S S TR RISK MANAGEMENT ACTIVITIES IN 2023 AND PLANS Management actions and deep dives TR A FOR 2024 The IA&RM team incorporates independent validation reviews of the A TE TE G Identification of risks principal risk mitigation plans within its annual Audit Plan, the purpose G I I C We identify and manage risk using a top-down bottom-up approach. being to provide independent assurance to management, the Audit C R – Top-down – Identification, assessment, prioritisation, mitigation, R and Risk Committee and the Board on the effectiveness and sufÏciency E E P monitoring and reporting of risk at a corporate level. Overseen by of management actions to mitigate risks down to an acceptable level. P O O R the Audit and Risk Committee and the Risk Management R T Committee. The team works with functional Risk Champions to maintain formal T – Bottom-up – Identification, assessment, prioritisation, mitigation risk mitigation plans to clearly articulate the nature and extent of G and monitoring of risk across all operational and functional areas. the principal risks and their associated mitigating actions. These are G O used to provide the Board and Audit and Risk Committee with O VE The corporate and functional risk registers have been maintained and VE R management self-assessments on the effectiveness of risk mitigation R NAN updated to reflect changes in the business and the external plans and activities. NAN environment. These continue to be periodically reviewed by the Risk C C E Management Committee. The updated corporate risk register is During 2023 the following key risk management activities have E reviewed and formally re-evaluated at the half and full year to identify been undertaken: any changes required to the disclosed principal risks. These changes – Three Risk Management Committee meetings with focus on the F F I and the summary of principal and emerging risks are then presented following areas: I NAN to the Audit and Risk Committee for review and approval. – Electric vehicle transition plan and associated risks NAN C – Legal and certification compliance risk management C IAL Risk management system – Supply chain resilience IAL S The Aston Martin ERMFS continues to be deployed across the Group. – Emerging risks and horizon scanning S T T A This was subject to an annual review and approved by the Executive – Fraud risk assessment A T T E Committee and the Audit and Risk Committee in July 2023. The Risk – Independent cyber security risk and control maturity assessment E M M E Management Committee met three times during 2023. and benchmarking against the NIST global framework E N N T – Engagement with a third-party and key supply chain stakeholders T S to develop a tool to provide enhanced visibility of the DB12 supply S chain and associated interdependencies F F U – Executive Committee review and agreement of the Group’s U R R T principal and emerging risks T H H E – Annual review of ERMFS and Risk Management Policy E R R INF INF The following principal risk mitigation plan reviews have been OR included within the 2024 Internal Audit plan: OR M – Talent acquisition and retention M A A T – Program delivery T I I ON – Supply chain disruption ON ASTON MARTIN LAGONDA ANNUAL REPORT AND ACCOUNTS 2023 69