QinetiQ Annual Report 2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>QinetiQ</strong> Group plc <strong>Annual</strong> <strong>Report</strong> and Accounts <strong>2017</strong><br />
Strategic report | Principal risks<br />
25<br />
Operational risks continued<br />
Security and IT systems<br />
Risk<br />
A breach of data security, cyber attack or IT<br />
systems failure could have an adverse impact<br />
on our customers’ operations.<br />
Significant breach of relevant laws<br />
and regulations<br />
Risk<br />
The Group operates in highly regulated<br />
environments and recognises that its<br />
operations have the potential to have<br />
an impact on a variety of stakeholders.<br />
A material element of the Group’s revenue<br />
is derived from one contract<br />
Risk<br />
The Long Term Partnering Agreement<br />
(LTPA) is a 25-year contract to provide test,<br />
evaluation, and training services to the MOD.<br />
UK Government budget constraints could<br />
lead to a material change to the contract.<br />
Impact<br />
Significant reputational damage, as well as<br />
the possibility of exclusion from some types<br />
of government contracts resulting in reduced<br />
orders, revenue and profit.<br />
Impact<br />
Failure to comply with particular regulations<br />
could result in a combination of fines,<br />
penalties, civil or criminal action, suspension or<br />
debarment from government contracts, as well<br />
as reputational damage to the <strong>QinetiQ</strong> brand.<br />
Impact<br />
The LTPA directly contributes a material<br />
proportion of the Group’s revenue<br />
and earnings.<br />
Mitigation<br />
Data security is assured through a multilayered<br />
approach that provides a hardened<br />
environment, including robust physical security<br />
arrangements and data resilience strategies.<br />
Information systems are designed with<br />
consideration to single points of failure and<br />
comply with relevant accreditation standards.<br />
Cyber security is monitored using an internal<br />
cyber dashboard.<br />
Mitigation<br />
The Group has robust policy, procedures<br />
and training in place.<br />
The <strong>QinetiQ</strong> Code of Conduct defines clear<br />
expectations for the Group and its employees.<br />
Key areas of focus for the Group include the<br />
following: safety of product and services;<br />
health, safety & environmental; bribery &<br />
ethics, and international trade controls.<br />
Mitigation<br />
In December 2016, the Group signed a<br />
£1bn, 11-year amendment to the Long<br />
Term Partnering Agreement (LTPA). The next<br />
scheduled ‘re-pricing’ point for areas beyond<br />
the amendment is scheduled for March 2018.<br />
Metrics<br />
––<br />
All financial KPIs<br />
––<br />
Cyber dashboard<br />
––<br />
Security dashboard<br />
Metrics<br />
––<br />
All financial KPIs<br />
––<br />
Health & safety<br />
––<br />
Mandatory training compliance<br />
––<br />
Commercial intermediary monitoring<br />
Metrics<br />
––<br />
All financial KPIs except orders<br />
––<br />
Customer satisfaction<br />
––<br />
LTPA as a % of total Group revenue<br />
Responsibility<br />
Group Director Engineering and Operations<br />
Responsibility<br />
Company Secretary/Group General Counsel<br />
Responsibility<br />
Group Director Business Development<br />
Group Director Test & Evaluation<br />
Risk appetite<br />
Cautious<br />
Risk appetite<br />
Cautious<br />
Risk appetite<br />
Balanced<br />
Likelihood/Impact<br />
Medium/High<br />
Likelihood/Impact<br />
Medium/High<br />
Likelihood/Impact<br />
Medium/High<br />
Proximity/Velocity<br />
0-1yr/High<br />
Proximity/Velocity<br />
0-1yr/High<br />
Proximity/Velocity<br />
1-2yrs/Low