Audit and Risk Committee continued 93 Vodafone Group Plc Annual Report 2026
Strategic report
Governance
Financials
Other information
Risk management The Committee performed a series of deep dives with management, focused around the Group’s principal risks during the year. Principal risk Area of focus Cyber threat Cyber security The Committee met on a number of times during the year with the Group Chief Technology Officer, the Group Chief Network Officer and the Cyber Security, Technology Strategy and Governance Director. Topics covered included: (i) strategy, (ii) a deep-dive update on cyber risk, including the review of risks relating to ransomware and (iii) incident risk management.
Corporate reporting The Committee’s primary responsibility in relation to the Group’s financial reporting is to review, with management and the external auditor, the appropriateness of the half-year and annual consolidated financial statements. The Committee focuses on: – The quality and acceptability of accounting policies and practices; – Providing advice to the Board on the form and basis underlying the long-term viability statement; – Material areas in which significant judgements have been applied or where significant issues have been discussed with the external auditor; – An assessment of whether the Annual Report, taken as a whole, is fair, balanced, and understandable and whether our US Annual Report on Form 20-F complies with relevant US regulations; – The clarity of the disclosures and compliance with financial reporting standards and relevant financial and governance reporting requirements; and – Any correspondence from regulators in relation to our financial reporting. In addition, the Committee reviewed the unaudited Q1 and Q3 Trading updates with management, together with any key judgements that had been applied. Accounting policies and practices The Committee received reports from management in relation to: – The identification of critical accounting judgements and key sources of estimation uncertainty, including the impact of climate change on the consolidated financial statements; – Significant accounting policies; and – Proposed disclosures of these in this Annual Report.
Following discussions with management and the external auditor, the Committee approved the disclosures of the accounting policies and practices set out in note 1 ‘Basis of preparation’ and within other notes to the consolidated financial statements. Fair, balanced and understandable The Committee assessed whether the Annual Report, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Company’s position and performance, business model and strategy. This assessment is supported by the Group’s Disclosure Committee, which reviews and assesses the appropriateness of investor communications including the Annual Report and results announcements. The Disclosure Committee is chaired by the Group Chief Financial Officer who briefs the Committee on the Disclosure Committee’s work and findings. The Committee reviewed the processes and controls that underpin the Annual Report’s preparation, ensuring that all contributors and senior management are fully aware of the requirements and their responsibilities. This included the financial reporting responsibilities of the Directors under section 172 of the Companies Act 2006 to promote the success of the Company for the benefit of its members, as well as considering the interests of other stakeholders that will have an impact on the Company’s long-term success. The Committee reviewed a draft of the Annual Report to enable input and comment. The review is performed in conjunction with the ESG Committee members and included the review of Task Force on Climate-related Financial Disclosures (’TCFD’) and ESG-related disclosures. This work enabled the Committee to provide positive assurance to the Board to assist it in making the statement required by the Code. The Committee also reviewed the results announcements.
IT resilience and transformation Network resilience and infrastructure competitiveness Adverse changes in macroeconomic conditions Company transformation Adverse market competition Supply chain disruption Company transformation Legal compliance (Watchlist risk) Legal compliance (Watchlist risk)
Technology resilience The Committee met with the Group Chief Network Officer for the annual review of the Group’s activities and strategies to mitigate the principal risks around technology resilience.
Business reviews The Committee met with a range of markets and business units, with a focus on the operational landscape, local risk assessments and related activity, the control environment and progress against any findings from Internal Audit activities. This included: – An update on the current macro environment with the CEO European Markets and the Global Supply Chain Director; – A review of Vodafone Business with the Vodafone Business CEO and CFO; – A market review with the Vodacom Group CEO and CFO; – A market review with the CEO and CFO of Vodafone Türkiye and the CEO European Markets; – A market review and risk update with the CEO of VodafoneZiggo; – A governance review of the investment portfolio with the CEO Vodafone Investments and Strategy; and – A review of Vodafone Shared Operations with the CEO of Vodafone Shared Operations. Three Lines of Defence (‘3LOD’) programme The Committee met with the Global Director of Compliance and Business Integrity in November 2025 and March 2026 to receive updates on the Group’s 3LOD programme. The programme will further strengthen the Group’s internal policy framework and the implementation of a number of enhancements to the framework. 2024 UK Corporate Governance Code (‘Code’) The Committee received updates from the Group Risk and Assurance Director in September 2025, January 2026 and May 2026 on the approach and progress with preparing for amended Provision 29 in the Code that is effective for the year ending 31 March 2027. Data The Committee met with members of the data governance and privacy teams to review and challenge the Group’s strategy and activities around data management risk and how compliance standards are being met.
Data management and privacy
Powered by FlippingBook