Vodafone 2026 Annual Report

92 Vodafone Group Plc Annual Report 2026

Strategic report

Governance

Financials

Other information

Audit and Risk Committee

The Committee oversees the Group’s risk management systems, corporate reporting, internal control and related assurance processes as well as the external audit process. The Committee’s activities in the year included oversight of the Group’s risk, control and compliance processes, including reviewing how they were adapting as a result of both the Group’s ongoing transformation and to new regulatory requirements, including the Corporate Sustainability Reporting Directive and amended Provision 29 in the 2024 Corporate Governance Code. Chair and financial expert Simon Dingemans Members Michel Demaré Deborah Kerr Anne-Françoise Nesmes (appointed 29 July 2025) Christine Ramon T he attendance at Committee meetings can be found on page 80

going concern and long-term viability statements; – The Committee reviewed the heightened geopolitical risks and supply chain disruption risks resulting from the conflict involving Iran, including potential impacts on the operations and financial position of the Group; – Environmental, Social and Governance (‘ESG’) reporting and the future Corporate Sustainability Reporting Directive (‘CSRD’) requirements were also focus areas for the Committee. Alongside the ESG Committee, we considered the appropriateness of disclosures included in this Annual Report. Internal control – The Committee met with the Group Internal Audit Director at each meeting to monitor progress against the annual internal audit plan. We also met with the Group Risk and Assurance Director to review progress on the implementation of amended Provision 29 of the 2024 UK Corporate Governance Code and the Global Director of Compliance and Business Integrity to monitor the work on the 3LOD programme. – As part of the year-end closing process, an error was identified relating to the assessment of the recoverability of a deferred tax asset for a new UK tax group that was formed after the completion of the merger of Vodafone UK and Three UK. Remediation activities have commenced to address the control deficiency. This was classified as a material weakness under Section 404 of the US Sarbanes Oxley act. See pages 96 and 126 for further information. External audit process – We are satisfied that our external auditor, Ernst & Young (‘EY’), provides robust challenge to management and offers an independent view to the Committee on key financial reporting judgements and the control environment. Simon Dingemans On behalf of the Audit and Risk Committee 19 May 2026

The Chair is designated as the financial expert on the Committee for the purposes of the US Sarbanes-Oxley Act and the 2024 UK Corporate Governance Code (‘Code’). The appointed Committee members have competence relevant to the sector in which the Group operates. Letter from Committee Chair I am pleased to present my first report as Chair of the Committee. It outlines how the Committee operates and sets out our key activities over the past year. The Committee met six times during the year. The attendance by members at Committee meetings can be seen on page 80. Each meeting agenda included a range of topics across the Committee’s areas of responsibility, as outlined below. Risk management – We undertook our annual review to identify the Group’s principal risks, which formed a key element to the scoping of our business and functional reviews in the year These focused on the effectiveness of the local risk management and control environments and central functional management; – We met a number of times during the year with the Group Chief Technology Officer and the Cyber Security, Technology Strategy and Governance Director to review and challenge strategies and activities around cyber threats, data protection, IT resilience and transformation. Corporate reporting – We considered the significant financial reporting judgements that impacted the half-year and year-end reporting. This included impairment reviews, taxation judgements and legal contingencies; – We also reviewed the Q1 and Q3 trading updates and the half-year and year-end results announcements; – We reviewed this Annual Report. Our work included reviews of the Strategic Report and the

– Provide advice to the Board on whether the Annual Report is fair, balanced and understandable, and on the appropriateness of the long-term viability statement and going concern; – Review the Group’s Q1 and Q3 trading updates; – Monitor the Group’s risk management system, review of the principal risks and the management of those risks; – Monitor the activities and review the effectiveness of the Internal Audit function; – Review the system of internal financial control and compliance with section 404 of the US Sarbanes-Oxley Act; – Review and monitor the external auditor’s independence and objectivity, and the effectiveness of the external audit; and – Review and provide advice to the Board on the approval of the Group’s US Annual Report on Form 20-F. The Committee’s terms of reference were reviewed and updated during the year to reflect changes to the 2024 UK Corporate Governance Code and to include oversight of ESG disclosures and non-financial reporting. Click to read the Committee’s terms of reference: vodafone.com/board-committees Committee governance Committee meetings are scheduled to take place ahead of Board meetings. The Committee Chair reports to the Board, as a separate agenda item, on the activities of the Committee and matters of particular relevance. The Board has access to the Committee’s papers and receives copies of the Committee’s minutes. The Committee regularly meets separately with the external auditor, the Group Chief Financial Officer and the Group Audit Director without others being present. The Chair also meets regularly with the external lead audit partner during the year, outside of the formal Committee process.

Find out more Click or scan to watch our Non-Executive Directors explain their role: vodafone.com/videos

Key responsibilities The responsibilities of the Committee are to: – Monitor the integrity of the financial statements, including the review of significant financial reporting judgements;