ARMEXIS and all of its subsidiaries are committed to maintaining a robust, structured and accountable approach to risk management.
As a UK-based engineering and manufacturing business focused on sovereign land capability, ARMEXIS operates in a complex and demanding environment where effective risk management is essential to sustainable growth, operational performance, customer confidence and good corporate governance.
The ARMEXIS Risk Management Policy sets out the framework, processes and responsibilities relating to the identification, assessment, management, reporting and monitoring of risk across the Group and its subsidiaries.
The objective of risk management is to remove, reduce or control the likelihood and impact of risks before they occur, and to ensure the business is able to respond effectively when actual issues arise.
Risk management is therefore embedded across ARMEXIS. It supports the delivery of our strategic objectives, strengthens decision-making, improves resilience and ensures that risks and opportunities are managed consistently across the business.
The purpose of this policy is to ensure that ARMEXIS has a clear and consistent framework for managing uncertainty.
Risk is the effect of uncertainty on the achievement of the Company’s objectives. Effective risk management enables ARMEXIS to make informed decisions, protect value, improve performance and support the successful delivery of the Group’s strategy.
The policy sets out clear requirements for the management and reporting of risk in order to support:
Risk management is not treated as a separate activity. It is part of how ARMEXIS plans, operates, delivers and improves.
This Risk Management Policy applies to ARMEXIS, all subsidiaries and all legal entities within the Group.
The policy is compulsory for every legal entity within ARMEXIS. No exception to this policy may be adopted by any subsidiary, joint venture, associate investment or future operating entity without appropriate review and approval.
The policy applies to all Directors, senior managers, employees, contractors, departments, functions and business units operating on behalf of ARMEXIS.
All employees are expected to understand their responsibility for identifying, escalating and managing risk within their areas of work.
Business risk includes financial and non-financial risks that sit outside individual programmes or projects and may affect the Group more broadly. These may include risks relating to strategy, operations, finance, legal matters, regulation, supply chain, workforce, reputation, governance, facilities, cyber security, information management, health and safety, and business continuity.
Programme and project risks are managed through appropriate project governance, lifecycle controls and delivery frameworks. These risks are assessed in the context of programme objectives, contractual requirements, customer expectations, cost, schedule, quality, technical performance and delivery obligations.
Both forms of risk are connected. A programme risk may become a wider business risk if it affects customer confidence, financial performance, operational capacity, contractual compliance or the reputation of the Group.
ARMEXIS therefore maintains a joined-up approach to risk management across enterprise, departmental and programme levels.
The Board of Directors is ultimately accountable for effective risk management across ARMEXIS and its subsidiaries.
The Board keeps under review the principal risks facing the Group, including the appropriateness of the level of risk the Company may accept in order to achieve its strategic objectives. This includes consideration of the Group’s risk appetite and the effectiveness of the controls and mitigation actions in place.
The Board’s oversight includes consideration of:
By maintaining Board-level oversight, ARMEXIS ensures that risk is considered at the highest level and aligned with the Group’s strategy, culture and long term objectives.
ARMEXIS operates in a complex global environment and is exposed to a wide range of risks and opportunities that may influence its ability to execute its strategy.
Enterprise risk management is an integrated and joined-up approach to managing risk across the Group. It is designed to improve performance, support innovation, build resilience and maintain trust and confidence with customers, partners, employees, suppliers and stakeholders.
Our risk framework supports the integration of risk management into all ARMEXIS activities. It aligns risk management with our objectives, strategy and culture, while helping to keep the Group’s risk profile within the agreed risk appetite.
The purpose of the framework is to ensure that risks fundamental to the delivery of our strategy are identified, monitored, managed and mitigated through a consistent risk control approach.
This supports:
ARMEXIS recognises that all business activity involves risk.
The objective is not to avoid all risk, but to ensure that risks are understood, controlled and taken only where appropriate, proportionate and aligned to the Group’s objectives.
The Board is responsible for reviewing and setting the Group’s risk appetite. This defines the level and type of risk ARMEXIS may be prepared to accept in pursuit of its strategic goals.
Where risks fall outside acceptable tolerance levels, clear mitigation plans must be developed and implemented to bring those risks within an acceptable range.
This approach ensures that ambition is matched by discipline, and that growth is supported by appropriate governance, control and accountability.
ARMEXIS requires risks and opportunities to be identified at the appropriate level across the business.
Risks may arise from internal or external sources, including strategic decisions, operational activity, contracts, suppliers, manufacturing processes, engineering change, workforce capacity, facilities, finance, regulation, technology, market conditions or external events.
Managers, team leaders and employees are expected to consider risk when planning and managing all activities, including contract management, project planning, operational delivery, procurement, production, quality control and customer support.
Early identification is essential. Risks should be raised and recorded before they become issues wherever possible.
All identified risks must be analysed for impact and probability in order to determine the gross risk exposure to the business.
Gross risk exposure represents the potential unmanaged or worst-case exposure if controls or mitigation actions are not effective. This information must be retained, as it provides visibility of the potential exposure to the business if mitigation fails.
The financial implications of gross risk exposure to the Integrated Business Plan should be reviewed where appropriate, and risks should be prioritised in relation to their potential effect on the achievement of business objectives.
Risk evaluation must be documented in controlled risk registers to allow risks to be prioritised, reviewed and managed effectively.
Risk evaluation should include:
This structured approach ensures that risk is visible, assessed consistently and managed with appropriate discipline.
ARMEXIS records identified risks in controlled risk registers.
Each significant risk is allocated an owner who has the authority and responsibility to assess, manage, monitor and report on that risk.
Risk registers provide a clear and auditable record of:
Risk ownership is essential. Every material risk must have a responsible owner who is accountable for ensuring that mitigation actions are progressed, reviewed and reported.
For risks assessed as unacceptable or outside agreed tolerance levels, ARMEXIS will develop a clear and cost-effective strategy to manage those risks and reduce them to a tolerable and acceptable level.
Mitigation actions may include:
Mitigation strategies must be practical, proportionate, documented and capable of adjustment to meet changes in the business or the external environment.
The purpose of mitigation is not simply to record risk, but to take effective action.
Risk management at ARMEXIS is an active and ongoing process.
Risks are monitored and reviewed regularly to ensure that information remains accurate, mitigation actions are progressing and emerging risks are identified at the earliest appropriate point.
Risk reporting supports informed decision-making at departmental, senior management and Board level.
Monitoring and review may include:
This ensures that risk management remains current, evidence-based and connected to real business activity.
Managers and team leaders must ensure that their department, function or business area has a comprehensive approach to risk and opportunity management.
They are responsible for ensuring that risks and opportunities affecting their area are identified, analysed, evaluated, mitigated, reported and monitored.
Managers and team leaders are expected to:
Effective risk management requires leadership at every level.
Managing risk is part of everyone’s everyday responsibilities at ARMEXIS.
Every employee is expected to consider risk when planning, managing and delivering their work. This applies across all functions, including engineering, manufacturing, quality, operations, commercial, finance, legal, supply chain, administration, facilities and support.
Employees are encouraged to raise risks, concerns, issues and opportunities early so they can be assessed and addressed properly.
A strong risk culture depends on openness, responsibility and action. ARMEXIS expects its people to identify problems early, communicate clearly and contribute to effective solutions.
ARMEXIS recognises that risk management is not only about preventing negative events.
A mature risk management approach also identifies opportunities that may improve performance, strengthen resilience, enhance customer value, increase efficiency, support innovation or improve delivery outcomes.
Opportunities should be considered, assessed and managed with the same discipline as risks.
This allows ARMEXIS to make better decisions, pursue growth responsibly and improve the way the business operates.
Effective risk management supports business continuity and organisational resilience.
ARMEXIS seeks to ensure that the Group is prepared to respond to disruption, protect critical operations and continue delivering for customers and stakeholders.
Risk management supports resilience by helping the business understand potential threats, develop appropriate contingency arrangements and maintain operational confidence.
This is particularly important in the defence, engineering and manufacturing sectors, where delivery confidence, supply chain resilience and operational continuity are essential.
The primary role of the ARMEXIS Risk Management Policy is to ensure that the Group has a framework to manage risk and uncertainty effectively and consistently.
ARMEXIS is working to align its Enterprise Risk Management Framework with ISO 31000, the international risk management standard.
This alignment supports a structured and recognised approach to risk management, including risk identification, analysis, evaluation, treatment, monitoring, review, communication and continual improvement.
As ARMEXIS grows, the Group will continue to improve the maturity of its risk management processes, strengthen internal controls and embed risk management further into day-to-day operations.
AARMEXIS is committed to managing risk with consistency, discipline and accountability.
We believe effective risk management is essential to good governance, operational performance, customer confidence and responsible growth.
Our commitment is to ensure that risks are identified early, assessed properly, managed effectively and reviewed regularly.
This enables ARMEXIS to operate with confidence, build resilience and deliver long-term value for customers, employees, partners, suppliers and stakeholders.
Risk management is central to how ARMEXIS protects delivery, supports growth and strengthens sovereign capability.
ARMEXIS
DELIVERING SOVEREIGN CAPABILITY
© MMXXVI ARMEXIS | ALL RIGHTS RESERVED
INFO@ARMEXIS.CO.UK