Georgia Healthcare Group PLC Annual Report 2018 Strategic Report Risk management continued Risk management bodies of GHG Board of Directors Audit Committee Clinical Quality and Safety Committee Internal Audit Non-Clinical Process Audit Unit Clinical Process Audit Unit Executive Risk Committee Management Board (Financial, Operational, Regulatory and Environmental and Safety Risks) Key elements of the Group’s system of internal control which have • updates, on a monthly basis, to the Management Board in relation operated in 2018 are: to the Group’s operational, clinical and regulatory risk profiles, • procedures for the assessment, approval, control and monitoring policies, limits and monitoring results by the Risk Department. of major capital projects, including acquisitions and disposals; • a robust Board Committee structure, where each Committee deals Internal control with specific aspects of the Group’s affairs, and an organisational Board andBoard Committees structure with clearly defined levels of authority and division of As mentioned above, our Board is responsible for reviewing and responsibilities; in line with this approach, the Group has recently approving the Group’s system of internal controls and its adequacy completed a reorganisation of its businesses into independently and effectiveness. Controls are reviewed to ensure effective functioning operating companies, with full set of corporate functions management of strategic, financial, operational, clinical and in each, with GHG retaining only Group support functions as well as compliance risk issues. Certain matters, such as the approval of the strategic management of the Group’s business; as a result of this long-term objectives and strategy, the annual operating and capital reorganisation, the Group’s healthcare services business has been expenditure budgets and significant acquisitions or disposals, among divided into: referral hospitals and clinics businesses; others, are reserved exclusively for the Board. The full schedule • regular reports to the Audit Committee and Clinical Quality and of matters specifically reserved for the Board can be found on Safety Committee on the adequacy and effectiveness of internal our website at: http://ghg.com.ge/schedule-of-matters-reserved. control by, among others, the Head of Internal Audit, the Head of the Clinical Process Audit Unit, the Head of Clinical, the Director The Audit Committee has overall responsibility for implementing of the Legal Department, the Chief Risk Officer and the Chief principles, frameworks, policies and limits in accordance with the Financial Officer; Group’s risk management strategy related to the Group’s internal • operational committees, including the Executive Risk Committee controls and risk management system, control weaknesses, fraud formed in September 2017, that have established various policies or misconduct, IT, cyber security, compliance, corporate security and and which monitor the risk in any are of operation; similar areas of operational, financial and compliance risks. The Audit • a Remuneration Policy for members of executive management, Committee facilitates the activities of the internal and external auditors which motivates them appropriately, without incentivising of the Group. The Audit Committee is elected and directly monitored disproportionate risk-taking (the Remuneration Policy can by the independent members of the Board. be found on pages 89 to 107); • reviewing and monitoring the operation of the Whistleblowing The Clinical Quality and Safety Committee reviews the Group’s clinical Policy and procedures in place to allow staff as well as external performance and supervises clinical and medical quality and health stakeholders (such as vendors, customers, etc.) to raise concerns and safety, as well as ensuring that the clinical risks are monitored, on a confidential or anonymous basis about possible legal, supervised and managed properly. The quality and safety risk regulatory, financial reporting or other improprieties; management system is implemented by the Clinical Department. • a Risk Event Database (“RED”) system, implemented since The Clinical Department prepares reports and analyses for the Clinical October 2017 and formally approved in December 2017, which Quality and Safety Committee and engages in discussion of the findings collects and consolidates, both, actual and possible risk events and risk areas for further mitigation and improvement. Reporting to across the Group and enables risk identification, root cause the Committee takes places on a quarterly basis; however, it may be analysis and assessment with increased efficiency; more frequent, upon identification of reportable conditions and risks. • the Audit Committee’s review of the quarterly, half-year and The Clinical Quality and Safety Committee defines and approves key full-year Financial Statements and corresponding press releases; policies and targets for the Clinical department during the year. • the attendance at the Audit Committee meetings of the internal auditors; For details of the key risk areas reported to the Audit Committee • updates, on a monthly basis, to the Management Board in relation and Clinical Quality and Safety Committee in 2018, please see the to the Group’s financial risk profile, policies, limits and ratios by corresponding Committee reports. the Chief Financial Officer; and 50