Vodafone Group Plc Annual Report 2025 89
Strategic report
Governance
Financials
Other information
Governance continued Audit and Risk Committee continued Regulators and our financial reporting The Financial Reporting Council (‘FRC’) publishes thematic reviews and other guidance to help companies improve the quality of corporate reporting through the provision of guidance and reviews of the quality of reporting across public companies. The Group routinely reviews FRC publications, the most relevant publications for the 2025 Annual Report being: – Annual review of corporate reporting; – Annual review of corporate governance reporting; – Thematic reviews on existing disclosure requirements for (i) Offsetting in the financial statements, and (ii) IFRS 17 ‘Insurance Contracts’; and – Updated guidance to support going concern reporting. The Group already complied with the majority of the recommendations and the 2025 Annual Report has been updated to adopt best practice where appropriate. In January 2024, the FRC published an updated UK Corporate Governance Code (‘revised Code’). The implementation date will be the year ending 31 March 2026 for the Group, excluding the enhanced internal control requirements (Provision 29) in the revised Code for which implementation is the year ending 31 March 2027. The Group’s Risk, Assurance and Controls team is identifying the scope of our material internal controls and the level of internal attestation work that will be performed to support the Board’s declaration of effectiveness of the controls. We expect to leverage our established controls programme, which underpins our existing US reporting obligations.
Group functions and local markets. This enables access to specialist skills through centres of excellence and ensures local knowledge and experience. Cooperation with professional bodies and an information technology research firm has ensured access to additional specialist skills and an advanced knowledge base. Internal Audit activities are based on a robust methodology and the internal quality assurance improvement programme ensures conformity with the International Professional Practices Framework, which encompasses the standards of the Institute of Internal Auditors, incorporating the principles and standards of Ethics and Professionalism and the continuous development of the audit methodology applied. The conformity is reviewed and verified through an external quality assessment by an independent consultancy firm every three years. The Committee has a standing agenda item to cover Internal Audit-related topics. Prior to the start of each financial year, the Committee reviews and approves the annual audit plan, assesses the adequacy of the budget and resources and reviews the strategic initiatives for the continuous improvement of the function’s effectiveness. The audit plan is determined by considering Internal Audit’s rolling review framework and the outputs of a data-driven risk assessment. The Committee reviews progress against the approved audit plan and the results of Internal Audit activities, with a strong focus on unsatisfactory audit results and cross-entity audits, which are audits that are performed across multiple markets with the same scope. Audit results are analysed by process and entity to highlight both changes in the control environment and areas that require attention.
In September 2024 and January 2025, the Committee received updates on the Group’s readiness activities to meet the requirements of the Corporate Sustainability Reporting Directive (‘CSRD’). The Group has established a central team responsible for the delivery of CSRD compliance within the existing ESG team. Progress towards compliance continues to be closely monitored by management. On 26 February 2025, the EU published its Omnibus Package. Management is assessing the implications of the proposed changes to the CSRD, including the two year extension for compliance. In January 2025, the US Securities and Exchange Commission (‘SEC’) raised a comment in relation to a disclosure in our Form 20-F for the year-ended 31 March 2024 and also the format of sections of the filing. We submitted our written response which was accepted and the SEC closed their review in February 2025. Internal control and risk management The Committee has the primary responsibility for the oversight of the Group’s system of internal control, including the risk management framework, the compliance framework and the work of the Internal Audit function. Internal Audit The Internal Audit function provides independent and objective assurance over the design and operating effectiveness of the system of internal control, through a risk-based approach. The function reports into the Committee and, administratively, to the Group Chief Financial Officer. The function is composed of teams across
During the year, Internal Audit coverage focused on principal risks, including Cyber threat, Data management and privacy and Adverse macroeconomic conditions. Through the thematic reviews, assurance was provided across a range of areas, including: handsets; ransomware recovery; data management and protection; consumer strategic initiatives; customer churn and retention management; business resilience and recovery; cross-border regulatory compliance at Vodafone Business; security of outsourced services; sourcing and M-Pesa. The activities performed by the shared service organisation continue to receive ongoing focus due to the significance across many processes. Management is responsible for ensuring that issues raised by Internal Audit are addressed within an agreed timetable, and the Committee reviews their timely completion. The last independent review of the effectiveness of the Group’s Internal Audit function was performed by Deloitte LLP in December 2024, and the results were presented to the Committee. The review concluded that the Internal Audit function operated in accordance with the International Professional Practices Framework, which includes the IIA Standards and Code of Ethics, and it has continued to invest significant effort in maintaining its ‘Generally Conforms’ rating, which is the highest rating attainable. The review showed that the function is equivalent in capability to the most innovative functions in the FTSE 100, more commonly seen in the Financial Services sector. The Internal Audit function continues to invest in initiatives to improve its effectiveness, particularly in the adoption of new technologies. The innovative use of data analytics has provided broader and deeper audit testing and insight.
Powered by FlippingBook