The nature of the industry in which we operate and our chosen strategy expose the company to a number of risks.
Listed below are the strategic risks which senior management has identified as the most significant, which have action plans for their mitigation and which are subject to regular review. The colouring (red, amber, green) shows the company’s estimate of the inherent risk level before any mitigation.
Inherent risk level: high
The Group’s results depend on the levels of activity in new construction and property repair and remodelling markets. In light of the debt levels in Europe and concerns about the USA recovery, there continues to be a risk that markets may fluctuate rapidly or experience further downturns. Factors influencing this risk include:
• the general rate of GDP growth;
• consumer confidence;
• the availability of credit to finance customer investment;
• mortgage and other interest rates;
• the level of government initiatives to stimulate economic activity;
• inflation; and
These factors are out of the Group’s control and are difficult to forecast.
Traditional processes for producing management information may need enhancing to enable the Company to respond to such rapidly-changing markets.
The Company believes it has effective measures in place to respond to market conditions. Our mitigation strategy is to reinforce existing measures in place. These include:
• resource allocation processes;
• planning, budgeting and forecasting processes;• debt reduction and refinancing;
• cost reduction, pricing and gross margin management initiatives, including a focus on customer service and productivity improvement;
• diversification into the sectors, such as commercial and industrial, which have proved more robust; and
• improvements in monthly management information.
Measures introduced in the last 12 months include the disposal of businesses where the Company cannot establish a market leading position in attractive markets. Such operations included Bathstore and Build Center in the UK and Brossette in France. The Company has also announced its intention to explore strategic options for its other businesses in France.
The quality of monthly management information has been improved to enable businesses to better identify and respond to changes in the business environment.
Inherent risk level: high
Market conditions continued to increase competition during the period under review, which, if not mitigated, could lead to downward pressure on sales prices and profit margins.
There is a risk that such competitive pressures will continue and could be exacerbated by factors such as levels of economic activity, customer or supplier consolidation, manufacturers shipping directly to customers, other changes in the route to market, and changes in technology.
The Company continues to reinforce the mitigation actions in place. Gross margin improvement initiatives remain a priority for all businesses.
We believe that high levels of customer service and product availability play a fundamental role in maintaining competitive advantage. The Group has continued with its programme of work to improve levels of customer service and inventory.
A number of local initiatives have been undertaken by Wolseley businesses in the last 12 months, including:
• improved analysis of monthly margin performance at Group and business unit level;
• dedicated gross margin initiatives and expense reduction programmes in Canada;
• improved transparency on performance and incentives in the USA through the use of an innovative software tool;
• improved claims management in the UK businesses; and
• improved supplier pricing terms in the Nordic region.
Risks relating to (i) liquidity and funding and (ii) capital investment control were previously listed under this section. These risks have been removed from the list of principal risks in light of the Group’s strengthened financial performance, lower net debt levels and lower levels of investment (relative to previous years).
The Company faces many other financial risks which, although important and subject to regular review, have been assessed as less significant and are not highlighted on this list of principal risks. These include, for example, foreign currency, interest rate or counterparty risks. Information on the management of these risks can be found on the last page of the “Financial Review” section in recent annual reports.
Legal & compliance risks
Inherent risk level: medium/high
The international nature of Wolseley’s operations exposes it to the potential for litigation from third parties, and such exposure is considered to be greater in the USA than in Europe.
Wolseley’s strengths include its employees, its products and the terms it negotiates with its suppliers. It is in these areas where the potential risk of litigation may be greatest.
Although the number of claims made against the Company has increased slightly during the year, there has been no material change in the level of exposure to the Group.
Levels of litigation are monitored by individual operating companies and by Group functions.
To reduce its exposure to product-related claims, the Company has this year launched a major “Product Integrity” programme. This included a refreshed policy and set of requirements to which all businesses must adhere, as well as a programme of risk assessments and KPIs for major product categories.
The Company has been reviewing and improving its working practices especially in the United States and France in light of the more complex labour laws in those countries.
In the case of claims related to exposure to asbestos, Wolseley employs independent professional advisers to actuarially determine its potential gross liability. Wolseley has insurance which exceeds the current estimated liability relating to asbestos claims.
This year the Company has also improved the general liability insurance cover it procures.
Inherent risk level: medium/low
The Group’s operations are affected by various statutes, regulations and laws in the countries and markets in which it operates. The amount of such regulation and the penalties can change.
While the Group is not engaged in a highly regulated industry, it is subject to the laws governing businesses generally, including laws relating to competition, internationaltrade, corruption and fraud, land usage, zoning, the environment, health and safety, transportation, labour and employment practices (including pensions), data protection, payment terms and other matters.
The Group’s compliance with laws to prevent anti-competitive behaviour and to combat bribery and corruption remain a priority.
Building codes or particular tax treatments may affect the products Wolseley’s customers are allowed to use and, consequently, changes in these may affect the saleability of some Wolseley products.
The Group monitors regulations across its markets to ensure that the effects of changes are minimised and that compliance with all applicable regulation is continually sought.
During the course of the year, a number of initiatives were undertaken to respond to new or updated laws and regulations. These include, for instance, the continual review and improvement of anti-fraud and anti-bribery procedures.
The Company has been monitoring the progress of the EU Late Payment Directive. Initial analysis has been completed and the Company is well prepared to adapt if necessary.
Inherent risk level: medium
Wolseley's ability to provide leadership and products and services to customers depends on retaining sufficiently qualified, experienced and motivated personnel.
In order to increase productivity, and be able to take growth opportunities when markets improve, Wolseley must maintain the skills and experience of its existing management and continue to develop the managers of the future.
While staff turnover rates are stable at present the current difficult conditions experienced in certain markets, and the Group’s response to them, may demotivate remaining staff.
An updated, comprehensive People Strategy was approved by the Board in 2011. This sets out key principles and practices for people management, which operating companies will implement in their businesses. Specific examples of activity in business units includes:
• reviews of succession planning and improved interview processes in Canada; and
• a new leadership skills programme in Wolseley UK.
Effective personal performance management underpins this strategy. The quality of individuals’ performance reviews is being monitored and improved in all areas of the business.
The Company monitors voluntary turnover rates and employee engagement scores. Further metrics will be put in place in the coming year.
Succession planning exercises are undertaken each year, along with a review of the Company’s most talented and promising individuals.
Career mobility has been increased, providing more staff with the opportunity to work in different areas of the Group.
The Group continues to invest in development programmes for senior leadership, managers and all other staff.
Inherent risk level: medium
The Group can only carry on business as long as it has the people, the information technology and the physical infrastructure to do so.
The safe and continued operation of such systems and infrastructure is threatened by natural and man-made perils and is affected by the level of investment available to improve them. For example,
• some of the Company's physical assets are located in areas exposed to natural catastrophe risks;
• the Group remains reliant on a variety of different technology systems across the Group, some of which have been operating for many years;
• to optimise costs and supply chain efficiency, some companies within the Group have also centralised their distribution network and are therefore reliant on a smaller number of larger distribution centres;
• the level and sophistication of IT security threats are increasing.
Core IT systems and data centres for the Nordics, USA and UK have documented disaster recovery plans which are tested annually.
In the United States, significant improvements have been made in the recovery times for core systems and our business there has been certified as Payment Card Industry compliant.
External reviews have been conducted of data centres in the UK and Denmark, and recommendations for improvement are being addressed.
The Company operates an IT governance framework including dedicated IT security policies. Specific operational controls for IT security include intrusion prevention and detection, penetration testing, wireless remediation of issues, log and configuration management and in-flight projects to reduce the likelihood of an incident.
The Company has made initial investments in software to improve its ability to identify and recover data.
The loss of a physical site is naturally hedged by the diversified nature of our locations, customers and suppliers.
The Company has formally documented and tested plans for those distribution centres, head office buildings and data centres where the risk is deemed to be greatest.
A comprehensive insurance programme is purchased, including coverage for “cyber” risks.
It should be noted that these risks are difficult to estimate with accuracy. The materialisation of these risks could have an adverse effect on the Group's results or financial condition. Various mitigation strategies are employed to reduce these inherent risks to an acceptable level. The Company also faces many other risks which, although important and subject to regular review, have been assessed as less significant (such as the impact of restructuring activity or product price volatility), which have been reported previously and which through changes in external factors and careful management are no longer material to the Group as a whole.
However, many risk factors remain beyond the direct control of the Company and the risk management programme can only provide reasonable but not absolute assurance that key risk are managed to an acceptable level.