strategic and operational performance and share best practice.

• Our risk policy is set at a Group level with implementation and execution of that policy owned within each of our Divisions. The Serco risk management lifecycle process is mandated throughout the Company to seek a consistent approach to identification, analysis, monitoring and reporting of risks and to provide further assurance that the risk mitigation in place is sufficiently effective and appropriate.

• We undertake a bottom-up review of risks quarterly, with our Business Units identifying the main threats to achievement of their objectives, documenting and analysing their potential impact, and defining clear actions to reduce the likelihood of those risks materialising and/or the financial impact if they should still occur.

• Business Unit risks are consolidated and reported to Divisional leadership teams in a check and challenge capacity to ensure that risks on the Business Unit risk registers accurately reflect the concerns of local senior leadership. Once approved, the Divisional risks are reviewed by the Group ERM team and help inform the principal risk updates. The Board is updated after each GRC meeting.

• Our principal risks are those risks that we determine to be the most material when considered against our strategic ambition and that can materially affect the performance, prospects, or reputation of our business. These risks are identified and assessed as part of our strategic review and through additional discussions at the Executive Committee and the Group Risk Committee where internal and external emerging risk trends are considered. Once identified, each risk’s inherent, residual and target position is assessed against a standardised set of impact categories that include financial, reputational, operational and strategic considerations on a worst-case credible scenario basis. The likelihood of each risk occurring is then assessed, resulting in a residual risk position that enables us to score the risk from minor to severe and rank accordingly.

• Each principal risk has a Subject Matter Expert (“SME") who acts as lead in overseeing risk updates and driving risk action and a nominated Executive Committee sponsor, whose role is to advocate and oversee risk ownership, allocated to it, supporting its review and management.

• Detailed reviews of our principal risks are carried out as part of the Group Risk Committee reporting schedule, as well as topical “deep dives” that focus on pertinent risk themes.

• Each of our principal risks has an appetite statement to determine the nature and amount of risk that the Group is willing to accept as well as informing our decision-making. These statements are aligned to our Values, mycode and other ethical requirements to support and drive the right risk culture within the Group, are set through discussion with the principal risk Executive Committee Sponsor and SME and ratified annually by the Group Risk Committee.

• The majority of our Principal risks operate under an averse risk appetite demonstrating we have a close to zero tolerance for incidents. We appreciate that, by the nature of our operations, we do have inherent risk exposures but we strive to mitigate them.   In the case of health and safety for example, despite our focus, we do still experience incidents and near misses as the following two case studies demonstrate.  

Oversight – Board

Group Risk Committee
Audit Committee

Oversight – Executive

Group Executive Committee
Divisional Executive Management Team
Global Enterprise Risk Management Forum
SMS Steering Group

Executive Sponsor

Group General Counsel and Company Secretary
Group Chief Financial Officer

Subject Matter Expert

Director Enterprise Risk
MD, Group Operations
Group Financial Controller

What we mean

We focus on creating long-term, sustainable value that protect the interests of our owners alongside those of our colleagues, customers and the communities in which we operate.

Group policy and procedures

Finance Legal

Policy statement supported by Group procedures relating to:

• Insider information and share dealing

Strategic alignment and direction

Investor relations engagement plans

Group principal risk

Financial control failure

Serco operates complex financial systems and processes and there is an inherent risk that these may fail if appropriate oversight is not in place. Such failures may result in: an inability to accurately report timely financial results and meet contractual financial reporting obligations; a heightened risk of error and fraud: poor quality data leading to poor business decisions, or an inability to forecast accurately; the failure to create a suitable capital structure; and an inability to execute critical financial transactions, leading to financial instability, potential business losses, and negative reputational impact. We have an averse appetite for financial control failures and require a robust framework of financial processes, systems and controls to enable timely and accurate financial reporting and forecasting.

Governance overview

• Primary responsibility for day-to-day Investor Relations activities and engagement with shareholders rests with the Group Chief Executive, Group Chief Financial Officer and the Head of Investor Relations.

• In addition, the Chairman may meet with some of our largest shareholders, whilst the responsibilities of the Senior Independent Director include providing an alternative point of contact for them.

• The Chair of the Remuneration Committee meets separately with advisory bodies and institutional shareholders to discuss our approach to remuneration.

• To maintain effective and ongoing dialogue regarding our performance, we conduct regular presentations, meetings and calls with institutional investors and analysts in addition to our Stock Exchange Announcements.

• Assurance of our reporting is a key responsibility of our Audit Committee, who in turn review guidance from bodies such as the Financial Reporting Council and are supported and challenged by our External Auditor.

• Our management information framework includes the contract performance monitoring process (tracking performance measures specific to each customer operation), our monthly management accounts and our Divisional Performance Review (DPR) processes. Ongoing development of these is key to improving internal and external transparency.

• The Board reviews regular Investor Relations reports, which highlight investor perspectives, share price movements, changes in the share register, our recent and planned Investor Relations activities, analyst recommendations and financial forecasts, and significant news from the market and the support services sector.

• Our performance framework does not explicitly include ‘shareholder value’. Instead, we believe shareholder value should coincide with the appropriate achievement of ‘our deliverables’. Just as each component in the performance framework is expected to support achieving our deliverables, they are also expected to deliver shareholder returns in the long term.

• Short-term incentives include a mix of financial measures as well as key strategic goals aligned to generating long-term shareholder value, whilst long-term incentives directly include: relative total shareholder return (TSR) as an explicit performance measure; earnings per share (EPS) growth; return on invested capital (ROIC), employee engagement, and progress with increasing our order book. Taken together, we consider these five measures to be the most appropriate for sustainable shareholder value generation.

• Our Remuneration Committee has set personal shareholdings guidelines and requirements for our senior management team to support long-term commitment to Serco and the alignment of employee interests with those of our shareholders.

• Safeguarding shareholders’ investments, along with our assets, our people and our reputation, is paramount.

Oversight – Board

Audit Committee

Oversight – Executive

Group Executive Committee

Executive Sponsor

Group Chief Financial Officer

Subject Matter Expert

Head Investor Relations