CORPORATE GOVERNANCE & SUSTAINABILITY RISK MANAGEMENT The Board has ultimate responsibility for risk management, issues are conducted by ExCom as appropriate. Matters of overseeing its design and implementation. The Board is significance that arise are reported as appropriate to the supported by the Audit Committee. Audit Committee and ultimately to the Board of Directors. The Company has implemented the three lines of defence ExCom is supported by committees with specialisation in model of risk governance. The model is designed to respective corporate and operating functions across the minimise conflicts of interest and ensure independent Company including investment appraisal, joint venture oversight of risk management. management, health and safety, crisis management, In the first line of defence, the management of each information security and data protection. ExCom is also business and operating unit identifies, analyses and reports supported by the risk management team headed by the on the risks for which it is responsible. Risks are mitigated, Finance Director. In relation to the Company’s SD 2030 minimised and eliminated, where practicable and Strategy, the Environmental, Social and Governance economically viable. Where risk cannot be eliminated, the (“ESG”) Steering Committee has been set up and reports to related economic returns are required to reflect the level of the Board. ESG Steering Committee is supported by risk retained. The first line of defence is supervised by the working groups to manage the ESG risks with respect to the functional heads and portfolio directors. five SD pillars: places, people, partners, environmental and economic performances; and the SD Communication & The second line of defence led by the Executive Committee Engagement Committee to oversee the implementation of (“ExCom”) supports the first line and provides assurance to communication and engagement initiatives. The Chairman the Board that risk is being managed effectively. The of the Audit Committee, who is also an independent ExCom chaired by the Chief Executive (also acting in the non-executive director of the Company and reports to the capacity of Executive Director) comprises two other Board, is a member of the ESG Steering Committee. Details Executive Directors and seven senior executives. It of the responsibilities of each SD 2030 Working Groups are oversees all the risks to which the Company is subject and documented in the SD Governance section of our is responsible for the design, implementation and Sustainability Report 2023. monitoring of the relevant risk management processes and The third line of defence is provided by the Group Internal internal control systems of the Company. Among the Audit Department to assist the Audit Committee in carrying ExCom meetings, review of the corporate risk register will out analysis and independent assessment of the adequacy be periodically conducted to evaluate the Company’s risk and effectiveness of the risk management and the internal profile and exposure, to oversee the management of major control systems through a systematic review of the risks, to identify emerging risks and to analyse risk events processes and internal control. Details of the scope of work which materialise, with a view to their resolution and to is set out on page 107. learning from them. Sensitivity analysis or deep dive sessions on contemporary risk area such as geopolitical 112