Mannai Q P S C : ICOFR Auditor’s Report 2022

Mannai Corporation Q.P.S.C.

Report on the suitability of design and operating effectiveness of internal controls over financial reporting

31 December 2022

INDEPENDENT ASSURANCE REPORT TO THE SHAREHOLDERS OF MANNAI CORPORATION Q.P.S.C.

Report on the suitability of design and operating effectiveness of internal controls over financial reporting of significant processes as at 31 December 2022.

Introduction

In accordance with the requirements of Article 24 of the Governance Code for Companies & Legal Entities Listed on the Main Market (the "Governance Code" or the "Code") Issued by the Qatar Financial Markets Authority (QFMA) Board pursuant to Decision No. (5) of 2016, we have carried out a reasonable assurance engagement over the Report on Management's Assessment of Internal Controls over Financial Reporting (the "Report on Internal Control over Financial Report") of Mannai Corporation Q.P.S.C. )the "Company") and its subsidiaries (together the "Group") as at 31 December 2022, based on the framework issued by the Committee of Sponsoring Organisations of the Treadway Commission "COSO framework".

Responsibilities of the directors and those charged with governance

The Board of Directors of the Group are responsible for presenting the Report on Internal Controls over Financial Reporting, which includes:

• the Management's assessment of the suitability of design and operating effectiveness of internal controls over financial reporting;
• description of the identification of significant process and internal controls over financial reporting; and
• assessment of the severity of design, and operating effectiveness of control deficiencies, if any noted, and not remediated at 31 December 2022.

The assessment presented in the Annual Report will be based on the following elements included within the Risk Control Matrices provided by the Group's management:

• the control objectives; including identifying the risks that threaten the achievement of the control objectives; and
• designing and implementing controls to achieve the stated control objectives.

The Group's Board of Directors are also responsible for establishing and maintaining internal financial controls based on the framework issued by the Committee of Sponsoring Organisations of the Treadway Commission

("COSO framework").

These responsibilities include the design, and maintenance of adequate internal financial controls that if operating effectively would ensure the orderly and efficient conduct of its business, including:

• adherence to Group's policies;
• the safeguarding of its assets;
• the prevention and detection of frauds and errors;
• the accuracy and completeness of the accounting records;
• the timely preparation of reliable financial information; and
• compliance with applicable laws and regulations

PricewaterhouseCoopers - Qatar Branch, P.O.Box: 6689, Doha, Qatar.

Ministry of Commerce and Industry License number 6 / Qatar Financial Markets Authority License number 120155 T: +974 4419 2777, F:+974 4467 7528, www.pwc.com/me

Responsibilities of the Assurance Practitioner

Our responsibilities are to express a reasonable assurance conclusion based on our assurance procedures on the Report on Internal Controls over Financial Reporting, based on the COSO framework.

We conducted our engagement in accordance with International Standard on Assurance Engagements 3000 (Revised) 'Assurance Engagements Other Than Audits or Reviews of Historical Financial Information' issued by the International Auditing and Assurance Standards Board ('IAASB'). This standard requires that we plan and perform our procedures to obtain reasonable assurance on the Management's assessment of suitability of the design and operating effectiveness of the internal controls over financial reporting of significant processes, as presented in the Report on Internal Controls over Financial Reporting, in all material respects, to achieve the related control objectives stated in the description of the relevant processes by management, based on the COSO framework.

A process is considered significant if a misstatement due to fraud or error in the stream of transactions or financial statement amount would reasonably be expected to impact the decisions of the users of financial statements. For the purpose of this engagement, the processes that were determined as significant are:

1. Revenue, receivables;
2. Investments management;
3. Purchasing, payables and payments;
4. Cash and treasury management;
5. Property, plant and equipment management;
6. Inventory management;
7. Human resources and payroll;
8. Entity level controls;
9. Information technology controls; and
10. General ledger and financial reporting.

An assurance engagement to express a reasonable assurance conclusion on the Report on Internal Controls over Financial Reporting based on the COSO framework involves performing procedures to obtain evidence about the fairness of the presentation of the report. Our procedures on internal controls over financial reporting included:

• obtaining an understanding of internal controls over financial reporting for Significant Processes;
• assessing the risk that a material weakness exists; and
• testing and evaluating the design and operating effectiveness of internal control based on the assessed risk.

In carrying out our engagement, we obtained understanding of the following components of the control system:

• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring Activities

2 - Independent Assurance Report

The procedures selected depend on our judgement, including the assessment of the risks of material misstatement of the suitability of design and operation, whether due to fraud or error. Our procedures also included assessing the risks that the controls were not suitably designed or operating effectively to achieve the related control objectives stated in the Report on Internal Controls over Financial Reporting.

Our procedures included testing the operating effectiveness of those controls that we consider necessary to provide reasonable assurance that the related control objectives were achieved.

An assurance engagement of this type also includes evaluating Management's assessment of the suitability of the design and operating effectiveness of the controls over the control objectives stated therein. It further includes performing such other procedures as considered necessary in the circumstances.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusion on the Report on Internal Controls over Financial Reporting.

Our independence and quality control

In carrying out our work, we have complied with the independence and other ethical requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants ("IESBA Code"), which is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour and the ethical requirements that are relevant in Qatar. We have fulfilled our other ethical responsibilities in accordance with these requirements and the IESBA Code.

Our firm applies International Standard on Quality Control 1 and accordingly maintains a comprehensive system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Concept of internal controls over financial reporting

An entity's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with International Financial Reporting Standards (IFRS) as issued by the International Accounting Standards Board ("IASB"). An entity's internal control over financial reporting includes those policies and procedures that:

1. pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the entity;
2. provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with the generally accepted accounting principles, and that receipts and expenditures of the entity are being made only in accordance with authorizations of the management of the entity; and
3. provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the entity's assets that could have a material effect on the financial statements.

Inherent limitations

Non-financial performance information is subject to more inherent limitations than financial information, given the characteristics of the Report on Internal Controls over Financial Reporting and the methods used for determining such information.

3 - Independent Assurance Report

Because of the inherent limitations of internal controls over financial reporting including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may occur and not be detected. Also, projections of any evaluation of the internal controls over financial reporting to future periods are subject to the risk that the internal control over financial reporting may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

Furthermore, the controls activities designed and operated as of 31 December 2022 covered by our assurance report will not have retrospectively remedied any weaknesses or deficiencies that existed in relation to the internal controls over the financial reporting for significant processes prior to the date those controls were placed in operation.

Other information

The Board of Directors are responsible for the other information. The other information comprises the Board of Directors' Report (but does not include the Report on Internal Control over Financial Reporting and our assurance report thereon), which we obtained prior to the date of this auditor's report, and the complete Annual Report, which is expected to be made available to us after that date.

Our conclusion on Report on Internal Control over Financial Reporting does not cover the other information and we do not express any form of assurance conclusion thereon.

In connection with our assurance engagement on the Report on Internal Control over Financial Reporting, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with our knowledge obtained in this engagement, or otherwise appears to be materially misstated.

If, based on the work we have performed, on the other information that we obtained prior to the date of this auditor's report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

When we read the complete Annual Report, if we conclude that there is a material misstatement therein, we are required to communicate the matter to those charged with governance.

Emphasis of matter

We draw attention to the fact that this assurance report does not extend to any subsidiaries of the Group registered outside the State of Qatar. Our report is not modified in this respect.

Conclusion

In our opinion, based on the results of our reasonable assurance procedures, the Management's assessment of the suitability of the design and the operating effectiveness of the Group's internal controls over financial reporting of significant processes, based on the COSO framework is presented fairly, in all material respects, as at 31 December 2022.

For and on behalf of PricewaterhouseCoopers - Qatar Branch

Qatar Financial Market Authority registration number 120155

Mark Menton

Auditor's registration number 364

Doha, State of Qatar

26 February 2023

4 - Independent Assurance Report