This site uses cookies to bring you the best experience. Find out more
Skip to main content

QCA PRINCIPLE 4 - Risk Management


Risk Management Team


To identify, assess and manage uncertainty and, as a result, improve the ability of Eden Research to succeed in its business model.


Summary - We manage a process in which all business functions are represented in a Risk Management Team (RMT) which meets on a regular basis to follow a defined Board approved procedure to identify, assess and prioritise business risks, followed by the implementation of agreed mitigating actions in order to reduce unacceptable risk. Regular RMT meetings will allow for ongoing review, analysis and decision making, with the outputs recorded in a dynamic (i.e. real time) risk register. The process should be cyclical and continual so that changes in risks (as a result of mitigation or otherwise), including the detection of new risks, are monitored and learnings and feedback can be incorporated.

Identification – The RMT systematically considers and documents the risks affecting the business.

Assessment – Each risk is described, including its cause and effect, and any current mitigating controls and processes are identified. Each risk is scored for:

impact on the business if risk occurs (1 low, 2 medium, 3 high),

probability of risk occurring (1 low, 2 medium, 3 high) and

The scores for both parameters are multiplied together to give an overall Risk Priority Number (RPN) which allows all identified risks to be ranked for priority to the business. 

Control – Taking into account the prioritisation, a systematic review is conducted risk by risk in which further mitigating actions over and above existing measures are identified for any portion of that risk that remains unacceptable. Each action is allocated an owner and a target implementation date. On action completion each risk is reassessed to determine if the RPN has reduced to an acceptable level – if so it is recorded that the risk is now considered acceptable, if not further actions are identified and the process repeated.  It should be noted that some risks may have a high RPN but be considered acceptable as no mitigating actions can be identified, e.g. an inherent business risk outside of the company’s control.

Responsibilities – It is the responsibility of the Board to determine the business’s appetite for the risks facing it and approve the overall management process. It is the responsibility of management (e.g. delegated to the RMT) to execute the approved process and regularly make status reports to the Board.

Team – The RMT is:

  • Sean Smith - CEO
  • Alex Abrey - CFO
  • Lykele van der Broek - Non-Executive Chairman
  • Robin Cridland - Non-Executive Director

The RMT is responsible for compilation and annual review of an overview risk register, including prioritisation, for Board review, amendment and approval. The prioritisation would then inform a cycle of risk review programmes to be scheduled.

An important principle is that appropriate resource is deployed to risk management, considering the inherent riskiness of the business and the resources available, whilst still permitting the execution of Eden Research’s business plan. Risk management is in support of the business plan rather than competing with it for resources.



The review of reports produced by the RMT by both the Board and the Company’s external auditor provides assurance that the risk management and related control systems in place are effective.