Key risks

Inherent risk level: high

No change

Market conditions continued to increase competition during the period under review, which, if not mitigated, could lead to downward pressure on sales prices and profit margins.

There is a risk that such competitive pressures will continue and could be exacerbated by factors such as levels of economic activity, customer or supplier consolidation, manufacturers shipping directly to customers, other changes in the route to market, and changes in technology.

The Company continues to reinforce the mitigation actions in place. Gross margin improvement initiatives remain a priority for all businesses.

We believe that high levels of customer service and product availability play a fundamental role in maintaining competitive advantage. The Group has continued with its programme of work to improve levels of customer service and inventory.

A number of local initiatives have been undertaken by Wolseley businesses in the last 12 months, including:

• improved analysis of monthly margin performance at Group and business unit level;

• dedicated gross margin initiatives and expense reduction programmes in Canada;

• improved transparency on performance and incentives in the USA through the use of an innovative software tool;

• improved claims management in the UK businesses; and

• improved supplier pricing terms in the Nordic region.

Inherent risk level: medium/low

No change

The Group’s operations are affected by various statutes, regulations and laws in the countries and markets in which it operates. The amount of such regulation and the penalties can change.

While the Group is not engaged in a highly regulated industry, it is subject to the laws governing businesses generally, including laws relating to competition, internationaltrade, corruption and fraud, land usage, zoning, the environment, health and safety, transportation, labour and employment practices (including pensions), data protection, payment terms and other matters.

The Group’s compliance with laws to prevent anti-competitive behaviour and to combat bribery and corruption remain a priority.

Building codes or particular tax treatments may affect the products Wolseley’s customers are allowed to use and, consequently, changes in these may affect the saleability of some Wolseley products.

The Group monitors regulations across its markets to ensure that the effects of changes are minimised and that compliance with all applicable regulation is continually sought.

During the course of the year, a number of initiatives were undertaken to respond to new or updated laws and regulations. These include, for instance, the continual review and improvement of anti-fraud and anti-bribery procedures.

The Company has been monitoring the progress of the EU Late Payment Directive. Initial analysis has been completed and the Company is well prepared to adapt if necessary.

Inherent risk level: medium

No change

Wolseley's ability to provide leadership and products and services to customers depends on retaining sufficiently qualified, experienced and motivated personnel.

In order to increase productivity, and be able to take growth opportunities when markets improve, Wolseley must maintain the skills and experience of its existing management and continue to develop the managers of the future.

While staff turnover rates are stable at present the current difficult conditions experienced in certain markets, and the Group’s response to them, may demotivate remaining staff.

An updated, comprehensive People Strategy was approved by the Board in 2011. This sets out key principles and practices for people management, which operating companies will implement in their businesses. Specific examples of activity in business units includes:

• reviews of succession planning and improved interview processes in Canada; and

• a new leadership skills programme in Wolseley UK.

Effective personal performance management underpins this strategy. The quality of individuals’ performance reviews is being monitored and improved in all areas of the business.

The Company monitors voluntary turnover rates and employee engagement scores. Further metrics will be put in place in the coming year.

Succession planning exercises are undertaken each year, along with a review of the Company’s most talented and promising individuals.

Career mobility has been increased, providing more staff with the opportunity to work in different areas of the Group.

The Group continues to invest in development programmes for senior leadership, managers and all other staff.

Inherent risk level: medium

No change

The Group can only carry on business as long as it has the people, the information technology and the physical infrastructure to do so.

The safe and continued operation of such systems and infrastructure is threatened by natural and man-made perils and is affected by the level of investment available to improve them. For example,

• some of the Company's physical assets are located in areas exposed to natural catastrophe risks;

• the Group remains reliant on a variety of different technology systems across the Group, some of which have been operating for many years;

• to optimise costs and supply chain efficiency, some companies within the Group have also centralised their distribution network and are therefore reliant on a smaller number of larger distribution centres;

• the level and sophistication of IT security threats are increasing.

Core IT systems and data centres for the Nordics, USA and UK have documented disaster recovery plans which are tested annually.

In the United States, significant improvements have been made in the recovery times for core systems and our business there has been certified as Payment Card Industry compliant.

External reviews have been conducted of data centres in the UK and Denmark, and recommendations for improvement are being addressed.

The Company operates an IT governance framework including dedicated IT security policies. Specific operational controls for IT security include intrusion prevention and detection, penetration testing, wireless remediation of issues, log and configuration management and in-flight projects to reduce the likelihood of an incident.

The Company has made initial investments in software to improve its ability to identify and recover data.

The loss of a physical site is naturally hedged by the diversified nature of our locations, customers and suppliers.

The Company has formally documented and tested plans for those distribution centres, head office buildings and data centres where the risk is deemed to be greatest.

A comprehensive insurance programme is purchased, including coverage for “cyber” risks.