CORPORATE GOVERNANCE & SUSTAINABILITY CORPORATE GOVERNANCE • the Group’s risk management and internal • the incidence of any significant control failings or control systems weaknesses that have been identified at any time • the Group’s risk management processes during the period and the extent to which they have • the Group’s cybersecurity resulted in unforeseen outcomes or contingencies that • the approval of the 2024 annual internal audit have had, could have had, or may in the future have, programme and review of progress on the a material impact on the Company’s financial 2023 programme performance or condition • periodic reports from GIAD and progress in resolving any • the effectiveness of the Company’s processes in matters identified in them relation to financial reporting and statutory and • significant accounting and audit issues regulatory compliance • the Company’s policy regarding connected transactions • areas of risk identified by management and the nature of such transactions • significant risks reported by GIAD • the relationship with the external auditors as discussed • work programmes proposed by GIAD and the on pages 107 to 108 external auditors • the Company’s compliance with the CG Code • significant issues arising from internal and external • the Company’s code and policies audit reports In 2024, the Committee has reviewed, and recommended • the results of management’s control self-assessment to the Board for approval, the 2023 financial statements. exercise As a result of the above review, the Board confirms, and Assessing the Effectiveness of Risk management has also confirmed to the Board, that the Management and Internal Control Systems Group’s risk management and internal control systems On behalf of the Board, the Audit Committee reviews are effective and adequate and have complied with the annually the continued effectiveness of the Group’s risk CG Code provisions on risk management and internal management and internal control systems dealing with risk control throughout the year and up to the date of this and financial accounting and reporting, the effectiveness annual report. and efficiency of operations, compliance with laws and Company Secretary regulations, and risk management functions. This assessment considers: The Company Secretary is an employee of the Company and is appointed by the Board. The Company Secretary is • the scope and quality of management’s ongoing responsible for facilitating the Board’s processes and monitoring of risks (including ESG risks) and of the risk communications among Board members, with management and internal control systems, the work and shareholders and with management. The Company effectiveness of internal audit and the assurances Secretary undertakes at least 15 hours of relevant provided by the Finance Director professional training annually to update skills and • the changes in the nature and extent of significant risks knowledge. (including ESG risks) since the previous review and the Group’s ability to respond to changes in its business and Group Internal Audit Department the external environment The Swire group has had GIAD in place for 28 years. GIAD • the extent and frequency with which the results of plays a critical role in monitoring the governance of the monitoring are communicated, enabling the Committee Group. The department is staffed by 26 audit professionals to build up a cumulative assessment of the state of and conducts audits of the Group and of other companies control in the Group and the effectiveness with which in the Swire group. The 26 professionals include a team risk is being managed based in the Chinese Mainland which reports to the Group Head of Internal Audit in Hong Kong. 106