Risk management continued arising from an internal audit are reported to the Audit Committee reports Committee which monitors that appropriate actions are As noted throughout this discussion, both the undertaken to ensure satisfactory resolution. The Bank’s Audit and Risk Committees play an essential role in Head of Internal Audit has a direct reporting line to the implementing effective risk management and internal Chairman of the Audit Committee. control. Each Committee has described this work in its Committee Report. Our systems of internal control are also supported by our Whistleblowing Policy, which allows employees to report The Audit Committee Report and Risk Committee concerns on an anonymous basis. Responsibility for the Report can be found on pages 121 to 125 and Whistleblowing Policy resides with the Board, and both pages 126 to 128, respectively. the Board and Audit Committee receive annual and ad hoc reports on the operation of the policy from the Head Viability statement of AML and Compliance of the Bank on any significant The Board has undertaken the assessment of the Group’s issues raised. prospects to meet its liabilities by taking into account its current position and principal risks. Effectiveness review The Group’s going concern statement and viability Each year, we review the effectiveness of our risk statement are on pages 68 to 69. management processes and internal control systems, with the assistance of the Audit and Risk Committees. This review covers all material systems, including financial, operational and compliance controls. The latest review covered the financial year to 31 December 2018 and obtained assurance from the Management Board and Internal Audit of the Bank. The Board is able to conclude with reasonable assurance that the appropriate internal controls and risk management systems were maintained and operated effectively throughout 2018 and that these systems continued to operate effectively up to the date of approval of this Annual Report. The review did not identify any significant weaknesses or failings in the systems. We are satisfied that our risk management processes and internal control systems processes comply with the UK Corporate Governance Code 2016 (the Code) and the Financial Repoti gCouncil (FRC)’s guidance on Risk Management, Internal Control and Related Financial and Business Reporting. Although we did not identify any significant weaknesses or failings, we continuously strive to improve our framework and focus on further mitigating our key risks, especially as they evolve. As part of this, we provide mandatory online training to staff on the importance of risk management and internal controls. 50 Annual Report 2018Bank of Georgia Group PLC