Our risk management approach is designed to safeguard stakeholder interests, both internal and external, and Company assets and reputation whilst supporting informed risk taking that promotes business growth and success.
Effective enterprise risk management creates a robust control environment that maximises opportunities, reduces the likelihood of business loss and manages the impact of potential risks.
Resilience & Risk Management: Throughout the contract lifecycle our controls, governance and processes help us manage risk and assure quality outcomes.
How we have performed
We have refreshed, republished and communicated our Serco Management System (SMS) which now consists of 14 revised Group Policies achievable through clear accountability for delivery of requirements by key roles across the business. Serco colleagues are made aware of these requirements through Serco Essentials training and new starter induction programmes, which are all accessible on myserco.com.
We have implemented the Controls Management module of the Governance, Risk and Compliance (GRC) tool, covering key financial and IT general controls in our UK & Europe, Middle East and Asia Pacific Divisions. The implementation in North America is planned for 2024.
The design and configuration of the Enterprise Risk Management (ERM) module is underway with implementation planned in 2024.
Supporting our commitment to improve Enterprise Risk Management (ERM) and to support changes in corporate governance requirements, we have been undertaking a review of our risk and assurance approach. This will help to inform changes and improve internal risk reporting and assurance activities.
We have completed a Fraud Risk Framework Maturity Assessment which found standalone good practices but recognised that a more holistic and focused approach to fraud risk management and assessment would be beneficial. Recommendations are being implemented.
We have appointed new insurance brokers following a comprehensive review.
We have improved Group oversight of Business Continuity Programmes in each Division and now have a central dashboard to track status and testing of Divisional business impact assessments (BIAs) and business continuity plans (BCPs).
We completed crisis management exercises at a Group level and in our North America and Middle East Divisions.
We have also implemented a refreshed Dawn Raid procedure, including an online course.
Contracts have completed their Annual Risk & Controls Self-Assessments and actions have been raised where necessary.
All Divisions have submitted biannual compliance statements covering compliance with key SMS policies.
We continue to undertake due diligence on third parties and implemented a new screening tool during the 2023, which has broadened the risks covered, now including human rights and modern slavery.
What next
-
Complete transfer of all legacy SMS documents into a new SMS hierarchy. Pilot MD SMS engagement programme.
-
Continued development of our ERM approach to reflect Corporate Governance changes due to be implemented in line with FRC timelines.
-
Implement the Controls Module of the Riskonnect system in North America.
-
Implement the ERM module of Riskonnect in all Divisions and embed new reporting and risk and assurance approaches.
-
Enhance our Fraud Compliance programme based on a 2023 Fraud Framework review and guidance on the legislation ‘Failure to prevent fraud’.
-
Complete recommendations from the Fraud Risk Framework Maturity Assessment.
-
Complete the Crisis Management Exercise in remaining Divisions, with lessons learnt captured and actioned.
Our reports and resources
2023 Impact Report
The human face of impact.
2023 Data Book
A full suite of ESG data points over a five-year period with notes and commentary.
ESG resources
ESG reports and resources, public third-party reports on Serco operations, and our responses to frequently asked questions.