The Board has in place a schedule of matters reserved for its decision-making. The Board is responsible for the system of risk management and internal control of RELX and has implemented an ongoing process for identifying, assessing, monitoring and managing the principal and emerging risks faced by the Company. The Board monitors these systems of internal control and risk management and annually carries out a review of their effectiveness.
RELX has an established framework of procedures and internal control, with which the management of each business is required to comply. RELX operates authorisation and approval processes throughout all of its operations. Access controls exist where processes have been automated to ensure the security of data. Management information systems have been developed to identify risks and to enable assessment of the effectiveness of the systems of internal control.
RELX has a Code of Ethics and Business Conduct that provides a guide for achieving its business goals and requires officers and employees to behave in an open, honest, ethical and principled manner. The Code of Ethics also outlines confidential procedures enabling employees to report any concerns about compliance, or about the Group’s financial reporting practices. Click here to read the Code in full.
Each business area has identified and evaluated its principal and emerging risks, the controls in place to manage those risks and the levels of residual risk accepted. Risk management and control procedures are embedded into the operations of the business and include the monitoring of progress in areas for improvement that come to management and Board attention.
Principal and emerging risks facing RELX are regularly reported to and assessed by the Board and Audit Committee. With the close involvement of operating management and central functions, the risk management and control procedures aim to ensure that RELX is managing its business risks effectively and in a coordinated manner across the business areas with clarity on the respective responsibilities and interdependencies. Litigation, and other legal and regulatory matters, are managed by legal directors in the business areas.
The risk assessment included consideration of risk appetite and the identification of emerging risks which could impact our business in the next 3-5 years. In line with the Code, the risk assessment identifies and considers the likelihood and impact of emerging risks on our business models and reputation. The assessment also considers the need for mitigation of emerging risks. Risk appetite (defined as RELX’s willingness to take on risk) is based on an assessment of the level of residual risk, taking account of inherent risk and mitigation efforts. The assessment is rated, in relation to RELX’s current level of residual risk, in three broad categories: reduce, accept and willing to extend. The level of residual risk which RELX is prepared to accept will vary, with a high level of mitigation effort over operational, financial and compliance risks. The residual risk level for external and strategic risks may be extended if doing so is in line with RELX’s strategic objectives, values and stakeholder interests and if shareholder returns could be increased.
The Audit Committee also receives regular reports from both internal and external auditors on internal control and risk management matters. In addition, each business area is required, at the end of the financial year, to review the effectiveness of internal controls and risk management and report its findings on a detailed basis to the management of RELX. These reports are summarised and, as part of the annual review of effectiveness, submitted to the Audit Committee. The Chair of the Audit Committee reports to the Board on any significant internal control matters arising.
Annual review
As part of the year-end procedures, the Audit Committee and Board reviewed the effectiveness of the systems of internal control and risk management during the 2023 financial year. The objective of these systems of internal control and risk management is to manage, rather than eliminate, the risk of failure to achieve business objectives. Accordingly, they can only provide reasonable, but not absolute, assurance against material misstatement or loss. The Board has confirmed, subject to the above, that as regards financial reporting risks, the respective risk management and control systems provide reasonable assurance against material inaccuracies or loss and have functioned properly throughout the year. In accordance with the Code, the Board has also considered the Group’s long-term viability, following a robust and thorough assessment of its principal and emerging risks.