Wraith Engineering
  • HOME
  • ABOUT
  • VISION
  • CAPABILITIES
  • GOVERNANCE
    • BOARD OF DIRECTORS
    • COMMITMENT TO QUALITY
    • CORE VALUES
    • EQUAL OPPORTUNITY
    • PRIVACY POLICY
    • RISK MANAGEMENT POLICY
    • CAREERS
  • More
    • HOME
    • ABOUT
    • VISION
    • CAPABILITIES
    • GOVERNANCE
      • BOARD OF DIRECTORS
      • COMMITMENT TO QUALITY
      • CORE VALUES
      • EQUAL OPPORTUNITY
      • PRIVACY POLICY
      • RISK MANAGEMENT POLICY
      • CAREERS
Wraith Engineering
  • HOME
  • ABOUT
  • VISION
  • CAPABILITIES
  • GOVERNANCE
    • BOARD OF DIRECTORS
    • COMMITMENT TO QUALITY
    • CORE VALUES
    • EQUAL OPPORTUNITY
    • PRIVACY POLICY
    • RISK MANAGEMENT POLICY
    • CAREERS

RISK MANAGEMENT POLICY

MANAGING RISK WITH DISCIPLINE, ACCOUNTABILITY AND CONTROL

ARMEXIS and all of its subsidiaries are committed to maintaining a robust, structured and accountable approach to risk management.


As a UK-based engineering and manufacturing business focused on sovereign land capability, ARMEXIS operates in a complex and demanding environment where effective risk management is essential to sustainable growth, operational performance, customer confidence and good corporate governance.


The ARMEXIS Risk Management Policy sets out the framework, processes and responsibilities relating to the identification, assessment, management, reporting and monitoring of risk across the Group and its subsidiaries.


The objective of risk management is to remove, reduce or control the likelihood and impact of risks before they occur, and to ensure the business is able to respond effectively when actual issues arise.


Risk management is therefore embedded across ARMEXIS. It supports the delivery of our strategic objectives, strengthens decision-making, improves resilience and ensures that risks and opportunities are managed consistently across the business.

PURPOSE OF THE RISK MANAGEMENT POLICY

The purpose of this policy is to ensure that ARMEXIS has a clear and consistent framework for managing uncertainty.


Risk is the effect of uncertainty on the achievement of the Company’s objectives. Effective risk management enables ARMEXIS to make informed decisions, protect value, improve performance and support the successful delivery of the Group’s strategy.


The policy sets out clear requirements for the management and reporting of risk in order to support:


  • Good corporate governance
  • Effective strategic planning
  • Operational resilience
  • Financial discipline
  • Programme and contract delivery
  • Customer confidence
  • Regulatory and contractual compliance
  • Supply chain stability
  • Workforce safety and wellbeing
  • Business continuity
  • Long-term sustainable growth


Risk management is not treated as a separate activity. It is part of how ARMEXIS plans, operates, delivers and improves.

SCOPE AND APPLICATION

This Risk Management Policy applies to ARMEXIS, all subsidiaries and all legal entities within the Group.


The policy is compulsory for every legal entity within ARMEXIS. No exception to this policy may be adopted by any subsidiary, joint venture, associate investment or future operating entity without appropriate review and approval.


The policy applies to all Directors, senior managers, employees, contractors, departments, functions and business units operating on behalf of ARMEXIS.


All employees are expected to understand their responsibility for identifying, escalating and managing risk within their areas of work.

BUSINESS RISK AND PROGRAMME RISK

Business risk includes financial and non-financial risks that sit outside individual programmes or projects and may affect the Group more broadly. These may include risks relating to strategy, operations, finance, legal matters, regulation, supply chain, workforce, reputation, governance, facilities, cyber security, information management, health and safety, and business continuity.


Programme and project risks are managed through appropriate project governance, lifecycle controls and delivery frameworks. These risks are assessed in the context of programme objectives, contractual requirements, customer expectations, cost, schedule, quality, technical performance and delivery obligations.


Both forms of risk are connected. A programme risk may become a wider business risk if it affects customer confidence, financial performance, operational capacity, contractual compliance or the reputation of the Group.


ARMEXIS therefore maintains a joined-up approach to risk management across enterprise, departmental and programme levels.

BOARD ACCOUNTABILITY

The Board of Directors is ultimately accountable for effective risk management across ARMEXIS and its subsidiaries.


The Board keeps under review the principal risks facing the Group, including the appropriateness of the level of risk the Company may accept in order to achieve its strategic objectives. This includes consideration of the Group’s risk appetite and the effectiveness of the controls and mitigation actions in place.


The Board’s oversight includes consideration of:


  • Strategic risk
  • Operational risk
  • Financial risk
  • Legal and regulatory risk
  • Commercial and contractual risk
  • Supply chain risk
  • Quality and delivery risk
  • Health, safety and environmental risk
  • Cyber and information security risk
  • Reputational risk
  • Workforce and capability risk
  • Business continuity risk


By maintaining Board-level oversight, ARMEXIS ensures that risk is considered at the highest level and aligned with the Group’s strategy, culture and long term objectives. 

ENTERPRISE RISK MANAGEMENT

ARMEXIS operates in a complex global environment and is exposed to a wide range of risks and opportunities that may influence its ability to execute its strategy.


Enterprise risk management is an integrated and joined-up approach to managing risk across the Group. It is designed to improve performance, support innovation, build resilience and maintain trust and confidence with customers, partners, employees, suppliers and stakeholders.


Our risk framework supports the integration of risk management into all ARMEXIS activities. It aligns risk management with our objectives, strategy and culture, while helping to keep the Group’s risk profile within the agreed risk appetite.


The purpose of the framework is to ensure that risks fundamental to the delivery of our strategy are identified, monitored, managed and mitigated through a consistent risk control approach.


This supports:


  • Predictability
  • Resilience
  • Accountability
  • Better decision-making
  • Operational confidence
  • Improved performance
  • Sustainable growth

RISK APPETITE AND TOLERANCE

ARMEXIS recognises that all business activity involves risk.


The objective is not to avoid all risk, but to ensure that risks are understood, controlled and taken only where appropriate, proportionate and aligned to the Group’s objectives.


The Board is responsible for reviewing and setting the Group’s risk appetite. This defines the level and type of risk ARMEXIS may be prepared to accept in pursuit of its strategic goals.


Where risks fall outside acceptable tolerance levels, clear mitigation plans must be developed and implemented to bring those risks within an acceptable range.


This approach ensures that ambition is matched by discipline, and that growth is supported by appropriate governance, control and accountability.

RISK IDENTIFICATION

ARMEXIS requires risks and opportunities to be identified at the appropriate level across the business.


Risks may arise from internal or external sources, including strategic decisions, operational activity, contracts, suppliers, manufacturing processes, engineering change, workforce capacity, facilities, finance, regulation, technology, market conditions or external events.


Managers, team leaders and employees are expected to consider risk when planning and managing all activities, including contract management, project planning, operational delivery, procurement, production, quality control and customer support.


Early identification is essential. Risks should be raised and recorded before they become issues wherever possible.

RISK ANALYSIS AND EVALUATION

All identified risks must be analysed for impact and probability in order to determine the gross risk exposure to the business.


Gross risk exposure represents the potential unmanaged or worst-case exposure if controls or mitigation actions are not effective. This information must be retained, as it provides visibility of the potential exposure to the business if mitigation fails.


The financial implications of gross risk exposure to the Integrated Business Plan should be reviewed where appropriate, and risks should be prioritised in relation to their potential effect on the achievement of business objectives.


Risk evaluation must be documented in controlled risk registers to allow risks to be prioritised, reviewed and managed effectively.


Risk evaluation should include:


  • The risks that have been identified, particularly those of significance
  • The characteristics and causes of each risk
  • The potential impact and probability
  • The gross risk exposure
  • Existing controls
  • The basis for determining the mitigation strategy
  • The responsible risk owner
  • Required actions and timescales
  • Review and monitoring requirements
  • Escalation requirements where appropriate


This structured approach ensures that risk is visible, assessed consistently and managed with appropriate discipline.

RISK REGISTERS AND OWNERSHIP

ARMEXIS records identified risks in controlled risk registers.


Each significant risk is allocated an owner who has the authority and responsibility to assess, manage, monitor and report on that risk.


Risk registers provide a clear and auditable record of:


  • Identified risks
  • Risk descriptions and characteristics
  • Causes and potential consequences
  • Impact and probability assessments
  • Gross and residual exposure
  • Current controls
  • Mitigation strategies
  • Action plans
  • Risk owners
  • Review frequency
  • Reporting status
  • Escalation requirements


Risk ownership is essential. Every material risk must have a responsible owner who is accountable for ensuring that mitigation actions are progressed, reviewed and reported.

MITIGATION AND ACTION PLANNING

For risks assessed as unacceptable or outside agreed tolerance levels, ARMEXIS will develop a clear and cost-effective strategy to manage those risks and reduce them to a tolerable and acceptable level.


Mitigation actions may include:


  • Reducing the likelihood of the risk occurring
  • Reducing the potential impact of the risk
  • Strengthening existing controls
  • Changing processes or procedures
  • Improving training or competence
  • Increasing oversight or assurance
  • Strengthening supplier arrangements
  • Developing contingency plans
  • Allocating additional resources
  • Transferring risk where appropriate
  • Escalating the risk for senior management or Board review

Mitigation strategies must be practical, proportionate, documented and capable of adjustment to meet changes in the business or the external environment.


The purpose of mitigation is not simply to record risk, but to take effective action.

MONITORING, REPORTING AND REVIEW

Risk management at ARMEXIS is an active and ongoing process.


Risks are monitored and reviewed regularly to ensure that information remains accurate, mitigation actions are progressing and emerging risks are identified at the earliest appropriate point.


Risk reporting supports informed decision-making at departmental, senior management and Board level.


Monitoring and review may include:


  • Routine review of risk registers
  • Management reporting
  • Board reporting
  • Programme reviews
  • Supplier performance reviews
  • Internal audit activity
  • Compliance reviews
  • Health, safety and environmental reviews
  • Quality reviews
  • Business continuity reviews
  • Lessons learned activity


This ensures that risk management remains current, evidence-based and connected to real business activity.

RESPONSIBILITIES OF MANAGERS AND TEAM LEADERS

Managers and team leaders must ensure that their department, function or business area has a comprehensive approach to risk and opportunity management.


They are responsible for ensuring that risks and opportunities affecting their area are identified, analysed, evaluated, mitigated, reported and monitored.


Managers and team leaders are expected to:


  • Consider risk when planning activity
  • Maintain awareness of risks affecting their area
  • Ensure risks are recorded appropriately
  • Allocate ownership for actions
  • Review mitigation progress
  • Escalate material risks where required
  • Ensure teams understand relevant controls
  • Support a culture of openness and accountability
  • Contribute to continuous improvement


Effective risk management requires leadership at every level.

EVERYONE’S RESPONSIBILITY

Managing risk is part of everyone’s everyday responsibilities at ARMEXIS.


Every employee is expected to consider risk when planning, managing and delivering their work. This applies across all functions, including engineering, manufacturing, quality, operations, commercial, finance, legal, supply chain, administration, facilities and support.


Employees are encouraged to raise risks, concerns, issues and opportunities early so they can be assessed and addressed properly.


A strong risk culture depends on openness, responsibility and action. ARMEXIS expects its people to identify problems early, communicate clearly and contribute to effective solutions.

RISK AND OPPORTUNITY

ARMEXIS recognises that risk management is not only about preventing negative events.


A mature risk management approach also identifies opportunities that may improve performance, strengthen resilience, enhance customer value, increase efficiency, support innovation or improve delivery outcomes.


Opportunities should be considered, assessed and managed with the same discipline as risks.


This allows ARMEXIS to make better decisions, pursue growth responsibly and improve the way the business operates.

BUSINESS CONTINUITY AND RESILIENCE

Effective risk management supports business continuity and organisational resilience.


ARMEXIS seeks to ensure that the Group is prepared to respond to disruption, protect critical operations and continue delivering for customers and stakeholders.


Risk management supports resilience by helping the business understand potential threats, develop appropriate contingency arrangements and maintain operational confidence.


This is particularly important in the defence, engineering and manufacturing sectors, where delivery confidence, supply chain resilience and operational continuity are essential.

ALIGNMENT WITH ISO 31000

The primary role of the ARMEXIS Risk Management Policy is to ensure that the Group has a framework to manage risk and uncertainty effectively and consistently.


ARMEXIS is working to align its Enterprise Risk Management Framework with ISO 31000, the international risk management standard.


This alignment supports a structured and recognised approach to risk management, including risk identification, analysis, evaluation, treatment, monitoring, review, communication and continual improvement.


As ARMEXIS grows, the Group will continue to improve the maturity of its risk management processes, strengthen internal controls and embed risk management further into day-to-day operations.

OUR COMMITMENT

AARMEXIS is committed to managing risk with consistency, discipline and accountability.


We believe effective risk management is essential to good governance, operational performance, customer confidence and responsible growth.


Our commitment is to ensure that risks are identified early, assessed properly, managed effectively and reviewed regularly.


This enables ARMEXIS to operate with confidence, build resilience and deliver long-term value for customers, employees, partners, suppliers and stakeholders.


Risk management is central to how ARMEXIS protects delivery, supports growth and strengthens sovereign capability.

TOP
HOME
  • HOME
  • CAPABILITIES
  • BOARD OF DIRECTORS
  • COMMITMENT TO QUALITY
  • CORE VALUES
  • EQUAL OPPORTUNITY
  • CAREERS

ARMEXIS

DELIVERING SOVEREIGN CAPABILITY

© MMXXVI ARMEXIS  | ALL RIGHTS RESERVED 

INFO@ARMEXIS.CO.UK