259994 Phoenix Energy Responsible Business Report 2025.pdf

Risk Management

Risk Management is a fundamental component of sound corporate governance. It is a crucial aspect of Phoenix Energy’s operation and is key to our success. Risk management has been embedded as part of the culture at Phoenix and is integrated at a strategic and operational level. Management within Phoenix see the mitigation of risk as a challenge and utilise risk management processes to identify and implement measurable actions to mitigate against identified risks. This has enabled us to deal appropriately with changes in the economic, social and regulatory context in which we operate, contributing to the progress of people and businesses. Risk management is therefore one of the key functions in ensuring that Phoenix remains a robust, safe and sustainable company, that is aligned with the interests of our employees, customers, shareholders and our community. Risk management is as much about identifying opportunities as avoiding or mitigating losses. By incorporating assurance activities into our risk management framework, we improve decision-making, enhance operational efficiency, and ensure adherence to both regulatory and internal policies. This cultivates a culture of accountability and transparency, ultimately strengthening Phoenix’s capacity to address emerging risks. Our Risk Management Assurance Model offers a robust framework for ensuring the effectiveness of risk management processes at every level of the organisation. It outlines the contributions of each level to the overall assurance, with a broad spectrum of assurance activities across all lines of defence, reinforcing our risk control, supervision, and review. This, in turn, provides stakeholders with confidence in the integrity of our processes.

The Board of Directors

Risk Management & Compliance Committee

Audit Committee

Executive Management Team (EMT)

External Audit

Regulator

2nd Line of Defence Risk Management / Compliance Ensures controls and risk management processes of the first line are in place and working as intended. Continuously monitors compliance and effectiveness of control systems. Works closely with first line of defence.

1st Line of Defence Operational Management

3rd Line of Defence Internal Audit

Day-to-day ownership and management of risks and controls.

Provides independent assurance to the board and senior management about the effectiveness of risk and control management. Offers advice on appropriate controls while maintaining independence and objectivity in role.

Responsible for the implementation and

development of control and risk management processes that are embedded in routine daily operations (e.g. risk assessment, record keeping, data collection systems).

44