Risk management (QCA Principle 4)

The nature of medical diagnostics development and the early stage and scale of our operations means there are a number of risks and uncertainties. The Directors maintain a risk register and have summarised the principal risks and uncertainties that could have a material impact on the Group. The Principal Risks and Uncertainties are reported on pages 33 to 41 of the Group’s Annual Report and Financial Statements 2022.

The Board monitors the key areas such as clinical applications, competitive position, financial, intellectual property, manufacturing, market acceptance, operational, regulation and quality assurance, research and development, staff, key suppliers and key partners. An ongoing assessment is made of their potential impact and mitigation strategies and actions. New potentially material risks which arise between reviews are added to the risk register, discussed at Board level as they arise and followed up by the Board as appropriate.

The Audit Committee has adopted formal terms of reference (see Principle 9) and considers financial reporting, corporate governance and internal controls. Its review of financial reporting includes discussion of major accounting issues, policies and compliance with UK-adopted international accounting standards, the law (Companies Act 2006), review of key management estimates and judgements (Note 1.22 Critical accounting estimates and judgements), review and update of the risk register, risk identification and assessment and risk management and mitigation activities and going concern assumptions.

Internal control systems are designed to meet the particular needs of the Group and the risks to which it is exposed. The system of internal control is designed to manage the risk of failure to achieve business objectives, rather than to eliminate it, and by its nature can only provide reasonable but not absolute assurance against material misstatement or loss.

A quarterly review process exists to ensure early identification of new accounting issues arising from the introduction of new areas of business and/or the adoption of new or amended accounting standards. The process will ensure the impacts are assessed, advice or training is obtained if required and policies (new or revised) are agreed and documented on a timely basis.

An internal financial audit function is not considered necessary or practical due to the size of the Group and the close day-to-day control exercised by the Executive Directors and senior management. The Board will continue to monitor the requirement to have an internal audit function.

The key procedures that the Directors have established with a view to providing an effective system of internal control are as follows:

Management structure

The Board has overall responsibility for the Group and focuses on the overall Group strategy (see Principle 1) and the interests of shareholders (see Principles 2 and 10). There is a schedule of matters specifically reserved for decision by the Board (see Principle 9). The Board has an organisational structure with clearly defined responsibilities and lines of accountability and each Executive Director has been given responsibility for specific aspects of the Group’s affairs (see Principles 5 and 9). Internal financial risks are controlled through authorisation procedures/levels and segregation of accounting duties. Delegation of Authority processes are regularly reviewed and updated.

Quality and integrity of personnel

The integrity and competence of personnel are ensured through high recruitment standards and subsequent training. We assess employee competence at all levels, identify development requirements and provide training and development support, aligned with business and personal objectives. High-quality, motivated personnel are seen as an essential part of the control environment.

Budgets and reporting

Each year the Board approves the annual budget which includes an assessment of key risk areas. Performance is monitored and relevant action taken throughout the year through regular reporting to the Board of variances from the budget and preparation of updated forecasts for the year together with information on the key risk areas.

Investment and divestment appraisal

All material investment and divestment decisions require appraisal, review and approval by the Board.

Internal controls

The Board reviews the effectiveness of the Group’s systems of internal controls and has a process for the continuous identification, evaluation and management of the significant risks the Group faces. Assessment considers the external environment, the territories in which the Group operates, the industry in which the Group operates including applicable regulations and standards, the internal environment and non-financial risks such as operational and legal risks. The risks identified are ranked based on significance and likelihood of occurrence. The Board reviews the controls in place to mitigate those risks and improvements are made where required. The Group conducts its operations in accordance with the ISO 13485:2016+A11:2021 quality management

system standard and continues to invest in its systems and people in light of Group strategy and risk assessment to ensure the appropriate operational controls and measures are in place and working effectively. The quality system is subject to annual Notified Body audit (BSI) in the UK. The Group uses external specialist resources (regulatory, design, manufacturing etc) as required. Day-to-day responsibility for the implementation of effective internal control and risk monitoring rests with senior management.

Metrics and quality objectives continue to be actively implemented and monitored as part of a continual improvement programme. A number of incremental improvements have been made in the year driven by planned internal quality system auditing and risk assessment and other larger improvements have been identified and are being progressed. Improvements have included:

1) A globally aligned P2P process which allows greater visibility over supplier performance such as delivery times, fulfilment accuracy, price variances etc and provides further controls over use of approved suppliers etc.

2) Standardisation of internal NPD project budgeting, reporting and approval processes on both a detailed stage-by-stage and broader life-cycle basis, providing detailed and consistent project analysis from which to make more informed business decisions at critical time points.

3) A new budgeting process and reporting dashboard developed and deployed with a focus on business ownership and accountability.

4) New processes for the management of inventory items and the flow of actuals and corresponding charging to departments/projects.

5) The introduction of standards for internal processes to improve visibility of the full cost of studies and development projects.

6) Extensive process mapping in preparation for an ERP Discovery phase has resulted in formalisation of sub-processes allowing consistent delivery and identification of efficiency improvements in key areas.

7) Recruitment of specialist employees (Health & Safety Officer, Trade Compliance Controller etc) to bring expertise in-house to minimise exposure to risks in day-to-day business.

8) Introduction of a new HRIS system to facilitate HR management and support recruitment processes.

9) Continued cyber security training and IT improvements including Duo Security, a two-factor authentication service.

10) Procedure and technical documentation updates to support product roll out in territories across the world as our Distributor base expands.

11) Transition of ANGLE’s product risk management system to meet the requirements of the updated risk management standard: ISO14971:2019.