Risk Management and Internal Control

Morgan has an established risk management methodology which seeks to identify, prioritise and mitigate risks, underpinned by a ‘three lines of defence’ model comprising an internal control framework, internal monitoring and independent assurance processes.

The Board considers that risk management and internal control are fundamental to achieving the Group aim of delivering long-term sustainable growth in shareholder value.

Risks are identified both ‘top down’ by the Board and the Executive Committee, and ‘bottom up’ through the Group’s Global Business Units and Divisions, and are quantified by assessing their inherent impact and mitigated probability to ensure that residual risk exposures are understood and prioritised for control throughout the Group.

Senior executives are responsible for the strategic management of the Group’s principal risks, including related policy, guidelines and process, subject to Board oversight.

Further information on risk management is available on pages 18 – 21 of the 2018 Annual Report.