Independent auditor’s report to the members of Bank of Georgia Group PLC continued Explanation as to what extent the audit was considered capable of detecting irregularities, including fraud The objectives of our audit: •in respect to fraud, are: to identify and assess the risks of material misstatement of the financial statements due to fraud; to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and to respond appropriately to fraud or suspected fraud identified during the audit. However, the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management; and •in respect to irregularities, considered to be non-compliance with laws and regulations, are: to obtain sufficient appopate audit evdence regadi gcopance th the povsions of thoseaws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial statements (‘direct laws and regulations’), and perform other audit procedures to help identify instances of non- compliance with other laws and regulations that may have a material effect on the financial statements. We are not responsible for preventing non-compliance with laws and regulations and our audit procedures cannot be expected to detect non-compliance with all laws and regulations. Our approach was as follows: •We obtained a general understanding of the legal and regulatory frameworks that are applicable to the Group and determined that the most significant were the relevant regulations of the UK Listing Authority (‘UKLA’), as well as the various Georgian legal and regulatory requirements applying to the components of the Group, of which the most material are the regulations of the National Bank of Georgia. •We obtained a general understanding of how the Group complies with these legal and regulatory frameworks by making enquiries of management, internal audit, and those responsible for legal and compliance matters. We also reviewed correspondence between the Group and its regulators; reviewed minutes of the Board and Executive Risk Committee; and gained an understanding of the Group’s approach to governance, demonstrated by the Board’s approval of the Group’s governance framework and the Board’s review of the Group’s risk management framework (‘RMF’) and internal control processes. •For direct laws and regulations, we considered the extent of compliance with those laws and regulations as part of our procedures on the related financial statement items. •For both direct and other laws and regulations, our procedures involved: making enquiry of those charged with governance and senior management for their awareness of any non-compliance of laws or regulations, inquiring about the policies that have been established to prevent non-compliance with laws and regulations by officers and employees, inquiring about the Group’s methods of enforcing and monitoring compliance with such policies, inspecting significant correspondence with the regulators. •The Group operates in the banking industry which is a highly regulated environment. As such, the Senior Statutory Auditor considered the experience and expertise of the engagement team to ensure that the team had the appropriate competence and capabilities which included the use of specialists where appropriate. •We assessed the susceptibility of the Group’s financial statements to material misstatement, including how fraud might occur, by considering the controls that the Group has established to address risks identified by the entity, or that otherwise seek to prevent, deter or detect fraud. We also considered areas of significant judgment, complex transactions, performance targets, economic or external pressures and the impact these have on the control environment. Where this risk was considered to be higher, we performed audit procedures to address each identified fraud risk which included management, internal audit and legal enquiries, testing of internal control, journal entry testing, analytical procedures, tests of detail and focused testing as referred to in the Key Audit Matters section above. These procedures were designed to provide reasonable assurance that the financial statements were free from fraud or error. A further description of our responsibilities for the audit of the financial statements is located on the Financial Reporting Council’s website at https://www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report. 164 Annual Report 2018Bank of Georgia Group PLC