110 Board of Directors Audit Committee Executive Committee ESG Steering Committee Risk Management Team SD Communication & Engagement Committee Investment Committee SD 2030 Places Working Group Joint Venture Management Committee SD 2030 People Working Group Information Technology Digital Steering Committee SD 2030 Partners Working Group Safety Management System Steering Committee SD 2030 Performance (Environment) Working Group Business Recovery Team SD 2030 Performance (Economics) Working Group Functional Heads/ Portfolio Directors FIRST LINE OF DEFENCE THIRD LINE OF DEFENCE SECOND LINE OF DEFENCE Business Units and Working Committees Internal Audit Risk Governance Structure The Board is responsible for determining the Risk Appetite and maintaining the Risk Governance Structure that facilitate the Risk Management Process to identify and analyse the Risk Profile underlying for the achievement of business objectives of the Company, and to determine how such risks should be managed and mitigated, thereby striking a balance between threats and opportunities. The Board oversees management in the design, implementation and monitoring of the risk management and internal control systems, and management provides confirmations to the Board on the effectiveness of these systems. The effectiveness of the risk management process and internal control systems is subject to audit by internal audit, with support from external specialists where necessary. Further discussion of risk management is set out in the sections of the Corporate Governance Report headed “Accountability and Audit – Risk Management and Internal Control”, “Audit Committee – Assessing the Effectiveness of Risk Management and Internal Control Systems” and “Group Internal Audit Department – Scope of Work” on pages 104 to 105, page 106 and page 107 respectively. RISK MANAGEMENT