Enterprise risk management We manage risks through a system based on ISO 31000 (Risk Management) principles and guidelines, where we integrate and manage strategic, operational, compliance and financial risks within an annual planning cycle. To drive consistency in our risk management practices, we operate a unified enterprise risk management framework and standard that brings together issues related to health, safety, environment, financial and operational risks, within one management system. This includes an updated risk breakdown structure and defines the risk categories and themes applicable across our entire business operations. We maintain continuous visibility of the top risks across the Group through quarterly reporting from Group companies to their respective business directorates, along with the progress made on the associated risk mitigation action plans. The ADNOC Board of Directors provides ultimate risk oversight, with a committee dedicated to overseeing the risk management framework and corporate risk register, and monitoring specific risks. The primary role of the committee is to monitor overall management of risks and activities relating to physical and transition climate risks, health, safety, and the environment, and to assist with oversight with respect to the companys risk tolerance and management processes. The Board Audit Committee focuses on financial risks, including financial reporting and treasury risks, as well as on internal and external compliance. Risk management functions include HSE; Sustainability and Climate; Information Security; Corporate Emergency Management and Continuity; Corporate Compliance; and Financial Risk Management; as well as the Corporate Enterprise Risk Management group. Our operating businesses are responsible for identifying and managing risks. We have aligned our corporate risk matrix with the concerns of stakeholders involved in our risk assessment activities. In parallel, we have established a digital risk platform that integrates risks with our corporate strategic goals, enabling better insights and management of risks through enhanced monitoring of our risk mitigation plans. To ensure the credibility of our risk identification process, a dedicated in-house enterprise risk management training program has been established. Cybersecurity As we continue our digital transformation journey and further embed digitalization and information technology in our operations, it becomes increasingly vital that we protect our digital assets from cyber incidents that could harm our people, disrupt our processes, and affect our systems. We are committed to building a resilient organization that can withstand and recover from any cyber incident. To this end we have established a robust threat intelligence function that monitors the cyber landscape and provides timely and actionable insights on the threats or risks that may affect our business. Our cybersecurity operations center monitors and investigates suspicious activity around the clock. We also have a dedicated incident response team, ready to respond to and contain cyberattacks, and a business continuity plan that ensures business operations are not disrupted or affected by adverse events. 102