Principal Risks

30856 Gymgroup Page7

Our robust risk management process is integral to delivering the Group’s strategic and operational objectives.


The Board and senior management take very seriously their responsibility for risk management and internal controls, and for reviewing their effectiveness at least annually. An effective risk management process balances risk and reward and is dependent on the judgement of the likelihood and impact of the risk involved. The Board has overall responsibility for ensuring there is an effective risk management process in place which is designed to identify the principal risks that the business faces and to provide reasonable assurance that they are fully understood and managed.


The Gym Group seeks to optimise a high level of return whilst achieving appropriate risk versus reward performance in line with our growth strategy. Our commitment to delivering a compelling member experience means that we have no appetite to lose our price competitiveness or our commitment to operational excellence. We are willing to accept the risk of partnering with third parties to deliver our core business activities. However, contracts and relationships with critical suppliers must be well monitored, value for money and regularly reviewed. In addition, third parties must comply with appropriate regulatory and ethical standards.

We seek to provide a great place to work and balance costs and risks to ensure our colleagues are engaged and have the capability to deliver our strategy. We have no tolerance for harm (physical or mental) to individuals and actively promote diversity and inclusion. We also have no appetite for the loss of, or otherwise unauthorised or accidental disclosure of, member or other sensitive data and no appetite to knowingly breach the spirit or letter of the laws that apply to us. In areas of uncertainty, we will have a robust justification and clear rationale for the choices we make. Where possible, high priority projects must be delivered on time, to budget, to expected quality and in a way that safeguards the wellbeing of our colleagues working on the project. However, cost overruns and delays will sometimes be tolerated to achieve the desired outcome.


The Group’s risk management process is designed to measure, evaluate, document and monitor risks within all areas of the business.

Each functional area of the business maintains an operational risk register in which senior management identifies and documents the risks that their business area faces. A review of the functional risk registers is performed at least annually by the Senior Management Team (SMT) - made up of the Executive Committee and other senior management - and by the Audit and Risk Committee (on behalf of the Board).

In addition, the Board and SMT also consider and identify strategic risks at least annually – i.e. those risks that they believe would have a significant impact on our ability to achieve our strategic goals

The Group principal risk register is made up of those strategic risks (top down) and functional risks that are believed would have the greatest impact on our operations (bottom up).

Each risk is evaluated against three criteria with equal weighting to arrive at an overall score:

  • Likelihood – the likelihood of occurrence.
  • Financial impact – the financial implications.
  • Control environment – the strength of controls mitigating the risk.

In assessing the risks, consideration is given to ‘what can go wrong’, i.e. what could make the risk become realised. For each risk identified, current and future mitigations are developed and documented.


The roles and responsibilities for designing, monitoring and operating the system of risk management are set out below.

  • Has overall responsibility for strategy, governance, performance, internal control and risk management

  • Sets the “tone” and culture for managing risk and embedding risk management controls, providing strategic direction on the appropriate balance between risk and reward

  • Ensures the most significant risks facing the Group are properly managed

  • Evaluates the risk implications of planned investments

  • Monitors and reviews the overall effectiveness of the Group’s system of internal control and risk management
  • Makes recommendations to the Board for improvements or developments
  • Defines and reviews the Group’s risk appetite

  • Monitors compliance with internal control systems and oversees the external audit

  • Promotes and supports the embedding of risk management throughout the business
  • Ensures there is active management of identified and emerging risks
  • Formally reviews the functional and strategic risk registers on a regular basis
  • Reports to the Audit and Risk Committee on the internal control environment
  • Manage day-to-day risk in their own areas guided by Group policies, procedures and control frameworks
  • Identify and report on functional risks to the SMT and ensure mitigations are in place
  • Deliver the actions associated with managing risk