Shaping the future - a review of performance for 2021

Managing risk and uncertainty Principal risks The Group Risk Register prioritises material risks to the delivery of our strategy. Some risks are outside the immediate control of the company and despite robust processes, these risks may occur without warming. Our ability to respond demonstrates the resilience to navigate through a changing environment, as we have seen in the last 2 years. The impacts from COVID-19 have been felt in our key markets, with travel restrictions and other mitigations introduced to varying degrees, (most notably across Australia and wider APAC region). Through deploying effective risk management processes to keep our employees safe and manage our cost base, we have been able to continue to deliver to the majority of our customers. We also recognise that many governments are sitting on high levels of debt from funding these mitigation strategies, and this may affect the timing of investment decisions. While we remain heavily weighted towards the UK market, we work across a number of sectors and geographies, with a diverse portfolio of services and capabilities As we continue on our transformation to deliver strategic growth, we recognise that people are at the heart of what we do. We are investing in our people and our capabilities and are working through a significant change management programme together with introducing new technologies to support how we operate. We mitigate the associated risks through employing a range of project and change management disciplines and through ensuring our people are at the forefront of our transformation journey. We have also developed a global careers map to ensure we retain the best people through encouraging opportunities for progression. We have strengthened the risk assessment process early in the project lifecycle specifically at the bid stage, to help mitigate the risk of committing to potential onerous contracts, and through our transformation programme we are harmonising our project delivery processes across the group. We carefully manage our financial risks including long-term liabilities through employing appropriate funding strategies. Emerging risks Emerging risks and opportunities are those that are developing or are changing, with the full impact being evaluated. While COVID-19 may continue to weigh on global economic outlook, more sophisticated cyber threats by state and non-state actors, together with the wider geopolitical risks will feed into investment decisions by governments and their suppliers. Therefore, we expect a greater focus on national and regional security including cyber security. We will continue to build on our long history of working with key governmental agencies in these areas, and we undertake targeted investment to develop solutions and develop scientific and engineering capabilities to address these ever-changing threats. Climate change and extreme weather events will continue to influence economic policy, factoring into infrastructure and capital investment decisions. We are assessing the ESG risks in our business and are working to reduce our carbon footprint as a business and ensure our supply chain continues to meet global ethical standards. We also seek to use our collective engineering expertise to work with our customers and partners to accelerate the transition to clean energy (including within the defence and maritime sectors) and to reduce the environmental impact of extractive industries. Climate change and extreme weather events also have the potential to impact how we operate. Our business must ensure that its climate-related risks are appropriately identified, managed, and mitigated. In response to this we are voluntarily aligning with the guidance from TCFD and considering the impact of climate change throughout the business strategy and project delivery. Risk appetite To achieve our ambitious strategy, we recognise the need to take a well-considered and balanced approach to risk. In areas including pipeline growth, organisational transformation, and innovation we are willing to accept a higher level of risk. Our risk appetite in matters of compliance, ethics, cybersecurity, and safety is naturally lower and we are more cautious in our approach. A table of our principal risks, why they are important and how we manage them is shown overleaf. The Board has ultimate responsibility for determining the nature and extent of the risks that the business is willing to take and that the risks are effectively managed across the group. They oversee a risk governance process, with risk assessment increasingly embedded within our key management processes. 33