Strategic Report Strategic Report Strategic Report Financial Additional Overview Strategy Performance Governance Statements Information Whistleblowing, conflicts of interest, With respect to external assurance, the Audit anti-bribery and anti-corruption, Committee reviews the external auditor’s reports data protection to the Audit Committee, which include the external The Committee ensures that there are effective auditor’s observations on risk management and internal procedures relating to whistleblowing, and a policy is in financial controls identified as part of its audit. Without place allowing staff to confidentially raise any concerns management present, the Committee and EY discussed about business practices and is kept under review. In 2018, the key areas of audit focus, the suitability of the following the Demerger, the Group also implemented accounting policies which have been adopted and whether Whistle B, an advanced independent whistleblowing management’s key reporting estimates and judgements reporting channel and case management tool to replace were appropriate. its existing whistleblowing platform. The Audit Committee also reviewed additional measures being put in place to Fair, balanced and understandable reporting improve the robustness of the whistleblowing processes. The Committee reviewed this Annual Report and Accounts to consider whether it is fair, balanced and understandable In line with the new UK Corporate Governance Code 2018, and provides the information necessary for shareholders responsibility for the whistleblowing process passed to to assess the Group’s performance, business model and the Board at the end of the year. However, as part of our strategy. We gained assurance that there is a robust broader work on Fraud Risk Management and culture, process of review and challenge at different levels within we will continue to monitor use of the system. the Group to ensure balance and consistency. We also discussed the overall messages and tone of the Annual The Committee reviews the Group’s Anti-Bribery and Report with the Bank’s CEO and CFO. We also considered Anti-Corruption Policy and procedures and receives other information regarding performance presented to reports from management on a regular basis in relation the Board during the period, from both management to any actual or potential wrong-doing. There were and the external auditor. After consideration of all this no significant findings in 2018. The Audit Committee information, we are satisfied that the Annual Report and monitored the introduction of the Group’s response Accounts are fair, balanced and understandable, and to the new General Data Protection Regulation. provide the information necessary for shareholders to assess performance, business model and strategy. Risk management and internal controls Although the Board assumes ultimate responsibility Committee effectiveness for the Group’s risk management and internal control Towards the end of the year, the Committee reviewed framework, its work is supported by both our Committee its effectiveness as part of a broader review of all Board and the Risk Committee. committees’ effectiveness facilitated by the Company Secretary. A key development arising from this exercise The Audit Committee assists the Board in fulfilling its is a plan to hold quarterly joint discussions with the responsibility to review the adequacy and effectiveness Risk Committee from 2019 onwards, in addition to the of the controls over financial reporting and certain areas Committee’s current meeting schedule. These will allow of operational risk: IT and information security (including the Committee to be more efficient, with time for more cyber-security), corporate security and similar areas detailed examination of matters (“deep dives”) during of operational risk and internal and external fraud the Committee’s meetings, and discussion during the or misconduct. joint sessions of issues, primarily operational risks, which cut across both audit and risk. The Committee also monitors the Group’s compliance with the corporate governance policies and procedures related to anti-bribery and anti-corruption, conflicts of interest and whistleblowing. For 2018, the internal audit plan included a thorough risk management and internal control assessment, including compliance with corporate governance policies and procedures. During 2018 and up to the date of this Annual Report and Accounts, Internal Audit did not find any material weaknesses in the risk management processes or internal controls. We challenged the reports by management and Internal Audit and requested data regarding compliance with key policies and procedures related to operational risk. Annual Report 2018Bank of Georgia Group PLC 125