ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
Build business applications using new tools & platforms
The leading solution for COBOL application modernization
Modernize mainframe applications for the Cloud
Modernize host application access
Discover the future of CORBA
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
Build secure software fast
Augment human intelligence
Discover, analyze, and protect sensitive data
Drive IT ecosystem with identity-centric expertise
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
Get fast, accurate detection of threats
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
Manage IT & non-IT services with automation and AI
Discover, monitor, and remediate with AIOps
Monitor and optimize complex networks
Discover, manage, and map configurations & assets
Accelerate provisioning with governance in place
Automate and orchestrate processes end to end
Manage IT & software assets for better compliance
Automate server provisioning, patching, and compliance
Automate screen-based human actions with robots
All Micro Focus learning in one place
Build the skills to succeed
Streamline software delivery for faster value
ValueEdge: Value Stream Management
Align corporate investments with business strategy
Continuous quality from requirements to delivery
Scale enterprise SCCM with security and compliance
Resilient AI-powered functional test automation
Enterprise-level requirements management
Deliver continuous application performance testing
Plan, track, orchestrate, and release applications
Govern quality and implement auditable processes
Automate deployments for continuous delivery
Access all products in application delivery management
Modernize Core Business Systems to Drive Business Transformation
Build business applications using new tools & platforms
The leading solution for COBOL application modernization
Modernize mainframe applications for the Cloud
Modernize host application access
Discover the future of CORBA
Modern mainframe application delivery for IBM Z
Secure, zero-footprint access to host applications
Access host data and automate processes with RPA
Multi-factor Authentication for IBM z/OS endpoints
Access all products in Application Modernization & Connectivity
Security at the core to everything you do; Operations, Applications, Identity and Data
Build secure software fast
Augment human intelligence
Discover, analyze, and protect sensitive data
Drive IT ecosystem with identity-centric expertise
Deliver simplified, secure access to users
Scale to billions of identities with IGA platform
Gain control of privileged user activities
Track changes and activities in managed services
Get fast, accurate detection of threats
Access all products in CyberRes
Trusted, proven legal, compliance and privacy solutions
Analytics for text, audio, video, and image data
Reduce risk, cost, and maintenance, and T2M
AI and machine learning for data analysis
Enterprise backup/disaster recovery
Unified traditional and mobile device management
Meet regulatory & privacy retention requirements
Email, IM, and chat-based collaboration
Mobile workforce communication & collaboration
Secure critical file storage and print services
Access all products in Information Management and Governance
Simplify Your IT Transformation
Manage IT & non-IT services with automation and AI
Discover, monitor, and remediate with AIOps
Monitor and optimize complex networks
Discover, manage, and map configurations & assets
Accelerate provisioning with governance in place
Automate and orchestrate processes end to end
Manage IT & software assets for better compliance
Automate server provisioning, patching, and compliance
Automate screen-based human actions with robots
Access all products in IT Operations Management
Give your team the power to make your business perform to its fullest
Micro Focus operations take place within a framework of prudent and effective controls which enable risk to be assessed and managed.
Our business model, future performance, solvency, liquidity and/ or reputation are exposed to a variety of risks and uncertainties. The board’s role is to determine the emerging and principal risks the Group is willing to take to achieve its long-term strategic objectives and enhance the sustainability of value creation. Underpinning the operation of, and central to, the risk management process is the culture of the Group, led by the board, of openness, transparency, debate, trust and accountability. On behalf of the board, the audit committee reviews and challenges the effectiveness and robustness of the risk management process.
The board manages risk in accordance with the enterprise Risk Management Framework (“RMF”) under the Group’s Risk Management Policy and Procedure, including emerging and principal risks. The Risk Management Policy and Procedure was updated during the period under review to incorporate ESG considerations as part of the overall risk management approach. The RMF is aligned to the business objectives and strategy (see Chief Executive’s Strategic review on pages 08 to 11). A key component of the RMF for the board is that, while the RMF enables an assessment of risk, it is also practical and proportionate. This ensures that the RMF is embedded into the day-to-day business processes across the Group, to drive risk awareness and risk culture. The board continues to build upon the RMF to respond to any future change in the Group’s risk profile. During the period, the board continued to assess the gross and net risks against the defined risk appetite statements of the Group and to further align the risks to the Group’s strategy. The risk appetite statements set out the board’s risk-taking approach to ensure a balanced view between risk aversion, opportunity and gains, against a background of maintaining reputation, financial stability and compliance.
The Group maintains a risk-based annual internal audit plan (see page 94 for the report on internal control and risk management). As the risks assessed under the RMF change, the annual internal audit plan is flexed to ensure appropriate levels of assurance. The Group Risk Register was reviewed with internal audit during the development of the annual internal audit plan, and subsequently at each update of the Group Risk Register throughout the period, to ensure alignment of the internal audit plan to the Group’s risk profile. To underpin the robustness of the RMF, as part of the risk-based internal audit process, the internal auditors assess the gross and net risk ranking assigned by the risk owners. The RMF is also subject to an annual review and shared with the Internal Audit team.
Risks are identified, assessed and recorded across the Group. Each business area director and Group function head is responsible for the identification, assessment and management of risk in their area. Each risk is owned by an individual in that area. The process includes the use of risk registers and one to one interviews with business area directors, Group function heads and board members. Risks are assessed on a gross and net basis against a consistent set of criteria defined by the board. The criteria measure the likelihood of occurrence against the potential impact to the Group including financial results, strategic plans, operations and reputation. Each risk is allocated a risk appetite category and a risk tolerance; changes in the risk profile are tracked at each reporting point during the period and presented to the audit committee. The assessment includes current and emerging risks. Principal risks are categorised into four distinct areas, both externally and internally driven, which include financial, infrastructure, marketplace, and reputational risks. Existing controls and improvement actions are recorded on the risk register for each risk, together with internal audit reviews.
The RMF sets out a continuous cycle of review, reporting and improvement over the period. Following one-to-one interviews with the business area directors and Group function heads, the individual risk registers are consolidated to form the Group risk profile. The Group risk profile is reported to the executive directors for monitoring, review and challenge. A report is made to every audit committee meeting during the period for review, to challenge the effectiveness of current controls and planned mitigations across the Group’s risks. The audit committee reports on its risk management dealings to the board, and the board has a standing ERM agenda item. Risks identified as ESG-related are reported to each meeting of the ESG committee. An ESG working group was established in the period, reporting to the ESG committee, with the role to execute and implement the Group’s ESG strategy, activities and disclosures, in the context of the Group’s overall strategy.
The Group’s principal risks are detailed on pages 61 to 73 of the Annual Report and Accounts.