Vodafone 2024 Annual Report

Audit and Risk Committee 89 Vodafone Group Plc Annual Report 2024 Strategic report Governance

Financials

Other information

The Committee oversees the governance of the Group’s risk management system, financial reporting, the external audit process, internal control and related assurance processes. During the year, the Committee completed a series of deep dive reviews of principal key risks and additional reviews with a focus on strategic transformation David Nish Members Michel Demaré Deborah Kerr Christine Ramon Key responsibilities The responsibilities of the Committee are to: – Monitor the integrity of the financial statements, including the review of significant financial reporting judgements; – Monitor the Group’s risk management system, review the principal risks and the management of those risks; – Provide advice to the Board on whether the Annual Report is fair, balanced and understandable and on the appropriateness of the long-term viability statement; – Review and monitor the external auditor’s independence and objectivity and the effectiveness of the external audit; – Review the system of internal financial control and compliance with section 404 of the US Sarbanes-Oxley Act; – Review and provide advice to the Board on the approval of the Group’s US Annual Report on Form 20-F; and – Monitor the activities and review the effectiveness of the Internal Audit function. Click to read the Committee’s terms of reference: vodafone.com/board-committees Letter from the Committee Chair and cyber security. Chair and financial expert I am pleased to present our report as Chair of the Audit and Risk Committee. This report provides an overview of how the Committee operates, an insight into the Committee’s activities during the year and its role in ensuring the integrity of the Group’s published financial information and the effectiveness of its risk management, controls and related processes. The Committee met five times during the year, which included a joint meeting with the ESG Committee. The attendance by members at Committee meetings can be seen on page 70. Each meeting agenda included a range of topics across the Committee’s areas of responsibility: – We undertook a programme of reviews across multiple business units, typically with a focus on the risk and control environment. This was performed with the CEO and CFO of the Other Europe markets cluster, the CEOs of Vodafone Germany, Vodafone UK, Vodafone Spain and Vodacom Group, the Chief Commercial Officer and CEO Vodafone Italy and the CFO of Vodafone Business; – External cyber threats continue to be a principal risk for the Group. Accordingly, the Committee met with the Chief Technology Officer and Cyber Security, Technology Assurance and Strategy Director to review and challenge the cyber security strategy and undertook a deep dive review of this principal risk; Read more about cyber security on pages 46 to 51

– We performed deep dive reviews on several other principal risks, including Supply chain disruption, Data management and privacy, Disintermediation and Adverse political and policy environment; – At the September 2023 and March 2024 meetings, we considered the anticipated financial reporting matters impacting the half-year and year-end reporting. We also reviewed the half-year results announcement at our November meeting and this Annual Report and accompanying materials at our March and May meetings. Our work included reviews of the Strategic Report, goodwill impairment testing, taxation judgements, legal contingencies and the Company’s work on going concern and the long-term viability statement. The Committee recognises the importance of Environmental, Social and Governance (‘ESG’) topics and the evolving disclosure requirements in this area. During our joint meeting in May 2024, we challenged the disclosures included in this Annual Report and also the Group’s ESG Addendum, which is available on our website. Our external auditor, Ernst & Young (‘EY’), provides robust challenge to management and its independent view to the Committee on specific financial reporting judgements and the control environment. David Nish On behalf of the Audit and Risk Committee 14 May 2024 Objective The objective of the Committee is the provision of effective governance over the appropriateness of financial reporting of the Group, including the adequacy of related disclosures, the performance of both the Internal Audit function and the external auditor and oversight of the Group’s systems of internal control, business risks and related compliance activities. Click or scan to watch the Chair of the Audit and Risk Committee explain his role: investors.vodafone.com/videos Committee governance Committee meetings normally take place the day before Board meetings. The Committee Chair reports to the Board, as a separate agenda item, on the activity of the Committee and matters of particular relevance. The Board has access to the Committee’s papers and receives copies of the Committee minutes. The Committee regularly meets separately with the external auditor, the Group Chief Financial Officer, the Group Audit Director and the Group Head of Risk without others being present. The Chair also meets regularly with the external lead audit partner during the year, outside of the formal Committee process. The Chair is designated as the financial expert on the Committee for the purposes of the US Sarbanes-Oxley Act and the 2018 UK Corporate Governance Code (‘Code’). The Committee continues to have competence relevant to the sector in which the Group operates. Read more about the skills and experience of Committee members on pages 76 to 79

Powered by