RISK MANAGEMENT The Board is responsible for determining the Risk Appetite Risk Appetite and maintaining the Risk Governance Structure that The Board acknowledges its responsibility to determine the facilitate the Risk Management Process to identify and nature and extent of the risks the Company is willing to analyse the Risk Profile underlying for the achievement of take in achieving the Company’s strategic objectives whilst business objectives of the Company, and to determine how not exposing the Company to excessive risk of financial such risks should be managed and mitigated. The Board losses, business disruption, negative reputation, regulatory oversees management in the design, implementation and incompliance and people’s health and safety. The monitoring of the risk management and internal control Company has established and maintains an appropriate systems, and management provides confirmations to the and effective risk management process and internal control Board on the effectiveness of these systems. systems to retain only risks that are manageable and at a The effectiveness of the risk management process and reasonable level. In alignment with our risk appetite, the internal control systems is subject to audit by internal Company has established a risk assessment matrix and audit, with support from external specialists where corporate risk register to evaluate and prioritise the key necessary. risks by taking into account of both financial and non- Further discussion of risk management is set out in the financial impact, as well as impact to our Sustainable sections of the Corporate Governance Report headed Development 2030 (“SD 2030”) strategy. Moreover, the “Accountability and Audit – Risk Management and Internal Company’s vulnerability and exposure to the key risks are Control”, “Audit Committee – Assessing the Effectiveness of assessed regularly to ensure that the appropriate internal Risk Management and Internal Control Systems” and controls and mitigating measures are in place for “Group Internal Audit Department – Scope of Work” on preventing and responding to any major incidents. pages 104 to 105, page 106 and page 107 respectively. 110