Risks that impact the achievement of business objectives are identified and categorised with reference to a risk taxonomy. Risk assessment matrix is established in accordance with the Company’s Risk Appetite to evaluate and prioritise the risks, in terms of impact and vulnerability, which are documented in the corporate risk register. Internal control procedures and response protocols are designed, documented and implemented to manage the risks and mitigate their impact. Risks are regularly reviewed and reported to the Audit Committee and other relevant governing parties. Adequacy and effectiveness of risk management and internal controls are closely monitored through regular review and discussion. 112 CORPORATE GOVERNANCE & SUSTAINABILITY RISK MANAGEMENT Risk Identification Risk Analysis Risk Mitigation Risk Reporting Risk Monitoring It is also supported by the SD Communication & Engagement Committee to oversee the implementation of communication and engagement initiatives. The ESG Steering Committee reports material SD and ESG issues (including climate-related and nature-related risks and opportunities) and the progress made towards key performance indicators to the Board. The Chairman of the Audit Committee, who is also an independent non-executive director of the Company and reports to the Board, is a member of the ESG Steering Committee. Details of the responsibilities of each SD 2030 Working Groups are documented in the SD Governance section of our Sustainability Report 2024. The third line of defence is provided by the Group Internal Audit Department to assist the Audit Committee in carrying out analysis and independent assessment of the adequacy and effectiveness of the risk management and the internal control systems through a systematic review of the processes and internal controls. Details of the scope of work is set out on page 107. Risk Management Process The following diagram illustrates the key risk management processes of the Company.