Risk Management and Internal Control
Morgan has an established risk management methodology which seeks to identify, prioritise and mitigate risks, underpinned by a ‘three lines of defence’ model comprising an internal control framework, internal monitoring and independent assurance processes.
Principal risks and emerging risks are identified both ‘top down’ by the Board and the Executive Committee and ‘bottom up’ through the Group’s global business units (GBUs) and divisions. The severity of each risk is quantified by assessing its inherent impact and mitigated probability, to ensure that the residual risk exposure is understood and prioritised for control throughout the Group.
Senior executives are responsible for the strategic management of the Group’s principal and emerging risks, including related policy, guidelines and processes, subject to Board oversight.
Further information on risk management is available on pages 38 – 43 of the 2021 Annual Report.