|
|
|
All figures in £millions
|
2018
|
2017
|
|
Short-term employee
benefits
|
6
|
12
|
|
Retirement
benefits
|
1
|
1
|
|
Share-based payment
costs
|
7
|
2
|
|
Total
|
14
|
15
|
|
STRATEGY AND CHANGE
|
|
|
1. Business transformation and change:
The accelerated pace and scope of our transformation initiatives
increase our risk to execution timelines and to business adoption
of change. The risk is that benefits may not be fully realised,
costs may increase, or that our business as usual activities are
adversely impacted.
(Decrease in impact and probability)
Strategic priorities:
1 Grow market share through digital transformation
3 Become a simpler, more efficient and more sustainable
business
|
Reason for risk
rating: This risk has reduced due to the ongoing
implementation of The Enabling Programme (TEP) in North America in
the first half of 2018. This has reduced our financial risk impact.
However, the scale, volume and accelerated pace of change,
combined with the execution interdependencies, keep this as a high
risk going into 2019. The 2017-2019 simplification programme is
performing ahead of plan and now expects to deliver increased
annualised cost savings in excess of £330m by the end of 2019,
ahead of our original plan of £300m.
Existing controls:
➢
Change and Transformation
office
➢
The Global Learning Platform (GLP)
and The Enabling Programme (TEP) are standing Audit Committee
agenda items
➢
Independent assurance regularly
undertaken on the key programmes
Outcome of 2018
activities: In 2018, we continued to invest in the
digital transformation and simplification of the
company.
➢
We continued to develop the GLP -
described in more detail under risk 2 - 'Products and
Services'
➢
We implemented the next phase of
TEP - primarily in North America - to progress the simplification
of our business.
The 2017-2019 simplification programme moved into its
implementation phase in 2018, with many initiatives now
complete.
2019 outlook and plans:
Business transformation and change initiatives will continue to
support our strategic goals to accelerate our digital transition in
higher education, to manage the print decline, and to reshape our
portfolio, as outlined by our Chief Executive on p10-12 and covered
in more detail under our strategy in action on p18-32.
In 2019, we will continue to roll out TEP to other geographies
worldwide. All key programmes will continue to be closely monitored
by the Audit Committee at each meeting (you can read more about
their oversight of TEP and the GLP on p97-98).
We will continue to use our change and transformation office to
drive plans to completion in 2019. Change management expertise and
dedicated support have been put in place across North America,
Finance and Human Resources teams.
|
|
2.Products and services:
Failure to successfully invest in, develop and deliver (to time and
quality) innovative, market leading global products and services
that will have the biggest impact on learners and drive growth,
ensuring Pearson:
➢
Responds to market needs, as well
as threats from both traditional competitors as well as disruptive
innovation
➢
Offers products to market in line
with our strategy, at the right price and with a deal structure
that remains competitive.
This risk was revised and expanded in 2018 following a risk review
against the strategic priorities, as well as a thorough analysis of
underlying risk drivers. The definition has been changed as a
result.
(No overall change)
Strategic priorities:
1 Grow market share through digital transformation
2 Investing in structural growth opportunities
|
Reason for risk
rating: We have made significant progress in managing
risks around our competition and the product and investment
portfolio in 2018 due to the ongoing progress we have made in
improving our processes and strategic investment
recommendations.
However, due to the importance of product innovation (such as the
ongoing development of the Global Learning Platform (GLP) and our
investment in AI research) to achieving Pearson's strategic
priority of digital transformation, the impact if this risk
materialises remains high.
Competition
We have made significant progress understanding the competitive and
structural threats, especially to our US Higher Education
Courseware business, and made progress mitigating
these.
We operate in competitive markets with many competitors across
these markets. As the consumption of educational products and
services shifts to digital and subscription models, this has the
potential to lead to changes in the competitive structure of the
markets in which we operate
Existing controls:
➢
Global product lifecycle
process
➢
Portfolio
management
➢
Audit Committee oversight of the
GLP
Outcome of 2018 activities:
Product Innovation
Further investment was made in 2018 in development of the GLP - our
single, cloud-based platform to support our learners and enable us
to innovate faster in the future.
The first of our pilots - Rio - went live in September 2018:
Pearson used the software to run a number of focus groups and
targeted interactions with different schools and instructors during
the latter half of 2018.
In addition, we are investing in other innovations, such as
Artificial Intelligence (AI), to ensure that our products provide
leading personalised learning experiences and better outcomes. In
2018, we appointed an industry expert to lead on the development of
our AI products and solutions strategy.
Product and investment portfolio
Progress was made during 2018 in consolidating our key product
portfolios. Portfolio investment allocation decisions were made
using an agreed data-driven framework and the investment governance
criteria and process were revised, spanning partnerships, portfolio
strategy and geographies.
Competition
In 2018, we scaled the rental access model initiative from
c.50-c.150 titles in total by the end of the year.
We also continued initiatives (e.g. pricing, format, policies,
marketing, channel) to incentivise customers to move from print to
digital products to help mitigate risks arising from the secondhand
market and achieve our digital business transformation
goals.
2018 saw the launch of additional anti-piracy initiatives (see risk
12, Intellectual Property, which includes piracy, for more on this
risk).
2019 outlook and
plans: Turning this risk into an opportunity -
successfully accelerating our shift to digital as well as investing
in and delivering the right products and services - is as critical
to successful business performance in 2019 as we have flagged in
previous years. As our Chief Executive highlights on p10, over time
our aim is to transition to a digital first model for our learners,
with print resources available as an 'add on' service.
Product Innovation
We will continue to invest in our development of the GLP (focusing
on an enhanced Revel platform) and expect to launch in the second
half of the year. The GLP will also enable us to better deploy AI
and machine learning to drive advances in educational technology.
Investment in the development of AI will also continue, such as
using it to build on existing automated scoring capabilities using
natural language processing.
Product and investment
portfolio 2019 priorities include improving decision
making effectiveness, for example by implementing a decision
playbook to support how we make decisions for our products plus
identify gaps in the decision making process and how to close
them.
Competition
Our aims in 2019 are to significantly increase the number of US
Higher Education Courseware products in the 'access first' or
Subscription business model, as well as continuing our pricing
simplification efforts in order to clarify and simplify our pricing
structure for both sales representatives and
customers.
|
|
3.Talent:
Failure to maximise our
talent - Risk that we are unable to attract the talent
we need and to create the conditions in which our people can
perform to the best of their ability.
(Decrease in impact and probability)
Strategic priorities:
1 Grow market share through digital transformation
2 Investing in structural growth opportunities
3 Become a simpler, more efficient and more sustainable
business
|
Reason for risk
rating: This risk has reduced due to:
➢
Impact of improved financials:
Stabilising financial performance has driven an improving outlook
for employee incentivisation helping raise morale; also positive
sentiment of strategy approved by the Board
➢
Compensation toolkit enabling
managers to address specific retention risks as needed (with
Executive approval); primary retention managed through total
reward
➢
Better data enabling improved
decision making
➢
Leadership development
programmes.
Existing controls:
➢
Detailed monthly reporting of HR
data and insights to proactively identify and manage risks,
including turnover (voluntary and involuntary) data as well as
gender diversity at all career grades, with regular Executive
review to identify areas for improvement
➢
Consistent performance, talent and
succession management processes
➢
Employee policies including the
Code of Conduct
➢
Employee engagement forums and
action plans
➢
Exit interviews conducted and
monitored globally to identify any trends and
concerns
➢
'Pearson U' learning
platform
➢
External careers website and
talent acquisition approach to improve attraction of digital
skills
➢
Wide range of employee
benefits.
Outcome of 2018
activities: To support our digital transformation,
acquisition of digital talent is a high priority. Challenges
continue with digital hiring but we are seeing some improvement,
driven by clarity of skillset needed and a targeted compensation
guide enabling Pearson to be more competitive. As a result, year
over year percentage of digital hires is up by 37%. We
also:
➢
Focused Leadership development
programmes for senior leaders with specific mentoring programmes
for high potential employee (HiPO) women in these
roles
➢
Continued targeted learning
throughout the organisation with 'Pearson U' learning platform
enhancements, career development workshops, manager fundamentals
training and emphasis on all employees having development
goals
➢
Launched the Alumni
programme
➢
Put greater focus on diversity and
inclusion (D&I): we designed our future state diversity
framework, governance and measurement model. We received awards for
our localised D&I efforts and increased marketplace
recognition. You can read more about our diversity, equality and
inclusion activities under Sustainability on
p38
➢·Released
the organisational health index survey for all Pearson employees,
the results of which will influence the priority order of the 2019
action planning.
2019 outlook and
plans: HR will continue to work with Pearson
leaders to increase engagement and organisational health, acting on
the findings from the organisational health survey taken in late
2018. Our aims in 2019 are to:
➢
Develop sustainable total reward
programmes aligned to the business strategy
➢
Develop awards and recognition for
the workforce and marketplace
➢
Deliver organisational design and
change management to support business
deliverables
➢
Upskill the workforce on digital
customer channels B2B, while continuing to acquire new digital
talent and expertise
➢
Drive sales performance through
embedding best practice sales incentive design
➢
Empower managers with greater
flexibility to make reward decisions for their teams, underpinned
by greater transparency of our pay practices to our
employees
➢
Refresh leadership skills,
competencies and behaviours and continue leadership development
programmes
➢
Refresh approach to performance
management, adapting more contemporary practices to drive high
performance
➢
Utilise new approach to talent
review, assessing all VPs against required capabilities and culture
needed
➢
Drive internal mobility through
increased visibility to talent and cross-business development
opportunities
➢
Promote enterprise-wide talent
management mindset, owned by leadership across all areas. Develop a
mindset for analytical, digital and innovation
skills
➢
Deliver refreshed global diversity
and inclusion approach, operational plan and measurement model;
increase gender diversity, especially in senior leadership
roles.
|
|
4.Political and regulatory risk:
Changes in policy and/or regulations have the potential to impact
business models and/or decisions across all markets.
(No overall change)
|
Reason for risk
rating: Despite a slight reduction in our risk exposure
in the US from an educational standpoint, this risk remains high at
the time of publication due to the potential for political
instability in the UK arising from the potential for Brexit 'no
deal' plus wider uncertainty and instability in the rest of the
world.
Existing controls:
➢
Board and Executive
oversight
➢
Government relationship
teams
➢
Steering Committee monitoring the
UK's departure from the EU
Outcome of 2018
activities: In 2018, we continued to build global
political and regulatory relationships in the US and the UK, as
well as an international political profile in order to understand
future international risks and proactively mitigate them. In the
US, we worked hard to highlight Pearson's credentials as an
innovator in education and workforce readiness, specifically
referencing Accelerated Pathways, Inclusive Access and workforce
credentialing; we maintained fair market access through national
and state partnerships and direct lobbying; and we worked with the
National Governors Association Chair to shape his Initiative on
developing workforce skills. In the UK, we continued to monitor
actions associated with the UK's departure from the EU, working
with government to mitigate business risk associated with
regulatory changes. We also implemented our own internal mitigation
and contingency plans in the event of a 'no deal'.
We also:
➢
Responded to the government's
post-18 funding review, creating a commission to oversee research
into vocational education and lifelong learning
➢
Continued executing thought
leadership work to establish the role of BTECs in supporting
learners into work and higher education as an alternative
pathway
➢
Submitted responses to enquiries
and consultations regarding technical/vocational education and
related issues
➢
Continued to position Pearson in
the UK as a leader, expert and innovator in T Levels. We were
awarded the contract to develop, deliver and award two of the first
three T Levels.
Internationally, we continued our ongoing efforts to position
Pearson for PTE Academic accreditation in China, Canada and the UK,
well as pursuing BTEC opportunities in Southeast Asia.
2019 outlook and
plans: Pearson will continue to position itself as a
leader in the education space, an innovator in higher education and
establish the company as a key engine in workforce development and
economic growth. We are also driving opportunities to engage
directly with other businesses.
In the US, we are likely to see a push to increase higher education
funding from new Democratic Governors and State Legislators, as
well as a focus on connecting education to jobs. Pearson will
continue to work with Governors and educate officials at the
Federal and State level on Pearson's expertise in education and
workforce.
Brexit may cause political instability in the UK arising from the
potential for 'no deal' plus wider uncertainty and instability in
the rest of the world. Pearson will continue to implement its
mitigation and contingency plans in case of a 'no deal' (See
'customer experience' risk for supply chain specific Brexit
mitigation actions).
Internally, trade tensions and political uncertainty with rising
populism and nationalism could lead to further protectionist
measures. We will continue to position Pearson with government
officials and influencers in key markets for PTE Academic
accreditation and BTEC opportunities, as well as widening
participation in international forums and with national government
contacts to mitigate regulatory risks.
We will continue to monitor legislation around the world for major
shifts in education policy.
|
|
OPERATIONAL
|
|
|
5. Testing failure:
Failure to deliver tests and assessments and other related
contractual requirements because of operational or technology
issues, resulting in negative publicity impacting our brand and
reputation.
(Decrease in impact and probability)
Strategic priorities:
3 Become a simpler, more efficient and more sustainable
business
|
Reason for risk
rating: As Pearson is an educational content,
assessment and related services company, successfully managing this
risk remains a priority.
This risk decreased in 2018 due to the continued migration of all
student testing in North America to a secure cloud computing
environment - Amazon Web Services (AWS). This has resulted in
improved availability and stability.
We successfully delivered exams and testing in 2018 to a high
standard of quality. We experienced minimal disruption of the ePEN
(online marking system). However, the impact should we experience
issues in our testing platforms or processes keeps this as a
risk.
Existing controls: We
seek to minimise the risk of a breakdown in our student marking
systems with the use of:
➢
Robust quality assurance
procedures and controls
➢
Oversight of contract
performance
➢
Investment in technology, project
management and skills development of our people, including software
security controls, system monitoring, pre- deployment testing,
change controls and the use of root cause analysis procedures to
learn from incidents and prevent recurrence
➢
Use of AWS in Clinical and
Schools
➢
IBM counter-fraud tool (Pearson
VUE).
Outcome of 2018
activities: In North America, SchoolNet plus all
Clinical products have now been successfully migrated to AWS. The
next iteration of ePEN (UK and Australia) is also now AWS hosted.
Pearson VUE also began the process of moving systems to more stable
platforms.
Our Functional Skills qualifications were the first to go live on
the new version of ePEN in the UK (in July) followed by General
Qualifications in November. PTE Academic was also upgraded to
stabilise the system.
In June 2018, a GCE A Level Maths C4 paper (taken by 50,000 pupils
in England) was offered for sale online the night before the exam.
This was the same paper that was leaked the year before. A police
investigation was opened, however, the incident was far more
limited in scope than it was the prior year, due to the additional
security measures put in place as a result of the previous
incident. Ultimately, the paper-based nature of examinations and
the scale of the system means that security is heavily reliant on
schools to maintain the security of the material. The investigation
was able to make good progress in identifying the source of the
leak.
The IBM security tool implemented by Pearson VUE started to yield
benefits in terms of client adoption and positive feedback of the
web monitoring. Alongside this, a new third party governance and
assurance process was developed which will continue to be rolled
out in 2019.
2019 outlook and
plans: The drive to continue improvements to
availability and stability of testing systems, migrating and
retiring legacy systems will continue in 2019, for example,
migrating PTE Academic to AWS and further automating test
publishing processes to reduce the risk of human manual
error.
In UK qualifications, the potential impact should this risk
materialise is potentially higher due to the fact
that:
1) 2019 will see the main implementation of the ePEN
upgrade. We will take into account the complexity of our systems,
as well as external marking contract requirements
2) We still have a number of reformed qualifications
being delivered in 2019 which includes GCE Maths.
Given the high stakes nature of the UK testing business, the risk
of security breaches remains, either malicious in nature or as a
result of error. We are launching a malpractice review as part of
the Joint Council for Qualifications. This will include question
paper breaches but also cheating allegations more
broadly.
|
|
6.Safety and security:
Risk to the safety and security of our people and learners arising
from either the risk of injury and illness; our failure to
adequately protect children and learners; or due to increasing
local and global threats.
This risk has been expanded to incorporate all risks that could
impact the safety and security of our people and learners into one
risk. As a result, it now includes:
➢
Corporate
security
➢
Travel safety
➢
Safeguarding and
protection.
(Increase in probability)
|
Reason for risk
rating: Corporate security risk probability increased,
reflecting an increase in incidents in 2018 compared to 2017. The
variety and global range of risks/threats we face are undiminished.
The impact of an event occurring (and not just externally) could be
significant.
There has been no change in terms of the overall risk status for
both Health & Safety and Safeguarding. Serious safeguarding
incidents may not be frequent but their impact remains high, both
to the individual affected as well as to Pearson's reputation
(there continues to be a focus on these issues worldwide, both in
the government and in the media).
Existing controls:
➢
Global policies and minimum
standards in place for Health & Safety, Security and
Safeguarding
➢
Global audit and assurance
programme
➢
Training and communication (e.g.
global animation, new internal Health & Safety intranet site,
IOSH Managing Safety Course)
➢
Staff Code of
Conduct
➢
Third party risk management
policy
➢
Local Safeguarding
coordinators
➢
Everbridge mass notification
system
➢
External travel management and
intelligence.
➢
Key Performance Indicators in
place (see p37-38 in Sustainability).
Outcome of 2018 activities:
Safeguarding
We continue to view Safeguarding as a fundamental obligation to our
learners and a high priority for Pearson and as such it also forms
part of our sustainability strategy (see p37 in Sustainability). We
agreed a new Safeguarding strategy for 2018-2020, which includes a
focus on Safeguarding in online and digital
environments.
In addition, we implemented a new set of Safeguarding metrics,
which enable a better analysis of how robust each business'
Safeguarding is; and we completed a gap analysis on the
Safeguarding assurance processes for each business. This identified
eight areas where we will strengthen and deepen our assurance
processes.
In April 2018, we co-hosted a seminar with the Lucy Faithfull
Foundation: Creating 'child safe, child friendly organisations.' It
explored the use of Situational Prevention in addressing abuse in
schools. It was well attended with 97% saying they would apply the
theory to their current role.
Corporate security and travel safety
Travel security continues to grow in support of new areas, not
limited solely to higher risk locations.
Our Everbridge tool is now live in 21 countries and we released
mandatory training and awareness for people travelling to high risk
locations.
The corporate security team led reviews in 16 countries in 2018,
identifying areas for improvement or further adoption of security
policy/standards.
Health & Safety (H&S)
Due to ongoing implementation of H&S risk mitigation actions,
we have seen a slight reduction in risk in 2018. Completed
activities include:
➢
A significant revision of our
Global H&S policy and standards with
animation
➢
A global round of International
IOSH 'Managing Safely' course
➢
The implementation of a business
focused and risk-based health and safety assurance programme: in
our 48 priority locations, implementation of the global H&S
Standards continues to improve.
2019 outlook and
plans: In 2019, we will continue to promote the message
of prevention as well as reaction.
Safeguarding
We will continue to develop our practice and policy in regards to
online Safeguarding: we have appointed an external consultant, who
is a recognised expert in online Safeguarding, to assist us with
our plans. Our plans include:
➢
Hosting a seminar which looks at
best practice in online Safeguarding for internal staff and
external partners
➢
Ongoing work on the Safeguarding
action plan for the Pearson Institute of Higher Education in South
Africa
➢
Publication and implementation of
a sexual harassment policy in Pearson College
London
➢
Ensure that our Safeguarding
practice fully reflects the company's commitment to
diversity.
Corporate security and travel safety
In 2019, we are forming a combined security and resilience
governance group which will oversee management of this risk.
Physical and travel security reviews of higher risk locations will
be ongoing and we will continue to refine data specific to our
Everbridge notification system.
Health & Safety
Our aims in 2019 are to:
➢
Deliver a real-time, global
solution to report, escalate, investigate and action H&S
Incidents
➢
Continue our robust
business-focused and risk-based global assurance programme for
2019, which includes third party vendors where Pearson has
outsourced risk activities
➢
Further develop the analysis of
Occupational Health data in partnership with HR to ensure proactive
and reactive intervention strategies are
aligned.
|
|
7.Customer
experience: Failure of either our current operations,
supply chain or customer support to deliver an acceptable service
level at any point in the end-to-end journey; or to accelerate
Pearson's lifelong learner strategy and
transformation.
Previously 'customer digital experience,' this risk has been
redefined and expanded following a review of the global strategy
implications, as well as a thorough analysis of the underlying risk
drivers undertaken as part of the H2 2018 risk update process. As a
result, we have expanded the customer experience and learner
experience component of the risk and added operations (including
supply chain) to better reflect the risks to delivering an optimal
end-to-end customer journey.
(Slight increase in impact)
(Increase in probability)
Strategic priorities:
1 Grow market share through digital transformation
3 Become a simpler, more efficient and more sustainable
business
|
Reason for risk
rating: This risk is crucial to Pearson a) delivering a
good service to our customers and b) enabling our digital
transformation. As a result, we expanded and redefined the risk to
include the end-to-end customer journey, whether for print or
digital products and services (or a blend of the two).
This redefined risk remains rated high due to our ongoing
transformation efforts which have the potential to impact on the
customer experience.
We continued to make further improvements to our product platform
stability and execution in 2018 and had good stability throughout
both North America Back to School periods. This was our best year
to date in terms of up time.
In the UK, we began the implementation of mitigation and
contingency plans to manage a potential 'no deal' scenario
regarding the UK's exit from the EU, given the possibility of a 'no
deal' at the time of publication.
Existing controls:
➢
Real-time monitoring of systems
(for service
disruptions) and reporting of operational
performance used to identify
issues
➢
Release readiness reviews for our
major product platforms
➢
Programme governance and
hypercare
➢
Board oversight of Brexit
risk
➢
In the UK, the Audit and Quality
team have a secure supplier annual audit programme for suppliers
dealing with Pearson confidential material (e.g. exam
papers)
➢
New structure put in place to
prevent fraud and incorrect orders to be placed by
customers.
Outcome of 2018 activities:
Operations and supply chain
Our efforts in 2018 were focused primarily on the UK and North
America. The Enabling Programme (TEP) went live for the first time
in North America in May 2018, with ongoing hypercare put in place
as a contingency plan to support supply chain stabilisation during
implementation.
In the UK, as well as a TEP retrofit deployment, we also completed
our move from the UK warehouse previously shared with Penguin. This
was phased from the end of 2017 and completed in spring 2018. In
parallel, we also undertook an in depth analysis into the impact on
our supply chain and operations in the event of a 'no deal' Brexit,
commencing work on implementing our mitigation and contingency
plans to address these.
Customer experience
The customer experience is recognised as a key enabler and 'license
to operate' in terms of Pearson's future strategy. In 2018, we
realigned our priorities and plans across the business, in
readiness to refocus on the learner experience in
2019.
Customer services
Customer services have made a lot of progress in terms of reducing
this risk in 2018 and managing the challenges of the TEP
deployments in North America and the UK.
Operational stability
We continued to focus in 2018 on performance and stability across
all of our product platforms with roadmaps underway for stability,
the user experience (UX) and competitive features across all
product platforms.
2019 outlook and plans:
Operations and supply chain
In the US, our primary focus is to ensure that we are prepared for
the Back to School periods, the first of which is in the spring of
2019.
In the UK, a team has been established that is taking end to end
responsibility for our Learning Services operational delivery. We
will continue to implement our mitigation and contingency plans to
prepare for the possibility of a 'no deal' Brexit whilst we monitor
the outcome.
Customer experience
In 2019, we will focus on learners and modernising our customer
experience for clinical assessments, expanding our efforts to
instructors and educators in 2020 and beyond.
Customer services
The focus in North America is preparing for and supporting further
TEP implementations in order to minimise customer impacts as we
move to new business processes and adopt new
technology.
Operational stability
Our 2019 roadmap for North America Higher Education continues to be
increasingly focused on security and performance of non functional
requirements as well as third party interoperability.
|
|
8.Business Resilience:
Failure to plan for, recover, test or prevent incidents at any of
our businesses or locations.
Incident management and technology disaster recovery (DR) plans may
not be comprehensive across the enterprise.
Risk definition has been changed to focus on resilience, DR and
incident management. Corporate security and travel safety now forms
part of the expanded 'Safety and security' risk.
(No overall change)
|
Reason for risk
rating: The business resilience programme continues to
mature, although Pearson's global footprint means there remains a
possibility of single events with major impact.
Work to improve incident management continues to see positive
improvements
Existing controls:
➢
Policy in
place
➢
Incident management process,
including global notification and incident reporting
tools
➢
Resilience Governance Board
meetings
➢
Incident management and recovery
teams
➢
ISO 22301 independent
accreditation.
Outcome of 2018
activities: A new Pearson wide resilience policy and
incident management framework was delivered in 2018 and work
continued to improve business resilience and incident management
capability across the organisation, including:
➢
Annual reviews and further
refinement of the 'Top 40' and other locations involved in
planning, testing and response to actual
incidents
➢
Pearson Qualification Services
recertified to ISO 22301, Business Continuity
Management
➢
Developing the approach to digital
resilience, including for the GLP and future digital
product.
➢
Worked with Health & Safety,
Facilities Management and Global Property towards embedding
improvements across North America, although delivery is primarily
in 2019
➢
High Impact Event (HIE) awareness
and education took place across 13 Pearson locations in the second
half of the year. This was well received and more are planned for
2019.
2019 outlook and
plans: In 2019, we will continue to focus on prevention
rather than reaction and refine our resilience approach to be
responsive to both current and emerging risks. A combined Security
and Resilience Governance Group will form in 2019.
Specific focus areas will be to:
➢
Better understand and mitigate
risks to supply chain and vendor management
➢
Continue support to the GLP and
TEP programmes
➢
Continue to refine DR planning for
legacy systems
➢
Continue to support Data Centre
resilience.
|
|
9.Harnessing the power of our data:
New risk: Failure to:
1) Maximise our use of data to enhance the quality and scope of
current products and services in order to improve learning outcomes
while managing associated risks.
2) Maintain data quality, accuracy and integrity to enable informed
decision making and reduce the risk of non-compliance with legal
and regulatory requirements.
We have previously included the second component under risk 1,
business transformation and change.
Strategic priorities:
1 Grow market share through digital transformation
3 Become a simpler, more efficient and more sustainable
business
|
Reason for risk
rating: This is a new principal risk for 2018 and
reflects the importance of data analytics in education (as outlined
by our Chair on p8) such as driving improvements in learning,
improving classroom productivity and making learning more
affordable and more accessible.
We continue to evolve our business model so we are able to use our
data in ways in which we can better service the needs of our
customers.
Existing controls:
➢
TEP with Master Data Management
(MDM) now live in both the UK and North America
➢
Data governance in
place.
Outcome of 2018
activities: One of the outcomes of the work undertaken
across Pearson in 2018 is that the concept and approach to data
governance across customer and product is maturing. Our MDM
footprint was expanded as part of TEP going live in North America
in May 2018 - this consolidated North American customer and product
data from three existing ERPs with what was already live in the UK.
The product data footprint was also expanded in 2018 to meet the
needs of our new rights and royalties system.
Work is continuing on customer data harmonisation, definitions and
data representation which will also help support the ongoing
promotion of data governance.
We began user capability work in the second half of 2018 which will
allow us to begin to retire legacy systems.
Data privacy guidelines (concerning GDPR) were issued and are being
taken into account in our data activities (see risk 11 which covers
our data privacy risk and GDPR readiness in more
detail).
2019 outlook and
plans: We will start work to expand MDM and ERP user
capabilities to enable decommissioning of legacy product data
systems (target retirements to start Q4 2019). This is expected to
highlight issues in data harmonisation that will need to be
resolved.
Expanded customer data harmonisation and quality activities are
also being planned for early 2019.
We will continue to develop the concept of data governance through
defining ownership, policies, and funding for transactional and
reference data governance.
Future mitigation plans for this risk will focus on how we collect
data, how we use it and the structures we have in place to manage
associated risks, both regulatory and reputational.
|
|
FINANCIAL
|
|
|
10.Tax:
Legislative change caused by the OECD Base Erosion and Profit
Shifting (BEPS) initiative, the UK exit from the EU, or other
domestic government initiatives, including in response to the
European Commission State Aid investigation into the UK CFC
exemption, results in a significant change to the effective tax
rate, cash tax payments, double taxation and/or negative
reputational impact.
(Increase in impact)
(Decrease in probability)
|
Reason for risk
rating: The risk impact increased in 2018 due to the
ongoing potential financial (cash) impact of the announcement in
November 2017 of the European Commission opening decision on the UK
Controlled Foreign Companies exemption (see note 34, contingent
liabilities, on p206). We continue to await a final decision from
the investigation.
We have recorded a significant one off tax benefit in 2018 (please
see our CFO's commentary on p44 for more on this), however we do
not anticipate a significant change in the ongoing effective tax
rate of 21%.
Existing controls: Our
tax strategy reflects our business strategy and the locations and
financing needs of our operations. In common with many companies,
we seek to manage our tax affairs to protect value for our
shareholders, in line with our broader fiduciary duties. We do not
seek to avoid tax by the use of 'tax havens' or by transactions
that we would not fully disclose to a tax authority. We are guided
by our taxation principles, which include complying with all
relevant laws, including claiming available tax incentives and
exemptions that are available to all market
participants.
The CFO is responsible for the tax strategy; the conduct of our tax
affairs and the management of tax risk are delegated to a global
team of tax professionals. The Audit Committee oversees the tax
strategy and receives a report, including a risk deep dive, on this
topic at least once a year (see p97). Our published tax report
provides our position on tax.
Outcome of 2018
activities: In 2018, the Audit Committee reviewed our
updated tax strategy and approved our second tax report which was
published in the second half of the year.
During 2018 we worked through the implications of the State Aid
opening decision, with the support of external advisors. We took
appropriate action in response to US tax reform at the end of
2017.
2019 outlook and
plans: Our focus in 2019 will be the monitoring of (and
to react accordingly to):
➢
EU State Aid
decisions
➢
The implications of the UK's exit
from the EU. The ongoing uncertainty does not allow us to confirm
the tax implications, although we continue to expect that there
should not be material incremental taxes payable (in either a
'deal' or 'no deal' scenario).
We will continue to assess US tax legislation changes, including
guidance issued in December 2018, as well as monitoring potential
tax law changes globally, and implement mitigation plans if
required. In addition, we will monitor the most recent initiatives
in the BEPS Project.
Media and public scrutiny on tax issues will continue to be
actively monitored by both the Tax and Corporate Affairs
teams.
|
|
LEGAL AND COMPLIANCE
|
|
|
11.Information security and Data privacy:
Risk of a data privacy incident or other failure to comply with
data privacy regulations and standards, and/or a weakness in
information security, including a failure to prevent or detect a
malicious attack on our systems, could result in a major data
privacy or confidentiality breach causing damage to the customer
experience and our reputational damage, a breach of regulations and
financial loss.
(No overall change)
|
Reason for risk
rating: Risks concerning cyber-security and data
privacy remain high due to complex external factors.
Data privacy risk has reduced slightly due to the work undertaken
to remediate risks under the EU's General Data Protection
Regulation (GDPR). However, this mitigation is offset by risks
associated with the proliferation of data privacy laws outside of
the EU and North America.
Existing controls:
➢
Information Security and Data
Privacy Offices
➢
ISO 27001 controls including
strong encryption, patching, monitoring, and access
controls
➢
Privacy impact assessment
process
➢
Regular audits
➢
Automated
tools
➢
Published policies, processes and
guidelines, global training and awareness including annual
awareness week
➢
Risk management
framework
➢
Vendor
oversight
➢
Audit Committee risk 'deep dive'.
See p98.
Outcome of 2018
activities: GDPR regulations came into force across the
EU on 25 May 2018. This introduced more onerous privacy obligations
and more stringent penalties for non-compliance. As Pearson
operates across several EU Member States, Pearson will still need
to comply with GDPR even when the UK leaves the EU. A key focus of
our data privacy efforts in 2018 has been putting plans in place to
ensure that we were appropriately prepared for GDPR.
In addition to the work undertaken to prepare for GDPR, we
continued to work to improve the security of our critical products,
implementing a joint privacy and security process for new
vendors.
The information security team worked proactively to identify and
remediate security threats to Pearson. The improvement programme
continued, ensuring that infrastructure, core platform and product
deliveries across Technology (including Cloud and network
transformation, the GLP, Enterprise Core platforms) include
security controls and protection as fundamental
components.
The programme to review our top vendor contracts from an
information security standpoint was implemented in 2018, gaining
good traction with different business areas.
2019 outlook and
plans: With an evolving regulatory landscape, in
addition to ongoing GDPR compliance, the Data Privacy Office will
assess new laws and regulations coming into force in a number of
jurisdictions and prepare for their implementation.
The information security team will continue to drive security
maturity with the expansion of Vendor Risk Assessments,
Multi-Factor Authentication, and pervasive data encryption (and
also thus security compliance to regulatory requirements such as
GDPR, PCI, HIPAA and FERPA).
|
|
12.Intellectual property (including piracy):
Failure to adequately manage, procure, register or protect
intellectual property rights (including trademarks, patents, trade
secrets and copyright) in our brands, content and technology, may
(1) prevent us from enforcing our rights, and (2) enable bad actors
to illegally access and duplicate our content (print and digital
counterfeit, digital piracy), which will reduce our sales and/or
erode our revenues.
Rights, permissions and royalties have been removed from this risk
as it has reduced to the extent it no longer meets our threshold
for a principal risk and we expect this to remain the case going
forward.
(Increase in probability)
|
Reason for risk
rating: The probability of digital piracy risk has
increased as online copying and security circumvention have become
increasingly sophisticated and resistant to available
countermeasures.
Notably, 2018 introduced more sophisticated-appearing 'digital
counterfeit' websites now selling unprotected PDF files of certain
Pearson's titles, using modern and sophisticated ecommerce methods.
This is a nascent challenge that we are now addressing and 'flat
PDFs' are a small portion of our portfolio and
revenues.
From an IP perspective, increasing our digital business exposes us
to more trademark, copyright and patent infringement
risks.
Existing controls:
➢
Robust set of policies, copyright
clearance standards, procedures and systems in
place
➢
Global trademark monitoring
platform
➢
Cooperation with trade
associations and other educational publishers
➢
Monitoring of technology and legal
advances
➢
Patent programme in
place
➢
IP protection programme in
place
➢
Legal department provides ongoing
monitoring and enforcement of print counterfeit and digital
piracy
➢
Employee awareness and training,
including a site to improve best practice around
patents
➢
Single rights management system in
place for UK, US and Canada.
➢
Close cooperation with US higher
education channel partners (e.g. Amazon, Barnes & Noble,
Follett) to prevent print counterfeit.
Outcome of 2018
activities: A very active patent filing took place to
ensure protection of our rapidly evolving next gen technology for
the GLP (this is expected to continue).
We also recorded key Pearson trademarks with U.S. Customs and
Border Protection (CBP) to enable CBP's seizure of suspected
counterfeit textbooks. This recordation has already resulted in
several seizures by CBP.
Piracy
We increased our focus and awareness around digital and print
counterfeit, and digital piracy, across Pearson's ecosystem, via
policies, best practices, and channel partner reviews - effectively
coordinated via Pearson's IP Protection Programme.
Print counterfeit via authorised partners was greatly reduced in
2018 following successful enforcement against overseas
distributors.
2019 outlook and
plans: We will continue to streamline our portfolios;
procure and register expanded rights in our high value IP globally,
including expanding our patent portfolio; monitor activities and
regulations; and proactively enforce our rights, taking necessary
legal action.
We are in the process of drafting the broader IP policy for launch
in 2019. This will be accompanied by additional IP training
modules.
In 2019, we will continue to:
➢
Undertake ongoing monthly test
buys
➢
Closely monitor and enforce
against marketplace piracy and digital counterfeit
sites
➢
Explore watermarking to detect
sources of digital piracy
➢
Investigate use of vendors to gain
better visibility and enforcement tools against marketplace piracy
(both print and digital)
➢
Review product requirements to
make Pearson products and infrastructure more resistant to
piracy.
|
|
13.Compliance including antibribery and corruption (ABC) and
sanctions:
Failure to effectively manage risks associated with compliance
(global and local legislation), including failure to vet third
parties, resulting in reputational harm, ABC liability, or
sanctions violations.
(Increase in probability)
(Decrease in impact)
|
Reason for risk
rating: As a result of the due diligence programme we
are currently undertaking, it is likely we will uncover more
risks.
Conversely, as a result of the more robust due diligence, training
and awareness currently being undertaken, we are less likely to see
future risks with a 'severe' impact and, where risks appear, we are
more likely to see effective mitigation strategies and follow up
that reduce potential exposure.
Existing controls:
➢
Internal policies, procedures and
controls including employee ABC policy
certification
➢
Employee and business partner
codes of conduct (see also 'Respect for human rights'' under
Sustainability on p36)
➢
Local Compliance Officers (LCOs)
in place
➢
Corporate Compliance and Ethics
awareness week
➢
Audit Committee risk 'deep dive'.
See p98.
Outcome of 2018
activities: Internal procedures, controls and training
continue to mature, which are designed to prevent corruption.
Pearson's Code of Conduct was 100% completed in 2018. The Code of
Conduct includes references to ABC policy and requirements.
Pearson's ABC policy establishes a consistent set of expectations
and requirements regarding ABC for all our personnel and business
partners to adhere to.
In 2018, we took lessons learned from our pilot project in 2017 and
revamped a global approach to our third party ABC due diligence
process. We improved contractual provisions, outlined a flow chart
as to when certain terms should be used, and implemented the due
diligence process in all of Growth and most of Core markets. We
conducted due diligence on over 2,800 third party suppliers last
year, and have conducted due diligence on thousands of third party
test centres.
In addition to the two key areas of activity above, we
also:
➢
Conducted fieldwork for ABC
assessments as well as revising the risk assessment process itself
to make it more efficient and in line with FCPA and UKBA
specifications
➢
Undertook gifts and hospitality
and travel and expenses training for North America Higher Education
Sales, other key North America businesses, plus face-to-face
training on ABC in all our geographies
➢
Rolled out a gifts and hospitality
monitoring tool in all of our Growth geographies in
2018
➢
Remediated all items in riskiest
markets from 2017 risk assessments.
Ethics whistleblowing hotline reports using a third party platform
have remained steady, with overall numbers in line with the reports
of previous years. Our time to close cases has remained consistent
with 2017 numbers. In addition, we have increased collaborative
reporting with other investigations teams within
Pearson.
We also rolled out revised policies for the following in
2018:
➢
Sanctions
➢
Global Conflicts of
Interest
➢
ABC policy and training course,
including due diligence, that is mandatory for high-risk
populations
➢
Raising concerns and
anti-retaliation policy, plus launched Speak Up
campaign.
2019 outlook and
plans: In 2019, we will continue to expand our third
party due diligence programme, implementing the process for all new
third parties across the UK, USA, Western Europe and
Canada.
The Code of Conduct is being revised for 2019 with updates and
revisions due to be launched in the spring.
2019 will also see further promotion of the Conflict of Interest
policy; additional checks around sanctions; additional ABC risk
assessments; further consideration of pan-Pearson fraud issues plus
strengthened investigations processes and reporting with other
teams.
Additionally, we will continue work started in 2018 rolling out our
gifts and hospitality tool as well as exploring the possibility of
an automated tool appropriate for the US market.
|
|
14.Competition law:
Failure to comply with antitrust and competition legislation could
result in costly legal proceedings and/or adversely impact our
reputation.
(Increase in probability)
(Decrease in impact)
|
Reason for risk
rating: The likelihood increased from 2017 due to
recent increased activity by regulators looking into historical
issues e.g. two recent investigations into Industry Association
practices commenced in South Africa, following the similar
investigation in Spain. Investigations in South Africa are still
ongoing and the authority has yet to evidence that Pearson has
committed significant wrongdoing. A final decision in Spain is
still pending.
However, the impact of the risk has generally gone down. Risks
uncovered to date do not carry exposure that is material for
Pearson at a group/worldwide level. While the risk of material
issues remains, we believe we have mitigated this risk as a result
of our better controls and initiatives.
Existing controls:
➢
Global policy in
place
➢
Training and guidance, including
live and video training
➢
Regular internal
communications
➢
Lawyer network
➢
Additional individual training to
employees representing Pearson in Industry Association
meetings.
Outcome of 2018
activities: In 2018, we significantly increased our
employee training to include videos, with the target of getting
every relevant employee certified. The lawyer network supported
this with one to one communications with every employee attending
Industry Association meetings to ensure that they were risk
aware.
➢
Development of e-learning modules
and gamified learning continued
➢
Plans were developed to track
engagement, for example in terms of the number of employees
trained, those undertaking e-learning tests,
etc
2019 outlook and
plans: In 2019, we will continue to conduct ongoing
training and release e-learning modules.
Pearson's lawyer network actively reviews our engagement with trade
associations and other organisations, to ensure that it remains
appropriate."
|
|
|
PEARSON
plc
|
|
|
|
|
Date: 25
March 2019
|
|
|
|
By: /s/
NATALIE WHITE
|
|
|
|
|
|
------------------------------------
|
|
|
Natalie
White
|
|
|
Deputy
Company Secretary
|