GOVERNANCE AUDIT AND RISK COMMITTEE REPORT CONTINUED S The Group uses a three lines of defence assurance model with the Internal Audit TR objective of embedding effective risk management and control The Internal Audit & Risk Management function provides independent, A throughout the business and providing assurance to the Board and the objective assurance and advice to the Board, the Committee and TE G I Committee of the effectiveness of internal controls and risk senior management on whether the existing control and governance C management across the organisation. This comprises the following: R frameworks are operating effectively to meet the Group’s strategic E objectives and to help the Company identify and mitigate any potential P O control weaknesses and identify any emerging risks. R FIRST LINE OF DEFENCE T The Director of Internal Audit & Risk reports to the Chief Financial OfÏcer with an independent reporting line to the Committee Chair. G Functional management who are responsible for embedding risk The Director provides regular reports to the Committee on the O management and internal control systems into their business VE function’s activities, which detail significant audit findings, progress of, R processes. and any changes to, the Internal Audit plan and updates on agreed NAN management actions to rectify control weaknesses. Where C appropriate, the Director will provide a deep dive into an issue where E – either the Committee has requested more information or the Director considers it pertinent. F SECOND LINE OF DEFENCE I NAN The Committee assesses the effectiveness of the Internal Audit & Risk Management function on an annual basis. To ensure that it is meeting C Functions which oversee or specialise in risk management and its objectives, the Internal Audit & Risk Management function has an IAL compliance-related activity. They monitor and facilitate the annual work plan comprising risk-based cyclical audits, reviews of risk S T implementation of effective risk management and control mitigation plans and assessments of emerging risks and business A T activities by the first line. These functions include Financial change activity, together with work mandated for compliance E M Internal Control, Quality Audit, Security, IT, Health and Safety, purposes. At the November 2023 Committee meeting the Internal E N Environmental, Corporate Compliance and the risk management Audit plan for 2024 was approved by the Committee and the T activities performed by the Internal Audit & Risk Management Committee will monitor progress against the plan in the coming year, S team. as well as whether the plan remains focused on the evolving key risks F facing the business. Such reviews will consider any changes to risk U R registers, current hot topics and emerging risks in the industry as well T H as changes based on engagement with the business. E – R INF THIRD LINE OF DEFENCE During the year, 16 internal audits were carried out including human resource core activities, gifts and hospitality policy adherence, OR finished vehicle inventory and sales logistics procedures and key M A financial controls in Aston Martin Lagonda China. The conclusions of T Functions which provide independent objective assurance to the I Board, Audit and Risk Committee and senior management the audits were discussed by the Committee and remediation actions ON were agreed where required. regarding the effectiveness of the first and second lines of defence. This includes Internal Audit & Risk Management and the External Auditor and other external providers of assurance including those which provide assurance over dealer adherence to operating standards and assurance over data within our Sustainability Report. ASTON MARTIN LAGONDA ANNUAL REPORT AND ACCOUNTS 2023 104