Horizon Group — Annual Report · 2025 14 / 15
Risk Management
Horizon Group maintains a single enterprise risk register covering strategic, operational, financial, and compliance risks. The audit committee reviews the register quarterly, every material risk has a named owner on the executive committee or one level below, and mitigation progress is reported alongside the financial results. The 2025 review confirmed five principal risks; cyber resilience and supply-chain concentration received elevated attention.
Principal risks and mitigation
From register to routine
Twice a year, the executive committee runs a full-day scenario exercise against the register’s top risks — in November 2025 the scenario combined a supplier failure with a two-week cyber outage. The findings feed directly into the following year’s mitigation budgets, which the audit committee approves alongside the financial plan.
Risk heat overview
| Risk | Trend | Likelihood | Impact | Owner |
|---|---|---|---|---|
| Cyber resilience | Rising | Possible | High | Chief Technology Officer |
| Supply-chain concentration | Stable | Possible | High | Chief Operating Officer |
| Currency exposure | Rising | Likely | Medium | Chief Financial Officer |
| Talent availability | Stable | Likely | Medium | Head of Human Resources |
| Regulatory and trade policy | Rising | Possible | Medium | General Counsel |
Risk culture is not the register — it is what happens when no one is looking at it. The board’s task is to make sure the two never drift apart.