Tesco : Annual Report 2016 and Notice of AGM 2016

Principal risk

Risk movement

Key controls and mitigating factors

Customer proposition

Failure to listen to our customers and to understand the changing marketplace leads to a loss of market share as customer purchases are made with competitors. We are unable to build and sustain loyalty resulting in an adverse impact on our financial results.

We are addressing the challenge of changing customer wants and increased customer choice as a result of heightening competitive activity. The customer need is central to our decision-making.

Risk decreasing

We have developed strategic plans to enhance our understanding of our customer needs. Customer insight supports development of customer focused strategies across each market and we have developed strategic customer profiles to understand specific market expectations.

We have invested in the customer experience by increasing colleague hours on the shop floor and by providing further customer service training for colleagues across all stores. We continue to invest in availability and price as well as running our Feet on the Floor programme - whereby non-store colleagues spend a day on the shop floor to ensure customer focus is maintained.

Transformation of economic model

The transformation of our economic model does not allow us to respond to changes in the external economic environment, nor does it progress sufficiently quickly to maintain or increase operating margin, to generate sufficient cash to meet business objectives. This may result in an adverse impact on the business and shareholder confidence.

We are in the process of transforming our business and how we operate to drive improvement and better performance.

No risk movement

Significant transformation programmes are being undertaken across the Group, including organisational design, data strategy, reset of supplier relationships, cost reduction and people & capability.

There is Executive Committee and Board overview of key strategic initiatives to improve sales and margin, and to reduce cost. Periodic sales margin planning and forecasting activity are reviewed by Group and local finance functions.

Liquidity

Business performance does not deliver cash as expected; access to funding markets or facilities is restricted; failures in operational liquidity management; Tesco Bank cash call; or adverse changes to the pension deficit funding requirement, create calls on cash higher than anticipated, leading to impacts on financial performance, cash liquidity or the ability to continue to fund operations.

We have a strong focus on improved liquidity management and have taken a number of steps to address this.

Risk decreasing

The funding plan and its key elements (e.g. debt issuance, cash resources, available credit facilities and cash flow forecasting) are subject to regular executive review, supported by rolling liquidity updates and key financial metrics. Treasury and debt-related policies covering UK and International markets are in place and periodic reviews of the Going Concern and Longer Term Viability Statement is undertaken by the Audit Committee and the Board. Following the significant reduction in future pension risk by closing the UK defined benefit scheme, we are implementing a derisking strategy to further reduce pension risk and better match our cash flows. Specific activities have been undertaken to reduce our debt-level with enhanced cost control measures in place. Further information on these risks can be found in Note 22 to the financial statements in the Annual Report and Financial Statements 2016.

Whilst Tesco Bank is financially separate from Tesco PLC, there is a regular review of Tesco Bank's risk appetite by Tesco Bank Board and the Tesco PLC Board. This sets out Tesco Bank's key risks, their optimum ranges, alert limits, controls and tolerance limits and ensures ongoing awareness of any potential risk to Tesco PLC.

Competition and markets

We do not have an effective, coherent and consistent strategy to respond to our competitors and changing markets, resulting in a loss of market share and failure to improve profitability.

We face the ongoing challenge of a changing competitive landscape and price pressure across most of our markets.

No risk movement

Executive oversight and ownership of business plans provide strategic direction for the Group with plans regularly reviewed and challenged. Dedicated Board strategy days are held to develop and challenge strategic direction. The use of market scanning and ongoing competitor analysis provides insight, an ability to anticipate market movements and develop an effective proposition. We remain closely aligned with local trade associations, governments and other policy makers across our markets.

We have realigned our individual European businesses to sit within a simplified Central European structure under a single management team to provide greater clarity and a consistent strategic approach.

Brand, reputation and trust

Failure to manage our brand means we are unable to consolidate loyalty and rebuild trust, creating a perception among customers, colleagues, communities and suppliers that result in a loss of market share or unfavourable effects on our ability to do business.

We are working to ensure that we rebuild trust and transparency across our stakeholders through initiatives such as price transparency, Brand Guarantee and the launch of new fresh-food brands. This helps to ensure that our brand perception reflects the values that we demonstrate.

Risk decreasing

Brand guidelines have been updated to provide Group-wide consistency over the use of the Tesco brand. Group commercial and corporate affairs policies and procedures have been updated. Communications, media relations and corporate responsibility plans are in place and include internal and external stakeholder engagement. There is a Group Corporate Responsibility Committee that oversees corporate responsibility activity.

The Code of Business Conduct has been refreshed with specific guidance over brand, social media and communications, ethical trading and the establishment of a tone at the top with defined consequences in the event of non-compliance.

Technology

A significant failure of IT infrastructure or key IT system results in loss of information, inability to operate effectively and/or financial or other regulatory penalties.

Our IT landscape requires further investment in core infrastructure and data centres, as well as to support the store environment.

Risk increasing

Controls include a technology strategy outlining a number of approved technology policies and procedures. The Technology leadership team provides central governance across major project approval, configuration changes, application updates and the development of new systems.

We are increasing our investment in IT with a fully-funded development plan covering a range of back office and customer systems. Technology assessments are performed on an ongoing basis to identify further areas of need and opportunities for improvement.

Data security and data privacy

Failure to maintain control over customer, colleague, commercial and/or operational data leads to a loss of data, either through deliberate targeted action or inadvertent error. The misuse of personal data, for example without the customer's consent or retaining for longer than is necessary, may also result in reputational harm, regulatory investigations and potential fines.

We operate a large number of disparate IT systems, some of which are legacy systems and we hold significant amounts of sensitive data in a number of locations.

Risk increasing

Our systems are secured with access controls, while regular vulnerability and penetration testing provides additional security. Compliance assessments are executed across UK and international business units against the information security policies.

We are strengthening our data-related controls as part of a significant IT security improvement programme. The strengthening includes enhanced information security policies and governance, review of defence measures against attacks and continued migration away from unsupported systems.

A Group-wide, comprehensive privacy compliance programme is being developed, which covers governance, risk assessment, policies and processes, training, incident management, monitoring and review. This is designed to drive the right behaviours and ensure obligations are met with regards to the handling of personal data.

Regulatory and compliance

Failure to comply with legal or regulatory requirements relating to our business activities, resulting in reputational damage, fines or other adverse consequences including criminal penalties and consequential litigation, adverse impact on our financial results or unfavourable effects on our ability to do business.

Our regulatory and legal landscape continues to evolve in all of our locations, and across each of our businesses. There is a risk of breach of existing legal or regulatory requirements, and of not adapting our business as demands change. There are specific actions under way to address matters identified last year relating to commercial income and supplier relationships.

No risk movement

The Group-wide Code of Business Conduct has been refreshed, with specific compliance programmes existing around key legislation (e.g. UK Bribery Act), built around a risk and compliance model. Colleagues in high-risk areas receive annual training and a communications programme supports ongoing awareness of Code and other regulatory risks. Leadership teams are trained on their regulatory duties and receive management data on compliance risks and breaches.

Groceries Supply Code of Practice (GSCOP) compliance is addressed in a number of ways, including through a GSCOP audit and monitoring programme and the appointment of a Code Compliance Officer. Equivalent legislation will be issued in ROI in 2016 and steps are being taken to prepare for this. There is an externally managed whistleblowing service across the Group for colleagues and suppliers (except Thailand, where it is internally managed) and a supplier helpline for the anonymous reporting of inappropriate conduct.

Tesco Bank's Board oversees Tesco Bank's compliance with regulatory requirements.

Safety

We do not meet safety standards in relation to workplace or product, resulting in death, injury or illness to customers, colleagues, or third parties.

We continue to focus our efforts on controls to ensure workplace and product safety.

No risk movement

For workplace safety, controls include Group safety policies and procedures, Group safety standards and rapid escalated incident-reporting to the CEO. Implementation is driven by a dedicated Group Safety function, which provides advice to the Group on safety matters across geographies. A framework for standardised safety risk assessments has been developed.

An extensive programme of technical product testing and reporting is in place with country teams responsible for the delivery and implementation of product safety policies and systems. We are proud to make the results of our provenance-testing publicly available. A supplier audit programme is in place to monitor product integrity and labour standards, which includes unannounced specification inspections of supplier facilities and products.

People

Failure to attract, motivate and retain the most talented colleagues and develop the required culture, leadership and behaviours to meet our purpose, resulting in an inability to achieve our business objectives.

Our people are our most valuable asset. We continue to manage and consider diversity and inclusion as well as colleague engagement.

No risk movement

Standardised recruitment policies and processes have been established and a Board-sponsored people strategy is being implemented to attract and retain the best people. Diversity and inclusion are key elements of our people agenda. Remuneration policies and succession planning are subject to periodic benchmarking to ensure they remain appropriate for the Group.

We provide ongoing opportunities for personal and professional development through our established leadership development and graduate programmes. 'Our Tesco' and 'What Matters To You?' initiatives allow us to connect, listen and respond to our colleagues. The consolidation of our UK offices into a single campus and the restructure of our Central European businesses has created an environment that fosters improved communication and collaboration between teams.

Tesco Bank

Continual and progressive changes in the regulatory environment in which the Bank operates could impact the level of capital and liquidity that is expected to be held.

Regulatory uncertainty could also impact the future earnings profile of the Bank.

The Bank actively manages its response to proposed regulatory changes and has a track record of adapting activities in advance of the implementation of regulatory change.

No risk movement

There is Bank Board reporting throughout the year in line with relevant regulatory requirements, with updates to the Tesco PLC Audit Committee by the Bank CFO/Audit Committee Chairman. A member of the Tesco PLC Board is also a member of the Bank's Board.

The Bank has formed good working relationships with the Prudential Regulation Authority and the Financial Conduct Authority and is also a member of the British Bankers Association. Through these relationships, the Bank is able to adopt a proactive approach to engaging in proposed regulatory change. The Bank monitors proposed regulatory guidance and changes during consultation and implementation phases. As a result, the Bank would expect to have sufficient time to respond and adapt its funding and business plans as appropriate.

The Bank has a defined risk appetite which is approved and reviewed regularly by both the Bank's Board and the Tesco PLC Board. The risk appetite defines the type and amount of risk that the Group is prepared to accept to achieve its objectives and forms a key link between the day-to-day risk management of the business, its strategic priorities, long-term plan, capital planning, liquidity management and stress testing. Adherence to risk appetite is monitored through a series of ratios and limits.

Joint ventures

Associates

2016

£m

2015

£m

2016

£m

2015

£m

Sales to related parties

408

430

-

-

Purchases from related parties

496

549

14

14

Injection of equity funding

-

14

-

10

Dividends received

32

79

9

9

Joint ventures

Associates

2016

£m

2015

£m

2016

£m

2015

£m

Amounts owed to related parties

13

22

1

1

Amounts owed by related parties

28

17

3

26

Loans to related parties (net of deferred profits)*

149

207

-

-

Loans from related parties

6

16

-

-

2016

£m

2015

£m

Salaries and short-term benefits

20

14

Pensions and cash in lieu of pensions

3

3

Share-based payments

9

4

Joining costs and loss of office costs

5

8

37

29

Credit card and personal loan balances

Current and saving deposit accounts

Number of key management personnel

£m

Number of key management personnel

£m

At 27 February 2016

11

1

8

-

At 28 February 2015

19

1

16

1