106 CORPORATE GOVERNANCE & SUSTAINABILITY CORPORATE GOVERNANCE The work of the Committee during 2024 included reviews of the following matters: • the completeness, accuracy and integrity of formal announcements relating to the Group’s performance including the 2023 annual and 2024 interim reports and announcements, with recommendations to the Board for approval • the Group’s compliance with regulatory and statutory requirements • the Group’s risk management and internal control systems • the Group’s risk management processes • the Group’s cybersecurity and policy and governance mechanisms in relation to AI • the approval of the 2025 annual internal audit programme and review of progress on the 2024 programme • periodic reports from GIAD and progress in resolving any matters identified in them • significant accounting and audit issues • the Company’s policy regarding connected transactions and the nature of such transactions • the relationship with the external auditors as discussed on pages 107 to 108 • the external quality assessment of GIAD • the Company’s compliance with the CG Code • the Company’s policies In 2025, the Committee has reviewed, and recommended to the Board for approval, the 2024 financial statements. Assessing the Effectiveness of Risk Management and Internal Control Systems On behalf of the Board, the Audit Committee reviews annually the continued effectiveness of the Group’s risk management and internal control systems dealing with risk and financial accounting and reporting, the effectiveness and efficiency of operations, compliance with laws and regulations, and risk management functions. This assessment considers: • the scope and quality of management’s ongoing monitoring of risks (including ESG risks) and of the risk management and internal control systems, the work and effectiveness of internal audit and the assurances provided by the Finance Director • the changes in the nature and extent of significant risks (including ESG risks) since the previous review and the Group’s ability to respond to changes in its business and the external environment • the extent and frequency with which the results of monitoring are communicated, enabling the Committee to build up a cumulative assessment of the state of control in the Group and the effectiveness with which risk is being managed • the incidence of any significant control failings or weaknesses that have been identified at any time during the period and the extent to which they have resulted in unforeseen outcomes or contingencies that have had, could have had, or may in the future have, a material impact on the Company’s financial performance or condition • the effectiveness of the Company’s processes in relation to financial reporting and statutory and regulatory compliance • areas of risk identified by management • significant risks reported by GIAD • work programmes proposed by GIAD and the external auditors • significant issues arising from internal and external audit reports • the results of management’s control self-assessment exercise As a result of the above review, the Board confirms, and management has also confirmed to the Board, that the Group’s risk management and internal control systems are effective and adequate and have complied with the CG Code provisions on risk management and internal control throughout the year and up to the date of this annual report. Company Secretary The Company Secretary is an employee of the Company and is appointed by the Board. The Company Secretary is responsible for facilitating the Board’s processes and communications among Board members, with shareholders and with management. The Company Secretary undertakes at least 15 hours of relevant professional training annually to update skills and knowledge.