107 SWIRE PROPERTIES ANNUAL REPORT 2024 Group Internal Audit Department The Swire group has had GIAD in place for 29 years. GIAD plays a critical role in monitoring the governance of the Group. The department is staffed by 29 audit professionals and conducts audits of the Group and of other companies in the Swire group. The 29 professionals include a team based in the Chinese Mainland which reports to the Group Head of Internal Audit in Hong Kong. GIAD reports directly to the Audit Committee without the need to consult with management, and via the Audit Committee to the Board. GIAD has unrestricted access to all areas of the Group’s business units, assets, records and personnel in the course of conducting its work. The annual internal audit programme and resources are reviewed and agreed with the Audit Committee. Scope of Work Business unit audits are designed to provide assurance that the risk management and internal control systems of the Company are implemented properly and operating effectively, and that the risks associated with the achievement of business objectives are being properly identified, monitored and managed. The frequency of each audit is determined by GIAD using its own risk assessment methodology, which is based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission) internal control framework, considering such factors as recognised risks, organisational change, overall materiality of each unit, previous internal audit results, external auditors’ comments, output from the work of the Swire Pacific Group Risk Management Committee and management’s views. Each business unit is typically audited at least once every three years. Acquired businesses would normally be audited within 12 months. 11 assignments were conducted for Swire Properties in 2024. In addition, GIAD assists the Audit Committee in carrying out the analysis and independent appraisal of the adequacy and effectiveness of the Group’s risk management and internal control systems through its review of the process by which management has completed the annual control self-assessment, and the results of this assessment. Furthermore, GIAD conducts ad-hoc projects and investigative work as may be required by management or the Audit Committee. Audit Conclusion and Response Copies of internal audit reports are sent to the Chairman of the Board, the Chief Executive, the Finance Director and the external auditors. The results of each review are also presented to the Audit Committee. Management is required to provide action plans in response to internal audit recommendations, including those aimed at resolving material internal control defects. These are agreed by GIAD, included in its reports and followed up with a view to ensuring that they are satisfactorily undertaken. External Auditors The Audit Committee acts as a point of contact, independent from management, with the external auditors (the “auditors”). The auditors, PricewaterhouseCoopers, have direct access to the Chairman of the Audit Committee, who meets with them periodically without management present. The Audit Committee’s duties in relation to the auditors include: • recommending to the Board, for approval by shareholders, the auditors’ appointment • approval of the auditors’ terms of engagement • consideration of the letters of representation to be provided to the auditors in respect of the interim and annual financial statements • review of reports and other ad-hoc papers from the auditors • annual appraisal of the quality and effectiveness of the auditors • assessment of the auditors’ independence and objectivity, including the monitoring of non-audit services provided, with a view to ensuring that their independence and objectivity are not, and are not seen to be, compromised • approval of audit and non-audit fees