The IT health checks carried out around the Group have already started to prove their worth
IT Operations Manager
Software Development Manager
Support Desk Manager
Support Desk Analyst
Support Desk Analyst
Support Desk Analyst
IT Risk management
TR Systems have had a busy year assessing and addressing IT risk around the Group and, as mentioned in last year's report, the IT team have tackled the risk head on.
IT health checks have been carried out in all European sites and the process has also started in Asia. Further visits to Asia and the USA are planned for FY2018 to complete the IT risk review of the entire Trifast plc Group of companies.
The IT health checks have already started to prove their worth as, following on from health checks carried out around the Group in 2016, potential weaknesses in the IT Infrastructure were identified.
To confirm these weaknesses penetration tests were carried out by PTP (Pen Test Partners). PTP are a leading penetration testing and security company with which we have established a good working relationship. Their reports highlight the risks and vulnerabilities and exactly what needs to be addressed in risk priority.
Alongside the IT health checks and penetration tests, 2016 saw a major effort by all sections of the TR Systems department to address the requirements of the ISO/IEC 27001:2013 Information Security Management System, with the aim to achieve accreditation by the British Standards Institution (BSI). The process involved consideration of all aspects of information security with risk assessments being the major starting point. All members of the team were asked to consider any area that could be susceptible to security threats and where these were found they were immediately addressed. December 2016 saw the final push and we were pleased to be awarded the accreditation at the final assessment before Christmas.
To ensure information security is seen as a continual process, an Information Security Forum (ISF) has been established. This forum is made up of personnel from across the business and meets regularly to review all aspects of information security including any security incidents that may have occurred.
Internal audits are also carried out throughout the year with annual BSI assessments scheduled to ensure the Company continues to comply with the Standard. Information security is included as part of our day-to-day processes.
We have already seen benefits of compliance to the Standard with new and existing customers now being assured of our ongoing commitment to the security of both our own and our customers' information.
We are now putting in place schedules to rollout the ISO/IEC 27001:2013 Standard to the whole Group. This will be carried out on an incremental basis throughout the UK first and then to Europe and the USA/Asia.
As I am sure most of you are aware there have recently been two major IT incidents, the first one being the WannaCry ransomware virus. We are happy to report that TR was not affected by this ransomware and would like to think the investment in our cyber security that the Company has made prevented this.
The second incident was the airline system crash caused by a power outage in their data centre and lack of adequate backup processes. Again, TR has a secure datacentre that has a more than adequate backup power source which is tested on a regular basis and we can report that we have never lost any connectivity during the switch to backup power. Also, TR has multiple backup processes continually running that provide the organisation with the ability to restore the Company's systems and data within an appropriate time frame.
One of the consistent cyber threats to TR and its Group of companies is email traffic. Email threats come in different varieties, from a simple phishing mail to a more direct virus hidden in an attachment. TR have invested heavily in this area and, as you can see from the statistics, the investment has paid dividends.
3rd Party Support Partner
Managed by Group IT Services
Managed by Group IT Services Partner
|Incoming mail summary|
|Stopped by reputation filtering||93.0||34,907,012|
|Stopped as invalid recipients||0.7||262,815|
|Detected by advanced malware protection||0.0||384|
|Messages with malicious URLs||0.0||13,640|
|Stopped by content filter||0.0||11,231|
|Stopped by DMARC||0.0||0|
|S/MIME verification/decryption failed||0.0||0|
|Total threat messages:||94.5||35,493,501|
|Social networking messages||0.1||30,963|
|S/MIME verification/decryption successful||0.0||0|
|Total attempted messages:||37,547,107|
In summary TR have received 37,547,107 emails in the last year. 36,107,354 were blocked by our collection of email defence solutions. This means that only 1,439,753 emails were delivered which equates to c.4% of mail traffic. Assuming it takes the average user five seconds to process a mail this is a saving of 5.7 years of one person's time.
TR Systems have worked hard on establishing a global IT support structure. With many subsidiaries spread far and wide around the globe the best solution is to form good relationships with third party support partners that, under TR Systems guidance, will deliver the same level of security that the majority of TR locations already receive. This model also allows flexibility when new acquisitions join the Group.
In line with provision C.2.2 of the code, the Directors have assessed the prospects of the Company taking into account the current position and principal risks to determine whether there is a reasonable expectation that the Group will be able to meet its liabilities as they fall due over a specified period of time.
The Directors have carried out this longer term viability assessment over a period of three years as this aligns with the Group's detailed forecast which is approved at Board level. Three years is considered an appropriate period of time for the Group as it strikes the right balance between the need to plan for the long term whilst considering the uncertainty that arises in relation to assumptions the further you look ahead. The period is also within the term of the HSBC banking facilities which have been disclosed in note 20 and note 26 to the financial statements.
In assessing the prospects of the Group over the three year period, the Directors have also considered the Group's current financial position as well as its financial projections in the context of the Group's debt facilities and associated covenants. These financial projections are based on a bottom-up budgeting exercise for FY2018 and FY2019 which has been approved by the Board and a more top down view aligned to the Group's strategic objectives for FY2020. The Group's base projections indicate that debt facilities and projected headroom are adequate to support the Group over the next three years.
In conducting the assessment, the Directors have considered the principal risks outlined to perform stress testing on the forecast so as to determine the impact on the financial position and performance of the Group. These risks have been identified by the Board, and are actively monitored on an ongoing basis, the most significant of which are considered in more detail below:
- Potential impact that Brexit could have on the business due to foreign exchange movements, the possibility of a general downturn in the UK economy and/or the future impact of WTO tariffs. To date the impact has largely been in the form of foreign exchange translation tail winds, which have significantly increased our Group results at AER. In time there is a risk that this could reverse if the relative value of Sterling were to increase again, although such a reversal will only bring our results back to where we were in FY2016, which was itself a year of strong profitable growth for the Group. We are also starting to experience some pricing pressures due to the extended weakness of Sterling against the US Dollar and recent increases in raw material pricing. We are monitoring this situation closely and are already in negotiation with a number of our key suppliers and customers to ensure that we can minimise the impact of this. In the longer term, as a global business with worldwide logistics and over 70% of our revenue generated outside of the UK, we consider have the flexibility to withstand any UK specific challenges by either adjusting our supply routes in the medium term, or even potentially following our customer base overseas if UK manufacturing moves in the longer term.
- A serious quality issue occurring, both in terms of an immediate reduction in revenue, and possible penalties incurred, and longer term, considering the impact to our reputation, including the possible risk that this could lead to the loss of one or more of our key multinational OEM customers. We have robust quality processes in place around the world, both in terms of our own manufacturing processes and our vendor assessment and sourcing policies. In addition, our established global quality team and issue resolution procedures ensure that any supply problems that do arise are dealt with and resolved as soon as possible for our customers, ensuring that the costs incurred by us and the end customer are minimised as far as possible. However, although this has not happened in our 43 year history, it is possible to imagine a more significant quality issue arising with a customer which could result in substantial recall costs and penalties. In these circumstances, our comprehensive global guarantee and recall insurance would be utilised to cover any direct costs incurred. Although, the ongoing negative impact on the business may still be significant whilst the market builds back up its trust in the Group.
- The risk of a significant cyberattack, or data security breach could incur penalties and have a serious impact on the Group's ability to trade in the short term, with longer term negative implications to our reputation in the marketplace and therefore our ability to meet our growth targets in the medium term. We have made substantial additional investments in to our cyber security, including our back-up data storage and power systems in recent years and have global IT policies in place that are managed by a dedicated in-house team. We continue to invest in IT security and are rolling out ISO 27001 around the world. However, in this world of heightened cyber risk, it is not impossible that a circumstance could arise where our trading results have been negatively impacted as a result of a cyber threat or data loss.
The scenarios above are hypothetical and purposefully severe for the purpose of creating outcomes that have the ability to threaten the viability of the Group. It is considered unlikely, but not impossible, that the crystallisation of a single risk would test the future viability of the Group. However, as with many companies, it is possible to construct scenarios where either multiple occurrences of the same risk, or single occurrences of different risks could put pressure on the Group's ability to meet its financial covenants. In the case of these scenarios arising, various options are available to the Group in order to maintain liquidity so as to continue in operation such as: accessing new external funding early; more radical short-term cost reduction actions; and reducing capital expenditure. None of these actions are assumed in our current scenario modelling.
After considering the risks identified and on the basis of the assessments completed, the Directors believe that there is a reasonable expectation that the Company will be able to continue to operate and meet its liabilities as they fall due over the next three years.
How the business manages risk
As a Public Listed Company and in line with the UK Corporate Governance Code, "The Board is responsible for determining the nature and extent of the principal risks it is willing to take in achieving its strategic objectives. The Board should maintain sound risk management and internal control systems". The Board recognises that the management of risk is required to enable the business to meet its objective to create 'stakeholder value'.
|Risk||Description and potential impact||Current mitigation||Has the risk materialised?||Trend|
|Personnel & resource||Without both adequate resource and appropriate investment in our people and succession planning across all levels of the business from the Board down, we may not be able to deliver our future strategic plans and long term success||Our succession planning and gap analysis processes identify key employees and roles within the business and are designed to broaden and transfer our specialist knowledge and skills base. We invest heavily in our people via ongoing training and our Group wide Performance Development Programme to ensure there is adequate opportunity to allow our people to 'move up' within TR. Rewards are reviewed annually to ensure they remain at levels that are competitive within the marketplace||The Group enjoys extremely high retention levels with 46% of staff having been in the Group for more than ten years and the average length of service being over ten years. All key succession risks are appropriately managed|
|Quality and manufacturing||We recognise that the quality of our manufactured and externally sourced products is of critical importance. Any major failure will affect customer confidence and may lead to immediate financial penalties||Our established global quality team maintains our Group wide quality compliance protocols. Quality inspection processes across our manufacturing and distribution sites and vendor base are robust, allowing us to offer zero-defect supplies to customers where required and appropriate insurance is maintained and reviewed annually||The Group has not experienced any substantial quality issues, although quality is moving further up the agenda across all sectors of our client base|
|Foreign exchange volatility||A significant portion of the Group's revenue and profit is generated outside of the UK. Due to translation risk, the Group results could be adversely impacted by an increase in the value of Sterling relative to foreign currencies. In addition, a transactional risk exists as the Group sources certain products from the Far East for sale across Europe|
Transactional hedging is achieved via the commercial matching of transactions wherever possible. Non-functional currency balance sheet items are minimised and net investment hedging is used for any significant acquisition finance
We regularly review our foreign exchange mitigation strategies with our advisors to ensure that these remain fit for purpose in these challenging times
Foreign exchange volatility has been significantly higher with increases of c.10% across a basket of the Group's key currencies
Our results have been presented at CER and AER to assist our stakeholders' understanding of the underlying business. Further information in respect of the Group's policies on financial risk management objectives including policies to manage foreign exchange is given in note 26
|Macro-economics||Traditionally distribution/ manufacturing sectors bear the effect of inventory reduction in challenging economic periods earlier than other industries|
By operating globally and across a number of sectors, the Group is better able to manage the risk of regional or industry contractions. As customers move, or expand, we have the capability and flexibility to move with them, whilst our first class customer service works to protect us from rapid supplier changeover
We hold less than 1% of a £25bn target market meaning growth via market share remains credible even in a falling market
|The global economy remains in a period of growth, albeit that current conditions have become significantly less settled than in previous years|
|Loss of a key customer and debtor exposure|
Good relationships with our customers is key to the business. Any lack of holistic support or an inconsistent approach to the trading and management of key global customers across the Group increases our exposure to customer loss
Increased trading levels lead to higher debtor balances, raising our exposure to customer failure and bad debt write downs
Our global multinational OEM focus means we are able to build strong head office and local relationships with our key multinational customers. Improving our supplier power and helping us to retain and grow key trading relationships for the longer term
We maintain strong credit control procedures from new customer set up, through to regular monitoring as trade develops. We also have global catastrophe credit insurance cover
|The Group has not in recent years experienced any substantial credit issues and attrition of our key multinational OEMs remain very low|
|Interruption of supply||The Group sources products both internally and externally for customers around the world. If we were unable to supply a customer in line with their ongoing manufacturing requirements, the risk both to our reputation and in terms of potential stoppage penalties would be substantial||We hold appropriate stock levels to service our customers' needs at all times. Our pan-global presence means we are able to operate along multiple transport routes, shielding us from localised issues. For all key products we maintain multiple sources to ensure adequacy of supply. Our approved vendor due diligence processes also help to mitigate the risk of a supply chain breakdown. We ensure that our top 20 suppliers are visited at least every year to maintain this||In recent times, political and climatic instability have increased in a number of countries across in the world. Where we have encountered issues, our established and flexible logistics have allowed us to continue to offer timely and reliable supply to our customers|
|Inventories obsolescence||The Group holds substantial inventory balances across the world. As the business grows these levels will increase to meet both transactional needs and the requirements of our multinational OEM customers. Higher stock levels lead to an increased exposure to obsolete inventory||Stock management processes are a key part of the Group's internal controls and stock days are a KPI, monitored locally and at Board level. We continue to invest in stock management processes and systems to ensure we keep optimum levels across the world. Our multi-locational set up, allows us to reduce lead times, and therefore stock holding, as far as possible||Customers' requirement and our product mix are ever evolving. Our tight stock management and engineering know-how allow us to view these changes as an opportunity to develop and sell new lines, rather than as a risk to the business|
|Cyber security||Unauthorised access to, or a breach of, our systems, networks or premises, could immediately and materially affect our reputation with possible implications for revenue and growth over the short to medium term. Such a breach may also cause financial loss||We have undertaken a review of our cyber security controls worldwide. Additional investment has been made where required to manage our risk. Our IT policies are managed by a dedicated in-house team and access to systems is strictly limited to appropriate personnel. IT risk reviews are routinely carried out across all our sites||The Group has not to date experienced any significant cyber security threats|
We are proud to have this year achieved accreditation of the ISO/IEC 27001:2013 standard for Information Security Management Systems in our Group IT function, which is to be rolled out to the wider Group
|Impact of BREXIT:|
FX/ Transaction risk/ pricing pressures
The prolonged weakness in Sterling may bring inflationary pressures to our imported purchase costs into the UK
|We perform ongoing reviews of our global supplier base as a matter of course to manage pricing pressures that arise. In the UK these reviews have been designed to specifically focus on the ongoing impact of foreign exchange fluctuations to ensure we continue to strike the best deal with our suppliers||Towards the end of the financial year, we have started to see some pricing increase requests being made from suppliers and negotiations have begun to manage this risk|
Post-Brexit trading rules (WTO)
A default to WTO rules could have a negative impact on trading between our UK sites and the EU/our EU sites and the UK
|As a global group with a number of EU subsidiaries we are in a strong position to manage our supply chain to allow trading routes that bypass a UK-EU or EU-UK transfer to a large extent. We see this challenge as an opportunity to insert greater efficiencies into our supply chain||The situation at the moment is unclear, but a hard Brexit may lead to a default to WTO rules. We are currently reviewing our options as a business, in advance of greater clarity|
UK macro-economic environment
Given the degree of uncertainty in the wider market, the extended weakness in Sterling and the risk of restrictions to our ongoing access to the single market the UK economy may contract in the medium term. If we are unable to react to a possible slow down sufficiently quickly and effectively, then temporary trading/ restructuring losses could be incurred if the UK business needs to resize
Regular quarterly forecasting and sales trend analysis at UK level will identify any issues as soon as possible. Whilst our access to the UK distribution market, acts as a good barometer of the wider marketplace, providing us with an early insight in to toughening market conditions and allowing us to react quickly and effectively if a changing situation demands it
In the short term, manufacturing levels are protected by existing manufacturing investments in the UK, most specifically in the automotive sector
In the long term, we are a global business with the flexibility to follow our customers wherever they may end up following any prolonged downturn in the UK manufacturing industry
The UK economy continues to grow, albeit slower than expected in recent weeks. The automotive sector is our largest UK sector and positive discussions have been held by Theresa May (UK Prime Minister) with a number of the UK's major car manufacturers
We will continue to monitor the situation closely over the coming months to ensure we are able to react quickly to any change in circumstances