The board, assisted by its committees, the risk oversight committee, the group executive committee, and the group audit committee, approves the Group's overall risk management framework. The board also reviews the Group's aggregate risk exposures and concentrations of risk to seek to ensure that these are consistent with the board's appetite for risk. The role of the board, audit committee and risk oversight committee are shown in the corporate governance section, and further key risk oversight roles are described below.

There is strong cross membership of non-executive directors between remuneration, audit and risk oversight committees.

The group executive committee, assisted by the group business risk committee and the group asset and liability committee, supports the group chief executive in ensuring the effectiveness of the Group's risk management framework and the clear articulation of the Group's risk policies, whilst also reviewing the Group's aggregate risk exposures and concentrations of risk. The group executive committee's duties are described in greater detail in the corporate governance section. The group executive committee members are also members of the group business risk committee and the group asset and liability committee, both of which are chaired by the group chief executive. The group business risk committee is supported by the following:

The group compliance and operational risk committee is responsible for proactively identifying current and emerging significant compliance and operational risks or accumulation of risks and control deficiencies across the Group and reviewing associated oversight plans to ensure pre-emptive risk management action. The committee also seeks to ensure that adequate divisional engagement occurs to develop, implement and maintain the Group's compliance and operational risk management framework.

The group credit risk committee is responsible for the development and effectiveness of the Group's credit risk management framework; clear description of the Group's credit risk appetite; setting of high level Group credit policy; and compliance with regulatory credit requirements. On behalf of the group business risk committeee, the group credit risk committee monitors and reviews the Group's aggregate credit risk exposures and concentrations of risk.

The group model governance and approvals committee is responsible for setting the control framework and standards for models across the Group, including establishing appropriate levels of delegated authority; the approval of models that are considered to be material to the Group (including credit risk rating systems); and the principles underlying the Group's economic capital framework.

The group change management committee is responsible for ensuring that the aggregate risks associated with the Group's project portfolio are identified, assessed and mitigated, thereby ensuring that the portfolio remains deliverable within an acceptable level of risk.

The group asset and liability committee is supported by the senior asset and liability committee, which is responsible for the review and escalation of issues of group level significance to the group asset and liability committee relating to the strategic management of the Group's assets and liabilities and the profit and loss implications of balance sheet management actions. It is also responsible for the risk management framework for market risk, liquidity risk, capital risk and earnings volatility.

Supporting the chief risk officer, the risk forum consists of the divisional risk officers and the group risk directors. The risk forum regularly reviews a summary of risks across the risk management spectrum to determine areas of focus for remedial action across the Group.

Group executive directors have primary responsibility for measuring, monitoring and controlling risks within their areas of accountability and are required to establish control frameworks for their businesses that are consistent with the Group's high level policies and within the parameters set by the board, group executive committee and group risk. Compliance with policies and parameters is overseen by the risk oversight committee, the group business risk committee, the group asset and liability committee, group risk and the divisional risk officers.

The chief risk officer, a member of the group executive committee and reporting directly to the group chief executive, oversees and promotes the development and implementation of a consistent group wide risk management framework. The chief risk officer, supported by the group risk department and the divisional risk officers, provides objective challenge to the Group's senior management. The chief risk officer also reports independently to the risk oversight committee (described in Corporate governance) that comprises non-executive directors and is chaired by the Group chairman.

Group risk directors are allocated responsibility for specific risk types and are responsible for ensuring the adequacy of risk resources as well as the oversight of the risk profile across the Group.

Divisional risk officers provide oversight of risk management activity for all risks within each of the Group's divisions. Reporting directly to the group executive directors responsible for the divisions and the chief risk officer, their day-to-day contact with business management, business operations and risk initiatives seeks to provide an effective risk oversight mechanism.

The director of group audit provides the required independent assurance to the audit committee and the board that risks within the Group are recognised, monitored and managed within acceptable parameters. Group audit is fully independent of group risk, seeking to ensure objective challenge to the effectiveness of the risk governance framework.

Line management are directly accountable for the management of risks arising from the Group's business. A key objective is to ensure that business decisions strike an appropriate balance between risk and reward, consistent with the Group's risk appetite. The senior executive team and the board receive regular briefings and guidance from the chief risk officer to ensure awareness of the overarching risk management framework and a clear understanding of their accountabilities for risk and internal control.

All business units, divisions and group functions complete a control self-assessment annually (described in Corporate governance), reviewing the effectiveness of their internal controls and putting in place enhancements where appropriate. Managing directors and group executive directors certify the accuracy of their assessment.

Business risk management forms part of a tiered risk management model, as shown in Risk governance structures, with the divisional risk officers and group risk providing oversight and challenge, as described above, and the chief risk officer and group committees establishing the group-wide perspective.

This approach seeks to provide the Group with an effective mechanism for developing and embedding risk policies and risk management strategies which are aligned with the risks faced by its businesses. It also seeks to facilitate effective communication on these matters across the Group.