Our approach to risk

As highlighted in the strategy and risk sections of the strategic report, risk management is inherent to our management thinking and business-planning processes. The Board has overall responsibility for establishing and maintaining our risk management and internal control systems.

See more on our Principal risks and mitigation and our risk management framework in Managing our risk.

The Board also approved the statement of Principal risks and uncertainties. 

Progress in 2025/26

Each quarter, our CEO and CFO provide a compliance certificate connected to the preparation of our financial results. This includes the policies and procedures for areas of the business under their responsibility and confirms the existence of adequate internal control systems throughout the year. Our committee reviews any exceptions noted in this exercise.

See more on the key features of our internal control system, which assures the accuracy and reliability of our financial reporting.

​Working to minimise the risk of fraud, bribery and corruption

Minimising the risk of fraud is one of the key priorities for internal audit, and we do this in a range of ways. These include assessing the quality of balance sheet reconciliations, key judgement matters, tenders and quotations, and controls over payments and associated applications.

The committee received and reviewed reports of attempted and actual fraud incidents during the year. We received comprehensive updates from management on the incidents and reviewed the root cause analysis and remediation plans to address gaps noted.

The committee will continue to monitor the implementation of these plans across all markets, through management updates followed by verification from the internal audit team.

We continue to focus on limiting our potential exposure to bribery and corruption risks, for example by providing mandatory training, reviewing financial records and developing our policies and procedures. Our contract management system includes mandatory certification to our Code of Conduct and anti-bribery and corruption policy. Each year, every employee must take part in computer-based training on anti-bribery and corruption and our Code of Conduct.

Our internal audit team reviews our anti-bribery compliance programme to assess its continued effectiveness. We will continue to assess bribery risks in our markets to refine and improve our anti-bribery compliance programme.

Our committee also monitors and oversees procedures around allegations of improper behaviour and employee complaints.

Whistleblowing procedures

Our whistleblowing programme is a confidential channel through which employees can report unethical practices or wrongdoing. We have an independent whistleblowing process managed by an external professional services firm from its centre of excellence in South Africa.

Throughout the reporting period, we received updates on the volume of reports, key themes emerging from these reports and the results of related investigations. We assess the reports for the category and level of concern and consider these in line with a protocol for review, investigation, action, closure and feedback.

We continue to monitor the volume, geographic distribution and range of reports made to the hotline to understand key themes, the results of investigations undertaken, significant regional compliance concerns, and whether access to this facility is less understood or publicised in some countries.

During the 12 months ended 31 March 2026, we investigated 106 incidents (2025: 73) received through various touchpoints and our formal whistleblowing channels. These incidents varied in magnitude and the measures taken in response have been reported to our committee. Of these 98 cases, 92% have been closed. Reports containing allegations of breaches of our Code of Conduct were thoroughly investigated and disciplinary action was taken where appropriate.

The majority of reports received during the period were human resource related issues that indicated no compliance concerns or serious breaches of our Code of Conduct.

Our committee chair reports to the Board at each of its meetings on the operation of our Code of Conduct, and anti-bribery, corruption and whistleblowing procedures. This report contains enough detail to enable the Board to oversee these areas and make sure arrangements are in place for a proportionate and independent investigation of related matters and for follow-up action.

Assessing our internal control environment 

The assessment of the operation and effectiveness of the Group’s internal control over financial reporting framework continues to be a priority for the committee during the financial year. This also became important given our secondary listing on the Nigerian Stock Exchange (NGX) where a directive was issued by the Nigerian Securities and Exchange Commission (SEC) requiring companies to comply with Sections 60 to 63 of the Nigerian Investment and Securities Act (ISA) on internal controls.

While the 2024 UK Corporate Governance Code places responsibility on the Board to certify the effectiveness of material internal control, the Nigerian Securities and Exchange Commission requires the CEO and CFO to provide certification and mandates that our statutory auditors (Deloitte LLP) provide a limited assurance report on the operating effectiveness of the internal controls over financial reporting.

The Group and committee now plan to use this work as a necessary foundation in the journey towards complying with the requirements of Provision 29 of the new UK Corporate Governance Code, noting that the Nigerian SEC requirements only cover financial reporting controls.

The Group’s internal controls over financial reporting disclosures in compliance with ISA in Nigeria are included in the Directors’ responsibilities statement. An attestation report from Deloitte UK on management’s assessment of the entity’s internal control over financial reporting is included in the limited assurance section.