How the business manages risk

In common with all organisations, Flowtech faces risks which may affect its performance. There is little that we can do about the macroeconomic environment but the Board believes that our strategy, which is designed to exploit opportunities created by the market, places Flowtech in a strong position relative to others, particularly where those markets are volatile. For the risks we are able to manage the Group operates a system of internal control and risk management in order to provide assurance that we are managing risk whilst achieving our business objectives. No system can fully eliminate risk and therefore the understanding of operational risk is central to management processes. The long term success of the Group depends on the continual review, assessment and control of the key business risks it faces. Risk review is an ongoing process and is reviewed formally by the Operational Board prior to the year end.

The principal risks identified include:

Talent management and succession planning

There is a risk that the business is not able to attract and retain high performing employees.

The Group also needs to maintain engagement with the employees to ensure they remain supportive of the business strategy.

Attraction and retention of employees is supported by bonus plans, recognition and reward programmes and innovative benefit packages.

Succession planning process introduced by the Operational Board in 2015 to identify and develop key employees. Nick Fossey appointed to lead the PMC division in March 2016.

Training forms a key part of all employees' development within their roles. Training is arranged to support the Group's business plans and the personal goals of all employees.

System and site disruption
2There is heavy operational dependence on the resilience of warehousing and IT infrastructure to support business operations and maintain high service levels. The risk is present that unplanned events could disrupt the functioning of key elements of the operational infrastructure, damaging customer service and business reputation.

Off-site disaster recovery provision for IT systems including call centre relocation.

Back-up generator installed at the main site with other sites to have feasibility studies in 2016.

Business continuity plans in place at operational locations. As the Group increases in size, resilience to disruption increases as distribution and production activities can be re-routed to other sites.

Inability to recognise and control cyber exposures
3The Group recognises there is an increasing exposure to cyber risk, including advanced techniques to disrupt our websites and direct attacks on Group systems with the potential loss of confidential information.

Current mitigation measures for local business systems include anti-virus software, virus scans on incoming emails and firewall protection.

The main Group website is hosted in the cloud with dual servers ensuring automatic switchover should one fail with daily back-up procedures.

Quality control
4Many of the key components and products supplied by the Group are for industrial use, often in hazardous environments. These components and products must be fit for purpose to ensure that their reliability, performance and safety is of the necessary standard. Failure in this quality will cause damage to the Group's reputation, customer relationships and potential legal consequences.

The majority of the Group's products are sourced from reputable 'brands' in the UK and Europe. In addition, for Exclusive Brands sourced from China, the Group has quality control specialists who regularly visit suppliers' manufacturing sites to ensure that high quality standard operating procedures are being adhered to.

The Group complies with ISO9001 ensuring quality standards are maintained through all its operations.

Continual testing procedures are in place for both components and manufactured products.

Employees involved in assembly processes are qualified with the relevant industry body awards and continue with regular internal and external training.

Breach of regulations
5Inadvertent breaches of regulations could lead to prosecution and significant fines. Regulations impacting the Group include COSHH, packaging waste regulations, health and safety at work, the Bribery and Corruption Act and corporate governance.

The Group engages external specialists as required to make sure internal procedures and policies are in place to provide compliance with the regulatory frameworks.

There is an ongoing review of relevant national and international compliance requirements.

Failure to integrate acquisitions and align strategies to existing business model.
6The Directors believe that the fluid power marketplace is highly fragmented, and the Group's core trading entities operate in well-defined channels. Acquisition opportunities that fit within these channels will be key targets. However, this fragmented nature will often introduce channel overlap that could undermine trading performance in other parts of the Group.

The Board includes both Executive and Non-Executive Directors with considerable acquisition experience. Given that the development of the Group in the fluid power market is likely to include multiple opportunities to acquire trading companies in both the UK and Europe, future appointments will also be made as required to strengthen skills and knowledge in this area. Since the IPO, the Group has also added professionals in both general accounting and mergers and acquisitions to its internal resources in support of this process.

Prior to engaging in any process the Chief Financial Officer will review any acquisition opportunity for conformance with the Board's strategy on channel management. Further detailed assessment with regard to channel conflict will be a key part of the due diligence process which will include consultation with the Group's Operational Board prior to plc Board approval and any commitment to buy.

Risk heat map

Heat Map

The risk heat map represents the qualitative and quantitative evaluations of the likelihood of a risk occurring and the impact on the Group in the event that a particular risk is experienced. The risk heat map was compiled by the Operational Board based on a common understanding of the risk appetite of the Group, the level of impact that would be material to the Group and the same method for assigning probabilities and potential impacts. Results from the individual Board members were amalgamated using simple averaging.

Movements from the prior year's ranking are indicated by the arrows.