Investor Presentaiton

nuuday In brief Business and strategy Performance Corporate governance Financial statements Risk management Risk management governance Nuuday involves all layers of the organisation in its risk management approach. From enterprise risks affecting Nuuday's overarching strategic goals to operational or technical risks affecting our IT landscape, we use risk management to weigh options and support informed decision making. Based on internationally recognised standards such as ISO 31000, COSO ERM, and FAIR, our policy framework is underpinned by procedures and guidance, thus creating a strong foundation for our risk management governance. While Nuuday's Board of Directors is ultimately accountable for risk management and compliance, we work with a three-lines of defence model. The first line comprises our business units, each of which are responsible for effective risk management (identifica- tion, assessment, mitigation, etc.). The second line consists of our nine domains, each with risk and compliance specialists: Security & Fraud • Human Resources Legal & Compliance •Image, PR & Public Affairs Operations . • Finance •Health & Safety • Commercial • Transformation Execution Establishing these domains ensures that Nuuday follows the standardised risk management lifecycle and receives centrally aligned risk and compliance support across all business units from subject matter experts. The second line assists the first line with assessments and offers guidance regarding mitigation plans. Monitor >>> $ + Action Identification Risk Management Lifecycle Response 迎 Assessment Nuuday Annual Report 2022 22

View entire presentation