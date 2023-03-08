11. The governing body should govern risk in a way that supports the The Board provides direction as governance custodian by establishing accountability, delegation,

organisation in setting and achieving its strategic objectives monitoring and oversight it ensures appropriate strategies, policies, charters, terms of reference and

assurance services and functions are in place to achieve compliance with relevant laws and regulations.

In addition, the Board also oversees and ensures effective control at Board, committee, executive and

management level, effective risk management, technology and information governance, and facilitates

responsible corporate citizenship and a stakeholder engagement that will help the organisation achieve

its objectives and vision. The Board by setting the direction for how the organisation approaches and

addresses risk ensures that the company has the appropriate risk management framework, people

(skills), processes and technology in place to evaluate and manage the uncertainties we face in protecting

and creating stakeholder value and manage risk tolerance levels. The Board accepts that it is responsible

for the governance of risk and has the ultimate responsibility not only for risk management but also for

developing the risk appetite and monitoring risk tolerance levels.

12. The governing body should govern technology and information in a Technology and information governance remains a key focus area of the Board and its sub-committee,

way that supports the organisation setting and achieving its the Audit and Risk Committee. Executive responsibility lies with the Financial Director (FD) and an

strategic objectives established Information Management Steercom. The Information Management Steercom oversees the

assessment and implementation of the development of the information governance strategies,

framework and manages related risks which it reports to the Audit and Risk Committee through the FD.

The governance and risk around IT and Supply Chain matters have continued to received specific focus

in the past year and Internal Audit together with other assurance providers assist in addressing short-

comings to enhance overall control to ensure continuous improvement as technology and information

management has become and will continue to be an integral part of any successful business.

13. The governing body should govern compliance with applicable The sub-committees of the Board, especially the Audit and Risk and Social and Ethics Committees assist

laws, non-binding rules, codes and standards in a way that the Board in monitoring of compliance with key legislation. The risk and compliance function has in

supports the organisation being ethical and a good corporate place a framework and system to monitor the key compliance matters related to the legal environment

citizen of the business, assisted by the champions for these regulations whilst Internal Audit and independent

assurance providers assist with assurances in this regard with the outcomes used to address

development areas. Compliance software and automation has been implemented to ensure more

efficient oversight of the process.

14. The governing body should ensure that the organisation The company understands that it is essential that its strategies, risks, performances and rewards are

remunerates fairly, responsibly and transparently so as to aligned to enable the creation of shareholder value. The Remuneration and Nominations Committee is

promote the achievement or strategic objectives and positive charged with ensuring that management and employees are fairly rewarded by applying the

outcomes in the short, medium and long term remuneration framework and policies and based on their performance and overall contributions as well

as best practice. The remuneration and implementation reports can be found on pages 104 to 123 of the

2022 integrated report.

15. The governing body should ensure that assurance services and To ensure adequate assurance across the group, and to prevent gaps or duplication in assurance efforts,