Mōrea me te Tūponotanga

Risk management

The Group’s risk management framework has been designed to identify, assess, control and monitor its key risks. The identification and ongoing management of these key risks assists the business in achieving its objectives and goals.

The Group has defined its risk appetite and recognises four main categories of risk:

  • Strategic Risk – the consequence of an event occurring which will damage the Group’s business model, undermining its value proposition which attracts customers and generates revenue;
  • Financial Risk – referring to the Group’s ability to manage its debt and financial obligations and includes credit, liquidity, market and capital project risk;
  • Operational Risk – summarising the risks the Group undertakes when it operates within the retail environment which includes people, legal and compliance, business continuity, data and security;
  • Business Risk – risk to earnings arising from developing consumer trends, supply chain risk, pricing volatility and product risk.

Risk Management Framework

Our risk management framework has incorporated agile practices, which allows the Group to identify and manage risk, and provides it with a mechanism to adapt and respond to the dynamic environment retail operates within. The Group’s blended approach to risk management considers both traditional risk management and the agile operating model. Responsibility for operational risk management sits with our Leadership Squad but also considers the agile operating model which allows our teams to react quickly to change. This mixed model provides flexibility, which accommodates and learns from risk in executing strategic initiatives.

The Group, as part of its ongoing risk governance programme, operates an Enterprise Risk Management Committee, which comprises senior leaders from across the Group. The Committee meets every two months to ensure there is a balanced view of risk and that critical risks are understood, reviewed, appropriately managed and reported.

Agile Application

Rapid change and increased technological innovation within the retail sector provides challenges for the Group to effectively compete. This increased velocity poses new challenges to risk and compliance functions as we strive to provide complementary practices which enable insight and value.

To combat this rapid rate of change, the Group has embraced an agile operating model. As part of this agile operating model, our team’s focus is on short cyclic bursts of development, implementation and testing. Appropriate execution risk provides valuable decision- enabling insight throughout the initiative life cycle and agile delivery.

In an agile operating model, the Group applies an iterative risk management approach which is managed through quarterly business reviews, sprints, stand-ups and regular reviews. In this way risk management responses are broken up into smaller and more manageable components while also encouraging collaboration across stakeholders, project team members and sponsors.

This allows optimal challenge without slowing down agile teams. As initiatives are developed and implemented, technology-supported controls and real-time performance metrics can be utilised to monitor and mitigate the new business risks.

Ultimately, aligning risk management with agile execution enables the Group to improve customer experiences swiftly, thereby giving the Group a competitive advantage.


Materiality in the six capitals of our Integrated Reporting is different from financial materiality in the financial statements. It is driven by the risk appetite settings, and the specific outcomes and strategies in each capital. A material improvement in our environmental reduction outcomes, for example, may be different this year compared to other years depending on the starting position and default trajectory of performance.

Building on an improvement may mean we have a higher appetite for change than if we were attempting to arrest a declining performance.

Materiality is therefore relative to every strategy and metric in each capital and is used to filter what is reported and what is not. The Integrated Report is not the definitive or last word that the organisation has to say on a given topic; it is the material performance report against those elements in the capitals that we are trying to influence or improve.

This is the third year we have reported under the Global Reporting Initiatives (GRI) framework and material topics. In 2023 we performed a high-level internal review of the material topics previously identified with a focus on the actual and potential, positive and negative impacts these topics have on our environment, the economy and our people. Refer to pages 60 and 61 for our GRI Report and the material topics under our GRI reporting framework.

Key Risks

The Group periodically reviews key risks with its senior Leadership Squad to identify those risks which, if realised, would materially impact the success of the business. These risks have been assigned sponsors and are appropriately managed through the implementation of suitable control measures to manage the risk. These risks are as follows: