The Risk Management Framework

Ocado's risk management process is designed to improve the likelihood of delivering our business objectives, protect the interests of our key stakeholders, enhance the quality of our decision making, and assist in the safeguarding of our assets, including people, finances, property and reputation.

The Board is responsible for the identification of Ocado's key strategic and emerging risks, and for the review and approval of the risk management framework. The Audit Committee, delegated by the Board, is responsible for the independent review of the effectiveness of risk management, the system of internal control, and the monitoring of the quality of financial statements and consideration of any findings reported by the auditors, Deloitte LLP, in relation to Ocado's control environment and its financial reporting procedures.

The key features of our system of internal control and risk management, including those relating to the financial reporting process, are:

  • an organisational structure with clear segregation of duties, control and authority, and a framework of policies covering all key areas;
  • a system of financial reporting, business planning and forecasting processes;
  • a capital approval policy that controls Ocado's capital expenditure and a post-completion review process for significant projects;
  • monitoring the progress of major projects by management, the Executive Directors and the Board;
  • a Risk Committee which monitors Ocado's risk control processes;
  • an Information Security Committee which monitors Ocado's information security;
  • an Internal Audit function that provides independent assurance on key programmes and controls;
  • a treasury policy overseen by a Treasury Committee that manages Ocado's cash and deposits, investments, foreign exchange and interest rates, so as to ensure liquidity and minimise financial risk;
  • a food and product technology department, responsible for designing and monitoring compliance with Ocado's processes for the procurement and handling of foods and other goods for resale; and
  • other control measures outlined elsewhere in this Annual Report including legal and regulatory compliance and health and safety.

Key Developments in 2017

The process described on this page for identifying, evaluating and managing the principal risks faced by the Group operated during the period and up to the date of this Annual Report. Such a system can only provide reasonable, and not absolute, assurance, as it is designed to manage rather than eliminate the risk of failure to achieve business objectives.

During 2017, Ocado continued to enhance its approach to risk management. This included an externally facilitated review of the Group's information security controls, the development of a programme to help meet the requirements of the new General Data Protection Regulation, and an independent review of Internal Audit. At the end of the period, the Group established a new independent function called Governance, Risk and Compliance. The new function has assumed responsibility for supporting the Group's risk management processes, such responsibility having been performed previously by Internal Audit (previously called Internal Audit & Risk) and to help enhance the Group's risk management framework.

The Audit Committee, on behalf of the Board, undertook an annual review of the effectiveness of risk management and the system of internal control, covering all significant controls including financial, operational, compliance controls, and risk management systems.

For further information on the review of financial reporting, refer to the Audit Committee report.

2018 Plan and beyond

The new Governance, Risk and Compliance function will carry on existing risk management arrangements previously carried out by Internal Audit and will work closely with Internal Audit to help provide assurance services to the Group intended to support the operations of the business. As well as supporting the Group's risk management processes in 2018, Governance, Risk and Compliance will help develop the Group's new information security strategy and work roadmap, and implement a new reporting system to support risk registers for the Group and for reporting of information security arrangements to Ocado Solutions clients. The function will continue to input into key strategic decisions regarding major projects and new Ocado Solutions clients and help monitor implementation of key projects.

Risk diagram

  1. Our strategy informs the setting of objectives across the business and is widely communicated.
  2. Executive Directors evaluate the most significant strategic risks for the Group. In addition, each divisional Director prepares a risk register for their respective division, highlighting their significant risks. The Risk Committee oversees risk control processes and risk analysis from each part of the business, and reviews these top down and bottom up representations to ensure that no significant risks have been omitted.
  3. Divisional directors identify how they will manage or mitigate their significant risks. These actions are then summarised into a description of the Group-wide mitigation process for each risk.
  4. Group-wide risks and mitigation processes are regularly reviewed by the Risk Committee and by the Audit Committee.

Assessment of the Group's prospects

The Directors have assessed the Group's prospects, both as a going concern and its viability longer term. This assessment informs the following distinct statements:

  1. The Directors considered it appropriate to adopt the going concern basis of accounting in the preparation of the Company's and the Group's financial statements.
  2. The Directors have a reasonable expectation that the Company and the Group will be able to continue in operation and meet its liabilities as they fall due over the period of their assessment.

Both assessments are closely linked to the Directors' assessment of the principal risks facing the Group (including those that would threaten its business model, future performance, solvency or liquidity), which is outlined below.

Going concern statement

Accounting standards require that the directors satisfy themselves that it is reasonable for them to conclude whether it is appropriate to prepare financial statements on a going concern basis. There has been no material uncertainty identified which would cast significant doubt upon the Group's ability to continue using the going concern basis of accounting for the 12 months following the approval of this Annual Report.

In assessing going concern, the Directors take into account the Group’s cash flows, solvency and liquidity positions and borrowing facilities. At period end, the Group had cash and cash equivalents of £150.0 million (2016: £50.9 million), external gross debt a (excluding finance leases payable to MHE JVCo of £283.9 million (2016: £107.1 million)) and net current assets of £2.9 million (2016: £141.2 million net current liabilities). The Group has a mix of short and medium term finance arrangements and has £250 million senior secured notes due 2024 and a £100 million revolving credit facility which contains typical financial covenants and runs until June 2022. The Group forecasts its liquidity requirements, working capital position and the maintenance of sufficient headroom against the financial covenants in its borrowing facilities (see below). The forecasts involve the Directors making judgements about future revenue, EBITDAA and capital expenditure and the cost of future financing. The financial position of the Group, including information on cash flow, can be found in Our Financials. In determining whether there are material uncertainties, the Directors consider the Group’s business activities, together with factors that are likely to affect its future development and position (see See Strategic Report and Chief Financial Officer's Review), the Group’s principal risks and the likely effectiveness of any mitigating actions and controls available to the Directors (see below).

Viability statement

In addition to the going concern assessment, the Directors have considered the viability of the business.

The Code requires that the Directors assess the prospects of the Group over an appropriate period of time selected by them. The Directors have considered whether the Group will be able to continue in operation and meet its liabilities as they fall due over the three year period from approval of this Annual Report. Although the Group's strategic plan forecasts beyond three years, the Directors took into account the impact on forecast outcomes of the rapid growth of the business and its changing strategic opportunities, (among other factors) in concluding that three years was the most appropriate period for assessing the Group's prospects.

The Directors rely on a number of existing processes to justify their viability assessment. The annual budget, which provides a greater level of certainty of outcome than the longer-term plans, is used to set targets for the Group for the upcoming financial year and is used by the Remuneration Committee to set performance targets for the Annual Incentive Plan. A longer term business model, which is refreshed by the Board at least annually, provides less certainty of outcome, but provides a sensible planning tool against which strategic decisions can be made. This plan contemplates the impact of a number of different strategic initiatives, including Ocado Solutions transactions, possible trials of and the pace of investment in new technology, new CFCs (which typically take up to three years for planning and construction) , potential increases in CFC capacity and changes in the rate of retail customer growth. The plans make assumptions about the business including projected capital expenditure, financing requirements, available finance and compliance with any financial covenants.

To assist the Directors’ assessment, the financial projections in the longer term business model were subject to severe but plausible stress tests whereby certain key assumptions were adjusted downwards, notably a material decline in the rate of revenue growth, lower gross margins, an increase in operating costs, a reduction in fees from Ocado Solutions clients for lower service levels or delayed implementation, and some combinations thereof. The tests were intended to show various outcomes including the impact on the Group’s net debtA and cash flow over the three years and an assessment of the impact on the financial covenants in the revolving credit facility, all of which are relevant to assessing the solvency and liquidity of the Group in this context. A decline in revenue growth or margins, an increase in operating costs or reduction in Ocado Solutions fees can result from a range of principal risks in the business including failure by the Group to maintain a competitive pricing position, a decline in customer service levels and a delay in implementing capacity or a CFC for the retail business or a Ocado Solutions customer. The Directors consider that it is reasonable to believe that the Group’s £100 million revolving credit facility, which runs until mid 2022, and senior secured notes due 2024, will be refinanced or extended, or that other financing will be available, to provide continuing finance to the Group. The Directors’ assessment also took into account the other principal risks and mitigating actions set out below.

The above considerations form the basis of the Board's reasonable expectations that the Group will be able to continue in operation and meet its liabilities as they fall due over the three year period from approval of this Annual Report.

The Board carried out its assessment of principal risks and uncertainties during the period. Set out overleaf are details of the principal risks and uncertainties for the Group and the key mitigating activities used to address them. The risks have been listed against the most relevant Group strategic objectives, together with the operational risks, and are not set out in any order of priority or importance.

See Alternative Performance Measures

Driving Growth IconDriving Growth

Mitigation Action/Control

  • Weekly monitoring of the key indicators and the underlying drivers against published targets
  • A number of planned initiatives are intended to improve operational performance

Change During the Year

Mitigation Action/Control

  • Continuation of LPP basket matching price comparison and competitive pricing
  • Growth of the Ocado own-label range alongside continued provision of the Waitrose range
  • Growth of branded ranges and expansion of supplier base
  • Alternative sourcing scenarios considered in the event that the Waitrose sourcing relationship is not renewed when it expires in 2020
  • Continuation of investment and optimisation of the marketing channels to acquire new customers
  • Continued improvement of webshop and apps

Change During the Year

Mitigation Action/Control

  • Increasing hiring of technology staff, including senior positions
  • Regular review of IT prioritisation process
  • Review of technology structures and processes to position the Group for delivering a larger number of complex projects
  • Increased hiring of managers and subject matter experts in retail, operational and central support areas

Change During the Year

Mitigation Action/Control

  • Investment in our platform which enables Ocado Solutions is also required for Ocado's expanding Retail business. Initial deployment is in Andover and Erith CFCs
  • Impact of not signing multiple Ocado Solutions deals in the medium term is restricted to the lost opportunity to increase our earnings from our Solutions business
  • The amount of capital invested in our platform is carefully controlled and we have the ability to reduce costs by scaling back the speed of the development
  • Resources and capabilities will be scaled and reallocated to help meet Ocado Solutions project deadlines. See above risk

Change During the Year

A number of Ocado Solutions deals have been signed, leading to the challenge of implementing multiple international projects

Mitigation Action/Control

  • Regular monitoring of government reporting on Brexit negotiations to understand impact on the business including our ability to hire employees from the EU, an assessment of trade tariffs on imported goods and impact of disharmonisation of UK and EU regulatory standards in a range of areas
  • Collaborating with trade organisations to follow developments and express our concerns to government

Change During the Year

Maximising Efficiency Icon Maximising Efficiency

Mitigation Action/Control

  • Dedicating resources to the modularisation of technology and logistics systems to enable faster replication
  • New capacity in development at Andover CFC and Erith CFC
  • Regular Executive Board steering and full Board reporting of new technology projects

Change During the Year

Utilising Proprietary Growth Icon Utilising Proprietary Knowledge

Mitigation Action/Control

  • Engagement with a wide number of international grocers to understand market needs
  • Experienced teams in place who understand the current solutions and are aware of global alternatives used in other industries
  • Benefit to our UK business from examining the retail businesses of international grocers.

Change During the Year

Mitigation Action/Control

  • Ongoing effort to identify patentable inventions and to apply for patents, with an increased number of patent applications
  • Ongoing review of our patent portfolio and discussion of other IP issues by the Ocado Innovation Committee
  • Where necessary we take steps to protect our IP from unauthorised use

Change During the Year

Mitigation Action/Control

  • Conducting "freedom to operate" searches on selected technologies in selected jurisdictions
  • Where appropriate, obtaining specialist or legal advice including to help ensure our ability to use our IP is not restricted by infringement claims

Change During the Year

Operational Icon Operational

Mitigation Action/Control

  • Experienced legal, food and product technology professionals monitor compliance against policies and procedures
  • Supplier approval and certification process
  • Food and product safety policies and quality management with appropriate operational procedures

Change During the Year

Mitigation Action/Control

  • Regular monitoring of regulatory developments to ensure that changes are identified
  • Monitoring operational performance to minimise environmental impact
  • Some due diligence carried out at appropriate stages in the Ocado Solutions process

Change During the Year

Mitigation Action/Control

  • IT systems are structured to operate reliably and securely
  • The security of our IT systems is regularly tested by third parties; security monitoring capabilities have been expanded
  • No customer payment card data is held in Ocado's databases
  • Access to customer personal data is restricted to those who need this information as part of their job
  • GDPR compliance programme is being carried out

Change During the Year

Mitigation Action/Control

  • IT systems are structured to operate reliably and securely
  • Dedicated engineering teams on site with daily maintenance programmes to support the continued operation of equipment
  • Disaster recovery testing and business continuity plans continue to be progressed and updated
  • High level of protection for CFCs and equipment, combined with business interruption insurance to transfer residual risks

Change During the Year

Risk has increased

Risk has decreased

No change

Not applicable

  1. The risk described in the 2016 annual report as a "Failure to maintain competitive pricing position" has been deleted and included as a sub-set of the risk concerning "Failure to develop retail proposition to appeal to broader customer base and sustain growth rates".
  2. The risk described in the 2016 Annual Report as "Risk of not signing multiple Ocado Solutions deals in the medium term" has been expanded to include the risk of not being able to execute the deals effectively.

For further information on the financial risks, see Note 4.8 in the financial statements.