Annual Financial Report

Source: RNS
RNS Number : 0455E
Serco Group PLC
08 March 2022

Publication of the 2021 Annual Report and Accounts

Serco Group plc (the 'Company')



The 2021 Annual Report and Accounts has today been published and is available on the Company's website at 

A hard copy version of the 2021 Annual Report and Accounts and the Notice of the 2022 Annual General Meeting will be sent to those shareholders who have elected to receive paper communications on or about 21 March 2022.  The Notice of the 2022 Annual General Meeting will be made available on the Company's website to those shareholders who have not elected to receive paper communications on the same date.

In accordance with Listing Rule 9.6.1R, a copy of the 2020 Annual Report and Accounts will be submitted to the UK Listing Authority and will shortly be available for inspection at the  National Storage Mechanism

Compliance with Disclosure and Transparency Rule 6.3.5 ('DTR 6.3.5')

The information below, which is extracted from the 2021 Annual Report and Accounts, together with the information included in the Company's full year results announcement published on 24 February 2022, constitute the materials required by DTR 6.3.5 to be communicated to the media in unedited full text through a Regulatory Information Service.  This material is not a substitute for reading the full 2021 Annual Report and Accounts.  All page and note references in the extracted information below refer to page and note references in the 2021 Annual Report and Accounts.

David Eveleigh

Group General Counsel and Company Secretary


8 March 2022

Principal Risks and Uncertainties (page 95)

Changes during the year

Our annual strategic review process (outlined on page 24) considers the risks and opportunities associated with our existing market and services and as such we do not see the need for a material shift in approach. As outlined in the Chief Executive's Review on page 16 we are reporting strong financial performance and we have not observed any material manifestation of risk that has caused significant operational or performance disruption even when considering the disruption of Covid as described on page 39. As a result, our principal risks remain valid with their definition and scope remaining largely unchanged. These risks continue to underpin our business model described on page 11 and mitigation of the risks link directly to our four strategic priorities as described in our management philosophy on page 9. Some changes are noted that reflect updated thinking and in response to operational influences. We have broadened the definition and scope of our Supply Chain risk to ensure wider coverage of this complex risk area and to accommodate potential disruptions as an ongoing impact of Covid. In a similar vein, we have also broadened the scope of our People risk ensuring that we consider capability attraction and retention from a wider perspective. This should enable us to understand and mitigate the impact of adverse labour market trends on the execution of our people strategies across the Group in the medium to long term. We have also retired Failure to Manage our Reputation as a principal risk, considering it instead a potential impact outcome in the event of one of our other principal risks materialising and explicitly considering it as a causal factor under the Failure to Act with Integrity risk and Failure to Grow Profitably risk.


Principal risks, as described below, have been reviewed by the Executive Committee, GRC and the Board. Each risk is classified as a strategic, financial, operational, people, hazard, or legal and compliance risk. The risks are described on the following pages, together with the relevant strategic business objectives, key risk drivers, the Group-wide material controls which have been put in place to mitigate principal risks and the mitigation priorities to improve the effectiveness of the controls. We have included the residual risk trend indicator for each risk and a brief commentary to contextualise these trends. Each of the principal risks is relevant to the achievement of our KPIs as outlined on page 32 with the strongest links highlighted as part of the commentary.


Principal risks are considered over the same three-year timeframe as the Viability Statement set out on page 105, which takes account of the principal risks in its assessment.


In addition to the principal risks and uncertainties already identified, there may be other risks, either unknown, or currently believed to be immaterial, which could turn out to be material, the Covid-19 pandemic being a good example. These risks, whether they materialise individually or simultaneously, could significantly affect the Group's business and financial results.

Summary of Principal Risks


The table maps our Principal Risks to risk categories.


Strategic risks

Failure to grow profitably



Financial risks

Financial control failure




Operational risks

Major information security breach or cyber-attack

Contract non-compliance,

non-performance or misreporting


Significant failure of supply chain


eople risks


Failure to act with integrity

Failure to attract, engage and retain key talent


Health, safety and wellbeing

Hazard risks

Catastrophic incident




Legal and compliance risks

Material legal and regulatory compliance failure




The method and four priorities we use to deliver our strategy as part of our management philosophy are set out on page 9 namely Winning good business, Executing brilliantly, A place people are proud to work, and Profitable and sustainable. Each of our principal risks supports one or more of these priorities with the strongest link shown against each risk. Appropriate consideration and management of the principal risks have a direct link to key Executive remuneration as outlined in the Remuneration Report on page 139


STRATEGIC RISKS                         


Failure to grow profitably (Winning good business / Profitable and sustainable)

Integral to our Strategy Review process, this risk considers the potential impact of failure to win material bids or renew material contracts profitably, or a lack of opportunities in our chosen markets, restricting revenue growth which may in turn have an adverse impact on Serco's profitability. This risk has a broad and direct link to our ability to meet the financial KPIs described on page 32. We have moderate appetite for this risk recognising that we will take reasonable and considered risks to generate profitable growth. Our business is linked to changes in the economy, fiscal and monetary policy, political stability and leadership, budget priorities, and the perception and attitude of governments and the wider public to outsourcing, which could result in decisions not to outsource services or lead to delays in placing work. Our ability to succeed is also linked to the competitive landscape and our ability to efficiently deploy resources as part of our service offering. We carried out a comprehensive strategy review that took the divisional five-year strategies and rolled these up for a Group view. This work concluded that our markets remain robust with significant revenue opportunity in our chosen markets and chosen activities.


In 2021 we have been successful in securing significant new business as well as renewing several critical contracts. Whilst certain key contracts such as Dubai Metro and AWE did end in 2021 they have been offset by new and existing business. We have also benefited from continuing demand for Covid-19 related support services such as testing, tracking and tracing across different geographies. On the other hand, tight employment markets have led to increased employment costs as well as vacancies that have adversely affected some parts of our portfolio. Overall, our revenues and Underlying Trading Profit increased by £539.8m and £65.8m respectively, however some of these gains are temporary and expected to level out once pandemic related work recedes. Further detail on our financial performance can be found on page 77. While the outlook for pandemic related services is unclear, we enter 2022 with a robust, qualified, new business pipeline and good win rate momentum, suggesting that the near and medium-term risk is stable.


Key risk drivers:

External factors reducing the pipeline  of opportunities.

Failure to be competitive.

Inability to meet customer and solution requirements during  design, implementation and delivery.

Ineffective business development.

Material controls:

- Serco Group and Divisional Strategy including periodic strategy reviews.

- Investment Committees.

- Sector-specific Centres of Excellence and Value


- Serco Institute developing thought leadership and innovation for our markets.

- Business Lifecycle Review team process.

- Pipeline and Business Development spend reviews.

- Regular Growth Forum reviews.

- Divisional Performance Reporting process.

Mitigation priorities:

- Review pipeline opportunities to ensure all market activity is accurately captured and that budgets are allocated accordingly.

- Review portfolio for new attractive organic expansion areas.

- Continue to improve leveraging of Serco best practice and innovation and refinement of bid development processes.

- Continue to adopt a robust bid qualification process.

- Retain focus on effective management for major bids.

- Develop efficient common platforms for service delivery.

Risk trend:


No Change





Financial control failure  (Executing brilliantly / A place people are proud to work / Pofitable and sustainable)

Serco operates complex financial controls systems and processes and there is an inherent risk that these may fail. Such failures may result in: an inability to accurately report timely financial results and meet contractual financial reporting obligations; a heightened risk of error and fraud: poor quality data leading to poor business decisions, or an inability to forecast accurately; the failure to create a suitable capital structure; and an inability to execute critical financial transactions, leading to financial instability, potential business losses, and negative reputational impact. This risk links directly to our ability to meet the financial KPIs outlined on page 32. We have an averse appetite for financial control failures and require a robust framework of financial processes, systems and controls to enable timely and accurate financial reporting.


At the start of the Covid-19 pandemic, it was recognised that the risk of financial control failure was heightened due to the fast-moving nature of the business, risk of absenteeism in both the in-house and outsourced finance organisation and disruption to core financial processes and data quality caused by new operating environments resulting from the items noted above and remote working. The Group mobilised quickly to ensure that key mitigants were put in place such as: additional assurance procedures; adequate remote working capacity, including within the Group's outsourced finance teams; monitoring of working capital; and data capture to understand the impact of Covid-19 on the Group's financial results. As a result of the actions taken, the risks which were identified at the start of the pandemic have not materialised in 2021 and our core financial processes and controls have continued to operate without significant disruption.


Over the last 12 months, the Group has worked with external advisers to develop a programme of work with the objective of improving the financial control environment within the Group. This is in preparation for anticipated changes following the issuance of the consultation document by the Department of Business, Energy and Industrial Strategy ("BEIS") entitled Restoring Trust in Audit and Corporate Governance. In addition to improving documentation and control standards, the programme also aims to review the operating model required to implement and sustain the improvements and embed an enhanced controls culture across the Group. The work performed to date is not dependent on the outcome of the BEIS consultation as a no-regrets policy has been adopted to ensure that any work performed would be considered best practice rather than required to support a formal controls attestation, as suggested within the consultation. As noted at the Capital Markets Day, the Company's controls, governance and risk management processes help to assure quality outcomes across the business. These controls operate at both the strategic and operational levels of the business and are embedded in our ESG framework described in detail on page 39.


As noted in the 2020 Annual Report and Accounts, the Group's European business was subject to a cyber-attack in January 2021. The results of the investigation into this attack, produced by both our internal investigations and by our external advisers, have not identified any compromise to the financial information used for the 2021 year-end reporting or to the integrity of financial results from the European Business Unit.


Key risk drivers:

Not setting the right tone from the top. Poor financial processes.

Inadequate financial controls within the business.

Loss of critical roles and/or systems.

Poorly skilled and resourced finance teams to address complex finance standards.

Material controls:

- Group Governance and Finance strategy.

- Standardised and mandated financial systems, processes (including forecasting and reporting) and data structures.

- Governance and review procedures associated with managing the quality of services delivered by third party suppliers.

- Skilled and adequately trained finance staff.

- Disaster recovery plans and testing.

- Board oversight via the Audit Committee.

- Monthly Divisional performance reviews.

- Dedicated Financial Assurance team testing.

Mitigation priorities:

- Enhance the financial controls and assurance framework.

- Continue to deliver effective financial reporting.

- Continuously improve forecasting and reporting processes and data analysis.

- Deliver global finance process improvement and efficiency through automation and robotics.

- Develop a Group-wide training curriculum.

- Effectiveness reviews of disaster recovery plans.

- Ensure talent is retained within the finance function.

Risk trend:



No Change




Major information security breach or cyber-attack (Winning good business / Executing brilliantly / Profitable and sustainable)

Information security breaches or cyber-attacks represent a key risk for us. Such incidents could result in the loss or compromise of sensitive information (including personal or customer) or wilful damage resulting in the loss of service, causing significant reputational damage, financial penalties and loss of customer confidence. We operate an averse risk appetite to major information security breaches and cyber-attacks. We accept that due to the nature of the services we provide we face threats from both internal and external factors but will mitigate the impact of any breach and carry out immediate remedial actions.


As described at our Capital Markets Day, we operate on a business-to-government platform that leverages scale and helps simplify our processes with a well invested portfolio of best-in-class software solutions to support our contracts and shared services. We continue to make significant investments in our cyber-security both at our endpoints and in our core network. In most of our jurisdictions we test ourselves against government standards including CES+ in the UK and we also regularly run penetration tests as well as meeting specific security standards in line with customer requirements as a provider of public services to government. We have a continuing programme of upgrading old desktops and laptops, and the number of devices outside centralised management and monitoring is decreasing rapidly. We have our own in-house Security Operations Centre which monitors the networks and manages our response to cyber threats. The strategy review showed the benefit of investing in shared services to produce standardised and efficient processes.


Serco is committed to delivering secure services which protect our own and our customers' data and as such holds a variety of externally audited security-related certifications. This includes the Information Security Management System covering our UK corporate environment that is certified to ISO 27001. We also maintain certification, where specified, against the principal government security/cyber schemes in the markets we operate. Our certifications are generally publicly available on the relevant accreditors' websites or can be requested from the Company directly.


We continue to invest in staff security training as a key mitigant to this risk. Security training is delivered via our Learning Management System as part of the broader Serco Essentials framework. Training comprises mandatory modules that cover a range of areas including responsibilities when dealing with personal data and how to identify and respond to issues. All Serco employees, including contractors, must complete Serco Essentials and pass a test at the end or alternatively, in the case of subcontract or staff, their employer must demonstrate that they provide equivalent security training. Training is further supplemented, where appropriate, to cover specific points relevant to any particular contract, together with regular campaigns and awareness tests such as protecting against phishing threats.


However, the external threat landscape continues to evolve. As evidenced in a cyber-attack in our European business in January 2021 and recent attacks on our competitors involving ransomware, our industry is a particular target for extortion, and this, along with the increased public profile we have had because of our involvement with government contracts to respond to the Covid-19 pandemic, leads us to conclude that this risk is increasing.


Key risk drivers:

Non-compliant or obsolescent systems. Non-compliance or misconfiguration

with policies and standards.

Vulnerability of systems and information.

Unauthorised use of systems.

Inadequate incident monitoring and response.

Increased regulatory scrutiny.

Material controls:

- Enterprise Architecture Boards & Solution

Review meetings.

- Serco Management System ("SMS") including detailed guidance on minimum security controls.

- IT security infrastructure, processes and controls including isolated backups.

- Privileged Access Management and multi-factor authentication for our centralised managed systems.

- External assessments and scenario based cyber security testing and incident planning.

- Regular attestation statements on security controls compliance.

Mitigation priorities:

- Perform market reviews of deployed technology when services are reviewed at renewal to ensure we maintain our defences as threats change and develop in sophistication.

- Ongoing continuous improvement programmes for our Security Operations Centres to maintain effective risk identification.

- Continued routine vigilance and proactive vulnerability identification coordinated through our Security Operations Centres.

- Continued use of global key security risk indicators and regular third-party testing and best practice configuration reviews to support mitigation priorities.

- Leveraging Cloud adoption to ensure standardised control mechanisms.

- A focus on the behavioural aspects of our employees.

- Maintaining government security attestations.

Risk trend:



Increasing Risk


Contract non-compliance, non-performance or misreporting (Winning good business / Profitable and sustainable)

There is a risk that we fail to deliver contractual requirements or to meet agreed service performance levels and report against these accurately. This failure may lead to significant financial penalties, legal notices, onerous contract provisions or, ultimately, early termination of contracts. We have an averse risk appetite to any possibility of deliberate misreporting of contractual performance and losing material contracts due to non-performance or non-compliance.


Governance in bid processes, transition and operations provide the primary means of managing this risk. The Serco Management System prescribes a review of contract risk through each of the stages of the bid lifecycle from prequalification to contract close out, including monthly performance reviews for all material contracts. As part of our commitment to ongoing improvement our mitigation priorities for the next year will focus on strengthening some of the key control processes and formalising these in the Serco Management System.


Whilst still in the early stages of development we will also begin to track Environmental, Social and Governance ("ESG") impact from our contracts as the maturity of our reporting increases. Though our individual customer contracts vary on ESG-related commitments, our overall corporate commitment to ESG targets will permeate through to our contract teams and will form part of the overall assessment of contract performance and compliance.


Key risk drivers:

Not setting the right tone from the top. Unclear contract requirements/


Human error (deliberate or unintentional).

Operational delivery or reporting failures.

Material controls:

- Contract Management application.

- Monthly performance reviews at Contract, Business Unit and Divisional level.

- Business Lifecycle Review team process.

- Communication of Our Values and Code of


- Speak Up process ("Ethicspoint").

- Extensive internal and external assurance reviews, including independent third-party reviews and customer oversight processes.

Mitigation priorities:

- Strengthen processes related to agreeing clear contracts, change management, bid to contract handover and KPI reporting, formalised through Serco Management System.

- Contract Management training (Global and


- Greater visibility of performance through contract performance dashboard ("Gauge").

- Continued focus on consistent approach to risk assessment.

- Operational excellence improvement plans.

- Ongoing ethics, business conduct and compliance training.

Risk trend:



No Change


Significant failure of the supply chain (Executing brilliantly / Profitable and sustainable)

If there was a significant failure in Serco's end-to-end supply chain to perform to the required standard, Serco may be exposed to risks that mean Serco is unable to meet its customer obligations, perform critical business operations or win new business. This could cause a financial, operational or reputational impact to Serco. Supply chain risk is broad; examples include operational performance risk, cyber risk, regulatory/ legal compliance risk, ethical risk, environmental, social or governance risk. We use thousands of suppliers globally each year and take a proportionate approach to management of these third parties and have a moderate risk appetite for using them.


This year we have expanded this risk to encompass the broader risk to Serco from the supply chain rather than just the risk from the failure of a business-critical supplier. This new scope considers the risk to Serco from non-business critical suppliers and from the suppliers of our suppliers. This change was prompted by several factors including recognition of external challenges (e.g. mini umbrella companies) and our growing maturity in this area. The risk was historically focused largely on operational failure; by amending we have extended the coverage to ensure the risk covers all significant risk exposures and has a view on emerging risks in the supply chain. We have commenced a review of Serco's existing Supplier Risk Management processes, current supplier risk initiatives and key supplier risk exposures to identify any gaps and create alignment across the Group. The output of the review will be used to create a Supplier Risk Management Framework, encompassing risk exposures from information security/cyber, data protection, business integrity and social responsibility, regulatory and legal compliance, external and exceptional risks, supply chain performance, supply chain resilience, financial, environmental, and health, safety and wellbeing. In 2021, we also launched a Sustainable Procurement Charter which aims to improve our review of ESG and responsibility matters in our supply chain.


As a result of Covid-19 and Brexit our third-party suppliers are reporting supply constraints (e.g. resources/logistics) in line with the general supply chain instability that is being widely reported in the media. There is a risk of disruption in all divisions, with a higher perceived risk in the UK where we are experiencing and managing localised challenges. Although our rating for this risk remains constant, the probability is trending upwards driven by the supply constraints we are seeing in the UK.


Key risk drivers:

Inadequate procurement standards, operating procedures and controls.

Failures or inadequate due diligence  and onboarding when bringing new suppliers, partners and sub-contractors into the business including  poor specification of requirements, inadequate sourcing and selection and inadequate  contracting.

Inadequate / lack of monitoring - and management of supplier performance and risks.

High volume of suppliers / complexity of supply chain.

Material controls:

- SMS Procurement Policy, Standards and Procedure including Supplier Code of Conduct.

- Supplier checks (pre-qualification/


- Serco standard contracts including appropriate obligations, Key Performance Indicators and Service Level Agreements.

- Supplier Management Programme for most business-critical suppliers including performance.

- Biannual Procurement review process of all business-critical suppliers.

Mitigation priorities:

- Complete implementation of Supplier Risk Management Framework and commence delivery of resulting roadmap, including supplier triage and assessment.

- Enhance Procurement & Supply Chain Group Standard improving clarity and understanding of policy requirements, processes, controls and responsibilities.

- Risk assessment and mitigation plans incorporating actions to improve effective implementation of key risk controls for all material risk rated business-critical suppliers.

- Expand scope of supplier management programme, taking a tiered approach relative to risk. Review tools and guidance for contract level supplier management for lower risk suppliers.

Risk trend:



Increasing Risk





Failure to act with integrity (Winning good business / Executing brilliantly / A place people are proud to work / Profitable and sustainable)

As a people-based business employing over 50,000 employees there is an inherent risk of rogue employees engaging in significant corrupt or dishonest acts including bribery, fraud, misreporting, cheating or lying. If this risk occurred it would lead to reputation and brand damage and customers being reluctant to do business with us. Such behaviour might arise through the actions of rogue employees or as a result of pressures individuals may feel they are being placed under to deliver financial or operational performance and might lead to: the loss of existing business; restrictions on our ability to bid or win new business; a reduction in our ability to attract high-quality people or partners; or may impact shareholder, investor and financial institutions' confidence in Serco. We have an averse risk appetite to behaviours and actions that may compromise our integrity. Our values and purpose sit at the top of our Management Framework described on page 9 and integrity sits at the centre of and underpins our ESG framework. Whilst we are finding a new balance as the pandemic evolves, we continue to recognise that Covid-19 has brought additional challenges to many parts of the business, and these could lead to an increase in inherent risk. However, we remain confident in the controls we have in place to manage this, and we rate this risk as stable.


Building on work from 2020 we have rolled out improved ethics training, strengthened our internal capability through professional qualifications, continued to reinforce our strong tone at the top and further developed our ESG framework as outlined on page 40.


Key risk drivers:

Not setting the right tone from the top. Weak values and culture.

Increased pressure to deliver. Ineffective systems and processes.

Weak diligence  on where we work and who we work with.

Material controls:

- Strong, meaningful and understood Values and required behaviours which are role modelled by leaders.

- Robust governance (Corporate Responsibility Committee; Executive Committee; Investment Committee; Divisional Executive Management etc.) exercising oversight of decisions within delegated authorities.

- Effective policy and procedures including financial controls and processes defined within the SMS and supported by our Code of Conduct.

- Independent Speak Up process supported by corporate investigations.

Mitigation priorities:

- Deliver our commitments under the DPA.

- Drive greater leadership ownership and accountability for a strong ethical culture.

- Embed Ethics Compliance controls and procedures as an integral part of business processes.

- Continue to implement effective due diligence processes for all third parties.

- Continue to strengthen Ethics Compliance resource and competency.

- Strengthen assurance provided by Ethics

Compliance controls.

Risk trend:



No Change


Failure to attract, engage and retain key talent (Executing brilliantly / A place people are proud to work)

It is our ambition to be regarded as the best-managed company in the sector and, notwithstanding our framework of people processes, systems and controls, there is a risk that we are unable to attract, engage and retain an appropriately sized, qualified and competent workforce and management team. The impact of this risk materialising would restrict Serco's ability to deliver on its customer obligations, execute its strategy and achieve its business objectives whilst driving employee pride in the organisation. The ESG framework is an implicit consideration in this risk and influences the achievement of our Employee Engagement KPI as outlined on page 34. We have a cautious risk appetite and take a pragmatic approach to the attraction, retention and development of key talent. We ensure that robust contingency plans are in place for business-critical roles but recognise that an element of churn is healthy for any business meaning that we are not averse to change.


This risk includes consideration of key person reliance in our leadership and executive teams including succession planning for our senior management team and other business-critical roles. It should be noted that there are difficulties in relation to labour markets, however, rather than being a problem across our whole business, we are currently addressing challenges in specific sectors, roles, or geographies. In response to Covid-19, a great deal of work has been done to streamline and simplify our approach to attracting and onboarding new colleagues. Extensive use of social media to promote recruitment activity and the "speed boarding" global onboarding process has now been embedded, leading to significant efficiencies in bringing new staff into Serco.


The Group Chief Operating Officer continues to work closely with the Board to develop effective succession planning, both for Executive Committee and Group roles.


Key risk drivers:

ack of staff development.

Poor talent management and succession planning.

Low employeengagement. Unsatisfactory reward framework. Recruitment failings.

Inability to attract appropriate new hires.

Material controls:

- Talent Management & Succession processes.

- Leadership capability development.

- Targeted retention arrangements.

- Critical Resource Planning.

- Annual Performance Management process.

- Exit interviews.

- Annual Viewpoint survey.

Mitigation priorities:

- Ensure up-to-date understanding of local employment markets.

- Continue to monitor channels to access external talent in chosen markets.

- Ongoing benchmarking activity to ensure market competitive reward packages to aid retention of existing staff and attraction of new.

- Continue with detailed review of succession plans and mitigation strategies as part of the Talent Review process.

- Ensure ongoing use and analysis of exit interviews.

- Follow up and action on themes identified as a result of annual people survey.

Risk trend:



Increasing Risk


Health, safety and wellbeing (Executing brilliantly / A place people are proud to work)

The diversity of services provided by Serco exposes our employees, customers and third parties to a wide range of health, safety and wellbeing risks inherent to our operations in both work and public environments. These may be caused by a process or control failure or by the wrong behaviour and/or an inadequate safety culture. As responsible employers we recognise the complexity of wellbeing risk and aim to ensure that working for Serco does not impose any additional wellbeing challenges on our employees. This is a wide-reaching risk that directly supports the KPI target for Major Incident Frequency Rate and Lost Time Incident Frequency Rate as described on page 34 and HSE related metrics outlined in our ESG report on page 69. We have an averse risk appetite for actions/failures that would cause loss of life. We cannot eradicate H&S risk entirely whilst maintaining operational delivery so we prioritise prevention of major injuries and threats to wellness whilst accepting that minor injuries will occur on occasion but are minimised by training, risk assessment, safe systems of work, operating procedures, PPE, site supervision and audit & inspection.


Our vision is zero harm. We aim to ensure that no one comes to harm because of the work we do. Wherever we work, we are committed to the prevention of injury and promoting a "just" safety culture in which we foster transparency, honesty and trust in order to identify root causes and prevent recurrence. Wherever we work, we are committed to the promotion of wellbeing and the prevention of ill health. We understand that healthier, happier employees go hand-in-hand with strong business performance, enhanced productivity, a far more positive culture and better outcomes for those we serve.


In addition to personal injury concerns, a breach of Health and Safety regulations or failure to meet our contracted expectations could disrupt our business, have a negative impact on our reputation and lead to contractual, financial and regulatory costs.


Much of 2020 had been dominated by the impact of the Covid-19 pandemic and this has continued into 2021 and will do so into at least 2022. We have continued our response to the Covid-19 pandemic where we have ensured focus on the protection of our employees, customers and third parties. Our Health, Safety & Wellbeing teams continue to support our Covid-19 response across the business, facilitating key mitigations and supporting the continuing recovery phase activities, including design and implementation of Covid-19 site specific risk assessments, remote working risk assessments, training and the development of mental health resources. We have also continued to develop and mature our Diversity and Inclusion network. We recognise that Covid-19 continues to present an ongoing challenge and elevates the position of this risk on our corporate profile.


Key risk drivers:

Failure of the Serco Safety Management


Insufficient communication of key issues, risks and changes.

Lack of/out-of-date task specific competence.

Human factors impact on behaviour.

Occupational  wellbeing risks including psychosocial risks.

Public Health and wellbeing risks.

Behavioural failures/human error resulting in injury or incident.

Impact of the Covid-19 pandemic.

Material controls:

- Serco Health, Safety, Environmental and Wellbeing ("HSEW") Strategies and Safety Management System (policies and procedures inc. Covid-19 Secure and

specific guidance and policies) underpinned by our ESG framework.

- Safety and wellbeing training, communications, and guidance (inc. Serco Essentials) and individual development plans and processes based on role and operational risk.

- Spontaneous and planned preventative, maintenance, inspection and repair programmes.

- Effective incident/near-miss observations reporting and investigations and effective use of ASSURE (independent reporting and compliance system).

- Regular organisation wide and local Covid-19 specific guidance and communication.

Mitigation priorities:

- Continue to embed updated Health, Safety, Environment and Wellbeing strategies and a positive "just" culture.

- Increase Zero Harm Engagement and Safety

Moment activity across the regions.

- Drive wellbeing agenda and ensure appropriate focus at a corporate level.

- Continuing 1st, 2nd and 3rd line assurance activities and ensuring understanding of appropriate levels of ownership, accountability, and responsibility.

- Further embed the Serco (Health, Safety, Environmental and Wellbeing) Strategies and Safety Management System (policies and procedures inc. Covid-19 Secure and specific guidance and policies).

- Further development and maturity of our ESG agenda and programme of improvements to meet best practice and evolving stakeholder expectations.

- Continued review and sharing of lessons learnt throughout the Covid-19 pandemic recovery phases.

Risk trend:



No Change





Catastrophic incident (Winning good business / Executing brilliantly / A place people are proud to work / Profitable and sustainable)

Given the nature of our business we are exposed to the risk of an event (incident or accident) occurring as a result of Serco's actions or failure to effectively respond to/prepare for an event that results in multiple fatalities, and/or severe property/asset damage/loss and/or very serious environmental damage. Management of this risk influences the KPI target for Major Incident Frequency Rate as described on page 34.

We aim to provide safe services and places to work and have an averse risk appetite for this risk.


Each division is continuing to assess risks at a contract level to ensure that all relevant material risks have been identified and to assess and assure mitigations, including insurance cover, are appropriate. Contracts considered inherently high risk are reviewed regularly. The physical risks linked to climate change related events are now included more explicitly in our risk management framework as part of the work initiated for TCFD and outlined in more detail on page 58. Existing business continuity and crisis management plans and processes have been used and served the business well during the Covid-19 pandemic and, despite a continued hard insurance market, we have secured extensive insurance protection as a key mitigant for this risk.


Key risk drivers:

Factors resulting in unsafe conditions. Ineffective or inadequate  policies,

tandards, and procedures.

ack of capability and experience. Lack of safety cultural alignment. Insufficient safety management


Inadequate  planning or response to a catastrophic event, including  extreme weather  or a climate change related event.

Material controls:

- Regular reviews of high-risk contracts.

- Serco Health, Safety, Environmental and Wellbeing ("HSEW") Strategies and Safety Management System (policies and procedures) underpinned by our ESG framework.

- Safety training (including Serco Essentials) and individual development plans and processes based on role and operational risk.

- Effective incident/near-miss investigations and effective use of ASSURE (independent reporting and compliance system).

- Business continuity, crisis and incident emergency response plans and testing.

- Risk transfer via insurance where appropriate.

Mitigation priorities:

- Continue to embed updated HSE&W

strategies and a positive "just" culture.

- Ongoing work within divisions to identify and assess contract specific risks and liabilities.

- Continued training in insurance and contractual risk management.

- Review and optimisation of the insurance programme and captive structure.

- Review levels and adequacy of compliance assurance.

Risk trend:



No Change




Material legal and regulatory compliance failure (Winning good business / Executing brilliantly / A place people are proud to work / Profitable and sustainable)

Serco operates in complex legal and regulatory environments across multiple industries and geographies and there is a risk that we might not comply with all relevant laws and regulations. Failure to comply with laws and regulations could cause significant loss and damage to the Group and its people including exposure to regulatory prosecution and fines, reputational damage and the potential loss of licences and authorisations, all of which may prejudice the prospects for future bids. Defending legal proceedings may be costly and may also divert management attention away from running the business for a prolonged period. Uninsured losses or financial penalties resulting from any current or threatened legal actions may also have a material adverse effect on the Group. We are averse to risks which may result in legal and regulatory non-compliance and require processes that seek to minimise regulatory fines and legal action, as well as targeted and selected assurance activity.


The Covid-19 pandemic, post-Brexit regulatory landscape in the UK and changes in many governments where our customers operate has introduced additional and fast-moving complexity to the legal compliance framework and we recognise that this may increase our risk exposure. In addition, various laws and regulations that apply across the business continue to be subject to increased focus and attention, including Anti-Bribery and Corruption laws, Market Abuse Regulation, Data and Privacy laws, Modern Slavery, Trade Compliance, Competition and Antitrust and Human Rights and Modern Slavery.


Our 2019 Annual Report documented our approach to the Deferred Prosecution Agreement ("DPA") of one of the subsidiaries of Serco Group plc, Serco Geografix Limited ("SGL") entered into with the Serious Fraud Office ("SFO") in July 2019. Throughout 2020 and 2021 we have continued to implement and monitor delivery of our obligations under the DPA, including reporting to the SFO in June 2020 and June 2021. We will continue to focus on the implementation of our ongoing obligations via our DPA plan with both the Board and GRC providing review and oversight of progress.


The management of this risk is a key enabler of Serco's governance for ESG purposes.


Key risk drivers:

ack of governance and oversight. Failure to comply with the SMS and

contractual obligations.

Failure to identify and respond to material changes in legal and regulatory requirements, including  fast-moving

new laws.

Lack of awareness by employees of the legal and regulatory requirements placed upon them and the business.

Inadequate provision  of systems and tools.

Legal or regulatory compliance failure by a third party.

Class action litigation and increasing regulatory fines.

Compliance with SFO DPA obligations.

Material controls:

- Externally appointed legal specialists monitoring and advising on legal and regulatory obligations and changes.

- Legal and contract experts aligned to various specialist areas across the business supported by mandatory and bespoke training.

- Investment Committee and Business Lifecycle Review Team ("BLRT") bid process and governance.

- Third-party due diligence on all suppliers.

- Speak Up process and systems and corporate investigation case management system.

Mitigation priorities:

- Compliance with DPA obligations.

- Automating legislation tracking and horizon scanning on key new laws and regulations.

- Greater use of data and trend analysis.

- Embedding risk based third-party due diligence including modern slavery risk assessment.

- Continuing development of Serco Essentials training programmes including Code of Conduct training.

- Continuing to improve key contract and compliance assurance reviews.

Risk trend:



No Change


Related party transactions (Note 35 to the Consolidated Financial Statements)

Transactions between the Company and its wholly owned subsidiaries, which are related parties, have been eliminated on consolidation and are not disclosed in this note. Transactions between the Group and its joint venture undertakings and associates are disclosed below.



During the year, Group companies entered into the following transactions with joint ventures and associates:




Current         Non-current outstanding         outstanding

Transactions   at 31 December   at 31 December

2021                   2021                   2021

£m                     £m                      £m

Sale of goods and services

Joint ventures Associates Other

Dividends received - joint ventures

Dividends received - associates

Receivable from consortium for tax - joint ventures


1.6                     1.7                        -

0.8                     -                           -


-                   -                           -

13.5                      -                          -

0.9                     0.2                     0.8


16.8                    1.9                      0.8


Joint venture receivable and loan amounts outstanding have arisen from transactions undertaken during the general course of trading, are unsecured, and will be settled in cash. No guarantees have been given or received.



Current         Non-current outstanding         outstanding

Transactions   at 31 December   at 31 December

2020                   2020                   2020

£m                     £m                      £m

Sale of goods and services

Joint ventures Associates Other

Dividends received - joint ventures

Dividends received - associates

Receivable from consortium for tax - joint ventures


0.1                                                 -

2.3                      0.2                      -


4.3                       -                       -

15.5                         -                     -

(0.1)                   2.0                     0.1


22.1                     2.2                     0.1


As announced on 2 November 2020, the Ministry of Defence notified the Group that it would be exercising its ability to terminate services provided by the Group through AWE Management Limited (AWEML) on 30 June 2021.


As announced on 24 June 2021, Vivo Defence Services Limited (VIVO), a joint venture between Serco Limited and ENGIE SA, has been awarded contracts to provide repairs and maintenance work for Service Family Accommodation (SFA) by the UK Ministry of Defence (MOD) Defence Infrastructure Organisation (DIO). VIVO is not a material joint venture to the Group in 2021.



Directors' Responsibility Statement (Page 178)


The directors are responsible for preparing the Annual Report and the Group and parent Company financial statements in accordance with applicable law and regulations.


Company law requires the directors to prepare Group and parent Company financial statements for each financial year. Under that law they are required to prepare the Group financial statements in accordance with UK-adopted international accounting standards and applicable law and have elected to prepare the parent Company financial statements in accordance with UK accounting standards and applicable law, including FRS 101 Reduced Disclosure Framework.


Under company law the directors must not approve the financial statements unless they are satisfied that they give a true and fair view of the state of affairs of the Group and parent Company and of the Group's profit or loss for that period. In preparing each of the Group and parent Company financial statements, the directors are required to:

 select suitable accounting policies and then apply them consistently;

 make judgements and estimates that are reasonable, relevant, reliable and prudent;

-   for the Group financial statements, state whether they have been prepared in accordance with UK-adopted international accounting standards;

for the parent Company financial statements, state whether applicable UK accounting standards have been followed, subjecto any material departures disclosed and explained in the parent Company financial statements;

 assess the Group and parent Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern; and

 use the going concern basis of accounting unless they either intend to liquidate the Group or the parent Company or to cease operations or have no realistic alternative but to do so.


The directors are responsible for keeping adequate accounting records that are sufficient to show and explain the parent Company's transactions and disclose with reasonable accuracy at any time the financial position of the parent Company and enable them to ensure that its financial statements comply with the Companies Act 2006. They are responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error, and have general responsibility for taking such steps as are reasonably open to them to safeguard the assets of the Group and to prevent and detect fraud and other irregularities.


Under applicable law and regulations, the directors are also responsible for preparing a Strategic Report, Directors' Report, Directors' Remuneration Report and Corporate Governance Statement that complies with that law and those regulations.


The directors are responsible for the maintenance and integrity of the corporate and financial information included on the company's website. Legislation in the UK governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.


Responsibility statement  of the directors  in respect of the Annual Report and Accounts

We confirm that to the best of our knowledge:

the financial statements, prepared in accordance with the applicable set of accounting standards, give a true and fair view of the assets, liabilities, financial position and profit or loss of the company and the undertakings included in the consolidation taken as a whole; and

 the strategic report includes a fair review of the development and performance of the business and the position of the issuer and the undertakings included in the consolidation taken as a whole, together with a description of the principal risks and uncertainties that they face.


We consider the annual report and accounts, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Group's position and performance, business model and strategy.


By order of the board


Rupert Soames                            Nigel Crossley

Group Chief Executive                 Group Chief Financial Officer



Cautionary statement

This announcement does not constitute or form part of any offer or invitation to sell, or any solicitation of any offer to purchase any shares or other securities in Serco nor shall it or any part of it or the fact of its distribution form the basis of, or be relied on in connection with, any contract or commitment or investment decisions relating thereto, nor does it constitute a recommendation regarding the shares or other securities of Serco. Statements in this announcement reflect the knowledge and information available at the time of its preparation.


Without prejudice to that, this announcement contains statements which are, or may be deemed to be, "forward-looking statements" which are prospective in nature.  All statements other than statements of historical fact are forward-looking statements.  Generally, words such as "expect", "anticipate", "may", "could", "should", "will", "aspire", "aim", "plan", "target", "goal", "ambition", "intend" and similar expressions identify forward looking-statements.  By their nature, these forward-looking statements are subject to a number of known and unknown risks, uncertainties and contingencies, and actual results and events could differ materially from those currently being anticipated as reflected in such statements.  Factors which may cause future outcomes to differ from those foreseen or implied in forward-looking statements include, but are not limited to: general economic conditions and business conditions in Serco's markets; contracts awarded to Serco; customers' acceptance of Serco's products and services; operational problems; the actions of competitors, trading partners, creditors, rating agencies and others; the success or otherwise of partnering; changes in laws and governmental regulations; regulatory or legal actions, including the types of enforcement action pursued and the nature of remedies sought or imposed; the receipt of relevant third party and/or regulatory approvals; exchange rate fluctuations; the development and use of new technology; changes in public expectations and other changes to business conditions; wars and acts of terrorism; cyber-attacks; and pandemics, epidemics or natural disasters.  Many of these factors are beyond Serco's control or influence.  These forward-looking statements speak only as of the date of this announcement and have not been audited or otherwise independently verified.  Past performance should not be taken as an indication or guarantee of future results and no representation or warranty, express or implied, is made regarding future performance.  Accordingly, undue reliance should not be placed on the forward-looking statements.


Except as required by any applicable law or regulation, Serco expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward looking statements contained in this announcement, including to reflect any change in Serco's expectations or any change in events, conditions or circumstances on which any such statement is based after the date of this announcement, or to keep current any other information contained in this announcement.


This information is provided by RNS, the news service of the London Stock Exchange. RNS is approved by the Financial Conduct Authority to act as a Primary Information Provider in the United Kingdom. Terms and conditions relating to the use and distribution of this information may apply. For further information, please contact or visit

RNS may use your IP address to confirm compliance with the terms and conditions, to analyse how you engage with the information contained in this communication, and to share such analysis on an anonymised basis with others as part of our commercial services. For further information about how RNS and the London Stock Exchange use the personal data you provide us, please see our Privacy Policy.