RISK MANAGEMENT continued Integrated risk management approach STRATEGIC OPERATIONAL Internal audit Assure risk management effectiveness and internal control testing Executive Committee, Customer and Property Leadership teams Identify principal risks, including emerging risks Deliver actions in line with risk appetite Monitor risk indicators Consider completeness and adequacy of risk identification and mitigation actions, and risk exposure aggregation Business units Execute actions Report on risk indicators Report current and emerging risks Identify, evaluate and mitigate operational risks Board, Audit & Risk, Sustainability and Health & Safety Committees Review external environment Assess risks (including emerging risks) Set risk appetite and determine actions Assess risk management and internal control systems Report on risks and uncertainties FRAUD RISK We consider the risk to asset misappropriation, fraudulent statements and corruption, alongside the Failure to Prevent Fraud Act (effective 1 September 2025). The Group’s internal controls and risk management processes work in tandem to minimise the likelihood of fraud within the business. The controls in place are designed to minimise the opportunity, motivation and rationalisation for individuals to find opportunities to commit fraud. We are focused on ensuring our IT and financial systems are designed with appropriate segregation of duties to ensure individuals cannot override management controls of end-to-end processes. Internal audit undertakes independent audits across both operational and financial aspects of the business to independently verify that controls are operating effectively and would report any instances of fraud. CREATING THE RIGHT CULTURE FOR EFFECTIVE RISK MANAGEMENT The Group’s risk management framework systematically identifies principal and emerging risks, ensuring they are closely monitored, controlled, and assigned clear ownership for necessary actions. Emerging risks are tracked based on the speed of change in their risk scores. Recognising the speed of change in the PBSA market, we have reviewed this emerging risk and added it to our principal risks. The organisation fosters an open and accountable culture led by an experienced leadership team that recognises risk as an inherent part of doing business. This culture promotes a transparent and proactive approach to risk management. By evaluating risks through the lens of our strategic objectives, the Group takes a forward-looking and preventative stance, going beyond mere compliance to actively manage risk. THE UNITE GROUP PLC Annual Report and Accounts 2025 54 STRATEGIC REPORT