Governance structures & processes

Demonstrating how we elevate our sustainability commitments by managing and seeking certification in the same manner as other important business areas.

GOVERNANCE STRUCTURES & PROCESSES

Governance, Risk Management & Compliance Team

Our GRC Team oversees activities that relate to formulating policies, aligning processes and business practices in line with the objectives, directions and intentions defined by our Executive Team. The aim of this is to ensure that Reed & Mackay conducts business in an effective and efficient manner and in accordance with our compliance obligations, whilst considering the risks to the business and identifying appropriate continual improvement initiatives.

GRC’s activities are geared towards maintaining good corporate governance and compliance with standards and regulations, including:

ISO Management Systems
Payment Card Industry Data Security Standard (PCI DSS)
General Data Protection Regulation (GDPR) / data protection
EcoVadis – Business Sustainability Ratings

The GRC Team consists of subject matter experts in Quality, Business Continuity, Environment and Information Security based at our Head Office.

Executive Level Sponsorship, Leadership & Accountability

The Group CTO is accountable for Reed & Mackay's Integrated Management System (Environment, Quality, Information Security and Business Continuity) and reports the status of the IMS in monthly Executive Reports. This includes the status of our CO2 emissions.

In 2021, we appointed our International Development Director to the new role of Head of Sustainability to oversee our Environmental & Sustainability ROAR Working Group, which now meets on a quarterly basis.

We also recruited a Sustainability Manager (reporting to the Head of Sustainability) to help grow and shape our business and the manner in which we approach sustainability.

Reed & Mackay’s Integrated Management System

Our Integrated Management System is comprised of four individual Management Systems (Quality, Information Security, Business Continuity and Environment), all of which we have achieved ISO certifications for. Our ISO certifications include:

ISO 9001 – Quality Management System - encouraging a quality culture across all areas of the business. Delivering exceptional service levels and continually improving
ISO 27001 – Information Security Management System - to maintain the highest standard of confidentiality, integrity and availability of internal, customer and supplier information
ISO 22301 – Business Continuity Management System - to manage the risk of serious financial loss, loss of client confidence or other serious business impact, which may result from a significant failure e.g. power failure, IT system failure, etc.
ISO 14001 – Environmental Management System - to reduce the environmental impact of our significant environmental aspects and to comply with applicable legislation

All management systems are audited on an annual basis by a UKAS accredited auditing body. The most recent re-certification audit against all ISO certifications took place in summer 2021.

As an adjunct to the management system, there are other compliance obligations which are managed to ensure support of the highest calibre for the ISO elements – these include PCI DSS, GDPR and the business sustainability rating from EcoVadis.

Resilience, Opportunity & Risk Committees

In 2021, we implemented cross-functional Resilience, Opportunity and Risk (ROAR) groups. Members of the ROAR groups meet on a quarterly basis with the aim of enhancing organisational resilience and engaging assistance with the management of risks and opportunities.

There are four ROAR groups:

Group members are responsible for acting as champions for the subject matter within their teams and across the business. All ROAR groups include members of Reed & Mackay’s Executive Team and address the following objectives:

Improve awareness and engagement in key compliance disciplines
Foster a common business-wide understanding of resilience, risks and opportunities
Assist with enhancing resilience, and identifying, reviewing, assessing and prioritising risks and opportunities
Discuss selected risks or opportunities in detail
Enlist support in driving activities forward
Understand the responsibilities of attendees
Actively contribute to meetings
Ensure follow up actions are completed
Champion the discipline within teams / across the business

Outputs from the ROAR meetings can include updates to existing risks and opportunities, creation of new risks or opportunities or actions for ROAR Group members. Actions are captured and tracked by the GRC Team in Reed & Mackay’s Corrective & Preventive Log. The overall status of ROAR meetings is reported through GRC & Information Security Executive Team reporting and through Management Review.

Environmental Reporting & Assessments

We are legally required to report UK energy consumption in our annual financial report under the Streamlined Energy & Carbon Reporting Framework (SECR). Energy consumption statistics were submitted as part of our 2020-21 financial reporting.

We are also legally required to undergo an Energy Savings Opportunity Scheme (ESOS) assessment every four years. Compliance must be reported to the Environment Agency. In the most recent report from the August 2019 assessment, our Energy Assessor reported that our existing equipment is “relatively new and well controlled” and our energy efficiency in general is “very good”. Identified opportunities for improvement were logged on Reed & Mackay’s Continual Improvement Log for follow up and closure.

Managing Environmental Compliance Obligations

We assemble applicable environmental legislation in a Legislation Log and formally review changes to legislation on an annual basis. Current and future legislation is monitored using information from various sources e.g. the internet (Government sites, business travel press), external seminars, etc. The log is split into three levels of importance:

Priority of importance for Reed & Mackay – Compliance is actively monitored at least annually
Awareness of the legislation and its relevance to Reed & Mackay. Monitored annually or if the business needs change
Awareness of the legislation which is deemed to sit on the peripherals of the Reed & Mackay service offering – relevance is reviewed on an ad-hoc basis

Our Office Manager is responsible for obtaining compliance records from Building Management Companies and relevant contractors. Records are checked against the legislation log to ensure they meet the requirements of relevant legislation.