Vodafone 2025 Annual Report

Vodafone Group Plc Annual Report 2025 87

Strategic report

Governance

Financials

Other information

Governance continued Audit and Risk Committee continued Risk deep-dive reviews

Financial reporting The Committee’s primary responsibility in relation to the Group’s financial reporting is to review, with management and the external auditor, the appropriateness of the half-year and annual consolidated financial statements. The Committee focuses on: – The quality and acceptability of accounting policies and practices; – Providing advice to the Board on the form and basis underlying the long-term viability statement; – Material areas in which significant judgements have been applied or where significant issues have been discussed with the external auditor; – An assessment of whether the Annual Report, taken as a whole, is fair, balanced, and understandable and whether our US Annual Report on Form 20-F complies with relevant US regulations; – The clarity of the disclosures and compliance with financial reporting standards and relevant financial and governance reporting requirements; and – Any correspondence from regulators in relation to our financial reporting. Accounting policies and practices The Committee received reports from management in relation to: – The identification of critical accounting judgements and key sources of estimation uncertainty, including the impact of climate change on the consolidated financial statements; – Significant accounting policies; and – Proposed disclosures of these in this Annual Report.

Following discussions with management and the external auditor, the Committee approved the disclosures of the accounting policies and practices set out in note 1 ‘Basis of preparation’ and within other notes to the consolidated financial statements. Fair, balanced and understandable The Committee assessed whether the Annual Report, taken as a whole, is fair, balanced and understandable and provides the information necessary for shareholders to assess the Company’s position and performance, business model and strategy. This assessment is supported by the Group’s Disclosure Committee, which reviews and assesses the appropriateness of investor communications including the Annual Report and results announcements. The Disclosure Committee is chaired by the Group General Counsel and Company Secretary who briefs the Committee on the Disclosure Committee’s work and findings. The Committee reviewed the processes and controls that underpin the Annual Report’s preparation, ensuring that all contributors and senior management are fully aware of the requirements and their responsibilities. This included the financial reporting responsibilities of the Directors under section 172 of the Companies Act 2006 to promote the success of the Company for the benefit of its members as well as considering the interests of other stakeholders that will have an impact on the Company’s long-term success. The Committee reviewed a draft of the Annual Report to enable input and comment. The review is performed in conjunction with the ESG Committee members and included the review of Task Force on Climate-related Financial Disclosures (’TCFD’) and ESG-related disclosures. This work enabled the Committee to provide positive assurance to the Board to assist it in making the statement required by the Code. The Committee also reviewed the results announcements.

The Committee performed a series of deep dives with management as part of the meeting agendas. These reviews are summarised below, together with the Group’s principal risk to which the review relates. Principal risk Area of focus Disintermediation New technologies and business models

The Committee met with the Group Strategy Director to review and challenge the Group’s activities and strategies to mitigate the potential risks from new industry challengers and technologies. Cyber security The Committee met on several occasions during the year with the Group Chief Technology Officer and the Cyber Security, Technology Strategy and Governance Director. Topics covered included: (i) a deep-dive on cyber risk, (ii) a deep-dive on IT transformation strategy, (iii) the review of risks relating to shadow IT and activities to manage the risks and (iv) the management of end-of-life IT systems. Technology resilience The Committee met with the Group Chief Network Officer for the annual review of the Group’s activities and strategies to mitigate the principal risks around technology resilience. Business reviews The Committee met with a range of markets and business units, with a focus on the operational landscape, local risk assessments and related activity, the control environment and progress against any findings from Internal Audit activities. This included: – Update on portfolio transformation and governance of joint ventures with the CEO and CFO of Vodafone Investments; – Review of Vodafone Business with the Vodafone Business CEO; – Review of Vodafone Shared Operations with the entity CEO; – Germany market review with the market CEO; – Market review with the Vodacom Group CEO and CFO, with a focus on M-Pesa and the transformation of the risk and compliance function; and – Annual update on the European cluster markets with the CEO European Markets, the Global Finance Director of Markets and the European cluster markets Finance Director. Data The Committee met with members of the data governance and privacy teams to review and challenge the Group’s strategy and activities around data management risk and how compliance standards are being met.

Cyber threat

Technology resilience and future readiness

Company transformation Adverse changes in macroeconomic conditions Adverse market competition Portfolio transformation and governance of investments

Data management and privacy

Powered by