Potential impact

If products do not meet the requirements of customers, they will seek alternative solutions, resulting in the loss of existing maintenance and new revenue opportunities and the cancellation of existing contracts. Insufficient focus on key research and development projects may damage the longterm growth prospects of the Group. The Group's business and reputation may be harmed by innovation that falls behind competitors, or by errors or defects in its products.

How we manage it

As set out in the Chief Executive's Strategic review on pages 14 to 17, a key initiative of the Group's three-year plan is to take a more definitive approach to delivering Subscription and SaaS-based offerings as a key part of the strategy and to accelerate the transition to these models where appropriate within the Group's portfolios. The transition is being managed over multiple financial periods with initial focus on products where this model is the emerging or de-facto market standard. Additionally, in FY20 the Group began to take a differentiated approach to investment and operational management in Security and Big Data. The priorities remain delivering new innovation in response to rapidly changing market opportunities, expanded cloud and cross-industry use case support and further developing existing and new SaaS and Subscription offerings.

As set out on pages 18 and 19 (Our markets) the Group aligns resources and develops propositions across four main outcomes for its customers: Accelerate application delivery; Simplify IT transformation; Strengthen cyber resilience; and Analyse in time to act. To improve the interaction between product management, product development, sales and marketing we implemented a new end-to-end planning process. The Micro Focus Product Portfolio consists of five product groups with more than 300 product lines, as set out on pages 28 to 31 (Our business model), which are uniquely positioned to help customers address digital transformation, run and transform their business and maximise existing software investments. Continued evolution of product strategy occurs as part of the annual product planning process, where senior leaders from across the business determine appropriate product sales, marketing and investment strategies to best align to the market opportunities. More details on the business model can be found on pages 28 to 31.

Potential impact

Poor design and/or execution of GTM plans may limit the success of the Group by targeting the wrong customers through the wrong channels and positioning the wrong product or solution offerings, reducing the value that customers receive from Micro Focus.

How we manage it

As set out in the Chief Executive's Strategic review on pages 14 to 17, a key initiative of the Group's three-year plan is to deliver consistent, sustained improvement to revenue performance through increases in sales productivity and the more effective alignment of resources to opportunity. The GTM team has made positive improvements to operationalise the recommendations set out at the beginning of the year, including good progress in the development of the Group's customer and partner propositions. Across the five product categories that the Group reports against, the Group has great depth of capability and experience to help its customers address some of the most complex challenges they face. To best enable the Group's customers and exploit this capability, the Group is aligning resources and developing compelling propositions across four customer outcomes - Accelerate application delivery; Simplify IT transformation; Strengthen cyber resilience; and Analyse in time to act.

As a result of the COVID-19 pandemic and the increase to 90% of our employees working from home, Micro Focus has invested further in additional resources to support the transition to virtual selling and customer engagement. Sales enablement and execution has received considerable attention and improvement measures have focused on improving consistency of approach and simplifying the organisational structure to support more effective and efficient decision making, greater accountability and a holistic approach to customer success. This has been achieved through the further removal of unnecessary global structures and management layers, and the introduction of a single global sales methodology based on value-driven outcomes. Further measures are being put in place to improve productivity and predictability. Other organisational changes that were made to align marketing and product teams, and to build a consistent approach to sales enablement globally, have been operationalised and continue to reflect the changing demands of the business.

Industry events, such as Micro Focus Universe, successfully adapted to a virtual format given COVID-19 restrictions, help showcase the Group's Product Portfolio and strengthen customer, partner and industry relationships. Additionally, The Group coordinates a programme of subject matter expert led media engagement on industry innovation and emerging industry trends, targeted mainly around social and web media, that serve to further increase brand awareness.

Potential impact

Failure to understand the competitive landscape adequately and thereby identify where competitive threats exist may damage the successful sales of the Group's products. If the Group is not able to compete effectively against its competitors, it is likely to lose customers and suffer a decrease in sales, which may result in lost market share and weaker financial performance.

How we manage it

Group product plans contain an analysis of both traditional and emerging competitive threats and subscriptions to industry analyst firms are leveraged to better understand market dynamics and competitor strategies. In addition, customer surveys and customer advisory boards are used to validate product direction - both standalone and in the context of competitors. Micro Focus continues to monitor and review intelligence on market threats to focus on offering best in class service to customers. Marketing and product teams monitor a variety of metrics (such as NPS, including competitive benchmark) to analyse customer satisfaction relative to industry benchmarks.

Potential impact

Disruption to the IT systems could adversely affect business and Group operations in a variety of ways, which may result in an adverse impact on business operations, revenues, customer relations, supplier relations, and reputational damage. Dependency on IT providers could have an adverse impact on revenue and compliance in the event that they cannot resume business operations.

How we manage it

As set out in the Chief Executive's Strategic review on pages 14 to 17, completion of simplification programmes that form the platform for improved operational effectiveness and agility remain a priority for the business. Key within this is the migration to one set of core IT systems. This is a global programme being executed principally in the UK, USA and India in conjunction with our Systems Integration partners. We have made good progress against our objectives for the programme during the period, with the first phase of employees transitioned on 13 January to the new IT infrastructure and the transition of remaining employees to occur later in the year. Further details regarding the IT transformation programme can be found in the Chief Executive's Strategic review on pages 14 to 17.

During the period the Group pivoted to have more than 90% of its employees working from home as a result of the COVID-19 pandemic. To support the increased demands on remote IT services and respond to other emerging IT requirements across the business, a centralised IT incident management team was established and continues to operate, reporting into a cross-functional operational response team (ORT). Further detail regarding the Group's response to COVID-19 is detailed on page 61.

To maintain the required control environment the Group relies upon automated, semi-automated and manual controls together with a combination of preventative and detective controls. The IT control environment continues to be improved as part of the implementation of controls to meet SarbanesOxley Act 2002 (SOX) compliance, as set out on pages 90 and 91.

A vendor management process is in place and continues to be improved, to allow for better involvement and engagement with third party IT providers.

How we manage it

As detailed in the Chief Executive's Strategic review on pages 14 to 17, the Group's three-year plan includes initiatives that are focused around two key objectives. Firstly, evolving our business model to ensure we continually adapt to changes in the market to deliver value and capture growth opportunities. Secondly, delivering operational excellence through business process and infrastructure simplification with a relentless focus on improving levels and consistency of execution.

The focus remains on delivering targeted, relevant business outcomes and the simplification of business operations to equip and enable the sales organisation, simplify operational support and improve compliance capability. The Group continues to execute multiple programmes to deliver on these aims. Programme risks and interdependencies are managed carefully including the utilisation of detailed deep dives, cross-functional and cross-programme review sessions and a cadence of weekly and monthly risk reviews, to ensure that execution of the various programmes is successfully aligned to minimise disruption to 'business as usual'. Given the volume of concurrent transformation activity being delivered across the business, the Group has put in place governance structures to manage change for the business in a structured manner. These governance structures continue to evolve to meet the changing needs of the business.

As noted within the 'IT systems and information' risk on page 67, the Group has made good progress in the IT transformation programme to transition to one set of core IT systems. The transition of both historical Micro Focus and HPE Software systems to the new simplified systems architecture will build a solid base for improved execution.

Potential impact

Failure to comply could result in civil or criminal sanctions (including personal liability for directors), as well as possible claims, legal proceedings, fines, loss of revenue and reputational damage.

How we manage it

The Group has in place policies and procedures to mitigate these risks. The Group's legal and corporate compliance team, including specialist external advisers as required, monitor and review compliance. During the period, the operational risk and compliance committee, which reports to the audit committee continued to meet regularly to monitor cross-functional risk management and compliance activity. The Group is committed to ensuring on-going compliance with anti-bribery and corruption, data protection and market abuse and insider dealing laws and has in place a Code of Conduct with supporting training materials. Mandatory Code of Conduct online training is provided annually and during the year was completed by all employees. In addition, virtual anti-corruption and anti-fraud training was carried out widely across the regions in which the Group operates, with particular focus on higher risk territories.

The Group maintains processes and policies to ensure it is compliant with data protection requirements imposed by data protection and privacy laws, including GDPR. Data protection and privacy compliance is driven and monitored by the Group's legal and corporate compliance team, supported by technical and other subject matter experts as required. Data protection compliance is built into the Group's corporate-wide information security management system and is kept under review to ensure that required standards are met. The compliance environment is also strengthened by the implementation of SOX controls, as set out on pages 90 and 91.

Potential impact

This IP risk could adversely affect the ability of the Group to compete in the market place and affect the Group's revenue and reputation.

How we manage it

There are procedures in place across the Group to ensure the appropriate protection and use of the Group's brands and IP and these are monitored by the Group's IP panel and legal IP team.

Potential impact

Insufficient access to funding could limit the Group's ability to achieve its desired capital structure or to complete acquisitions. An increase in interest rates could have a significant impact on business results.

The relative values of currencies can fluctuate and may have a significant impact on business results.

How we manage it

The Group has significant committed financing facilities in place which were refinanced during the period, the earliest of which matures in June 2024. The Group closely monitors its liquidity and funding requirements to ensure it maintains sufficient headroom to meet its operational requirements. During the period, as a precautionary measure in response to the COVID-19 pandemic, the Group suspended the payment of dividends in order to maximise available liquidity during a period of increased economic uncertainty. The Group seeks to maintain strong relationships with its key banking partners and lenders and to proactively monitor the loan markets. The Group also has strong engagement with the providers of equity capital, which represents an alternative source of capital.

The Group holds interest rate swaps to hedge against the cash flow risk in the LIBOR rate charged on $2,250m of total borrowings for the period to 30 September 2022. Under the terms of the interest rate swaps, the Group pays a fixed rate of 1.94% and receives one month USD LIBOR.

Monitoring policies and procedures are in place to reduce the risk of any covenant breaches under the Group's banking arrangements. At 31 October 2020, $nil of the Revolving Facility was drawn. As a covenant test is only applicable when the Revolving Facility is drawn down by 35% or more, and $nil of the Revolving Facility was drawn at 31 October 2020, no covenant test is applicable.

Currency fluctuations are monitored by the Treasury Risk Committee on an on-going basis. Key currency exposures are detailed on page 207. Changes in foreign exchange rates are monitored, exposures regularly reviewed and actions taken to reduce exposures where necessary. The Group provides extensive constant currency reporting to enable investors to better understand the underlying business performance.

Potential impact

Tax liabilities in the territories in which the Group operates could increase as a result of either challenges of existing positions by tax authorities or future changes in tax law. Specifically, given the substantial operations in the US any changes in tax policy that might arise from the results of the US election could have a significant impact on the Group. Furthermore, if the Group is required to make indemnification payments to HPE under the TMA, these could be substantial.

How we manage it

Tax laws, regulations and interpretations are kept under on-going review by the Group and its advisors. The Group also reviews its operations, including the structuring of intra-Group arrangements, on a periodic basis to ensure that all relevant laws are complied with and that risks are identified and mitigated appropriately.

External professional advice is obtained ahead of significant transactions or structuring activity, and to support positions taken in financial statements and local tax returns where there is significant uncertainty or risk of challenge.

During the period, a governance framework and process has been in operation to remind relevant employees of the requirements and guiding principles to comply with the obligations under the TMA. The risk of actions taken by the Group impacting the tax treatment of the HPE transaction diminish over time and is now considered to be low.

Potential impact

Adverse economic conditions could affect sales, and other external economic or political matters, such as price controls, could affect the business and revenues.

How we manage it

The spread of jurisdictions allows the Group to be flexible to adapt to changing localised market risks, including navigating the effects of COVID-19 across different geographies.

The Group has business continuity plans and crisis management procedures in place in the event of political events, pandemics or natural disasters.

The Brexit Working Group (BWG) continued meeting throughout the year and following analysis of the EU-UK Trade and Cooperation Agreement agreed on 30 December 2020, the Group's mitigations and preparatory activity continued, preparing the Group for the transition. The areas reviewed for possible impacts included people, tax, transfer pricing, commercial contracts (buy and sell), privacy and data protection, intellectual property and regulatory matters. The BWG is phasing workstreams back into Group functions that will continue to work through changes. We recognise that it is early in the implementation of new rules and regulations and the position will continue to be monitored for any new or emerging risk areas.

Potential impact

Adverse economic conditions arising as a result of the continuation of the COVID-19 pandemic could affect sales performance and business operations.

How we manage it

The Group acted quickly at the commencement of the COVID-19 pandemic, reviewing the existing BCP structures and enhancing governance, through the establishment of a COVID-19 Steering Committee, to provide a strategic platform to identify and address the emerging risks of COVID-19 across the enterprise. The status of key COVID-19 operational risks is monitored in real time through reporting provided daily to the COVID-19 Operational Response Team on indicators such as rates of infection, illness and facility occupancy levels. Further details on the Group's response and management of COVID-19 are provided on page 61 and additional details on how COVID-19 has impacted specific risks are provided in the respective risks set out in this section.

Potential impact

Data loss, which could harm client and customer relationships, compliance and/or perception of the effectiveness of the Group's products.

How we manage it

The Group works continually to counter the risk posed by the current and emerging cyber security threat landscape. The cyber team manages the security of the Group's data, technology and training programme to protect the performance, security and availability of the Group's IT systems. Group-wide cyber policies and processes are in place. Cyber security testing in critical areas of the business is on-going, Group-specific vulnerabilities are reviewed and continually managed, incident response is in place for the Group, monitoring tools for unusual activity are in place, a cyber security training course is available for new hires and awareness material is available on the intranet. The cyber team works closely with the UK National Cyber Security Centre ("NCSC") and is part of the NCSC collaboration portal. The threat posture, including in response to COVID-19, is continually reviewed and managed.

Potential impact

Failure to discover and address any material weaknesses or deficiencies in the Group's internal controls over financial reporting could result in material misstatement in the Group's financial statements and impair the Group's ability to comply with applicable financial reporting requirements and related regulatory filings on a timely basis. Based on the assessment as at 31 October 2020, management identified a material weakness in the Group's internal controls over financial reporting, relating to inadequate controls surrounding existing IT applications, in particular regarding change management and access controls. As a result of those deficiencies, automated controls and controls over information produced by the entity related to those applications could not be relied upon. Please refer to the FY20 annual report on SOX compliance as set out on pages 90 and 91. Although the Group continues to implement measures to address and remediate this material weakness, failure to do so, and the risk that other deficiencies may be identified, could also result in an adverse reaction in the financial markets due to a loss of confidence in the reliability of the Group's financial statements and could have a material adverse effect on the Group's business, financial condition, results of operation and prospects.

How we manage it

The Group has a cross-functional SOX steering group chaired by the CFO, reporting to the audit committee to implement, review and monitor SOX compliant internal controls and any required remediation. Further details of the Group's SOX compliance programme and FY20 annual report on SOX compliance are set out on pages 90 and 91.